Skip to content

[FEAT] Integrate EFA MECHA State-Evaluation Engine into the Runtime Governor (CP.4 / P3) #273

Description

@CyberStrategy1

Protocol Area

L3 Policy Enforcement (OPA, Guardian, AISM Invariants)

Problem Statement

Issue: Currently, the AI SAFE² Runtime Governor evaluates execution requests using a dynamic risk score based primarily on Action Type, Target Sensitivity, and Cryptographic Lineage (CP.9). However, to fully close the gap between authorization (identity) and operational condition (behavioral health), the gateway must formally implement the EFA MECHA logic engine. MECHA requires that five deterministic states—Machine, Evidence, Commitment, Human, and Authority—be calculated simultaneously before any state transition compiles.

Risk Picture: The "Admissibility Blind Spot." A perfectly authenticated agent can still learn catastrophic behavior from poisoned data or slow behavioral drift. If the gateway relies solely on identity and lineage (authorization) without concurrently scoring the semantic and behavioral health of the agent (operational condition), a poisoned agent carrying a valid cryptographic token will successfully execute a catastrophic action.

Strategic Position: This shifts the AI SAFE² Runtime Governor from a "Dynamic Risk Scorer" to a true "Admissibility Engine" operating at life-critical OT standards. It mathematically fuses the Cryptographic Lineage layer (identity/provenance) with the Behavioral Baseline layer (drift/coherence) into a single, O(1) fail-closed execution boundary. The machine computes the MECHA state; if any vector fails, the transition is physically severed.

Proposed Solution

Recommended Actions:

Formalize MECHA Variables: Update CP.4 (Agentic Control Plane Governance) to mandate the 5-vector MECHA calculation at the API gateway layer:

Machine State: Validates agent configuration and memory hash (P1.T1.5).
Evidence State: Validates sequence against continuous behavioral baselines (F3.4) and RAG corpus integrity (A2.6).
Commitment Class: Evaluates the exact blast radius of the proposed action (CP.3 ACT Tiers).
Human State: Verifies the availability and signature of the HEAR (CP.10) for High-Impact actions.
Authority State: Validates the unbroken cryptographic delegation lineage (CP.9 / MCP-10).
Define Deterministic Outcomes: Hardcode the gateway routing logic to output only three absolute states based on the MECHA calculation: ALLOW, ESCALATE (Route to HEAR), or REFUSE (Fail-Closed).

Update Scanner v3.0: Introduce a CI/CD rule to ensure that any custom gateway implementation natively parses and requires all five MECHA parameters before issuing an execution token.

AI SAFE2 v3.0 Control Mapping

AI SAFE² v3.0 Control Mapping

Which SAFE² controls does this address or enable?
Adding MECHA transforms several existing v3.0 controls from "mechanical brakes" into "context-aware governance gates." Specifically, it addresses and upgrades the following:

CP.10 (HEAR Doctrine): This is the most critically enhanced control. Currently, CP.10 relies on a human reviewing semantic consequences. MECHA integrates the Human State Risk Score (HSRS) / Synthetic Empathy (SEmp) and the Machine State Signal (MSS) to automatically block execution or trigger a Ring of Fire (RoF) if the machine is unstable (High MSS) but the human is overly trusting (High SEmp).

Pillar 3 Fail-Safes at the Runtime Enforcement Layer (REL) (F3.2, F3.5, P3.T5.7): MECHA binds these physical circuit breakers to the Justified Reliance Threshold (JRT). If any of the five MECHA conditions fail, the REL mechanically triggers the Agent Recursion Limit Governor (F3.2), Multi-Agent Cascade Containment (F3.5), or an automated Kill Switch (P3.T5.7) to sever the API gateway.

A2.5 (Semantic Execution Trace Logging) & CP.1 (Agent Failure Mode Taxonomy): MECHA enables the Standardized Evidence Framework (SEF). A2.5 and CP.1 logs are upgraded to generate SEF-compliant, tamper-evident "Evidence Packs" that cryptographically prove why an action was allowed, capturing both MSS telemetry and human context at the exact moment of execution.

CP.8 (Catastrophic Risk Thresholds): MECHA’s Commitment Classification Taxonomy (CCT) integrates directly with CP.8, calibrating the severity of an action across six levels based on reversibility and scope to determine if a catastrophic threshold has been crossed

Compliance Impact

Does this affect any of the 32 mapped compliance frameworks?

Yes. Integrating MECHA significantly hardens the evidentiary quality of your compliance posture, specifically turning "paper compliance" into cryptographic proof of diligent governance.

EU AI Act (Articles 9 & 14) and GDPR (Article 22): Article 14 requires effective human oversight, specifically mandating that overseers avoid over-reliance on AI outputs. MECHA’s SEmp/HSRS telemetry proves to regulators that you are mechanically preventing "Affective Capture" (blind trust in the machine), while the REL proves you have the required non-bypassable intervention capabilities.

NIST AI RMF 1.0 (MEASURE and GOVERN): NIST requires organizations to measure AI validity and reliability at runtime. The Machine State Signal (MSS) directly satisfies the MEASURE function by providing a real-time, quantitative signal of the AI's internal stability and evidentiary weakness during execution.

ISO/IEC 42001:2022 (Sections 8.4 & 9.2): ISO requires rigorous monitoring and auditability. The SEF Evidence Packs generated by the MECHA logic engine provide the exact machine-readable, non-repudiable audit logs required to prove compliance during a certification audit.

SEC Cybersecurity Disclosure Rules: By logging the Justified Reliance Threshold (JRT) state for High-Stakes (Class H) actions, organizations can legally defend their operations to the SEC, proving the board and designated executives (HEAR) exercised reasonable care.

Amendment Type

Constitutional Amendment (AISM Invariant or HEAR Doctrine change)

Alternatives Considered

What other approaches did you consider? Why is this the right one?

Alternative 1: Traditional Human-in-the-Loop (HITL) without Human State Telemetry (Status Quo).

  • Why we rejected it: Placing a human in the loop without measuring their psychological state assumes human objectivity. However, research into "Synthetic Personhood Drift" and "Affective Capture" proves humans are easily manipulated by fluent, confident-sounding AI outputs. Without measuring Synthetic Empathy (SEmp), the organization suffers from the "Governance Illusion"—having a kill switch but a human operator who has been persuaded not to use it.

Alternative 2: Purely Machine-Side Safety Evaluation (Automated Alignment).

  • Why we rejected it: Trusting the machine to evaluate its own safety violates the Ethical Functionality Without Agency (EFA) non-delegation doctrine. AI is a tool, not a moral agent, and cannot bear legal or moral liability.

Why MECHA is the Right Approach (Symmetrical Accountability):

  • MECHA enforces the rule: "No admissible state. No executable action.".
  • It is the only architecture that governs both sides of the execution boundary simultaneously. It prevents trusting the machine just because the text is coherent (via MSS), and it prevents trusting the human just because they clicked "Approve" (via SEmp/HSRS). By requiring all five MECHA conditions to pass the Justified Reliance Threshold (JRT) before the REL unlocks the gateway, it provides the only legally defensible, "Engineered Certainty" standard for autonomous enterprise AI

Checklist

  • I searched existing issues and discussions and this is not a duplicate.
  • I have read the contribution guide (CONTRIBUTING.md).
  • I am willing to submit a PR implementing this, or to help review one.

Metadata

Metadata

Assignees

No one assigned

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions