Mechanism

The confidence-integrity feedback loop, disclosed in Section 5.12 of the cognition specification, connects the agent's confidence field and integrity field through a bidirectional circuit that forms a self-protective mechanism within the cognitive architecture. The loop has two structural guarantees: integrity violations degrade confidence, and low confidence prevents the agent from executing actions that would further compromise integrity. These two properties together convert an integrity problem into a structural barrier against making that problem worse.

Confidence in this architecture is a first-class computed state variable, not a heuristic score or a metadata annotation. It occupies a designated confidence field in the agent's canonical structure, it is computed by a confidence evaluation function from agent state and task state, and every mutation to it is recorded in lineage. Integrity is the agent's recorded account of deviation events, where a deviation event is a discrepancy between the agent's declared operational values and its actual behavioral record. The feedback loop is the defined coupling between these two fields, and it operates on the agent's governance state, with every confidence mutation recorded in lineage.

The Forward Path: Integrity Degradation Reduces Confidence

When the integrity engine detects a deviation event, the integrity field is updated to reflect the deviation, and the updated integrity value is propagated to the confidence computation subsystem as an input. The current value of the integrity field is one of the agent state inputs to the confidence evaluation function described in Section 5.3; the function incorporates the degraded integrity value as an adverse input and produces a reduced confidence value.

The magnitude of the confidence reduction is proportional to the severity of the integrity violation. Minor deviations produce modest confidence reductions. Severe deviations produce substantial confidence reductions that may, on their own, drive confidence below the execution authorization threshold and trigger execution suspension. The specification states that the relationship between integrity and confidence is not merely correlative but structurally enforced through this loop: a degraded integrity field cannot leave confidence unaffected, because the integrity value is a defined input to the function that computes confidence.

The Reverse Path: Suspended Execution Shields Integrity

The reverse path is what makes the loop self-protective. When confidence drops below the execution authorization threshold, the confidence governor withdraws execution authorization and the agent enters the suspended state. Suspension is enforced by structural decoupling of the execution subsystem's output pathway, so the agent cannot commit mutations to verified state regardless of its internal urgency. Because the agent cannot commit mutations, it cannot commit integrity-violating mutations.

Execution suspension thereby creates a structural shield against further integrity degradation: the agent cannot make its integrity problem worse because it cannot act. The shield persists until confidence is restored and execution is reauthorized, at which point the agent resumes the ability to commit mutations, but now under the continued accountability of the integrity engine monitoring each mutation for consistency. The shield is not a policy the agent chooses to respect; it is a consequence of the execution pathway being decoupled while cognition continues.

The Convergent Dynamic

Taken together, the forward and reverse paths produce a convergent dynamic disclosed in Section 5.12. Integrity violations cause confidence to drop; confidence drops cause execution to suspend; execution suspension prevents further integrity violations; and the cessation of integrity-degrading action creates conditions under which integrity restoration can proceed without concurrent integrity-degrading mutations. The loop converges toward a state in which integrity is restored to a level that supports confidence recovery, which in turn supports execution reauthorization.

Integrity restoration during suspension is performed by the redemption engine described in Chapter 3, which is activated by the coherence pressure generated when a deviation is recorded. The redemption engine generates candidate restorative mutations: corrective actions that address the harm, compensatory actions, process improvements that reduce the likelihood of similar deviations, and disclosure actions. These restorative mutations are themselves subject to the same governance, lineage recording, and integrity evaluation as any other mutation, and they are committed only after confidence recovers and execution is reauthorized. The convergence completes without external intervention: the agent's own architecture detects the integrity problem, restricts action, generates a recovery plan, and implements it when conditions permit.

The Circuit Breaker

The feedback loop includes a circuit-breaker mechanism that prevents infinite loops or deadlock. If the agent's integrity is so severely degraded that no achievable confidence value can support execution reauthorization, the loop cannot converge on its own: the agent would remain suspended, unable to act its way back to a restorable state. In that case the circuit breaker transitions the agent to the locked state described in Section 5.5.

