Mechanism
When the evidence-based capability gating system grants a capability based on accumulated performance evidence, the grant is not a one-time certification. The system continues to monitor the grantee's performance after the capability is unlocked. This continuous monitoring produces an evidence stream, and that stream is evaluated against a regression threshold: a defined performance floor below which the grantee's demonstrated competency is deemed insufficient to maintain the capability grant. The capability gate is therefore a continuous evaluation rather than a one-time assessment, and it may close again, revoking a previously granted capability, if ongoing performance evidence indicates that competency has degraded below the required threshold.
If subsequent performance falls below the regression threshold, the capability is automatically revoked, and the grantee must re-demonstrate competency through the same evidence-based pathway that originally granted the capability. The grantee does not opt into the revocation. The same capability gate that admitted the action stops admitting it. Revocation is protective: it keeps a capability grant aligned with demonstrated competency over time, rather than letting a stale certification stand as conditions change.
The Regression Threshold
The regression threshold is the performance floor that the post-grant evidence stream is checked against. Per the disclosure, it may be set at the same level as the original granting threshold, or at a lower level. Setting it lower provides a buffer against transient performance dips, so that a momentary lapse does not strip a capability that the grantee still substantially holds. Which of these applies is determined by the applicable policy configuration, not by the grantee and not by the language model.
Because the threshold is a policy-configured value, the conditions under which a capability is revoked are governed in the same way as the conditions under which it was granted. The performance floor is a property of the gating policy for the capability, and a change to that floor is a governed policy change attributable to a governance authority rather than an ad hoc runtime adjustment.
What a Regression Signals
A fall below the regression threshold can indicate skill decay, a change in the operating context, or gaming. The disclosed mechanism does not require the system to attribute the cause before acting: when subsequent performance falls below the floor, the capability is revoked regardless of which of these produced the decline. The revocation depends on the measured shortfall, not on a diagnosis of why the shortfall occurred.
The same continuous-monitoring discipline applies across the embodied and professional domains the gating subsystem serves. In the professional grooming domain, the capability gate monitors a worker's mastery evidence over time, detecting skill degradation and triggering re-assessment or remedial curriculum sequencing before the degradation affects operational performance. In the vehicle, robotics, and industrial domains, the gate continues to evaluate the operator after authorization and can restrict or halt the authorized action when ongoing performance no longer supports it.
Re-Demonstration and Cooldown
The revocation is not a permanent verdict. To regain the capability, the grantee re-demonstrates competency through the same evidence-based pathway that originally granted it. There is no separate or lighter recovery route; the path back is the path in.
Revocation may trigger a mandatory cooldown period during which the grantee may not re-apply for the capability. The cooldown exists so that the re-demonstration reflects genuine competency recovery rather than short-term performance variance: a grantee who dipped below the floor cannot immediately re-test and recapture the grant on a transient upswing. The asymmetry is structurally appropriate for a system that must avoid silent capability inflation while still permitting recovery.
Revocation in the Certification Token Lifecycle
Regression-driven revocation is one of the defined transitions in the certification token lifecycle. A certification token is a time-bounded, evidence-backed, cryptographically verifiable attestation that the holder demonstrated mastery of a capability at a specific point in time, under specific assessment conditions. Upon revocation, which may be triggered by evidence of mastery regression, incident reports, or governance intervention, the token is invalidated regardless of whether it has expired. The holder must then re-demonstrate mastery to obtain a new token, and the new token is issued with fresh evidence bindings. Each lifecycle transition, including revocation and revalidation, is recorded as a governed event in the holder's lineage.
Because the token carries an evidence hash and a policy scope, the gate that later refuses a revoked token is refusing it on the same evidentiary basis on which it was issued. Revocation invalidates the token regardless of whether it has expired, so a gate that evaluates the token thereafter treats it as no longer valid evidence of current mastery, and the holder must re-demonstrate mastery to obtain a new token.
Drift Detection and Evidence Decay
Regression detection works alongside a drift detection and decay layer that monitors the temporal evolution of demonstrated competence and the conditions under which competence was assessed. Drift detection identifies cases in which a learner's assessed competence is drifting downward over successive assessments, even when each individual assessment still satisfies the mastery threshold. This catches a slow decline that no single assessment would flag.
The decay layer applies decay functions that reduce the weight of evidence that is aging, that was produced under conditions that no longer obtain, or that is inconsistent with more recent evidence. Old evidence is progressively down-weighted in capability gating decisions, so the grantee must produce fresh evidence to maintain capability access. Drift detection and evidence decay address gradual erosion of the evidence base, while the regression threshold addresses a measured fall below the performance floor; together they keep a grant tied to current, rather than historical, competence.
Audit and Lineage
Every revocation is recorded. The system records the revocation event, the evidence that triggered it, and the performance trajectory leading to revocation in the grantee's lineage. An auditor reconstructing the history of a capability grant therefore finds the original qualifying evidence, the gating criteria under which it was granted, the post-grant evidence stream, the point at which performance crossed the regression threshold, the revocation event, and any re-demonstration that followed.
This recording is what makes a downgrade defensible on the merits rather than on assertion. A capability that was revoked mid-deployment can be examined against the recorded performance trajectory and the policy-configured threshold that was in force, and a capability that survived can be shown to have done so on the basis of recorded evidence. The structural property that delivers this is the discipline of writing every gating decision, grant and revocation alike, as a governed event in the lineage.
Disclosure Scope
Skill regression detection and capability revocation, comprising continuous post-grant performance monitoring, evaluation of the resulting evidence stream against a policy-configured regression threshold that may equal or sit below the original granting threshold, automatic revocation upon a fall below that threshold, re-demonstration of competency through the same evidence-based pathway that originally granted the capability, an optional mandatory cooldown period before re-application, and recording of the revocation event, its triggering evidence, and the leading performance trajectory in the grantee's lineage, is disclosed in the cognition filing (U.S. Application No. 19/647,395 and its international counterpart). This article describes that disclosed mechanism, together with its expression in the certification token lifecycle and its companion drift detection and evidence decay layer. The scope extends to the embodied and professional domains in which the same continuous-monitoring and revocation structure is applied, parameterized per the operating policy, where revocation depends on the measured shortfall rather than on attribution of its cause.
