Discrepancy Classification Taxonomy

Mechanism

Every commanded actuation is paired with a predicted-effect envelope generated by the unit's forward model. After the actuation executes, the post-action sensor pass produces an observed-effect vector. The discrepancy classifier takes the residual between predicted and observed and assigns it to exactly one of five classes. The classifier is structurally enumerated rather than continuous: a residual is not a probability distribution over five outcomes, it is a single classification accompanied by its supporting evidence chain, ready to be admitted (or challenged) by the next-layer evaluator.

Class one, nominal, applies when the residual lies inside the predicted-effect envelope. The action proceeded as designed; the classification is recorded as evidence of correct operation and contributes positive weight to the unit's running admissibility ledger. Class two, expected-noise, applies when the residual lies outside the envelope but inside the calibrated sensor-and-environment noise floor for the current operating context. Expected-noise classifications are recorded for trending — they are statistically uninformative individually but become informative when their distribution shifts.

Class three, anomaly, applies when the residual exceeds the noise floor but fails to match any signature in the fault library or the disruption-modeling library. Anomalies are the residual's residual — the part of the discrepancy stream that the system explicitly does not yet understand. An anomaly classification triggers a reduction of admissibility weight on subsequent commands of the same family until the anomaly is either explained, repeated, or aged out. Class four, fault, applies when the residual matches a known signature from the fault library: a stuck actuator, a saturated sensor, a control-loop limit cycle, a power-rail sag, a thermal-derated channel. Fault classifications carry the matched signature identifier and trigger fault-handling mode for the affected subsystem; the unit's operational envelope contracts to exclude the failed channel, and the maintenance-event lineage is opened. Class five, adversarial-interference, applies when the residual matches a signature from the disruption-modeling library — GPS spoofing patterns, sensor-blinding signatures, coordinated input-injection patterns, cyber-physical actuator-override signatures. Adversarial classifications trigger the broadest response: expanded admissibility evaluation on all subsequent commands, cross-system alert broadcast through the credentialed peer mesh, and a governance-flagged audit record.

Operating Parameters

The classifier operates on a per-actuation cadence: every commanded effect produces exactly one classification, even when the classification is nominal. The noise-floor threshold separating expected-noise from anomaly is a per-channel, per-operating-mode parameter; it is not a single global value. Vehicle dynamics, manipulator dynamics, and energy-system dynamics each carry their own noise envelopes, and those envelopes themselves shift with operating regime — a wheel-slip channel has a different noise floor on dry pavement than on wet, and the noise model is selected by the operating-context observation that accompanies the actuation.

The fault library and the disruption-modeling library are both versioned, signed, and credentialed. Library updates require an authority signature appropriate to the deployment domain; a fleet-operator signature is sufficient to publish a new fault signature for a known actuator wear pattern, but a higher-tier credential is required to publish an adversarial signature, because adversarial classifications carry cross-system consequences. Each library entry carries a confidence floor; signatures below the floor are advisory and do not by themselves promote a residual into class four or five without corroborating evidence.

The classifier's output is itself signed and timestamped. The signature chains include the unit identity, the firmware version of the classifier, the version identifiers of the noise-floor model, fault library, and disruption-modeling library used at decision time, and the residual vector itself. This allows downstream consumers — the admissibility evaluator, the maintenance system, the cross-system alert mesh, and any post-incident reviewer — to reconstruct exactly why a given residual was placed in the class it was. Hysteresis is applied at class boundaries: a residual that oscillates near the noise-floor boundary does not flip between expected-noise and anomaly on every cycle, because doing so would generate spurious admissibility-weight oscillation. The hysteresis margin is a per-channel parameter selected to be small relative to the noise-floor magnitude.

Alternative Embodiments

The five-class taxonomy is the preferred embodiment but is not the only enumeration the architecture admits. A reduced three-class embodiment collapses nominal and expected-noise into a single benign class and collapses fault and adversarial-interference into a single intervention class; this reduced form is appropriate for low-criticality consumer deployments where the additional classes do not yield operational value commensurate with the audit overhead. An expanded seven-class embodiment splits anomaly into emerging-anomaly and persistent-anomaly, and splits adversarial-interference into attributable and unattributable variants; this expanded form is appropriate for defense and critical-infrastructure deployments where the attribution evidence chain is itself the operational product.

The classifier may be implemented as a deterministic rule engine over the residual vector, as a small supervised classifier trained against the libraries, or as a hybrid in which deterministic rules handle classes one, two, and four while a learned component handles the boundary between three and five. The hybrid is the preferred embodiment because the deterministic rules carry strong audit properties for the common cases and the learned component is reserved for the cases where signature matching is genuinely ambiguous. In all embodiments the classifier output must remain a discrete class label, never a soft distribution; downstream consumption rules depend on the discreteness.