The locked state differs from suspension. In suspension, execution is prohibited but cognition continues, so the agent can forecast, plan, generate inquiry, and prepare restorative mutations. In the locked state, both execution and certain cognitive processes are restricted pending external review, on the recognition that continued cognitive operation may itself be untrustworthy when integrity has collapsed. The circuit breaker is the loop's signal to governance infrastructure that the self-correcting cycle has exceeded its own recovery capacity and that external intervention is required.

Integration Across Integrity, Confidence, and Forecasting

The loop does not operate in isolation. As described in Chapter 3, the confidence computation receives the agent's composite integrity score as one input variable, and when integrity is degraded by recent deviation events, active coping intercepts, or accumulated restoration gaps, the confidence computation produces a lower confidence value reflecting the reduced reliability of decision-making under compromised integrity. If that integrity-modulated confidence falls below the execution threshold, the agent transitions from executing mode to non-executing cognitive mode.

This produces the coherent behavioral cycle disclosed in Chapter 3: integrity violations trigger confidence reduction, confidence reduction triggers execution pause, execution pause triggers forecasting-based recovery planning, and recovery planning generates restorative mutations that, once executed after confidence recovery, restore integrity. The confidence-integrity feedback loop is the confidence-side half of this larger cross-primitive cycle, and the redemption engine is the integrity-side half. Both operate on the agent's confidence and integrity state, which is recorded in lineage.

Recovery and Reauthorization

Recovery from suspension is structured, not implicit. As described in Section 5.18, restored confidence does not immediately reauthorize execution. The recovery process comprises confidence restoration, a stability verification phase in which the confidence governor confirms over a verification period that the restored confidence is stable and not fluctuating near the threshold, and reauthorization in which the execution pathway is reconnected. Reauthorization requires that confidence exceed the authorization threshold by a hysteresis margin, so the agent does not oscillate between authorized and suspended states near the boundary.

Because every confidence mutation is recorded in lineage, the entire trajectory of an integrity event is auditable: the deviation that degraded integrity, the resulting confidence reduction, the suspension, the restorative mutations generated during suspension, and the eventual reauthorization. Governance infrastructure can reconstruct from lineage that no execution occurred while confidence was below threshold and that the restorative mutations were committed only after reauthorization.

Distinction From Prior Approaches

Conventional autonomous-agent runtimes that offer pause and resume suspend execution reactively, in response to external failures or resource interruptions. The confidence governor suspends proactively based on the agent's own continuously computed sufficiency, and the confidence-integrity loop makes a recorded integrity deviation one of the inputs that can trigger that proactive suspension. The agent stops itself before further damage rather than recovering after damage has occurred.

The mechanism disclosed here adjusts the agent's confidence and integrity state, and because every confidence mutation is recorded in lineage, the feedback response is fully auditable and reconstructible from the lineage record. The structural decoupling of the execution pathway, rather than a flag the agent may choose to respect, is what guarantees that a degraded-integrity agent cannot compound its own violations.

Disclosure Scope

The confidence-integrity feedback loop, comprising the forward path in which a recorded deviation event degrades the integrity field and that degraded value reduces confidence through the confidence evaluation function, the reverse path in which suspended execution structurally prevents further integrity-degrading mutations, the convergent dynamic by which suspension creates the conditions for redemption-engine restoration, and the circuit breaker that transitions a non-recoverable agent to the locked state, is disclosed in the cognition filing (U.S. Application No. 19/647,395 and its international counterpart) at Section 5.12, with its cross-primitive integration disclosed in Chapter 3 and its recovery process disclosed in Section 5.18. This article describes that disclosed mechanism.

Within scope are embodiments in which the confidence reduction is proportional to deviation severity, embodiments in which restorative mutations generated during suspension are committed only after stability-verified reauthorization, and embodiments in which a non-recoverable integrity state engages the circuit breaker to the locked state for external review.