Proof-carrying governance turns a compliance claim into a deterministic program a regulator can run themselves and reach the identical verdict. That sentence is short on purpose. Everything below explains why the framework’s L7 is built around it and what changes the moment governance stops being a document and starts being a proof.
The shape of the problem
Most software governance pipelines end at an audit log. Logs are evidence the system thinks it behaved correctly. The auditor reads the log, asks for clarifications, walks through reproducibility caveats, and eventually signs something. The chain of trust is human attention plus narrative reconstruction. It works, mostly, until something is contested. Then the asymmetry shows: the operator has access to the system, the regulator has access to the document.
Determinism alone does not close that gap. A bit-identical replay of L1–L6 proves what the system did. It does not prove the system did the correct thing under a stated policy. That step — from “this is what happened” to “this satisfies the rule we agreed on” — is what L7 specifies.
Proof-carrying governance is a deterministic program over committed evidence that produces a cryptographically verifiable claim about whether a stated policy was satisfied. The proof is independently recomputable: any party with the evidence and the policy reaches the identical verdict, byte for byte.
What the layer below provides
L7 is the topmost layer of the Axioma framework, and it composes on what L1 through L6 already commit. The substrate (L1) hashes deterministically. The state machine (L2) emits health events with no fault-propagation ambiguity. The Oracle Boundary (L3) marks every entry of non-determinism with a typed admission record. Policy evaluation (L4) records every admit/deny decision against the operational envelope. The agent surface (L5) gates actions. The audit ledger (L6) commits the whole sequence to a Merkle structure with bit-identical replay.
By the time L7 looks at the trace, it is reading a sequence of cryptographically committed records, each one referring to the previous by hash. Nothing it sees is reconstructed; everything is cited.
That changes what governance can look like. Instead of “did this system satisfy the policy”, the question becomes “does this policy, evaluated as a program over these specific records, return true”. Same input, same policy, same result, anywhere it runs.
What a proof actually is
The framework calls the canonical record AX:PROOF:v1. Its construction is mechanical: take the policy as a deterministic program, take the evidence as a set of L6 ledger citations, evaluate the program over the citations, commit the result. The output is a tamper-evident proof chain that any reader can recompute.
There are two things worth highlighting about the construction.
First, the policy is a program, not prose. A “must not exceed N watts during inference” policy is a function that reads the L6-committed power-trace evidence and returns a boolean. A reviewer can disagree with the policy, but they cannot disagree with whether the policy returned true or false on the evidence — that is a numerical fact, recomputable by anyone with the evidence and the policy source.
Second, the proof is a citation, not a copy. The evidence is committed to L6; the proof references it by hash. The proof package is small even when the evidence is large, and it does not require trusting the operator’s reproduction of the logs. The regulator pulls the L6 commitments directly, runs the policy, and confirms the verdict.
What this replaces
The behaviour replaced is the audit-log walkthrough. In the old model, the operator hands over logs and a written compliance argument; the regulator reads both and forms a judgement. The integrity of the conclusion depends on the regulator’s attention and on the operator’s honest reconstruction of the trace. There is no protocol for “you and I disagree on what the logs say” — only for “we disagree on what they mean”.
With proof-carrying governance the disagreement surface narrows. The logs are committed, so there is no question about what they say. The policy is a program, so there is no question about what it means. The verdict is the program’s return value. What can still be contested — and this matters — is whether the policy was the right policy. That is a legitimate disagreement and one that audit trails have always struggled to support. The proof structure makes it the only available disagreement.
Where this is hard
Two places.
First, policies have to be expressible as deterministic programs. “Behave reasonably” does not survive the translation. “Total inference budget per session does not exceed B” does. Some real-world regulations have wording that is genuinely ambiguous, and the work of writing them as programs is real engineering. The framework does not pretend otherwise.
Second, the evidence has to be committed in a form the policy can read. If a regulator wants to check that a model never produced output in a forbidden class, the output stream has to be in L6. If the output stream is summarised before commitment, the proof loses fidelity. The discipline is to commit raw evidence and let the policy program perform any aggregation.
Both problems are tractable. Neither disappears.
Why determinism is non-negotiable here
A non-deterministic governance program is not a proof. If running the same program over the same evidence can return different verdicts, the verdict is not a fact — it is a sample from a distribution. The whole construction collapses.
The Axioma framework’s substrate (L1) and arithmetic primitives (SRS-005) exist for exactly this reason: every operation that touches the proof has to produce the same bits on every platform that recomputes it. Fixed-point arithmetic, deterministic reduction order, canonicalised serialisation. Without those guarantees, the regulator’s recomputation diverges from the operator’s, and the conclusion is no longer independently verifiable.
This is the link between proof-carrying governance and the rest of the framework. L7 is not a separate concern bolted on top; it is what L1–L6 were built to support.
Frequently Asked Questions
What is proof-carrying governance?
Proof-carrying governance is a deterministic program over cryptographically committed evidence that produces an independently verifiable compliance verdict. The verdict is the program’s return value. Anyone with the evidence and the policy can recompute the same result, byte for byte. Disagreement collapses onto whether the policy was correctly stated, not whether the verdict follows.
How is a proof-carrying claim different from a signed audit log?
A signed audit log proves the log was not tampered with; a proof-carrying claim proves the policy returned true on the log. Signature attests to integrity. Proof attests to satisfaction. A regulator with a signed log still has to read it and form a judgement. A regulator with a proof recomputes the verdict.
Why doesn’t a regulator just rerun the model?
Rerunning the model proves reproducibility, not policy compliance. The framework’s L1–L6 already give bit-identical replay; that is execution integrity. Proof-carrying governance is the additional step that says “and the policy returns true over this trace”. A regulator who reruns the model and reads the output still needs a verdict step; the proof is that step.
What kinds of policies can be expressed this way?
Any policy that is a deterministic function of committed evidence. Resource budgets, output-class constraints, sequencing rules, and threshold conditions all translate cleanly. Subjective policies — “the system behaved reasonably” — do not. The forcing of policies into program form is the source of much of the value: ambiguity has to be resolved before the proof can be constructed.
What happens when the policy is wrong?
The proof still recomputes correctly; the verdict is still a fact about the policy as written. The disagreement moves upstream, to whether the policy as written captures the regulator’s intent. That disagreement is real and the framework does not pretend to dissolve it. It does isolate it from every other failure mode an audit trail can host.
Conclusion
Proof-carrying governance replaces the assertion-and-document model with a deterministic verdict any reader can recompute. The constraint is real: policies have to be expressible as programs, and evidence has to be committed in a form the program can read. As with any architectural approach, suitability depends on system requirements, risk classification, and regulatory context.