Affect-Governance Separation

Mechanism

Affective state is structurally prohibited from overriding governance authority, truth validation, policy compliance, or trust slope validation. No matter how extreme the value of any affective field, the affective subsystem cannot cause a governance denial to be reversed, cannot promote an unvalidated claim to verified status, cannot suppress a policy constraint, and cannot override a trust slope requirement. The prohibition is enforced at the interface boundary between the two subsystems: the governance evaluation functions accept a defined set of typed inputs, and the affective field is not among them. There is no path through which a value computed in affective space can be substituted for, or added to, the predicate variables that determine admissibility.

Where affect influences governance at all, it does so by shaping the inputs that governance later evaluates rather than by participating in the evaluation itself. Affective state may modulate the promotion threshold that determines which candidate intentions are forwarded to governance, may bias attention allocation toward certain hypotheses during retrieval, and may influence the priority order in which candidates are considered. Each of these effects operates upstream of the governance gate. Once a candidate reaches the gate, the gate evaluates that candidate against policy and trust criteria using values that are independent of the affective field at the moment of evaluation.

The interface between affect and governance is therefore best modeled as a one-way information channel in the upstream direction: affect to candidate selection is permitted; candidate to governance is permitted; affect to governance is structurally absent. The absence is not a runtime check that could be disabled or bypassed; it is a property of the function signature. Governance functions are defined over inputs that do not include the affective field, and a substitution would require redefining the function rather than altering a parameter.

A complementary mechanism prevents affect from contaminating the verified-state register. Truth validation, which determines whether a claim is treated as ground truth or as speculation, draws on evidence and provenance signals. Affective intensity does not raise the validation status of a claim; an emotionally salient hypothesis is not, by virtue of its salience, more likely to be marked verified. The verified-state register is updated only through the validation pathway, and that pathway has no input port for affect.

Operating Parameters

Several parameters govern how strongly affect can shape upstream candidate selection without compromising the downstream gate. The promotion threshold modulation factor determines how much affective intensity may shift the cut-off above which candidates are forwarded to governance. The factor is bounded such that even at maximum modulation, the threshold cannot fall below a minimum admissibility floor. The floor itself is set by policy and is unaffected by affect.

A second parameter set governs the temporal coupling between affect and governance. Affective state changes on a faster timescale than policy updates, and the system imposes a settling window that prevents transient affective spikes from indirectly steering governance through chained upstream effects within a single decision cycle. The settling window is configurable per deployment, with longer windows used in safety-critical contexts and shorter windows used where rapid responsiveness is preferred.

Settling windows interact with the rate at which affect itself is permitted to change. The architecture imposes a maximum slew rate on affective values, ensuring that even rapid stimuli produce affective transitions slow enough for the settling window to remain meaningful. Without a slew limit, an attacker or a noisy environment could in principle drive affect through extreme excursions in a single cycle, indirectly stressing the upstream channel; with a slew limit, the indirect channel cannot produce arbitrary changes faster than the settling window can absorb. The slew limit and the settling window are jointly tuned per deployment.

A third parameter governs auditability. Each governance decision records the inputs that produced it, and the record explicitly excludes affective values to make the separation visible to auditors. The audit record contains a cryptographic digest of the policy reference, the trust slope reading, the verified-state snapshot, and the candidate descriptor, but no field for affect. The absence of an affect field in the record is itself evidence that affect did not enter the decision.

Alternative Embodiments

In one embodiment, the governance subsystem runs as a separate process with its own address space, and the only inter-process channel exposes the typed input interface. Affect cannot reach governance because no shared memory exists. In a second embodiment, governance and affect run in the same process but in separate modules with capability-based access control; the governance module holds no capability for the affective field. In a third embodiment, the two subsystems are implemented in different programming languages with a foreign-function boundary that enforces type discipline at the call site.

A further embodiment uses formal verification to prove that no execution path within the governance module reads from the affective field. The proof is rechecked on every build. In yet another embodiment, the affective field is held in a write-only register from the perspective of governance, with read access limited to candidate-selection components. Each of these arrangements achieves the same architectural property by different means, and the patent contemplates the structural property rather than any single implementation.

Embodiments also vary in how affect-driven candidate selection is exposed. Some implementations make the modulation explicit and inspectable; others compile the modulation into static schedules. The choice affects observability but not the underlying separation.

Composition

Affect-governance separation composes with the broader cognitive architecture in three principal ways. First, it composes with confidence governance: an agent in a state of elevated cooperation disposition may consider more candidates, but the confidence gate still requires the same evidentiary support before execution. Second, it composes with trust slope validation: affect may bias which delegates the agent considers, but the trust slope is computed from interaction history and policy, not from affect, and the gate uses the slope reading directly. Third, it composes with the truth validation pathway: emotionally salient hypotheses can be raised for consideration, but only the validation pathway can mark them as verified.

Together, these compositions produce a system where affect enriches the cognitive surface without weakening the boundary that protects safety properties. Designers can build expressive affective dynamics knowing that the most extreme states cannot reach across the boundary.

Prior-Art Distinction

Prior systems that incorporate affect-like signals typically blend those signals into a unified scoring function that drives action selection. In such systems, sufficiently strong affective values can dominate the scoring function and override considerations that would otherwise prevent an action. The present architecture differs by treating governance not as a weighted contributor to an aggregate score but as a categorical gate whose inputs are restricted by type. No weighting of affect can produce admissibility in the absence of the required policy and trust inputs, because affect is not on the input list.

Prior reinforcement-learning approaches that shape policy through reward signals related to internal states likewise differ: those approaches modify policy through training, whereas the architectural separation described here operates at runtime and applies to the decision interface itself, regardless of how the policy was learned.

Disclosure Scope

The disclosure covers the structural prohibition of affect as a governance input, the upstream-only channel through which affect may shape candidate selection, the auditability properties that make the separation observable to third parties, and the family of embodiments that realize the prohibition through process isolation, capability control, type discipline, or formal verification. The disclosure does not depend on any particular representation of affect, on any particular policy language, or on any particular agent application domain.

Coverage extends to monitoring tooling that confirms the absence of an affect-to-governance path at runtime, to test harnesses that exercise extreme affective states against the governance gate to confirm invariance, and to deployment configurations in which separate teams maintain the affective and governance subsystems under organizational separation that mirrors the architectural separation. The structural property is the disclosed invariant; the listed embodiments are illustrative of how the invariant can be preserved under varying engineering and operational constraints. Equivalent arrangements that preserve the invariant fall within the disclosed scope, including arrangements in which the affective subsystem is itself partitioned into expressive and regulatory components, provided that no component of either partition is exposed as an input to the governance gate.

The affect-governance separation invariant, the upstream-only modulation channel, the slew-limited and settling-windowed parameter regime, the auditability properties enumerated above, and the family of process-isolation, capability-control, type-discipline, and formal-verification embodiments are the subject of priority claim under United States provisional application 64/049,409. The provisional secures the structural separation as a property of the governance function signature rather than as a behavioral convention, across each disclosed embodiment.