Home > Work > Computable Trust Architecture
WHITE PAPER · RUNTIME AI GOVERNANCE

Computable Trust Architecture

A formal framework for runtime AI governance that treats trust as a computable, attributable, temporally valid, and policy-enforceable property of AI outputs and actions.

John DeRudder · Independent AI Governance Researcher · April 2026

Download White Paper View Reference Implementation
FRAMEWORK SUMMARY
TCS
Trust Computation System
TIS
Trust Integrity Score
TC
Trust Certificate
108
Specification tests in Phase 1

The Problem

Enterprise AI governance is often strongest in policy language and weakest at runtime enforcement. Organizations can define principles, approval workflows, risk registers, and audit requirements, but those controls frequently sit outside the exact moment where an AI output becomes an action.

Computable Trust Architecture addresses that gap by defining a runtime governance architecture that can compute trust, enforce policy, and produce evidence at the point of action.

Core Contribution

The paper introduces a formal architecture for making trust computable and enforceable in AI-mediated workflows. Its reference implementation, the Trust Computation System, computes a Trust Integrity Score and produces a tamper-evident Trust Certificate for governed AI outputs and actions.

Computable Trust Architecture

The architectural pattern for computing, enforcing, and recording trust across AI systems at runtime.

Trust Computation System

The reference implementation that evaluates outputs, resolves policy, computes trust, and issues governance decisions.

Trust Integrity Score

A formal score that reflects governed trust across boundedness, attribution, compliance, knownness, policy penalties, and temporal decay.

Trust Certificate

A hash-chained governance artifact that records the evaluated trust state, decision result, identity binding, and audit integrity fields.

The BACK Governance Model

The framework decomposes trust into four governed dimensions. These are not abstract principles. They are evaluable dimensions that contribute to the trust computation.

  • Boundedness: Whether the output stays within authorized scope, identity tier, and permission boundaries.
  • Attribution: Whether the output is traceable to verified, versioned, and permissioned sources.
  • Compliance: Whether the output conforms to active policy, regulatory requirements, and operational constraints.
  • Known: Whether the system's expressed confidence is calibrated against the reliability of its inputs.

Runtime Enforcement Pattern

TCS is designed as a governance sidecar that can operate at trust boundaries without requiring model modification, model retraining, or major orchestration changes. The sidecar evaluates context, computes trust, produces a certificate, and returns an enforcement decision.

User / Agent Request
        |
        v
Governed Context Assembly
        |
        v
Trust Evaluation Engine
        |
        +--> Boundedness
        +--> Attribution
        +--> Compliance
        +--> Known
        |
        v
Trust Integrity Score
        |
        v
Trust Certificate
        |
        v
Enforcement Decision
ALLOW
HOLD
ESCALATE
STOP
OBSERVE

Why It Matters

As enterprises move from AI pilots to agentic workflows, the governance problem changes. The key question is no longer only whether a model was approved. It is whether a specific output, under a specific context, for a specific user, action class, data source, and risk tier, should be allowed to proceed.

This becomes especially important in regulated environments where organizations need auditable evidence, not just policy intent.

  • Financial services and investment workflows
  • Healthcare and clinical decision support
  • RAG pipelines using governed enterprise data
  • MCP-connected tools and agentic systems
  • Enterprise AI workflows requiring audit-ready governance evidence

Reference Implementation

The white paper describes a reference implementation with deterministic trust computation, governed context assembly, Trust Certificate generation, decision enforcement, and sidecar runtime capabilities.

The implementation includes Phase 1 specification unit tests and a FastAPI sidecar demonstration across controlled financial services and healthcare governance scenarios.

Scope note: The evaluation examples are controlled reference scenarios and synthetic shadow-mode tests. They are not presented as third-party production deployments or independent compliance certifications.

Technology and Governance Concepts

Runtime AI Governance Computable Trust Trust Certificates Trust Integrity Score Governed Context Architecture MCP Governance Agentic AI Controls RAG Governance Audit Integrity Policy Enforcement Financial Services Healthcare AI

Download the White Paper

Computable Trust Architecture: A Formal Framework for Runtime AI Governance

John DeRudder, Independent AI Governance Researcher, April 2026

The paper presents the formal framework, reference implementation, trust computation model, Trust Certificate structure, MCP governance rules, Trust Dynamics, and regulated-domain evaluation scenarios.

Download White Paper Discuss Runtime Governance
← Back to All Work
NEXT STEPS

Interested in Runtime AI Governance?

Let's discuss computable trust, AI governance sidecars, agentic AI controls, or regulated enterprise AI deployment.

Start a Conversation