Intent-Independent Authorization: Governance Without Alignment Scoring

Mechanism

The mechanism is constructed around three coupled artifacts: a verifiable authority credential, an action-class descriptor, and a structural precondition set. Every operation submitted to the governance layer is required to carry, or to be evaluable against, all three. The authority credential is a cryptographically signed assertion from an issuing principal whose public key is bound to a role within the system's authority lattice. The action-class descriptor is a canonical identifier drawn from a closed enumeration of operation types, each with an associated schema that defines what arguments are well-formed. The structural precondition set is a list of state predicates that the current system must satisfy before the action class is admissible.

When an operation is submitted, the governance layer performs four sequential checks. First, it verifies the cryptographic signature on the authority credential against the public key registered for the issuing principal. Second, it confirms that the credential's scope, expressed as a set of authorized action classes, contains the action class being requested. Third, it evaluates the structural preconditions against the committed state of the system, consulting only fields and lineage records that are themselves cryptographically committed and locally available. Fourth, it records the authorization decision, the evidence consulted, and the resulting state transition in an append-only lineage structure that is cryptographically chained to prior entries.

Notably absent from these four checks is any inspection of operator intent. The governance layer does not parse natural-language justifications, score plans against value alignment models, or simulate predicted outcomes. It does not ask why the action is being performed; it asks only whether a verified authority has admitted the action class and whether the structural preconditions hold. Intent-bearing artifacts may exist elsewhere in the architecture, but they do not enter the authorization predicate. This separation is enforced syntactically: the authorization function's type signature does not accept intent as an input, and any attempt to introduce intent-dependent logic into a governance evaluation produces a type error at the schema level.

Determinism is preserved by construction. Two nodes evaluating the same operation against the same committed state will produce identical authorization outcomes, identical lineage entries, and identical state transitions. The evaluation is pure with respect to its declared inputs, and the inputs are themselves cryptographically committed, so divergence between nodes signals either a Byzantine fault or a state-replication anomaly, both of which are detectable at the protocol layer.

Operating Parameters

The authority lattice is parameterized by depth, fan-out, and revocation latency. Depth controls how many delegation steps may separate an issued credential from the root authority, with typical deployments using depths between two and six. Fan-out controls how many subordinate principals a given authority may delegate to, balancing administrative flexibility against blast radius in the event of credential compromise. Revocation latency is the maximum time between the publication of a revocation entry and its incorporation into the state consulted by governance evaluations; deployments typically target revocation latencies in the seconds-to-minutes range, with cryptographic accumulators or sparse Merkle trees providing constant-time membership tests during evaluation.

Action-class enumerations are versioned. Each governance epoch is associated with a specific version of the action-class catalog, and credentials reference the catalog version under which their scope was issued. When the catalog evolves, prior credentials remain valid against their original catalog version, and a compatibility mapping defines which new action classes are admitted by which prior scopes. This preserves the legitimacy of in-flight credentials across upgrades while preventing scope drift through silent catalog mutation.

Structural preconditions are expressed in a restricted predicate language designed for total evaluation: every predicate terminates, has bounded computational cost, and consults only locally available cryptographically committed state. The language excludes general-purpose recursion, network calls, and access to wall-clock time except through committed timestamp anchors. This restriction is not a convenience; it is a correctness requirement, because non-terminating or environment-dependent predicates would break the determinism guarantee and reintroduce the failure modes that intent-independent authorization is designed to eliminate.

Lineage records are configured for append-only durability with cryptographic chaining. Each entry contains the operation, the credential consulted, the precondition evaluation result, the resulting state digest, and a hash linking it to the prior entry. Operators select a chaining function (typically a collision-resistant hash) and a witness publication cadence. Witnesses are periodic external commitments, published to one or more independent substrates, that anchor the lineage chain at known points and allow third parties to detect retrospective tampering with bounded confidence.

Alternative Embodiments

The authority credential may be embodied as a conventional X.509 certificate with custom extensions encoding the action-class scope, as a verifiable credential conforming to W3C VC data models, as a capability token in a macaroon-style attenuation framework, or as a native object signed under the system's own keying material. Each embodiment trades interoperability against expressive power. Verifiable credentials integrate cleanly with external identity ecosystems; macaroons support fine-grained delegation and contextual caveats; native objects minimize cross-format translation and reduce the attack surface introduced by external parsers.

Structural precondition evaluation may be embodied as an interpreter over a canonical predicate AST, as a precompiled WebAssembly module pinned by content hash, or as a hand-written state machine generated from a formal specification. The interpreter approach maximizes flexibility and admits dynamic policy upgrades; the WebAssembly approach maximizes performance and isolation; the state-machine approach maximizes auditability and is preferred in deployments where the predicate set is small, stable, and subject to formal review.

