Trust-Slope Continuity Across Inference

Mechanism

The trust-slope mechanism treats trust as a property of an inference trajectory rather than of an individual inference call. At each transition the runtime emits a continuity record that names the predecessor record, the policy clauses consulted, the evidence admitted into the semantic state, the admit/reject/decompose decision, and the slope value carried forward into the successor. The slope is a signed scalar whose sign indicates whether the agent's recent transitions have been moving toward or away from the declared envelope of admissible behaviour and whose magnitude indicates the rate of that movement. The slope is therefore not a snapshot probability but a derivative computed over the chain.

Continuity is enforced structurally. Every continuity record carries a cryptographic anchor to its predecessor, so the chain is verifiable end-to-end. If a successor record cannot resolve its predecessor anchor - because a record was lost, because the agent was restarted without a clean fade, or because an external party attempted to splice an unrelated history into the chain - the runtime treats the situation as a continuity break. A break is not a soft warning; it is a structural event with two consequences. First, the slope is reset toward distrust by a configured penalty. Second, the broken transition is recorded as a rejection rather than admitted to the semantic state, so the agent does not act on the contested step.

Recovery from a break is asymmetric with the original accumulation. Trust accumulated over many admitted transitions is not restored simply by the absence of further violations; the runtime requires the admission of new evidence, evaluated against the policy reference, before the slope is permitted to climb back toward the prior level. This asymmetry is deliberate. Drift that has already corrupted a chain cannot be erased by silence, and a break that has already been recorded cannot be retroactively healed by later well-formed transitions.

Operating Parameters

The mechanism is parameterised along four axes. The first is the slope window. The slope is computed over a configurable number of recent transitions; shorter windows respond faster to drift but are noisier, longer windows are more stable but slower to react. The patent contemplates per-domain windows: a high-frequency trading agent may use a short window measured in tens of transitions, a therapeutic-companion agent may use a window measured in hundreds.

The second axis is the break-penalty schedule. A continuity break debits the slope by a configured amount that depends on the class of break - a lost predecessor anchor, a malformed record, a policy-reference mismatch, and a cryptographic failure are all distinct classes and may carry distinct penalties. The schedule is declared in the policy reference and cannot be edited by the agent's own outputs.

The third axis is the recovery evidence requirement. To climb the slope back across a configured threshold the agent must admit new evidence whose lineage anchors trace to sources declared in the policy reference as competent for the relevant constraint class. The evidence is evaluated by the semantic admissibility gate exactly as any other transition. The slope is permitted to rise only by the increment that the gate licenses; there is no path by which the agent rehabilitates itself by self-attestation.

The fourth axis is the quarantine threshold. When the slope crosses the configured threshold in the distrust direction, the agent is moved into the quarantined phase of the state-schema. From there the only exit is an operator-signed reset, and after the reset the slope is reinitialised at the cold-start value rather than restored to its pre-break level.

A fifth parameter governs the slope ceiling. The policy reference declares a maximum permissible slope value, beyond which further admitted transitions do not raise the slope. The ceiling exists to prevent unbounded accumulation of trust during long quiet periods, which would otherwise allow an agent to bank trust against future controversial transitions. The ceiling is not a defect in the chain; it is a deliberate structural feature that keeps the slope a measure of recent trajectory rather than of total tenure. Combined with the asymmetric recovery requirement, the ceiling means that trust is at all times bounded above by the configured ceiling and bounded below by the quarantine threshold, and the agent's operating slope is constrained to that interval.

Alternative Embodiments

In a multi-agent embodiment each peer maintains its own slope and the peers exchange continuity records across a shared bus; a break detected by any peer propagates a distrust event to all peers that depend on the broken chain. In an embodiment with hardware-attested execution, the continuity records are countersigned by a trusted module so that a break can be distinguished from a mere transport loss. In a regulated-medical embodiment the recovery evidence requirement is tightened so that human counter-signature is necessary for any climb past the operator-review threshold.

The mechanism may also be embodied with multiple slopes - one per constraint class - rather than a single scalar. In such embodiments a per-class slope tracks drift along, for example, factuality, safety, and goal-alignment axes independently, and a break on any axis suffices to trigger the quarantine transition. The structural property is preserved across embodiments: trust does not regenerate on its own, and the absence of further violations is not, by itself, evidence of trustworthiness.

