From "Did it happen?" → "Was it legitimate?" → "Was the authority itself legitimate?"
Applications sit at the top. When an AI agent or automated system attempts a regulated action, the request passes down through the stack. Each layer adds a legitimacy proof. The result is a cryptographically verifiable record proving the action was authorized by legitimate authority, valid at execution time, handled correctly, and durable.
Layer 1: APEX — Authority Provenance
Is the policy authority itself legitimate? APEX validates the cryptographic authority chain, delegation verification, and authority continuity. No policy can govern unless the authority behind it is provably legitimate. USPTO 64/016,842.
Layer 2: ULA — Unified Legitimacy Arbiter
Is legitimacy unanimous across all layers? One chain, one clock, one verdict. The ULA collects per-module verdicts and applies the unanimity rule: strictest wins, one dissent blocks. The system cannot be partially legitimate.
Layer 3: CLV + PCR — Continuous Validation & Real-Time Revocation
Does authorization remain valid under changing conditions? CLV detects policy drift via heartbeat, measures constraint sufficiency, and checks outcome coherence. PCR pushes invalidation signals to active gate tokens and interrupts in-flight actions at commit boundaries before they cross the irreversibility boundary.
Layer 4: Legitimacy Modules
Four dimensions, each closing one legitimacy gap:
👤 CQ Engine — Human Legitimacy
Scores authorization quality. Distinguishes informed review from rubber stamps. GQS (0-100) embedded in every seal. Below 35 = RUBBER_STAMP, seal blocked.
⚡ LAB + IAW — Execution Legitimacy
Live Authority Binding locks execution to the policy at the moment it runs. Inference Attestation Wrapper issues pre/post receipt pairs for every LLM call.
🔗 CPE Proof — Data Legitimacy
Four-event custody chain: Dispatch → Transit → Collection → Purge. Four privacy profiles with enforced constraints.
🛡️ PQ Hybrid — Time Legitimacy
ECDSA-P256 + CRYSTALS-Dilithium composite signatures. Three strategies. 10+ year archival grade.
Layer 5: ELP Core — Execution Legitimacy Protocol
The kernel. RAC engine, deterministic state machine, append-only receipt chain, authority matrix enforcement, evidence bundle export. Execution is blocked — not logged — until the receipt is issued. USPTO 64/014,627.
Layer 6: Cryptographic Foundation
SHA-256 hash chains with prior-receipt linkage. Ed25519 and ECDSA-P256 digital signatures. HSM/KMS signing infrastructure (FIPS 140-2 Level 3). CRYSTALS-Dilithium post-quantum composite. Deterministic offline verification.