Cross-Domain Governance
No single authority plane governs the whole. That is the design problem.
Editor’s note: This article opens Phase IV of the series. Where Phase III built constitutional governance within a single authority plane, Phase IV stress-tests that architecture at the scale most work in this space never reaches: what happens when governed systems meet other governed systems, and neither’s constitution applies to the interaction. What follows is a sovereignty claim.
Two organisations deploy governed autonomous systems. Each has an authority graph. Each has a control-surface band evaluating every action before execution. Each satisfies the four requirements: authority is designed, composition is contracted, legibility traces decisions to their source, enforcement is structurally separate from cognition.
Their agents interact across an organisational boundary.
Neither system’s governance applies to the interaction. Organisation A’s control-surface band evaluates against A’s constitution. Organisation B’s band evaluates against B’s. At the seam between them, there is no constitution. There is no authority graph that maps the interaction. There is no composition contract that names whose invariants govern. The agents are individually governed. The interaction is not.
This is not a failure of the architecture. It is the architecture’s boundary condition. Phase III built constitutional governance for the governed domain. It did not build governance for the space between governed domains. That space is where production systems operate: across vendors, platforms, jurisdictions, and ownership structures. The architecture’s success within a single plane creates the conditions for the next governance challenge: how to federate authority without losing coherence.
The single-plane assumption
Phase III assumed a single authority plane without naming the assumption. One organisation designs the authority graph. One deployment seeds the composition contracts. One governance engine loads the full constitutional state. Delegation chains are verifiable because every grantor exists in the same graph. Legibility records are attributable because every finding references scopes and contracts the same engine evaluated. In the reference implementation: a single set of tables, a single engine, a single constitutional hierarchy.
This assumption is structural, not rhetorical. The governance engine constructs from a unified list of authority units, composition contracts, and constitutional layers. There is no mechanism in the architecture for handling authority granted by an external source the local engine did not seed. When a delegation chain crosses an organisational boundary, the receiving engine cannot validate it: the grantor does not exist in the local graph. When a legibility record arrives from an external domain, the local system can parse its structure but cannot verify its authority basis: the scope referenced is one the local engine has no record of.
This is where the decision advantage argument from Article 12 encounters its limit. Speed without latency holds within the plane: the local engine evaluates locally. Confidence without inspection holds within the plane: the local constitution constrains. Composability without negotiation holds within the plane: contracts are pre-defined between known agents. Cross the plane’s boundary and all three properties are suspended. The interaction falls back to coordination without governance: two systems exchange messages, and neither governs what the other decided.
What federation is not
Three false answers present themselves. Each is familiar. None is governance.
Federation is not centralisation. A single authority plane governing all domains is Phase III at a larger scale. It is achievable when one organisation owns all the agents. It is structurally impossible when the interacting systems belong to different organisations with different constitutional requirements, different risk tolerances, and different jurisdictional obligations. Centralisation eliminates sovereignty. The premise of Article 13 is that sovereignty persists.
Federation is not coordination. Orchestrating cross-domain traffic is what routing layers already do. A message broker that delivers requests between Organisation A and Organisation B has coordinated the interaction. It has not governed it. The orchestrator routes. It does not determine whose authority sanctioned the action, under what scope, or whether the action violated either party’s constitutional invariants. The series established this distinction across twelve articles. Coordination manages traffic. It does not govern authority.
Federation is not negotiation. Agents resolving authority conflicts at runtime is the emergent-order position the series defeated in Article 7. Without pre-established authority, locally rational agreements compound into global incoherence. Negotiation requires agents to interpret intent, weigh competing claims, and produce ad hoc resolutions. That is interpretation in the governance layer: the exact structural failure the series’ thesis prohibits. “Constraint precedes cognition” does not stop at the organisational boundary.
Centralisation eliminates sovereignty. Coordination ignores authority. Negotiation places interpretation in the governance layer. Federation is something else.
The sovereignty problem
When two constitutional layers meet, whose constitution governs the interaction?
