Mechanism

Quarantine, in the disclosed governance architecture, is a structural restriction preventing instantiation of execution contexts and other governed transitions for one or more action classes. It is one of a set of deterministic governance outcomes, alongside trust degradation, rollback, and execution refusal, produced when authorization, continuity, freshness, revocation, scope, or memory-derived eligibility conditions are not satisfied, or when policy-defined enforcement treatment requires restriction. Quarantine is not a discretionary administrative flag layered over an agent; it is an enforcement state that conditions the precondition gating governing every governed action.

While an agent object is quarantined, it may remain accessible for inspection, audit, or remediation actions permitted by policy, but it cannot perform prohibited governed actions. The restriction operates through the same precondition gating that governs all execution, mutation, delegation, and propagation: where the recorded quarantine state disqualifies a proposed action class, no execution context is instantiated, no partial or speculative execution occurs, and non-execution is returned as a valid system outcome.

What Triggers Quarantine

Quarantine may be triggered by severe or repeated violations, invalid lineage continuity, unauthorized mutation or propagation attempts, unresolved forks, or enforcement class escalation. These triggers are not hard-coded into the agent. A policy object's enforcement class field specifies the treatment of evaluation outcomes, and quarantine is one of the enumerated treatments that field may specify, alongside hard denial of execution context instantiation, trust degradation, escalation to fallback enforcement agents, remediation requirements, and audit-only recording.

Quarantine also arises through composition with the other governance outcomes. Policy objects may define interactions among these outcomes: repeated refusals or freshness failures may trigger trust degradation, trust degradation may elevate enforcement class, and elevated enforcement class may result in quarantine. Each of these relationships is defined by externally governed policy authority rather than hard-coded logic, so the path from an observed violation to quarantine is itself a property the policy declares and the audit record preserves.

Quarantine as Durable Governance State

Quarantine state is recorded as durable governance state in the agent object's embedded memory field and lineage records. The memory field is a persistent, append-capable record intrinsic to the agent object that stores governance-relevant history, including prior execution attempts, policy resolutions, verification outcomes, denials, trust degradation events, quarantine states, override records, and remediation events. Because this state is intrinsic to the object representation rather than held by a substrate-local controller, the restriction does not depend on the cooperation of the environment in which the agent happens to be running.

This is what allows quarantine to persist across substrates and environments. An agent object restricted in one environment remains restricted upon migration unless eligibility is restored under verified policy authority. The restriction travels with the object's embedded governance state, not with any particular operator's external records, so an agent cannot escape a quarantine simply by moving to a different cloud, edge, federated, or intermittently connected substrate.

Authorization-Time Consultation of Quarantine State

Eligibility to instantiate an execution context or perform other governed actions may depend on embedded memory state in addition to contemporaneous policy resolution and verification. Eligibility is determined at the time a governed action is proposed, by evaluating persisted governance-relevant history together with verified external policy authority. Where quarantine or restriction state is recorded, eligibility remains constrained until expiration, satisfaction of recorded conditions, or authorized override under verified policy authority.

Because memory state travels with the agent object, eligibility evaluation requires no centralized scheduler or external permission service. An agent object disqualified by recorded quarantine state on one substrate remains ineligible elsewhere unless the conditions recorded in memory are satisfied under applicable policy. The evaluation remains deterministic: it applies verified policy criteria to recorded memory state, without reliance on inferred intent or predictive modeling.

Lifting a Quarantine

Quarantine persists until lifted by authorized policy, expiration of a policy-defined interval, or successful remediation that is recorded and verified. These are the disclosed paths out of quarantine. Where a prior denial or enforcement outcome required remediation, eligibility for the same or related action classes remains not permitted until a qualifying remediation record is present and verifiable under applicable policy authority.

Governance evolution that bears on quarantine, including a policy that would lift or alter a restriction, occurs through issuance of a successor or override policy object rather than in-place modification of authority. In quorum-based override embodiments, a plurality of authorized participants co-sign a replacement policy object that includes a continuity reference to the superseded policy object, establishing signature-chain continuity for enforcement, so a change to the governing authority is itself an authenticated, audit-bearing event rather than a unilateral act.