The lineage structure may be embodied as a single linear hash chain, as a Merkle DAG admitting concurrent appends from independent partitions, or as a CRDT-backed log that converges across asynchronous replicas. Linear chains are simplest and adequate for single-writer deployments. Merkle DAGs accommodate federated topologies in which multiple authorities append concurrently. CRDT logs are appropriate for fully decentralized deployments where temporary partitions and eventual convergence are expected operating conditions rather than exceptional failures.

Intent governance, when present, may be embodied as a separate advisory layer that produces non-binding annotations on operations, as a pre-submission filter that operators run voluntarily, or as a post-hoc audit pipeline that flags anomalous patterns for human review. In every case the advisory layer is architecturally segregated from the authorization predicate; it cannot block an authorized operation, and an unauthorized operation cannot be admitted by intent approval. This separation is the defining structural property of the disclosed system.

Composition With Adjacent Mechanisms

Intent-independent authorization composes with revocation, delegation, and lineage audit in well-defined ways. Revocation acts on the authority lattice: when a credential is revoked, subsequent evaluations that consult that credential fail at the second check, regardless of whether the structural preconditions hold. Delegation extends the lattice while preserving the evaluation procedure; a delegated credential is evaluated by walking the delegation chain to the root, with each link verified cryptographically. Lineage audit consumes the append-only record produced by authorization decisions and supports both real-time monitoring and retrospective forensic analysis.

The mechanism also composes with the cryptographic governance framework's broader primitives for state commitment, replication, and substrate migration. Because authorization consults only cryptographically committed state, governance decisions remain valid under substrate migration: an operation authorized on substrate A is authorized on substrate B if and only if the committed state and the credential transfer intact, which they are designed to do. This property is what enables the framework's deployment portability claim and what distinguishes structural authorization from infrastructure-bound access control.

Composition with rate limiting, quota accounting, and economic-resource gating is supported through structural preconditions rather than through external middleware. A quota predicate consults the committed quota state for the requesting principal and admits the operation only if the post-operation quota would remain within the authorized envelope. Because the predicate is total and consults only committed state, the quota check is itself deterministic, auditable, and substrate-portable. This collapses what would otherwise be a multi-component pipeline of policy decision point, quota service, and rate limiter into a single deterministic evaluation, eliminating the inter-component synchronization failures that conventional architectures must defend against.

The mechanism also interacts cleanly with multi-party governance schemes in which authorization requires the joint endorsement of several principals. Joint endorsements are expressed as multi-signature credentials whose verification produces an authority assertion only when the constituent signatures meet the configured threshold. The four-step evaluation procedure described above generalizes directly to multi-signature credentials without modification, and the lineage record captures which specific endorsers participated in each authorized operation. This supports separation-of-duty patterns, quorum-based change control, and adversarial-resilient governance topologies without requiring auxiliary coordination protocols.

Distinction From Prior Art

Conventional access control systems, including role-based access control, attribute-based access control, and policy-based access control, evaluate authorization against a centrally maintained policy store. Although the predicate language varies, the architectural pattern is consistent: a policy decision point consults a policy information point, applies the policy, and emits an admit/deny decision. This pattern presupposes the availability and integrity of the policy store, the trustworthiness of the decision point, and the synchrony of policy updates with operational reality. Each presupposition becomes a single point of failure under adversarial conditions.

Alignment-based governance approaches attempt to evaluate operator intent through learned models, value scoring, or outcome prediction. These approaches face fundamental challenges of specification, generalization, and adversarial robustness; they also introduce non-determinism and infrastructure dependence into the authorization path. Intent-independent authorization sidesteps these challenges by structurally excluding intent from the authorization predicate. It does not deny that intent governance is valuable; it asserts that intent governance, if performed, must be architecturally segregated from authorization to preserve the determinism, auditability, and substrate independence that the disclosed system provides.

Capability-based systems share with the disclosed mechanism the use of unforgeable tokens conveying authority, but typical capability systems do not specify the action-class enumeration, the structural precondition language, or the cryptographically chained lineage that together render the authorization decision deterministic and auditable across heterogeneous substrates. The disclosed combination is novel, and the specific separation of intent from authorization, enforced at the type level rather than by convention, is the central claimed advance.

Disclosure Scope

The disclosure encompasses the architectural separation of authorization from intent governance, the deterministic evaluation procedure consulting only cryptographically committed state, the append-only chained lineage of authorization decisions, the versioned action-class catalog, the restricted predicate language for structural preconditions, and the alternative embodiments of credentials, predicate evaluators, and lineage structures described above. The disclosure further encompasses the composition of intent-independent authorization with revocation, delegation, audit, and substrate migration as integral architectural properties of the cryptographic governance framework.

The scope expressly excludes any embodiment in which intent inputs are admitted to the authorization predicate, in which authorization decisions consult uncommitted or externally mutable state, or in which lineage records may be retroactively altered without breaking the cryptographic chain. These exclusions are structural and are enforced by the type system of the governance schema rather than by operational convention. They are what render the disclosed mechanism a primitive rather than a policy, and they are what distinguish this approach from the prior art surveyed above.