Cognition-Authority-Execution Separation: Reasoning Cannot Authorize Action

Mechanism

The cognition stage produces a plan. A plan is a structured description of an intended action together with the reasoning trace that produced it: the inputs consulted, the alternatives considered, and the criteria under which the recited action was preferred. The cognition stage has no direct path to the execution surface. Its output is a plan object that is committed to the agent's lineage as a proposal and that bears no permission to act. Multiple cognition stages may run concurrently, may produce contradictory plans, and may revise their plans in response to new inputs without affecting the agent's actual behavior.

The authority stage evaluates plans against a permission structure. The permission structure is a set of grants, each of which describes a class of action, the principal entitled to perform actions in that class, the conditions under which the entitlement is active, and the evidentiary requirements that the principal must satisfy at the time of action. Authority evaluation produces a permission token bound to a specific plan, a specific principal, and a specific time window. The token does not perform the action; it permits the action to be performed by the execution stage if the execution stage independently confirms that the conditions remain satisfied at the moment of execution.

The execution stage performs the action. It accepts a plan and a permission token, verifies that the token applies to the plan, verifies that the principal possesses the competence the plan requires, verifies that the conditions recited in the token remain satisfied against current state, and only then commits the action. The verification is local to the execution surface and consults the agent's lineage and the surrounding state directly; it does not delegate to the authority stage to re-evaluate, and it does not delegate to the cognition stage to re-plan. If any verification fails, the execution does not proceed and the failure is recorded as a separate lineage event.

The competence demonstration is the structural requirement that distinguishes the construction from conventional capability-based access control. Competence is not a static property of the principal; it is a per-action property that the principal must demonstrate by exhibiting evidence that the specific action is within its capability envelope at the moment of action. The evidence may take the form of attested test outcomes, signed prior performances, or third-party certifications; the form is not fixed by the construction. What is fixed is that the execution stage will not proceed without the demonstration.

The authority demonstration is the parallel requirement on the permission side. The principal must exhibit evidence that the permission token was issued by a grantor with standing to issue tokens of that class, that the grant has not been revoked, and that the conditions recited in the grant are satisfied at the moment of action. Authority evidence and competence evidence are evaluated independently; failure on either dimension blocks execution.

The structural character of the separation is what distinguishes it from the procedural separation found in conventional review-based architectures. In a review-based architecture, the same code path computes a recommendation and then executes the recommendation, with a reviewer interposed by convention. The separation is enforced by the absence of a code path: cognition has no execution privilege, authority has no execution privilege, and execution has no planning or grant-issuance privilege. The privileges are partitioned across the three stages by construction.

Each stage commits its outputs to the agent's lineage. The cognition stage commits plans, the authority stage commits tokens, and the execution stage commits actions and verification outcomes. The lineage is append-only and cryptographically committed, providing an audit substrate that records the complete chain from intent through permission to action. An auditor can reconstruct, for any executed action, the plan that proposed it, the token that permitted it, and the verifications that gated it.

Operating Parameters

The principal operating parameters are the time windows associated with plans, tokens, and competence demonstrations. Plan windows govern how long a plan remains eligible for authority evaluation; tokens issued against an expired plan are invalid by construction. Token windows govern how long a permission remains exercisable; an execution attempt outside the window fails its verification regardless of the plan's status. Competence-demonstration windows govern how recently a competence attestation must have been produced for it to be acceptable to the execution stage. The three windows are independent and are sized to the operational characteristics of the action class.

The granularity of the permission structure is a second parameter. Coarse-grained grants permit broad classes of action under simple conditions; fine-grained grants restrict each action to specific instances under specific conditions. The construction admits arbitrary granularity but penalizes coarse grants by requiring the execution stage to verify the conditions in detail at the moment of action; coarse grants therefore shift verification cost to execution time without reducing the structural separation.

The competence-evidence policy is a third parameter. Embodiments may accept competence evidence from a single trusted attestor, from a quorum of independent attestors, or from a chain of attestations that cumulatively meet a threshold. Single-attestor policies minimize verification cost; quorum policies provide robustness against attestor compromise; chained policies admit attestations whose individual quality is below threshold but whose aggregate quality exceeds it.

The authority-evidence policy is the parallel parameter on the permission side. Single-grantor policies treat each grant as standing on its own; quorum policies require multiple grantors to concur; chained policies permit a grantor to delegate issuance authority along a path that the execution stage verifies at action time. Chained policies admit organizational structures where issuance authority is distributed but require the execution stage to retain enough state to verify the chain.

The audit-record format is a fourth parameter. The reference embodiment commits structured records that include the plan identifier, the token identifier, the verification outcomes, and the action's effect on state. Embodiments may extend the format to include the cognition trace, the authority-evaluation trace, or external context such as the inputs that triggered the cognition stage. The choice trades audit completeness against lineage volume.

The protocol is independent of the substrate on which the three stages run. Cognition may be performed by a learned model, by a deterministic planner, or by a human operator; authority may be evaluated by a rule engine, by a policy compiler, or by a human authorizer; execution may be performed by a software actuator, by a hardware effector, or by an external service. The structural separation is preserved across substrate combinations because it is a property of the lineage commitments, not a property of any particular implementation.

