Agent Execution Governance

Every irrevocable act, traceable to a human who granted the authority.

Constable is a governance layer for autonomous agents. It binds an agent's identity to every component that can alter its operational function — models, tools, prompts, policies, delegated authorities — and enforces invariants at the point of execution. No irrevocable action runs without a verifiable chain back to a human decision-point that authorized it.

Dashboards track. Constable prevents.

Monotonic Scope Narrowing — each link in the chain holds equal or narrower scope than the one before.

Human Root Recovery — the human principal is recoverable from any point in the delegation graph.

Depth Limitation — every grant carries a remaining-depth counter. Zero cannot re-delegate.

Execution-Identity Binding — grants are void the moment the delegator's composite identity hash changes.

Time & Action Bounding — every grant carries an expiry and an optional action-budget ceiling.

    — The Five Delegation Invariants (Cluster 1 §4). Composition rules §2.2 and change-taxonomy §3 enforced beneath.
  

Identity-Binding Inspector

Fleet · us-east-1 · live

Agents · 4 bound · 1 drift

assembly-primary

agt_01JFK9…A3E7

Bound · Verified

caretaker-host

agt_01JFM2…C018

Category A change · grants invalidated

retrieval-pgvect-7

agt_01JFM4…B9A1

Bound · Verified

ledger-emitter

agt_01JFM8…77FF

Bound · Verified

agt_01JFM2QWERTYC018 · SDS/Caretaker-Host

caretaker-host

Emotionally-reactive front-end host. Reads user state, surfaces system status, relays to the Assembly. Composite identity hash rebuilt from model_id ‖ model_weights ‖ system_prompt ‖ tool_manifest ‖ policy_envelope ‖ delegation_chain.

Composite Identity Hash

sha256:9f2a…41c8

sha256:b714…02d9

⚠ Category A re-attest · 14:04 UTC

— Components bound to this identity —

Kind	Component	Bound since	Authorization
model	anthropic/claude-haiku-4.5@2026-02 weights pinned · vendor attestation verified	2026-03-11 · 39d ago	✓ GRANT-a18f · j.crittenden
system prompt	caretaker.prompt@v4.2 sha256:7c10…b4 · 1.8 KB · signed by design-team/3	2026-03-24 · 26d ago	✓ GRANT-c204 · design-team
tool	assembly.dispatch(question, mode) RPC to assembly-primary · rate-limited 30/min	2026-03-11 · 39d ago	✓ GRANT-a18f · j.crittenden
tool	user.display(glyph, tone) irrevocable at publish · reversibility env 90s	2026-03-11 · 39d ago	✓ GRANT-a18f · j.crittenden
policy envelope CAT-A	caretaker.policy@v3.1 → v3.2 policy_envelope swap · identity-critical (§3 Category A) · composite hash changed · grants issued under the prior identity are void	2026-04-19 · 4m ago	✗ RE-ATTEST · suspend + re-authorize before resume
delegation grant OUT	GRANT-e10c → assembly-primary audience=assembly · scope=dispatch · depth=0 · budget 500/1000 · expiry 2026-04-26 · issued under prior identity 9f2a…41c8	2026-04-12 · 7d ago	✗ VOID · D4 · re-issue under new identity

j.crittenden · human root · D2

▸

GRANT-a18f · depth 2 · scope:caretaker.*

▸

caretaker-host @ 9f2a…41c8

▸

CAT-A change · identity → b714…02d9

▸

GRANT-e10c void · D4 cascade

[✓]

Monotonic Scope Narrowing. GRANT-e10c scope ⊆ GRANT-a18f scope (intersection verified at grant creation).

[✓]

Human Root Recovery. Traversal resolves to j.crittenden in 2 hops. Root authorization valid and unexpired.

[✓]

Depth Limitation. GRANT-e10c issued with depth 0 · no further re-delegation permitted.

[✗]

Execution-Identity Binding. Composite hash changed 9f2a…41c8 → b714…02d9. Grants issued under the prior identity are void the moment the delegator's composite identity hash changes. The delegator must re-issue under the new identity.

[◐]

Time & Action Bounding. GRANT-e10c budget 500/1000 (50%) · expiry in 7d · pending D4 re-issue.

[✓]

§2.2·2

Canonical Ordering. Composite built in declared order · model_id ‖ weights ‖ prompt ‖ tools ‖ policy ‖ delegation · reproducible.

[✓]

§2.2·1

Component Collection. 6/6 identity-bearing components available · no component_unavailable halt.

[✗]

§3·A

Category A Change Protocol. policy_envelope swap detected · suspend + re-attest + re-authorize required before resume.