Confidence Contagion in Delegation

Mechanism

Confidence contagion is the structural property of the delegation graph by which a downward revision of confidence at any node propagates to that node's dependents under deterministic, bounded rules. The patent claim is not that confidence flows downward — many systems have such flows — but that the propagation function is bounded, monotone, lineage-recorded, and recoverable only through explicit local re-establishment by the receiving agent.

Each delegation edge in the agent graph carries a contagion coefficient in the closed interval between zero and one. The coefficient governs how much of an upstream confidence drop is transmitted to the dependent. A coefficient of one represents full contagion: any drop upstream is reflected in full downstream. A coefficient of zero represents isolation: upstream drops do not affect the dependent. Intermediate coefficients permit partial transmission, with the transmitted amount equal to the coefficient multiplied by the upstream drop.

The contagion function is monotone in the upstream value: a fall in upstream confidence cannot increase downstream confidence. The function is bounded: the downstream confidence after contagion cannot fall below zero and cannot rise above its prior value through the contagion event itself. The function is one-directional: upstream rises do not propagate as gains. A downstream agent whose upstream confidence has fallen and then recovered does not inherit the recovery; it must re-establish its own confidence from local evidence.

Re-establishment is the structural counterpart to contagion. When a downstream agent has been depressed by contagion, it cannot return to commitment merely because the upstream condition has resolved. It must run its own confidence computation against its own current inputs and produce a fresh local value that exceeds its execution floor. This prevents stale upstream optimism from authorizing downstream action and prevents agents from being passively re-armed by events they did not observe.

Every contagion event is recorded in the lineage with the source node, the magnitude of the upstream drop, the contagion coefficient applied, the resulting downstream value, and the timestamp. The lineage is queryable by governance processes for after-the-fact reconstruction of why any given downstream agent was depressed at any given moment.

Operating Parameters

Contagion coefficients are declared in the policy reference per delegation edge, or per edge class when the graph is large. Edge classes are typed by the relationship they express: tool invocation, subtask spawn, advisory consultation, and observational subscription each carry their own default coefficient. Tool-invocation edges typically carry coefficients near one because the dependent's outcome is tightly coupled to the tool's confidence. Advisory edges typically carry lower coefficients because the dependent retains its own judgment.

Re-establishment thresholds specify the minimum local confidence the downstream agent must produce before it may exit the depressed state. Thresholds are usually set above the original execution floor by a hysteresis margin, ensuring that an agent does not flicker in and out of commitment as local confidence hovers near the floor.

Propagation latency parameters bound the time between an upstream drop and the corresponding downstream registration. Synchronous propagation is appropriate within a single process; bounded-latency asynchronous propagation is appropriate across a network. The patent requires that the latency bound be declared and enforced; an implementation that allows unbounded propagation delay is not compliant.

Decay schedules govern how a contagion-induced depression behaves in the absence of re-establishment. The default schedule is no decay: a depressed agent remains depressed until explicit re-establishment. Configurable schedules permit slow decay for advisory edges where stale upstream concerns become less relevant over time, but the schedule must be monotone and bounded so that decay alone cannot return the agent to commitment.

Cycle handling parameters specify behavior in delegation graphs containing cycles. The mechanism uses a fixed-point iteration with a configured maximum iteration count, terminating when the propagation produces no further changes or when the limit is reached. Non-terminating cases are flagged for governance review rather than silently truncated.

Alternative Embodiments

The mechanism admits several embodiments. In a single-process embodiment the contagion graph is the call graph and propagation is synchronous within the calling thread. In a multi-process embodiment propagation crosses process boundaries through a structured event channel with the latency bound enforced by the channel implementation. In a distributed embodiment propagation crosses node boundaries with cryptographically signed contagion events to prevent forgery or replay.

In a multi-tenant embodiment contagion is scoped to a tenant: an upstream drop in one tenant's chain does not propagate to another tenant even if the underlying nodes are physically shared. In a regulated-domain embodiment contagion coefficients are bound by regulation: medical and vehicular domains require coefficients near one for safety-coupled edges, and the policy validator rejects configurations that fall below the regulated minimum.

Re-establishment can be embodied as a synchronous re-evaluation, an asynchronous observation pipeline, or a human-in-the-loop confirmation step. The structural requirement is only that re-establishment be local, evidence-based, and lineage-recorded; the procedural form is left to the implementation.

A simulation embodiment replays historical contagion events against modified coefficients to support governance review and policy tuning. A formal-verification embodiment encodes the propagation function in a model checker to prove safety properties such as the absence of unbounded depression cascades or the presence of guaranteed recovery paths under specified input conditions.

