Mechanism
Execution is treated as a revocable permission rather than a default assumption. In conventional autonomous agent systems, execution is the default mode and is interrupted only reactively, in response to an external failure or a resource interruption. The disclosure inverts this: execution is a conditional privilege that must be continuously earned by the agent's demonstrated sufficiency, and it is withdrawn proactively, based on the agent's own continuously computed assessment, so the agent can stop itself before damage occurs rather than recover after damage has occurred.
The revocable-permission model is enforced by a confidence governor, a structural subsystem of the agent's cognitive architecture that continuously evaluates whether the conditions for execution remain satisfied and withdraws execution authorization when they are not. The confidence governor is not an advisory module, a monitoring dashboard, or a soft constraint the agent may override. It is a hard gate: when it determines that authorization should be withdrawn, execution ceases, and the agent cannot override the withdrawal through self-assessment, affective escalation, or policy reinterpretation. Execution authority is granted by the confidence governor and revoked by the confidence governor, and no alternative pathway to execution bypasses this gate.
Confidence as a Computed State Variable
The permission is bound to confidence, introduced as a first-class computed state variable within the agent schema. Confidence is not a heuristic score, a probability estimate, or a metadata annotation. It occupies a designated field, the confidence field, and participates in the same lineage tracking, policy enforcement, and audit mechanisms that apply to all other agent fields. The confidence field encodes the agent's assessed sufficiency to continue executing its current task given its present internal state and the current state of the task and environment. The value is a continuous scalar within a defined range, where the lower bound represents complete assessed insufficiency and the upper bound represents complete assessed sufficiency.
The confidence field is structurally distinct from the intent field and from the forecasting structures. The intent field encodes what the agent is trying to accomplish; the confidence field encodes whether the agent assesses itself as sufficiently equipped to accomplish it. An agent may have high intent clarity and low confidence, or high confidence and ambiguous intent. This independence ensures confidence evaluation is not contaminated by the agent's desire to act: an eager agent does not thereby become a confident agent. Every mutation to the confidence field is recorded in the agent's lineage, producing an auditable temporal record of the confidence trajectory that governance infrastructure can review to verify that no execution occurred while confidence was below the authorization threshold.
Confidence Computation from Agent and Task State
The confidence computation subsystem applies a defined confidence evaluation function to a structured input vector comprising agent state inputs and task state inputs. The function is deterministic; it is not a learned heuristic, a neural network output, or a subjective self-assessment. The agent state inputs include capability sufficiency, computed by comparing the agent's capability envelope against the task's requirements; resource availability, computed from substrate telemetry and projected consumption; the current value of the integrity field; the affective modulation state; and the agent's memory and experiential state. The task state inputs include the task requirements specification, temporal constraints, uncertainty magnitude, and forecasted execution cost as estimated by the forecasting engine's planning graphs.
The confidence evaluation function produces two outputs: a confidence value representing current assessed sufficiency, and a confidence rate of change representing the derivative of that value with respect to time or evaluation cycles. The rate of change is architecturally significant because it allows the confidence governor to anticipate the confidence trajectory and initiate preemptive responses before the value crosses the authorization threshold.
Decay, Recovery, and Differential Rate Analysis
The confidence value is dynamic. It evolves through two opposing processes: confidence decay, in which the value decreases in response to accumulating adverse conditions such as resource degradation, newly detected capability gaps, increasing uncertainty, integrity degradation, intensifying temporal pressure, or repeated execution failures; and confidence recovery, in which the value increases as previously adverse conditions are ameliorated. The aggregate of active decay components produces the instantaneous decay rate, and the aggregate of active recovery components produces the instantaneous recovery rate.
The confidence governor performs differential rate analysis by computing the difference between the decay rate and the recovery rate at each evaluation cycle. A positive differential indicates the trajectory is upward, a zero differential indicates equilibrium, and a negative differential indicates deterioration. This enables trajectory-based gating, in which the governor may suspend execution even while the absolute confidence value remains above the threshold, if confidence is decaying so rapidly that the projected time to threshold crossing is shorter than the time required for orderly suspension. The governor maintains a confidence trajectory projection that extrapolates the value forward and produces an estimated time-to-threshold; when that estimate falls below a configurable safety margin, a graceful suspension sequence is initiated regardless of the current absolute value.
Authorization Gating and Its Three States
Execution authorization gating is a structural mechanism, not an advisory one. When the confidence governor withdraws authorization, the execution subsystem is structurally prohibited from committing mutations, initiating actions, or producing externally observable effects. The prohibition is not a flag the execution subsystem checks and optionally respects; it is a structural decoupling of the execution subsystem's output pathway, such that the subsystem cannot produce effects regardless of its internal state or the urgency of the agent's intent.