A further embodiment maintains a public-facing slope distinct from the private operating slope. The public slope summarises the agent's trustworthiness for downstream consumers and is updated on a slower cadence and with greater conservatism than the operating slope; the operating slope governs admissibility internally. The two slopes are bound by the policy reference - the public slope cannot exceed the operating slope, and a sustained gap between the two is itself a reportable event - so that external presentations of trustworthiness cannot diverge from internal evidence. This embodiment supports regulatory regimes in which the agent must publish a trust attestation and in which that attestation must be defensible against an audit of the operating chain.

Composition

The trust-slope mechanism composes with the state-schema, the semantic admissibility gate, and the LLM-skill-gating pipeline. The slope is a field of every phase object in the schema, and the schema's quarantine transition is one of the consumers of the slope's threshold crossings. The admissibility gate consults the slope when evaluating candidate transitions; the same candidate may be admitted at a high slope and decomposed at a lower one. Skill gating reads the slope at composition time so that skills with high resource cost or high externality are unavailable when the slope is low, and skill chains that would commit irreversible effects are forbidden below the operator-review threshold.

The continuity record format is shared with the schema's phase records and the gate's admissibility records, and all three classes anchor into the same lineage. An external auditor can therefore reconstruct, for any segment of the agent's history, the slope trajectory, the breaks that occurred, the recovery evidence that was admitted, and the schema phases through which the agent passed. The composition makes the cognition architecture certifiable as a whole rather than as isolated components.

Distinction from Prior Art

Prior systems for evaluating the trustworthiness of generative outputs treat each output in isolation. A confidence score is attached to a single response, a safety classifier evaluates a single completion, a calibration probe is read at a single point. None of these constructs maintains a continuity chain, none of them imposes a structural break on a missing predecessor, and none of them imposes asymmetric recovery on a damaged history. As a consequence prior systems can be reset by a well-formed next response: a sequence of harmful outputs followed by a benign one is, to such systems, indistinguishable from a sequence of benign outputs.

The trust-slope mechanism differs structurally. It records the chain, it requires the chain to be verifiable, it reacts to breaks with a distrust event rather than a silent gap, and it requires positive evidence rather than mere quietude to recover. These structural properties cannot be obtained by tuning an isolated confidence score regardless of how the score is calibrated.

A second family of prior art - reputation systems used in distributed networks - tracks reputation across many interactions but treats reputation as a property of an identity rather than of a chain of inferences. A reputation system has no notion of a continuity record, no cryptographic predecessor anchor on each interaction, and no asymmetric recovery requirement; an identity that has accumulated reputation can spend it on controversial actions without the system recognising that the spending itself is a structural event. The trust-slope mechanism is not a reputation system; the slope is bound to the chain, not to the identity, and it cannot be banked against the identity's future controversial transitions.

Disclosure Scope

This disclosure covers the continuity record format and its predecessor-anchor field, the slope as a signed scalar derivative computed over a configurable window, the classification of continuity breaks and the schedule of distrust penalties, the asymmetric recovery requirement and its evidence-admission predicate, the quarantine threshold and the operator-signed reset that follows, the multi-axis embodiment in which independent slopes track distinct constraint classes, and the composition of the slope with the state-schema, the admissibility gate, and the skill-gating pipeline. The disclosure extends to software, hardware-attested, and hybrid embodiments provided that trust does not regenerate on its own and that recovery requires the admission of new evidence.

The disclosure further covers the slope ceiling and its role in preventing unbounded trust accumulation, the public/operating slope binding by which external attestations are kept defensible against the internal chain, the multi-agent peer propagation of distrust events across a shared continuity bus, and the per-class redundancy in evidence admission that defines what counts as independent recovery evidence. It covers the use of cryptographic predecessor anchors as the structural ground for break detection, the distinction in penalty schedule among lost-anchor, malformed-record, policy-mismatch, and cryptographic-failure breaks, and the rule that operator-signed resets reinitialise rather than restore the slope. The disclosure embraces embodiments in which the slope is consulted by the skill composer to gate high-cost or high-externality skills, embodiments in which the slope is consulted by the state-schema to compel a quarantine transition, and embodiments in which the slope is published on a slower cadence for downstream consumers, in each case preserving the structural property that the slope is a property of the chain, bound to its lineage, and not a property of an identity that can spend its accumulated trust at will.