Inheritance Across Lineage

Quarantine state is among the governance attributes that propagate across lineage. Policy references, enforcement classes, eligibility or trust markers, quarantine state, and remediation requirements may be inherited or conditioned by lineage, so descendant objects may remain subject to restrictions imposed on ancestors unless modified through authorized policy mechanisms. At the moment of a lineage-affecting action, a governance inheritance evaluation derives the set of inherited constraints, and a created or activated descendant carries an inherited governance state that conditions its eligibility from inception.

This supports escalation and containment. If a parent agent object enters quarantine, incurs trust degradation, experiences repeated denials, or fails freshness requirements, descendant agent objects may inherit corresponding restrictions, be limited to remediation-only actions, or be prevented from further propagation. The result is that an agent cannot shed a quarantine by mutating, cloning, propagating, migrating, or reconstituting itself, because each such lineage-affecting action independently carries the restriction forward, limiting the proliferation of untrusted descendants.

Distributed Detection and Quarantine Signaling

The architecture includes fallback enforcement agents distributed across the execution substrate. These agents do not participate in the critical authorization path and do not replace cryptographic precondition gating; they provide secondary validation, anomaly detection, and enforcement signaling based on governance metadata and verifiable artifacts. A fallback enforcement agent observes governance-relevant events and performs a compliance evaluation confirming that required policy objects were properly resolved and authenticated, that override policy objects satisfy quorum and continuity requirements, and that lineage continuity and freshness constraints were preserved.

Where the compliance evaluation detects a governance anomaly, such as invalid override artifacts, stale or revoked authority usage, unauthorized lineage forks, inconsistent authority observations across substrates, or repeated denial patterns indicative of evasion attempts, the agent may emit an enforcement signal comprising a trust degradation signal or a quarantine recommendation. Such a signal influences subsequent eligibility or enforcement state but does not itself instantiate execution. Enforcement signals propagate through a distributed signaling fabric, and recipients independently verify the authenticity, integrity, scope, and applicability of a signal before updating governance-relevant state.

Audit and Prior-Art Distinction

Quarantine transitions are recorded in append-only governance audit and verification records. Governance-relevant events, including trust degradation, quarantine, and rollback transitions, enforcement signal emissions, authorization denials, and non-execution outcomes, generate audit events appended to an append-only log that supports audit queries and verification requests. Responses may include cryptographic proofs of inclusion, ordering, and integrity relative to the append-only structure without modifying the log, so the handling of a restricted agent is reconstructible and tamper-evident for retrospective validation and compliance.

This distinguishes the disclosed quarantine from approaches that treat refusal to execute as an error condition rather than as an intentional, enforceable outcome, and from substrate-specific access controls that couple enforcement to a particular environment and may be bypassed, degraded, or inconsistently applied when an agent migrates, operates offline, or crosses administrative domains. Here, quarantine is a structural property of the agent object's embedded and verifiable governance state, evaluated as a precondition independent of physical infrastructure, rather than a discretionary policy of any particular host.

Disclosure Scope

Quarantine as a deterministic governance outcome, comprising the structural restriction of execution context instantiation and other governed transitions for one or more action classes, its triggers including severe or repeated violations, invalid lineage continuity, unauthorized mutation or propagation, unresolved forks, and enforcement class escalation, its recording as durable governance state in the embedded memory field and lineage records, its persistence across heterogeneous substrates, its authorization-time evaluation through memory-derived eligibility, its lifting only by authorized policy, expiration of a policy-defined interval, or verified remediation, its inheritance across lineage-affecting actions, the emission of quarantine recommendations by fallback enforcement agents, and the recording of quarantine transitions in append-only audit records, is disclosed in U.S. Application No. 19/561,229. This article describes that disclosed mechanism.

The disclosure is not limited to any particular commitment scheme, trust model, or attestation format. It contemplates verification under public-key cryptography or continuity-based mechanisms such as memory-resolved identity and trust-slope validation, and operation across cloud, edge, federated, decentralized, and intermittently connected substrates, provided the structural properties of precondition gating, durable embedded governance state, and authorized-only release are preserved.