Official Reference: https://unifiedagencyarchitecture.org/
Reference Implementation Surface: https://github.com/NeoMythicWorks/uaa-reference-surface
Contact: governance@unifiedagencyarchitecture.org
Unified Agency Architecture (UAA) defines an execution-governance model in which:
- Capability is not authority
- Execution authority does not exist by default
- Authority must be derived at runtime and verified at execution
Unified Agency Architecture (UAA) is an execution-governance architecture in which execution authority is derived at runtime from admissibility under an active governing boundary.
It separates action generation from execution permission and requires that every path to effectuation pass through a control point where authorization is verified immediately before execution.
Execution authority does not exist by default.
Systems may generate actions, recommendations, or candidate operations, but no action is permitted to execute unless it is admissible under the active governing boundary and authorized for that specific execution attempt.
In conventional systems, execution authority is implicitly granted by system design.
- Actions generated by a system are typically executable by default
- Authority is inherited from configuration, roles, or placement
- Policy, monitoring, and evaluation operate around execution rather than determining whether execution is structurally possible
- Execution may proceed even when governance conditions are undefined, degraded, or bypassed
As a result, authority is assumed rather than constructed.
These systems may constrain, evaluate, or document behavior, but they do not determine whether execution authority exists at the point of effectuation.
Unified Agency Architecture eliminates this assumption.
Execution authority does not exist unless it is explicitly derived under an active governing regime and verified at required control points.
-
Non-Default Authority
No execution is permitted without explicit authorization. -
Admissibility Precedes Authority
All actions must be evaluated against a governing boundary before execution authority can exist. -
Fail-Closed Execution
If evaluation, artifact issuance, or verification fails, the system produces no effect. -
Artifact-Required Execution
Execution requires a valid authorization artifact bound to the specific attempt. -
Control Point Verification
Authorization is verified at the execution boundary, not assumed from upstream approval. -
No Effect on Block
Rejected or unverifiable actions produce zero side effects. -
Monotone Boundary
Constraints may tighten automatically but cannot relax without explicit override. -
Measurement Is Not Authority
Metrics, telemetry, and scores may inform constraint state but never grant execution permission.
All execution attempts follow this sequence:
request -> canonicalization -> boundary evaluation -> admissibility decision -> authorization artifact issuance -> control point verification -> execution or block
Execution is not valid unless this sequence completes successfully at the required enforcement point.
UAA separates:
- Capability: what a system can generate, propose, or prepare
- Authority: what is permitted to execute under the active governing regime
This separation is load-bearing. Capability alone never implies execution permission.
This repository provides a minimal reference surface for Unified Agency Architecture (UAA).
It is intended to make the architectural model inspectable and to demonstrate:
- boundary-based admissibility evaluation
- authorization artifact requirement
- verification at the execution boundary
- fail-closed enforcement behavior
- zero-effect blocking semantics
UAA is not a policy suggestion layer, prompt wrapper, or conventional access-control scheme. It defines an execution-governance layer.
Reference Surface v1.0
Formal paper in development for SSRN, Zenodo, and IEEE submission tracks.
Ashley Harris
Independent Researcher
Unified Agency Architecture