Mechanism

The execution eligibility indicator is canonical field 250 of the agent object, one of the governance-relevant fields described with reference to FIG. 2 alongside the memory field 210, the policy reference field 220, the mutation descriptor field 230, and the lineage field 240. It is a derived or evaluable state indicating whether instantiation of an execution context is permitted for one or more governed action classes. It is not itself an authority and confers no authority by its presence: authority derives from resolved and verified external policy authority 290, and the indicator reflects, in a form a substrate can read, the result of applying that authority to the agent object's embedded state.

Its role follows from the architecture's treatment of execution as a governed action rather than a default substrate function. Because no execution context is created unless authorization is satisfied beforehand, a substrate that receives an agent object needs a way to determine execution permissibility from the object itself. Regardless of implementation, the execution eligibility indicator 250 enables a substrate to determine execution permissibility without centralized session state.

A Derived State, Not an Asserted One

In one embodiment described with reference to FIG. 2, the execution eligibility indicator 250 is computed dynamically from evaluation of the policy reference field 220, the memory field 210, the mutation descriptor field 230, the lineage field 240, and verified policy authority 290. Each input contributes: the policy reference field identifies the externally governed authorities that must be resolved and verified; the memory field supplies governance-relevant history; the mutation descriptor field declares the transformation classes at issue; the lineage field records continuity of descent; and verified policy authority is the resolved, authenticated authority produced from the canonical policy aliases 260 via resolved policy objects 280.

Because these inputs are either intrinsic to the agent object or resolved and verified from external policy authority, the indicator reflects the actual governance posture of the object rather than a claim about it. The spec states that an agent object cannot unilaterally modify, reinterpret, or bypass imposed constraints, because governing authority is external and immutable absent authorized override, and that eligibility may derive from objective embedded governance history rather than from internal intent or self-description.

The Stored-and-Updated Embodiment

In other embodiments the execution eligibility indicator 250 is stored and updated upon governance-relevant events, including verification success, denial, quarantine, trust degradation, revocation, or freshness transitions. Rather than recomputing the full evaluation on every read, the substrate maintains a stored marker that is refreshed when one of these events occurs. The memory-derived eligibility discussion describes the same alternative: eligibility may be computed dynamically or reflected in stored eligibility markers updated upon prior governance events, subject to re-evaluation under current verified authority.

The two embodiments are alternatives for the same purpose. Whether the indicator is computed on demand from its inputs or stored and updated on governance events, the disclosure is explicit that regardless of implementation it enables a substrate to determine execution permissibility without centralized session state, so a receiving substrate decides whether to instantiate an execution context by inspecting the object rather than by consulting an external scheduler or permission service.

Memory-Derived Eligibility

The memory field is treated as a first-class basis for eligibility. Eligibility to instantiate an execution context or perform other governed actions may depend on embedded memory state in addition to contemporaneous policy resolution and verification. The memory field is a persistent, append-capable record intrinsic to the agent object that may record prior authorization permits, denials, policy resolution outcomes, freshness failures, revocations, override applications, trust degradation events, quarantine states, remediation acknowledgments, and policy-designated substrate feedback.

Memory-derived eligibility may render a governed action not permitted where memory reflects unresolved violations, unremediated denials, quarantine state, elevated enforcement class, or other policy-defined disqualifying conditions. For example, where a prior denial required remediation and no qualifying remediation record is present, eligibility for the same or related action classes remains not permitted. Because memory state travels with the agent object, this eligibility is portable: an agent object denied on one substrate due to embedded disqualifying history remains ineligible elsewhere unless the conditions recorded in memory are satisfied under applicable policy.

Eligibility and the Instantiation Outcome

The indicator connects directly to whether an execution context comes into existence. Where the execution eligibility indicator 250 reflects satisfaction of required conditions, instantiation of an execution context may proceed, resulting in an execution context instantiation outcome 295. Where required governance conditions are not satisfied, instantiation of the execution context is prevented, and the execution context instantiation outcome 295 reflects denial as a valid system result.

This places the indicator within the architecture's treatment of non-execution as a first-class outcome. A negative eligibility state produces a structurally valid non-execution result rather than an error to be worked around. The execution substrate acts as a validator and executor of authorization rather than as an independent source of authority: it instantiates execution only upon a valid authorization and does not grant fallback execution in its absence.

What Changes the Indicator

The events that update the stored indicator are the governance-relevant events the architecture already tracks: verification success, denial, quarantine, trust degradation, revocation, and freshness transitions. A denial recorded against the object, a quarantine action issued by a fallback enforcement agent, a trust degradation signal, or a revocation or freshness transition affecting the governing authority each constitutes a governance-relevant event that can change whether instantiation is permitted, and therefore can change the indicator.

Execution feedback may also bear on eligibility where verified policy authority designates it as governance-relevant. Signals such as latency, failure, congestion, deferral, refusal, degradation, or partial execution may be recorded in the memory field as a feedback record and consumed by a governance evaluation function in subsequent eligibility determinations, where that function may produce a governance state outcome including modifications to execution eligibility indicators among other governance state. Such feedback influences eligibility prospectively and within policy-defined boundaries: it does not override verified policy authority, negate validity or freshness failures, or authorize otherwise disallowed action classes.

Distinction From Asserted Authorization

The disclosure separates authority from the cognitive or asserted state of the agent, and the execution eligibility indicator sits on the authority side of that line. Internal representations such as intent, goals, preferences, plans, explanations, confidence metrics, or predictive assessments may exist within an agent object but are not determinative of authorization, and the governance gate does not evaluate why an action is proposed. The indicator is derived from resolved and verified external policy authority applied to embedded governance state, not from those internal representations.

This is what separates the indicator from a self-described capability or a stale credential. It is not a token the agent presents that remains nominally valid until expiry; it is an evaluable governance state tied to the object's verified policy references, its memory, its lineage, and its mutation descriptors. A revocation, a trust degradation, a quarantine, or a freshness transition is itself one of the governance-relevant events that updates the indicator directly.

Disclosure Scope

The execution eligibility indicator, as canonical field 250 of the agent object and a derived or evaluable state indicating whether instantiation of an execution context is permitted for one or more governed action classes, is disclosed in U.S. Application No. 19/561,229 in the discussion of FIG. 2 and in the memory-derived eligibility discussion. The disclosure encompasses both the embodiment in which the indicator is computed dynamically from the policy reference field, memory field, mutation descriptor field, lineage field, and verified policy authority, and the embodiment in which it is stored and updated upon governance-relevant events including verification success, denial, quarantine, trust degradation, revocation, or freshness transitions.

The disclosure is not limited to a particular encoding of the indicator or to a particular trust model for the verified policy authority that feeds it, and verification may use public-key cryptography or continuity-based identity mechanisms such as memory-resolved identity or trust-slope validation. Across these configurations the structural properties are preserved: the indicator is derived rather than asserted, it lets a substrate determine execution permissibility without centralized session state, and its satisfaction or non-satisfaction governs whether an execution context is instantiated, with non-execution returned as a valid system outcome.