The bilateral case makes the problem legible. Two sovereign systems, each with independent authority graphs, interact at a boundary. Organisation A’s agent requests something from Organisation B’s agent. A’s control-surface band evaluates the outbound action against A’s authority units, A’s composition contracts, A’s constitutional invariants. B’s control-surface band evaluates the inbound action against B’s authority units, B’s contracts, B’s invariants. Each evaluation is sound within its own constitutional context.
But what evaluates the interaction itself? Which system’s invariants apply at the seam? If A’s constitution permits and B’s constitution denies, the outcome is clear (the action does not proceed). But if both constitutions permit the interaction on different terms, with different conditions, under different scopes, the seam is governed by neither. Two individual permits do not constitute a governed interaction. They constitute two independent evaluations with no mechanism for ensuring the terms are compatible.
This is the composition problem from Article 9 elevated to the constitutional level. Article 9 asked: when two agents’ authority scopes overlap, which authority unit governs? The answer was the composition contract: a pre-defined instrument naming the resolution primitive (conjunction, disjunction, delegation, precedence) and the invariants that survive regardless of resolution. Article 13 asks the same question one level higher: when two constitutions overlap at an interaction boundary, which constitutional framework applies? The answer cannot be a composition contract within either framework, because neither framework has the authority to bind the other.
This is not an API contract. Organisations already have service-level agreements and interface specifications between them. Those contracts define shape: what can be called, in what format, with what latency guarantees. A composition contract defines authority: who is permitted to decide, under whose constitution, and what invariants survive regardless of the decision. The API contract says what the interface accepts. The composition contract says whose governance applies to the action the interface enables.
Constitutional hierarchy
If neither party can bind the other, and no external authority governs both, the resolution must be structural: a hierarchy that constrains without subordinating. Not a single authority plane that governs everything, but three tiers that together govern the federation while preserving each party’s constitutional integrity.
Global constitution. Invariants that hold across all federated domains regardless of domain-specific authority. These are minimal: they constrain conditions, not actions. The Agent Fabric’s implementation proves minimality is achievable. Two invariants seed the global constitution: no irreversible action without an audit trail, and no scope expansion under unconfirmed state. Neither constrains what an agent does. Both constrain the conditions under which it is permitted to act. A global constitution across organisational boundaries requires only that the federated parties agree on the conditions no action may violate. This is achievable precisely because the invariants are structural, not domain-specific.
Domain constitutions. Authority within a single organisational boundary. Each organisation designs its own authority graph, seeds its own contracts, operates its own governance engine. Domain constitutions inherit from the global constitution and cannot violate it: a domain contract that permits scope expansion under unconfirmed state is invalid regardless of the domain’s internal authority to define its own rules. Validity flows downward. Constraints flow upward.
Pairwise contracts. The resolution at specific federation seams. When Organisation A’s domain meets Organisation B’s domain, a pairwise contract defines: which composition primitive applies (conjunction is the default for independently sovereign domains), what invariants must hold at the boundary (inherited from both parties’ domain constitutions plus any boundary-specific requirements), the conflict resolution mechanism, and the escalation path for genuine deadlocks.
Evaluation proceeds in precedence order: pairwise contract first (most specific), then domain constitution (if the pairwise contract is silent), then global constitution (as a mandatory final step that no more specific tier can override). Kelsen’s hierarchy of norms provides the legal theory: lower norms derive validity from higher norms, and lower norms that contradict higher norms are not operative. Waluchow’s entrenchment principle provides the guarantee: those whose powers are constitutionally limited must not be able to change those limits at their pleasure.
The practical consequence: for ten agents across three organisations, you are not writing forty-five contracts. You are writing one global constitution (the shared invariants), a handful of domain constitutions (one per organisation), and pairwise contracts only at genuine conflict boundaries where domain constitutions are silent on the interaction class. The constitutional hierarchy reduces the combinatorial explosion that makes flat, pairwise-only federation unscalable.
Monotonic reduction at federation boundaries
When two domains interact and their authority scopes disagree, the resolution is always reduction, never expansion. The more restrictive interpretation governs the seam.
This is the same guarantee that operates within the authority graph at the delegation level: delegated scope must be a subset of the grantor’s scope. Delegation attenuates; it cannot amplify. At the federation layer, the same principle applies: cross-domain composition cannot produce authority that neither domain independently holds. If Organisation A’s authority permits an action within A’s boundary, and the pairwise contract with Organisation B introduces additional conditions, those conditions can only restrict what A’s authority independently permitted. They cannot expand it.