The libraries themselves admit alternative provenance models. In a single-operator deployment, both libraries may be authored locally. In a fleet deployment, the fault library is typically authored by the fleet operator and the disruption-modeling library is typically authored by a higher authority such as an OEM cyber-security organization or a regulator. In a defense deployment, both libraries may be published by a credentialed authority and updates may be subject to operational-security gating that delays general distribution.

Composition With the Broader Architecture

Each classification is itself a credentialed observation and is therefore admissible into the same admissibility framework that gates actuation in the first place. Nominal classifications accumulate as positive evidence and increase the weight of subsequent same-family commands. Expected-noise classifications support trending analysis and feed the noise-floor model as it adapts. Anomaly classifications reduce admissibility weight and open investigation workflows. Fault classifications trigger maintenance-system entries and contract the operational envelope. Adversarial classifications trigger cross-system alerts and expand the admissibility envelope so that subsequent commands face additional scrutiny.

The confidence-governed actuation evaluator consumes the classification stream as one of its inputs alongside the operator-intent stream, the affective-state stream, and the policy-credential stream. Recent anomalies modulate admissibility weight downward; recent faults trigger operational-mode adjustments; recent adversarial classifications trigger expanded admissibility envelopes that may require a second credential to clear. This composition is what gives the architecture its characteristic property: every actuation decision is conditioned on an evidence-graded picture of how the prior actuations actually went.

Prior-Art Distinction

The architecture also differs from prior art in the granularity at which it makes the discrepancy decision. Prior fault-detection systems typically decide at the subsystem level, integrating residuals over time before declaring a fault; this latency is acceptable for slow physical-plant failures but produces substantial blind windows for fast-acting adversarial events. The taxonomy here decides per-actuation, on the residual produced by the immediate post-action sensor pass, with no integration delay, because the classification is itself a credentialed observation rather than a control-loop output. The integration that prior systems perform internally is performed here externally by the admissibility evaluator, which consumes the per-actuation classification stream and applies its own time-window aggregation as appropriate to the consuming policy.

Conventional fault-detection-and-isolation systems produce a binary fault-or-no-fault output and route faulted channels to a degraded-mode controller. Conventional anomaly-detection systems produce a continuous anomaly score and route high-score events to a human reviewer. Conventional intrusion-detection systems produce alerts on signature matches and route alerts to a security operations center. Each of these prior systems handles one slice of the discrepancy space and treats the slices as architecturally independent.

The taxonomy here is structurally different in two respects. First, it is exhaustive over the discrepancy space, so every residual receives exactly one classification rather than passing through three independent systems with three independent miss modes. Second, the classifications are credentialed observations that feed back into the same admissibility framework that authorized the actuation, closing the loop between authorization and outcome. Prior systems do not close that loop; they emit alerts to external operators and let the next authorization decision proceed without architectural awareness of the prior outcome.

Disclosure Scope

The disclosure covers the five-class taxonomy, the reduced and expanded enumerations as alternative embodiments, the credentialed-observation property of the classifier output, the composition of the classification stream with the admissibility framework, and the library-provenance models. It positions the primitive at the layer where autonomous systems have been operating with reconstructed-rather-than-architectural discrepancy awareness — a layer where prior practice has been to bolt anomaly, fault, and intrusion detection onto separate pipelines and then ask a human to reconcile their outputs after the fact. The architecture replaces that reconciliation with a single structural decision per actuation, made at the moment the residual is observed, with the evidence chain attached.

The scope further extends to the auxiliary mechanisms that make the taxonomy operationally tractable: the per-channel noise-floor model and its operating-mode selection table, the signed library distribution and revocation protocol, the hysteresis margin tuning procedure, and the procedure by which a previously unattributable anomaly is promoted into a fault or adversarial signature once corroborating evidence accumulates. The promotion procedure is itself credentialed and produces a new library entry that, once published, retroactively re-classifies historical anomalies of the matching pattern for purposes of trend analysis without altering the original classification record. This dual-record property — preserving the original classification while recording the retrospective re-classification — is part of the audit-grade discipline that distinguishes the architecture from learning-system approaches in which library updates silently rewrite historical interpretation. The disclosed scope contemplates fixed-wing, rotary-wing, ground, surface, subsurface, and stationary deployments, and contemplates both single-unit and federated multi-unit configurations in which classification streams cross the credentialed peer mesh and are admitted into peer admissibility ledgers under the same credential rules that govern any other observation crossing the mesh.