Most “autonomous agent” frameworks trust non-deterministic LLM output and fix problems after failure.
ProofGatedAgents does the opposite.
This framework treats LLMs as untrusted proposal generators and enforces correctness through deterministic verification, explicit policy, and machine-verifiable proofs.
If an agent cannot prove its work, the system stops.
No silent drift.
No hidden writes.
No runaway autonomy.
The current agent ecosystem optimizes for demos, not systems.
Most frameworks implicitly assume:
- LLM output is “good enough”
- retries will eventually converge
- autonomy is a feature, not a risk
In production environments, these assumptions fail.
- How do you prove an agent respected policy?
- How do you detect silent drift between runs?
- How do you prevent “helpful” self-modification?
- How do you stop infinite retry loops and escalate failure?
ProofGatedAgents exists to answer these questions explicitly.
It introduces:
- machine-verifiable proofs as first-class artifacts
- deterministic envelopes around non-deterministic models
- locked governance contracts that agents cannot rewrite
- explicit stop rules and escalation paths
- bounded, proposal-only self-improvement
This is not an agent toy.
It is an execution framework for systems that must be auditable, reproducible, and governable.
A governed autonomous multi-agent framework with:
- Stage-based execution
- Proof-gated verification
(machine-readable JSON proofs + human-readable reports) - Policy-bounded write scope with drift guards
- Bounded repair loops with explicit stop conditions
- Controlled post-run self-improvement (“Sophia-lite”)
that proposes small framework improvements between runs
LLM outputs are treated as non-deterministic suggestions and validated through deterministic mechanisms:
- tests and checks
- fixed evaluation slices and stable seeds (when applicable)
- hashes of critical artifacts
- locked governance files
- explicit escalation rules
| Typical agent frameworks | ProofGatedAgents |
|---|---|
| Trust LLM output | Treat output as untrusted |
| Retry until it works | Hard stop on failed proof |
| Mutable runtime state | Locked contracts + drift guard |
| Implicit behavior | Explicit policy + escalation |
| Self-modifying agents | Proposal-only self-improvement |
AGENT.mdORCHESTRATOR.mdOrchestrator_Dispatch_Contract.mdARCHITECTAGENT.mdBUILDERAGENT.mdVERIFIERAGENT.mdREPAIRAGENT.mdpolicy/policy.jsonschemas/*.schema.json
docs/SYSTEM_ARCHITECTURE.mddocs/DETERMINISM_ENVELOPE.mddocs/LOOP_POLICY.mddocs/SCORING_RUBRIC.mddocs/self_improvement/IMPROVEMENT_POLICY.mddocs/self_improvement/POSTRUN_SOPHIA.md
templates/PRODUCT_SPEC.template.mdtemplates/stage_spec.template.mdtemplates/handoff.template.jsontemplates/postrun_report.template.jsontemplates/loop_state.template.json
scripts/hash_drift_guard.pyscripts/deterministic_env_snapshot.pyscripts/postrun_analyze.py
deliverables/*.md
Copy:
templates/PRODUCT_SPEC.template.md → PRODUCT_SPEC.md
Fill in scope, constraints, success criteria, and non-goals.
For each stage:
stages/<STAGE_NAME>/SPEC.md
Use:
templates/stage_spec.template.md
Copy:
templates/handoff.template.json → .handoff.json
Populate:
run_id- governance hashes
next_allowed_stage
The Orchestrator:
- reads locked contracts and policy
- follows the dispatch table
- enforces write scopes and stop rules
For each stage:
- BuilderAgent produces artifacts
- VerifierAgent emits:
outputs/proofs/<stage>_proof.json- evidence under
outputs/diagnostics/<stage>/
- RepairAgent attempts minimal, policy-compliant fixes only if verification fails
If proof fails after bounded attempts → HARD STOP
Run:
python scripts/postrun_analyze.py --proofs-dir outputs/proofs --out-dir outputs/sophiaThis generates:
outputs/sophia/postrun_report.jsonoutputs/sophia/proposals/ARIP-*.json
- Only proposals compliant with
IMPROVEMENT_POLICY.mdmay be applied - Locked governance files are proposal-only
- Any structural change requires explicit human approval
Authoritative references:
docs/DETERMINISM_ENVELOPE.mddocs/LOOP_POLICY.md
Generate drift guard hashes:
python scripts/hash_drift_guard.py --policy policy/policy.json --output outputs/env/drift_guard_manifest.jsonGenerate environment snapshot:
python scripts/deterministic_env_snapshot.py --output outputs/env/environment_snapshot.json- Default-deny write paths
- Explicitly locked governance files
- Network disabled by default
(policy.offline_by_default = true) - Any deviation from policy or drift rules triggers an immediate HARD STOP
- Autonomy is bounded
- Verification is mandatory
- Governance is explicit
- Improvement is proposal-based, not self-executing
LLMs suggest.
The system decides.
Project-specific. See LICENSE for details.