Three formal foundations converge on this principle. Different abstraction levels. Same structural guarantee.
Bell and LaPadula established in 1975 that information crossing a security classification boundary cannot carry elevated-classification authority back across that boundary: the Simple Security Property (no read up) and the Star Property (no write down) create a monotonic security lattice. Google’s Macaroons system implements the same principle at the credential layer: every caveat added to a bearer token can only restrict what it authorises, never expand it. Miller’s capability monotonicity thesis generalises both: authority held as unforgeable references can only be attenuated through delegation, and the confused deputy problem is specifically a failure of monotonicity at domain boundaries.
Classification boundaries. Credential boundaries. Capability boundaries. All enforce the same rule: crossing a domain boundary can only restrict. It cannot amplify.
At the federation layer, monotonic reduction means: the default at any domain boundary is denial. Trust is not assumed from location or relationship. It is established through explicit verification against the pairwise contract. NIST’s Zero Trust Architecture formalises this as “never trust, always verify”: no implicit trust granted based on network location or organisational relationship. Istio’s multi-mesh federation implements it concretely: without explicit trust bundle configuration, cross-mesh communication is blocked. Federation is not the default state. Separation is the default state. Federation is the deliberate, contracted exception.
The control-surface band at each seam
Within a single governed system, the control-surface band sits between reasoning and execution. The governance engine evaluates every dispatch before it occurs. At a federation seam, the architecture extends: each domain’s band evaluates against its own constitution. The interaction between bands is governed by the pairwise contract.
Organisation A’s band evaluates the outbound action: does A’s agent hold authority for this action type, in this domain, under these conditions? If yes, A’s band permits and produces a governance finding recording A’s authority basis. Organisation B’s band evaluates the inbound action: does B’s constitution permit this class of interaction from an external domain? Does the pairwise contract with A cover this action type? If yes, B’s band permits and produces its own finding.
Both bands must permit. This is conjunction at the federation layer: a bilateral pattern already validated in production systems where two independently-governed platforms interact through dual-gate evaluation, neither gate subordinating to the other. Neither band inspects the other’s internal governance state. Each trusts its own constitution. The interaction proceeds only when both independent evaluations permit.
Conjunction provides safety at the cost of liveness. A misconfigured domain blocks all interactions at its seams. This is a design choice, not a defect: the alternative is permitting interactions one party did not authorise. Safety before liveness at sovereignty boundaries is the same principle that makes residual denial the default within a single domain. The pairwise contract can specify a different primitive (precedence, disjunction) where the parties have assessed the trade-off and determined that liveness at the seam matters more than bilateral safety. But the default, absent a contract that says otherwise, is that sovereignty means both parties must agree.
The legibility requirement extends across the seam. Both findings reference the same workflow identifier. Both are structured identically: workflow identifier, decision, reason, scope evaluated, contract evaluated. A can read B’s finding and understand what B decided and why, even without access to B’s authority graph. B can read A’s finding and understand what authority A claimed. The cross-domain legibility requirement from Article 10 is satisfied not by shared state but by shared structure: a standardised finding format is the protocol that makes independent governance mutually legible.
The legibility is structural, not semantic. A can parse B’s finding and determine that B permitted the action, under what contract, with what reason. A cannot independently verify whether B’s internal scope evaluation was correct, because A has no access to B’s authority graph. Cross-domain legibility tells each party what the other decided. It does not tell them whether the other decided correctly within their own constitution. That verification requires the global invariant layer: if both parties honestly implement the same invariants, each party can verify that the interaction satisfies the constitutional minimum regardless of the other’s internal evaluation.
The global constitutional layer adds a final constraint: even when both bands permit and the pairwise contract is satisfied, global invariants must hold. In the federated architecture, this means each engine loads constitutional layers encoding the same global invariants. The global constitution is not enforced by a shared engine. It is enforced by each engine applying the same rules. Consensus on what the global invariants are is the constitutional agreement. Local enforcement of those invariants is the sovereignty guarantee.
