ControlArchitectural inferencev1.10.0
Execution-Time Alignment Boundaries
Evidence levelArchitectural inference
Several reports argue that controls inside the same runtime as the candidate are weaker than controls on a separate structural path. Cognivirus translates this into the control-plane rule: authorization must be outside the candidate’s reachable state.
The boundary
A strong boundary separates candidate reasoning from authorization. The candidate may request an action; the external control plane verifies identity, policy, evidence, permissions, and risk before the action happens. If the control plane is unavailable, the system fails closed.
Four control properties
| Property | Purpose |
|---|---|
| Process separation | Candidate cannot rewrite or deprecate the authority that constrains it. |
| Pre-action enforcement | Consequential actions pass through the gate before execution. |
| Fail-closed default | Control-plane failure does not become permission. |
| Signed evidence | Major actions produce verifiable records outside candidate control. |
Practical caveat
Execution-time control does not solve all risk. It can be misconfigured, captured, bypassed through humans, or applied to the wrong transition. It reduces one class of failure: candidate-controlled authorization.