Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Decoupling Correctness from Policy: A Deterministic Causal Structure for Multi-Agent Systems

Zhiyuan Ren, Tao Zhang, Wenchi Chen

TL;DR

The paper addresses the challenge of decoupling system correctness from agent policy in asynchronous, multi-agent systems. It introduces the Deterministic Causal Structure (DCS), a policy-agnostic invariant that manifests as a unique Provenance Directed Acyclic Graph (Provenance DAG) governing the causal history. The authors present a minimal axiomatic framework and prove existence, uniqueness, policy-agnostic invariance, observational equivalence, and axiom minimality (Theorems A–C and related results), arguing that DCS provides a stronger structural guarantee than value-convergence models like CRDTs. They discuss a two-layer model of correctness, the Correctness-as-a-Chassis paradigm, and outline practical implications, including safe policy evolution, formal verifiability, and composable systems, with future work toward Byzantine resilience and a prototype framework.

Abstract

In distributed multi-agent systems, correctness is often entangled with operational policies such as scheduling, batching, or routing, which makes systems brittle since performance-driven policy evolution may break integrity guarantees. This paper introduces the Deterministic Causal Structure (DCS), a formal foundation that decouples correctness from policy. We develop a minimal axiomatic theory and prove four results: existence and uniqueness, policy-agnostic invariance, observational equivalence, and axiom minimality. These results show that DCS resolves causal ambiguities that value-centric convergence models such as CRDTs cannot address, and that removing any axiom collapses determinism into ambiguity. DCS thus emerges as a boundary principle of asynchronous computation, analogous to CAP and FLP: correctness is preserved only within the expressive power of a join-semilattice. All guarantees are established by axioms and proofs, with only minimal illustrative constructions included to aid intuition. This work establishes correctness as a fixed, policy-agnostic substrate, a Correctness-as-a-Chassis paradigm, on which distributed intelligent systems can be built modularly, safely, and evolvably.

Decoupling Correctness from Policy: A Deterministic Causal Structure for Multi-Agent Systems

TL;DR

The paper addresses the challenge of decoupling system correctness from agent policy in asynchronous, multi-agent systems. It introduces the Deterministic Causal Structure (DCS), a policy-agnostic invariant that manifests as a unique Provenance Directed Acyclic Graph (Provenance DAG) governing the causal history. The authors present a minimal axiomatic framework and prove existence, uniqueness, policy-agnostic invariance, observational equivalence, and axiom minimality (Theorems A–C and related results), arguing that DCS provides a stronger structural guarantee than value-convergence models like CRDTs. They discuss a two-layer model of correctness, the Correctness-as-a-Chassis paradigm, and outline practical implications, including safe policy evolution, formal verifiability, and composable systems, with future work toward Byzantine resilience and a prototype framework.

Abstract

In distributed multi-agent systems, correctness is often entangled with operational policies such as scheduling, batching, or routing, which makes systems brittle since performance-driven policy evolution may break integrity guarantees. This paper introduces the Deterministic Causal Structure (DCS), a formal foundation that decouples correctness from policy. We develop a minimal axiomatic theory and prove four results: existence and uniqueness, policy-agnostic invariance, observational equivalence, and axiom minimality. These results show that DCS resolves causal ambiguities that value-centric convergence models such as CRDTs cannot address, and that removing any axiom collapses determinism into ambiguity. DCS thus emerges as a boundary principle of asynchronous computation, analogous to CAP and FLP: correctness is preserved only within the expressive power of a join-semilattice. All guarantees are established by axioms and proofs, with only minimal illustrative constructions included to aid intuition. This work establishes correctness as a fixed, policy-agnostic substrate, a Correctness-as-a-Chassis paradigm, on which distributed intelligent systems can be built modularly, safely, and evolvably.

Paper Structure

This paper contains 50 sections, 10 theorems, 9 figures, 3 tables.

Table of Contents

  1. Introduction
  2. Related Work
  3. Distributed Consensus and Total Order Broadcast
  4. Replicated Data Types and Value Convergence
  5. Causal Consistency and Logical Clocks
  6. DAG-based BFT Consensus
  7. Data Provenance and Scientific Workflows
  8. Blockchain and Distributed Ledger Technologies
  9. The Formal Framework: Model and Axioms
  10. System Model and Fault Assumptions
  11. Interaction Model
  12. Basic Components
  13. State and Merging
  14. The Canonical Representation of Interaction: The Contribution
  15. System Execution Model
  16. ...and 35 more sections

Key Result

Theorem 1

Let the global interaction graph be a Provenance DAG, denoted by $G^* = (\mathcal{R}, E)$, where $\mathcal{R}$ is the set of all contribution rids, and $E = \{ (p \to r) \mid p \in \mathrm{parents}(r) \}$ is the set of causal dependency edges. Under Axioms ax:fairness through ax:causal:

Figures (9)

  • Figure 1: The core principle of Structure-Policy Decoupling. This illustrates how, for the exact same set of generated events, different operational policies (such as message ordering, batching, or reordering) all result in the construction of the identical, unique Deterministic Causal Structure (DCS). The correctness of the causal history is thus decoupled from the infrastructural mechanics of its delivery.
  • Figure 2: The internal structure of a Contribution. The immutable causal history is "soldered" into the data structure itself via the parents field, which contains the unique RIDs of its direct predecessors. This forms an unbreakable, verifiable causal chain.
  • Figure 3: Violation of Axiom \ref{['ax:fairness']} (Weak Fairness). The failure to deliver a contribution to all relevant agents results in permanently divergent local states ($M_u^* \neq M_v^*$), breaking the guarantee of value convergence.
  • Figure 4: Violation of Axiom \ref{['ax:semilattice']} (Join-Semilattice). Without a commutative and idempotent merge operation (e.g., using an "overwrite" logic), the final state becomes dependent on the arbitrary message arrival order, thus violating determinism.
  • Figure 5: Violation of Axiom \ref{['ax:uniqueness']} (Contribution as an Immutable Fact). If the uniqueness of a rid is not guaranteed, two different contributions ($\delta_A$ and $\delta_B$) can claim the same identity. This makes the global graph ill-defined and violates structural determinism.
  • ...and 4 more figures

Theorems & Definitions (11)

  • Definition 1: Contribution
  • Theorem 1: Existence, Uniqueness, and Constructibility of the DCS
  • Theorem 2: The Decoupling Invariant: Policy-Agnosticism
  • Proposition 1: Observational Equivalence
  • Theorem 3: Axiom Minimality
  • Proposition 2: Separation from CRDTs
  • Lemma 1: State Monotonicity
  • Lemma 2: Order and Duplicate Irrelevance on Directed Sets
  • Lemma 3: Decomposability and Traceability
  • Lemma 4: Eventual Propagation
  • ...and 1 more