Papers
Topics
Authors
Recent
Search
2000 character limit reached

Managed Autonomy at Runtime: Gear-Based Safety and Governance for Single- and Multi-Agent Cyber-Physical Systems

Published 1 Jul 2026 in cs.AI | (2607.00334v1)

Abstract: Autonomous agents, whether LLM-driven software agents or robotic physical agents, face a common class of failure modes when operating without continuous human oversight: safety violations from unverified actions, behavioral instability from unconstrained loops, and continuity loss from unhandled error states. We develop \system{}, a discrete-time control system that combines five execution gears (\Gobs{}, \Gsug{}, \Gplan{}, \Gexec{}, \Gint{}) with utility-gated dispatch and event-driven fallback. For the single-agent case, we prove monotonic stability, execution safety, eventual stabilization, fallback completeness, and equivalence to a gear-constrained Markov decision process. For multi-agent cyber-physical systems (CPS), we apply the established \smart{} managed-autonomy lifecycle and map runtime evidence into its four governance states (\Stable{}/\Meta{}/\Assisted{}/\Regulated{}). Consensus gating, swarm-level Lyapunov analysis, per-agent gear authority, and rendezvous control provide distributed safety and stability guarantees, including zero collision under the stated assumptions. We evaluate the resulting runtime on a three-agent UR5 robotic assembly cell using fault magnitudes calibrated from the NIST \emph{Degradation Measurement of Robot Arm Position Accuracy} dataset across 10,000 Monte Carlo episodes. It achieves a 99.6\% anomaly detection rate versus 2.1\% for the single-agent baseline, reduces detection latency by $3.5\times$, and supplies a formal physical-workspace safety certificate. The execution gears act as micro-level permissions beneath the \smart{} runtime governance states, separating action control from autonomy governance.

Summary

  • The paper introduces EntropyRuntime, a closed-loop control architecture that uses discrete gear states to dynamically restrict agent actions for enhanced safety.
  • It details a utility-gated execution and event-driven fallback mechanism that significantly improves anomaly detection and reduces operational latency.
  • Empirical results on a UR5 robotic cell show a 47.7× anomaly detection improvement and a 3.5× reduction in detection latency compared to baseline methods.

Managed Autonomy at Runtime: Gear-Based Safety and Governance for Cyber-Physical Agents

Problem Motivation and Contributions

Autonomous agents, ranging from LLM-driven software to networked robotic systems, present critical challenges in runtime safety, behavioral stability, and resilient error handling, with risk magnified in multi-agent cyber-physical systems (CPS) due to distributed coordination and the potential for cascading failures. Existing approaches typically grant autonomy in a binary, static manner lacking principled mechanisms for dynamic, evidence-driven modulation of agent authority and action scope at runtime.

This paper introduces EntropyRuntime, a closed-loop control architecture embedding dynamic "gears"—discrete execution states restricting the agent’s available actions—combined with utility-gated dispatch and event-driven fallback. Action-level enforcement is layered beneath the established SMARt four-state managed-autonomy lifecycle ("Stable/Meta-Cognitive/Assisted/Regulated"), ensuring runtime safety, monotonic stability, and certifiability both in single-agent and multi-agent regimes. The framework is formally connected to the Markov decision process (MDP) family and validated on a UR5 robotic assembly cell under fault and drift conditions derived from real (NIST) accuracy measurements, demonstrating a 47.7× anomaly detection improvement and a 3.5× reduction in detection latency versus single-agent baselines.

Technical Architecture

Gear-State Action Restriction

The core abstraction is a five-gear execution model:

  • G0G_0: Observe (read-only, safe hold)
  • G1G_1: Suggest (plan generation, no side effects)
  • G2G_2: Plan (bounded/reversible recovery or safe queries)
  • G3G_3: Execute (full action; side effects allowed)
  • G4G_4: Integrate (system-level coordination, reached only when all agents are independently at G3G_3)

Each gear GkG_k restricts the agent to a subset Ak\mathcal{A}_k of the global action space, acting as a micro-level permission layer specific to the agent runtime.

Utility-Gated Execution and Fallback

A utility function U:S×A→RU: \mathcal{S} \times \mathcal{A} \to \mathbb{R}, constructed as a weighted sum of task progress, safety, and cost, assigns an admissibility score to each candidate action. A utility gate with threshold θ\theta ensures that only actions with G1G_10 are actually dispatched. If all candidates are inadmissible, the event-driven fallback mechanism forces re-planning, gear de-escalation, or ultimately operational suspension pending external review.

