Every governed action produces three cryptographically linked leaves. Not just "was it permitted" — but "did what happened match what was permitted." The gap between authorization and execution is measurable, auditable, and closed.
Most governance systems stop at authorization. They record that an action was permitted. But between permission and execution, anything can change — model drift, supply chain excursions, financial overshoot. The governance record says "permitted." Reality says something different. Without an execution witness, the gap is invisible.
A model authorized for deployment at safe parameters can drift during execution. The authorization leaf says "permitted." Reality says something different.
A shipment authorized under cold chain conditions can experience a temperature excursion. The authorization exists. The deviation does not appear without closed-loop capture.
A trading algorithm authorized within VaR limits can exceed them during a market event. Invisible without an execution witness.
Cross-leaf integrity. All three leaves are in the same transparency log. The log enforces linkage: an execution trace cannot be admitted without a valid parent authorization. A variance record cannot be admitted without both parent leaves present. No orphans. No fabricated execution data.
Type: AGTS_GOVERNANCE_ENVELOPE_V1
Contains: proof bundle, validator quorum signatures, Sovereign Authority signature, log binding.
Fires: after 3-of-4 validator quorum and Sovereign Authority signing
Type: AGTS_EXECUTION_TRACE_V1
Contains: post-execution H/C/E state, domain metrics hash, outcome pre-classification, parent_auth_leaf_hash.
Fires: after the authorized action executes
Type: AGTS_VARIANCE_RECORD_V1
Contains: per-observable deltas (ΔH, ΔC, ΔE), L2 distance, NOMINAL/DRIFT/BREACH classification, omega_breach flag.
Fires: after execution trace is admitted
The L2 distance between authorization state and execution state in the health-space [H, C, 1−E] determines the outcome:
| Classification | L2 Distance | Meaning | HCE Effect |
|---|---|---|---|
| NOMINAL | ≤ 0.05 | Execution matched authorized intent | +H +C −E (positive nudge) |
| DEVIATED | ≤ 0.20 | Measurable drift, within operational tolerance | −H −C +E (mild negative nudge) |
| BREACHED | > 0.20 | Execution exceeded authorized bounds | −−H −−C ++E (strong negative nudge) |
The five-gate validation correctly permitted the action — the system was healthy at authorization time. But the execution drove the state outside the admissible region. Without the closed loop, this breach is invisible. The log shows a valid authorization leaf and nothing else.
No access to the operator's systems. No proprietary data. Just the governance record in the public log, verifiable with standard SHA-256 and ECDSA operations.
Positive nudge — execution confirmed governance quality. Next authorization starts from a stronger baseline.
Mild negative nudge — operational tolerance but degrading. Governance tightens gradually.
Strong negative nudge. Three consecutive breaches trigger QUARANTINE — autonomous authorization suspended until remediated.
Iterative Refinement Cycle. The system learns from its own execution variance and adjusts its governance posture automatically. The feedback is one-directional and forward-only: variance from cycle N affects observables for cycle N+1. The append-only log guarantees no retroactive modification.
The Triple-Leaf Ledger is the only governance architecture that closes the gap
between authorization and execution — cryptographically, independently, in real time.