The gate operates in one of three states. In the authorized state, the confidence value is above the threshold, no trajectory alarm is active, and execution is permitted. In the suspended state, the value has fallen below the threshold or a trajectory alarm has triggered preemptive suspension, and execution is prohibited while cognitive processes continue. In the locked state, a severe integrity violation, a catastrophic resource failure, or a governance-mandated halt has occurred, and both execution and certain cognitive processes are restricted pending external review. Transition from authorized to suspended occurs on threshold crossing or trajectory alarm. Transition from suspended back to authorized requires that confidence exceed the threshold by a configurable hysteresis margin, so the agent does not oscillate near the threshold. Transition to locked occurs only on governance-mandated triggers and is not reversible by the agent itself.
Structural Separation of Execution from Cognition
Withdrawal of execution authorization does not impair the agent's ability to think. The architecture enforces a structural separation, at the substrate level, between the execution pathway and the cognitive pathway. The cognitive pathway comprises all processing that evaluates, reasons about, projects, or represents state without producing externally observable effects, including forecasting, planning graph construction, confidence computation, affective updates, integrity evaluation, and inquiry generation. The execution pathway comprises all processing that commits mutations to verified state, produces observable outputs, initiates delegation, or consumes irreversible resources. The confidence governor gates only the execution pathway.
The consequence is that a suspended agent enters a non-executing cognitive mode: fully cognitively active but structurally prohibited from acting. This mode is not idle or waiting. The agent redirects processing capacity from execution to deliberation, constructing planning graphs to explore how to recover authorization, evaluating the conditions that caused confidence to decay, generating inquiry requests to resolve capability gaps or uncertainty, and forecasting the consequences of alternatives available once authorization is restored. Because the agent cannot commit mutations while suspended, it cannot commit integrity-violating mutations, so the suspension itself acts as a structural shield against further integrity degradation.
Recovery of Execution Authorization
Recovery following a confidence-driven suspension is a structured three-phase process that prevents premature resumption. The first phase is confidence restoration, in which the value increases above the threshold through resolution of the adverse conditions, successful inquiry operations, reduced task demands, or improved environmental conditions, computed by the same confidence evaluation function applied to the updated state. The second phase is stability verification, in which the governor monitors the value and trajectory over a configurable verification period to confirm the restored confidence is stable: not fluctuating near the threshold, not trending negatively, and free of active alarm conditions. Throughout this period the value must exceed the threshold by the configurable hysteresis margin, ensuring it is meaningfully above the threshold rather than merely above it.
The third phase is reauthorization, in which the governor reconnects the execution subsystem's output pathway and notifies the deliberation pipeline that execution is available. The agent then evaluates its current planning graph, selects the highest-ranked eligible branch, and resumes. If the suspension period produced a checkpointed state, a broadened hypothesis set, or a plurality of candidate creative directions through the agent's task-class-differentiated interruption handling, those products of suspension-time cognition are incorporated into the resumed execution plan.
Prior-Art Distinction
Conventional autonomous agent systems, including runtime environments that provide pause and resume capabilities, suspend execution reactively, in response to external failures or resource interruptions. They evaluate the permission to act once, at task inception, and assume it thereafter. When conditions weaken, such a system either continues at full authority until an external interruption or fails outright, with no governed intermediate posture and no provision for the agent to stop itself based on its own assessment.
The mechanism here departs from that pattern by treating execution as a continuously re-earned privilege bound to a computed confidence field, by withdrawing authorization proactively through a hard gate that the agent cannot override, and by separating execution from cognition so that a suspended agent keeps thinking while it is structurally barred from acting. The transition from executing to non-executing is therefore not synonymous with failure: it may be a deliberate, structurally governed suspension in which cognition continues but action does not.
Disclosure Scope
The revocable-permission model, comprising the treatment of execution as a conditional privilege enforced by a confidence governor acting as a hard gate, the confidence field as a first-class computed state variable, the deterministic confidence evaluation function over agent state and task state inputs, the decay and recovery dynamics and differential rate analysis, the three authorization states of authorized, suspended, and locked, the structural separation of the execution pathway from the cognitive pathway, the non-executing cognitive mode, and the three-phase recovery process of restoration, stability verification, and reauthorization, is disclosed in the cognition filing (U.S. Application No. 19/647,395 and its international counterpart) at Chapter 5. This article describes that disclosed mechanism. The scope extends to embodiments in which the confidence evaluation function's inputs and the configuration of the authorization threshold, hysteresis margin, and safety margin vary, provided execution remains a revocable permission gated by a continuously computed confidence assessment that the agent cannot override.
