Reconstructive Authority Model: Runtime Execution Validity Under Partial Observability

TL;DR

The paper introduces the Reconstructive Authority Model (RAM), a framework for ensuring execution validity in autonomous systems under partial observability by reasoning over coverage and residuals.

Contribution

It formalizes RAM, proves its necessity, and demonstrates its effectiveness in achieving zero invalid execution rates through synthetic experiments.

Findings

RAM achieves zero invalid execution rates at all coverage levels.

Attestation alone has higher invalid execution rates, especially at low coverage.

RAM's coverage reasoning improves execution validity beyond traditional attestation methods.

Abstract

Autonomous systems increasingly operate under partial observability where execution-relevant state is never fully accessible. Existing governance mechanisms -- trusted execution environments, oracle-signed state proofs, cryptographic attestation -- enforce the integrity of computation and state projections. We show this is structurally insufficient: an authenticated projection of state is necessary but never sufficient for execution validity. We introduce the Reconstructive Authority Model (RAM), which separates integrity from coverage. RAM defines a reconstruction gate that reasons over an explicit coverage envelope -- comprising proven state, declared assumptions, and an acknowledged unobservable residual -- and permits execution only when coverage is adequate for the action class. When coverage is insufficient, RAM narrows privileges dynamically or fails closed. Attestation proves trust in measurement; RAM proves adequacy of what is measured. We formalize RAM, prove necessity via two theorems (attestation insufficiency and RAM necessity) and three corollaries, and present a hybrid RAM+Attestation architecture with privilege-narrowing. Synthetic experiments (N=100,000, seed=42) show RAM achieves zero invalid execution rates at all coverage levels. Attestation-based systems exhibit IER=0.423 at low coverage and IER=0.233 even at full coverage, the latter arising from undefined-state handling failures undetectable by integrity checks alone. This reframes execution validity as a coverage reconstruction problem, distinct from and complementary to integrity guarantees provided by attestation.