Certified Purity Architecture for Cognitive Workflow Executors
A new architecture enforces governance in cognitive workflow systems through structural capability boundaries rather than runtime conventions. The prior three-layer governance model relied on a pure module constraint enforced by import graph analysis, which proved insufficient against adversarial bypass on the BEAM virtual machine. The proposed solution introduces four mechanisms: a restricted WebAssembly compilation target that eliminates effect-producing instructions; cryptographic purity certificates binding executor binaries to import classifications; a runtime verification gate rejecting uncertified executors; and portable attestation. This work addresses governance completeness, provenance completeness, and the impossibility of ungoverned effects.
Key facts
- arXiv:2605.01037v2
- Published on arXiv
- Cross announcement type
- Three-layer governance architecture previously proposed
- Pure module constraint enforced by import graph analysis
- BEAM virtual machine vulnerable to adversarial bypass
- Four mechanisms: WebAssembly target, purity certificates, runtime verification gate, portable attestation
- Goal: structural capability boundary for governance enforcement
Entities
Institutions
- arXiv