What the architecture does not solve
Two boundaries this article names but does not cross.
The global tier relies on honest implementation. Each domain self-enforces the global invariants. A domain that loads weaker invariants violates the global constitution, and the architecture has no mechanism for detecting the violation from outside. Verification of cross-domain invariant compliance requires a protocol beyond the constitutional architecture described here. The constitutional argument names what the global invariants must be. The enforcement argument, which operates at a different layer, names how to verify they are honestly applied.
When a governed system encounters an ungoverned one, no counterpart finding exists. The governed system’s band evaluates the interaction against its own constitution and finds no pairwise contract, no counterpart band, no evidence of external governance. The governed system’s default is denial: without explicit authority covering the interaction, the action does not proceed. Without a contract, without a counterpart finding, the interaction is not governed at the seam. Federation is earned through constitutional participation, not assumed from proximity.
What federation produces
The instinct is to frame cross-domain governance as risk management: preventing unauthorised access, avoiding cross-boundary conflicts, maintaining compliance across jurisdictions. This is real but insufficient. It is the compliance trap from Article 12 applied to the federation layer.
The affirmative claim: federation through constitutional hierarchy produces capability that is impossible without the governance layer.
Composability without trust. The parties do not trust each other. They do not need to. New partners are onboarded through a pairwise contract, not a bespoke integration project. The time from “we want to interact with this organisation’s agents” to “governed interaction is live” becomes a contract design problem, not a systems integration project. Organisations that previously could not compose across boundaries because neither would expose internal governance can now interact at the seam without either party compromising sovereignty.
Speed without inspection. Cross-domain governance does not add a round-trip to a central authority. It adds a pairwise contract evaluation to each party’s existing control-surface band. The federation layer operates at the speed of the slowest local evaluation, not at the speed of a centralised decision. Organisations that previously required bilateral inspection (audit rights, penetration testing, compliance attestation) before every cross-boundary action class can replace inspection with structure.
Legibility without shared state. What crosses the boundary is the finding, not the state. Neither party exposes its authority graph, its delegation chains, or its constitutional layers. But both parties can read what the other decided and why. Organisations that previously had no visibility into a partner’s governance decisions now have structural legibility at the boundary without requiring internal access.
These are the same three properties Article 12 named within a single domain. At the federation layer, they hold because the architecture preserves each domain’s sovereignty while establishing the minimal constitutional infrastructure required for governed interaction. The global invariants are few. The pairwise contracts are specific. The domain constitutions are sovereign. Decision advantage extends across the boundary because the boundary is governed, not because the boundary is eliminated.
The frontier this article opens
Constitutional hierarchy resolves the federation problem at a point in time. The global invariants are defined. The domain constitutions are designed. The pairwise contracts are negotiated. The architecture begins operating. At T=0, the federation is correct.
But systems change. Organisations restructure. New domains enter the federation. Existing domains evolve their internal authority structures. Regulatory environments shift, and invariants that were correct become inadequate or contradictory. A pairwise contract designed for one operational context encounters interactions its authors did not anticipate.
The static architecture has no mechanism for answering: who has the authority to modify the federation itself? Neither party can unilaterally amend a pairwise contract without the other’s agreement. The global constitution cannot be updated by any domain acting alone. But the conditions that made the architecture correct at design time will not hold indefinitely. Evolution is not optional. It is the structural consequence of success.
The question is not whether the federation will need to change. It is whether that change will be governed or ungoverned. Authority to modify authority must itself be bounded. Evolution without governance is drift under a different name. The mechanism governing how the constitutional hierarchy evolves cannot be subject to the same hierarchy it governs, because the hierarchy is what it changes.
This is the governance-of-governance problem. Article 14 addresses it: how constitutional layers evolve without undermining the stability they were built to provide.
Phase III built the constitutional architecture.
This article extended it to the space between constitutions.
The sovereignty problem is resolved: hierarchy, not centralisation.
The monotonic guarantee holds: reduction at every boundary.
The control-surface band operates at every seam.
What remains is time. The architecture governs at a point in time.
Systems do not stay at a point in time.
Next in the series: Layered Boundary Evolution