Composition

Confidence contagion composes with capability confidence such that a capability drop at an upstream node propagates to dependents through the same contagion rules as any other confidence dimension. A downstream agent depressed by upstream capability loss cannot resume by re-establishing local capability alone if its upstream's capability remains unrecovered; the dependent's commitment is bounded by the inherited ceiling.

The mechanism composes with the curiosity modulator such that exploration bonuses cannot override a depressed state induced by contagion. Curiosity acts within the feasible, sufficiently confident set; it does not lift the agent out of depression caused by upstream loss.

Contagion composes with confidence laundering prevention: an agent cannot launder its way out of a depressed state by aggregating high-confidence local inputs against a low-confidence upstream. The worst-case rule applies in time as well as in space, so the inherited ceiling is treated as one of the inputs to the agent's own worst-case aggregation until re-establishment occurs.

Prior-Art Posture

Distributed systems literature has long studied failure propagation, circuit breakers, and bulkhead isolation. Such mechanisms are concerned with availability and fault containment, not with structured confidence propagation across a cognitive delegation graph. They typically operate on binary states, propagate failures rather than confidence, and lack a notion of local re-establishment as a structural requirement.

Trust propagation in multi-agent systems and PKI literature provides analogues for confidence flow, but the propagation rules are usually multiplicative through a chain and lack the explicit, declarative contagion coefficient, the lineage-recorded propagation event, and the requirement that recovery proceed only through local re-establishment. The novelty claimed here is the combination of bounded propagation, monotonicity, lineage, and mandated local recovery within a unified, policy-governed cognitive architecture.

Failure Modes and Structural Defenses

Several failure classes motivate the structural design. The first is passive recovery, in which a downstream agent automatically resumes commitment when its upstream's confidence is restored, without conducting any local re-evaluation. The mechanism's prohibition on upstream rises propagating as gains directly forecloses this failure: recovery requires affirmative local action, never inheritance.

The second is unbounded cascade, in which a single upstream drop triggers an avalanche of depressions across a wide dependent set, taking the system offline for a transient signal. The bounded contagion coefficient and the per-edge declarative typing prevent this: advisory edges with low coefficients dampen the cascade, and re-establishment thresholds permit downstream agents whose local evidence is strong to resume promptly without waiting for global recovery.

The third is silent depression, in which a downstream agent is depressed by an upstream event the agent itself cannot observe. Lineage recording defeats this failure: every contagion event arrives with the source identity, the magnitude, the coefficient, and the timestamp, so the depressed agent and its governance layer always know precisely why commitment has been withdrawn and what local evidence would suffice to re-establish it.

The fourth is forged recovery, in which a malicious or buggy component injects synthetic re-establishment events to bring depressed agents back into commitment without genuine local re-evaluation. The structural requirement that re-establishment be evidence-based and lineage-recorded provides the basis for governance to detect and reject such forgeries; in distributed embodiments cryptographic signing of contagion and recovery events enforces the requirement at the channel level.

The fifth is cycle thrashing, in which a delegation cycle produces oscillating confidence values that never reach a fixed point. The fixed-point iteration with bounded count and explicit non-termination flagging ensures that such cases surface to governance review rather than producing arbitrary or unstable outcomes.

The sixth is coefficient drift, in which contagion coefficients are silently adjusted at runtime to weaken propagation and conceal upstream problems from dependents. The mechanism's declarative policy reference treats coefficients as governed configuration, so any change to a coefficient is itself a recorded policy event subject to review, and runtime modification outside the policy interface is rejected by the validator. This ensures that the contagion strength of any edge can be reconstructed for any historical decision and that operational pressure to dampen contagion cannot accumulate as undocumented technical debt.

The seventh is recovery starvation, in which a downstream agent never accumulates enough local evidence to re-establish confidence because the inputs required for re-establishment are themselves disrupted. The mechanism does not solve this failure on its own — starvation indicates a structural problem in the input pipeline — but the lineage record makes the starved state visible and distinguishable from genuine inability, supporting timely engineering intervention.

Disclosure Scope

This article discloses the contagion mechanism at the level required for licensee implementation against Chapter 5 of the cognition patent. It does not disclose the full claim set, the cycle-resolution algorithm in its entirety, or the lineage schema by which contagion events are persisted and queried. Implementers should consult the patent specification and accompanying policy reference for the operative coefficient ranges, the validator rules that enforce regulated-domain minima, and the governance interfaces by which re-establishment thresholds and propagation latency bounds are administered. The conformance test suite exercises propagation under adversarial graph topologies, including deep chains, wide fan-outs, and pathological cycles, to verify that the structural properties hold under stress.