The Canonical Verifiable Trust Kernel (CVTK): An Architecture for Epistemic Gating in Cyber-Physical Systems

Abstract This preprint introduces the Canonical Verifiable Trust Kernel (CVTK), a deterministic fail-closed governance architecture for high-consequence Cyber-Physical Systems (CPS). CVTK elevates epistemic integrity to a first-order control variable by structurally separating operational decision-making from authorization. At its core lies the Non-Lying Kernel (NLK), a hardware-amenable, formally constrained state-transition mechanism that enforces epistemic gating prior to the release of irreversible actuator energy. The architecture defines explicit authorization criteria based on provenance, model confidence, and stability metrics. We introduce the concept of Cyber-Physical Negligence as a verifiable governance failure class, reframing safety from a property of code to a property of architecture. Status: Preprint / Architectural Definition.