Alternative Embodiments

The reference embodiment runs the three stages as separate processes communicating only through the lineage. Embodiments contemplated under the Cognition Patent admit running the stages within a single address space provided the privileges are partitioned by capability rather than by process, with the execution stage holding capabilities that the cognition and authority stages cannot acquire. Single-address-space embodiments reduce communication overhead at the cost of relying on capability enforcement to maintain the separation.

The reference embodiment requires that the permission token be issued by an authority stage that runs after the cognition stage. Embodiments admit pre-issued tokens that authorize classes of plan rather than specific plans; the execution stage in such embodiments matches the plan against the class at action time. Pre-issued tokens are appropriate for high-frequency action classes where the cost of running the authority stage per plan is prohibitive; they strengthen the burden on the competence demonstration because the token itself does not certify plan-specific suitability.

Competence demonstration may be performed eagerly, with the principal accumulating attestations against future actions, or lazily, with the principal acquiring attestations on demand at the moment of intended action. Eager demonstration reduces action-time latency at the cost of attestation staleness; lazy demonstration provides freshness at the cost of latency and dependency on attestor availability.

The reference embodiment treats cognition outputs as advisory; the authority stage may accept or reject any plan. Embodiments admit binding cognition outputs in which the authority stage must permit any plan that satisfies a recited fitness predicate. Binding cognition is appropriate for domains where planning is the structurally hard problem and where the authority stage is intended to enforce only safety boundaries; the construction preserves the separation because the binding is expressed as a predicate on the plan rather than as a code path from cognition to execution.

Embodiments may compose multiple authority stages in series, each evaluating a distinct dimension of permission such as legal authority, organizational authority, and resource authority. The execution stage proceeds only if every authority stage has issued a valid token. Series composition admits complex permission structures without collapsing the separation because each authority stage is still independently incapable of executing.

Composition

The cognition-authority-execution separation composes with the memory-resident execution architecture as the structural surface that gates action against persistent semantic objects. The persistent objects hold the state that actions modify; the separation governs which actions may modify which objects under which conditions. The composition is direct: the authority stage's grants are expressed against the same semantic identifiers that name the persistent objects, and the execution stage's verifications consult the same lineage that the persistent objects commit their state to.

Composition with the keyless identity system arises in the principal-identification step of authority evaluation. The principal whose competence and authority must be demonstrated is identified by an identity hash on the keyless identity system's chain, and the demonstration consults the chain's lineage records to verify continuity. The separation construction does not need to maintain its own principal directory because the identity layer provides one structurally.

Composition with the dynamic indexing protocol arises when actions operate against indexed semantic flows. The execution stage's verification of state preconditions consults the index to determine the partition in which the affected flow currently resides, and the index's audit-required restructuring guarantees that the partition assignment observed at verification is the assignment that holds at action time. The separation construction therefore inherits the index's structural guarantees rather than maintaining its own.

Composition with downstream observability is direct. The lineage records emitted by the three stages provide a complete substrate for observability tools that track actions to their proposing plans and authorizing tokens. The construction supports retroactive analysis without requiring separate logging because the audit substrate is the same as the operational substrate; an action that did not produce a lineage record did not occur.

Prior-Art Boundary

The construction is bounded against three families of prior art. The first is capability-based access control in the lineage of KeyKOS, EROS, and seL4. These systems partition execution privilege through capabilities and prevent processes without a capability from invoking the operations the capability guards. The construction described here uses capability mechanisms within its execution stage where appropriate but adds two structural requirements that capability systems do not impose: the per-action competence demonstration and the per-action authority demonstration that depend on lineage-bound evidence rather than on the mere possession of a capability.

The second family is review-based and approval-based workflow systems, in which a reviewer authorizes actions proposed by a planner. These systems partition the authorization step procedurally but commonly run the planner and the executor within the same code path, with the reviewer interposed by convention. The construction described here partitions the privileges by construction across three stages, and the reviewer-equivalent authority stage cannot execute even if it wished to do so.

The third family is policy-based agent architectures, in which a policy engine constrains the actions that the agent may perform. These architectures typically place the policy engine within the agent's decision loop; the policy is consulted but the loop ultimately executes whatever the policy permits, leaving the structural separation between reasoning and action incomplete. The construction described here places the authority stage outside the cognition loop and the execution stage outside both, with lineage-bound communication being the only path between them.

Disclosure Scope

The disclosure under the Cognition Patent covers the three-stage separation construction, the per-action competence and authority demonstration requirements, the lineage-bound communication discipline between stages, the operating-parameter envelope including window sizing and granularity selection, the single-address-space and multi-process embodiments, the eager and lazy competence-demonstration variants, the binding-cognition variant, the series-composition of authority stages, and the composition surfaces with the persistent semantic objects, identity layer, and indexing layer. Embodiments that collapse any two of the three stages into a single privilege boundary, that omit the per-action demonstrations, or that substitute conventional review for the structural separation fall outside the scope of the disclosure as filed.