Integration with SMARt Governance and Multi-Agent Coordination

For multi-agent settings, EntropyRuntime evidence is mapped into SMARt's runtime governance states via:

  • A consensus utility gate (joint execution permitted only if G1G_11)
  • Swarm-level Lyapunov analysis, certifying workspace stability and convergence
  • Per-agent gear authority
  • A rendezvous policy triple encoding explicit rules for recovery, action drain, and state resumption constraints

In this design, action control (via gears and gates) is architecturally separated from autonomy governance (via SMARt states), ensuring that delegation and revocation of authority can be tightly coupled to observable CPS evidence.

Formal Guarantees

Single-agent results:

  • Monotonic stability: The expected instability measure G1G_12 is non-increasing in expectation for all G1G_13.
  • Execution safety: No action is dispatched with G1G_14.
  • Eventual stabilization: The gear state converges almost surely to a fixed gear in finite time in stationary environments.
  • Fallback completeness: For any recoverable error state, at most G1G_15 gear descents are required to reach a safe (observation) state.
  • Representation theorem: EntropyRuntime policies correspond exactly to gear-constrained stationary MDP policies.

Multi-agent results:

  • Distributed execution safety: Consensus gating ensures that only globally safe sets of actions are ever dispatched, independent of communication delays.
  • Distributed monotonic stability: A swarm Lyapunov function G1G_16 is established, converging geometrically to a bound determined by process noise and fault severity.
  • Collision avoidance: Under declared architectural assumptions (actuator-level state isolation from sensor faults), the system guarantees zero physical collisions.
  • Feedback-coupled attenuation: Meta-Cognitive gears can strictly reduce error propagation via velocity scaling, a property not achievable with binary gates alone.

Empirical Evaluation

A three-agent Universal Robots UR5 cell was used to instantiate the framework, with real-world fault parameters and sensor drift profiles. Key outcome metrics over 10,000 Monte Carlo trials include:

  • Anomaly detection rate: 99.6% (governed runtime) vs. 2.1% (single-agent baseline)
  • Detection latency: 12.2 epochs vs. 43.1 epochs (G1G_17 improvement)
  • Collision rate: 0% in both cases (with formal certificate present only in governed runtime)
  • Audit trail production: 89.9% (governed runtime)

Ablation studies confirm that the risk threshold (mapping to SMARt states) is the decisive contributor to detection gain and latency reduction; consensus gating alone does not improve detection for otherwise undetectable (sensor-layer) anomalies. The framework’s separation of control and governance enables high throughput (83%) even under non-faulting agents, without compromising consensus safety.

Implications and Future Work

This work advances the state-of-the-art in runtime assurance for autonomous agents in several aspects:

  • Formally bridges runtime action-level enforcement and autonomy-governance lifecycles, enabling scalable CPS safety-certification without mandating post-hoc verification or reconstructive alignment.
  • Provides a direct, policy-compatible mapping to MDP and reinforcement learning paradigms, allowing application of standard RL techniques (value iteration, policy gradient, etc.) while preserving action-safety constraints.
  • Explicitly models and verifies the separation of physical control mechanisms and runtime authority transitions, which is critical for certifying shared workspaces in robotics and other safety-critical applications.

Future directions include: (1) automated or learned specification of the utility function from data and/or formal invariants; (2) extensions to support non-hierarchical or non-ordinal action scopes; (3) unified Lyapunov analysis spanning both single- and multi-agent regimes; (4) exploration of scalability and trade-offs in higher-density agent deployments; (5) adaptation to settings where actuator state is not isolated from sensor-driven faults.

Conclusion

EntropyRuntime delivers a modular, gear-based, utility-gated architecture enforcing runtime safety, stability, and fault recovery in both single- and multi-agent cyber-physical systems. The formal proofs, strong empirical results, and explicit separation of action control from autonomy governance establish a robust foundation for certifiable autonomous agent deployment in high-consequence domains. The framework’s generality, composability, and mathematical tractability suggest broad applicability, contingent on appropriate domain-specific calibration of utility functions, thresholds, and policy triples.


Reference: "Managed Autonomy at Runtime: Gear-Based Safety and Governance for Single- and Multi-Agent Cyber-Physical Systems" (2607.00334)

Paper to Video (Beta)

No one has generated a video about this paper yet.

Whiteboard

No one has generated a whiteboard explanation for this paper yet.

Open Problems

We haven't generated a list of open problems mentioned in this paper yet.

Collections

Sign up for free to add this paper to one or more collections.