Agentt + Verifiable DAGs - A Vision for Transparent Software Creation 🚀

· Categories: agentt, ai, provenance, computation, devops, vision

Here at agentt, we’ve been pushing the boundaries of AI-assisted development. Watching an AI collaborator refactor code based on NHI framework guidelines or spin up infrastructure using a Reflex is pretty magical. But even magic needs scrutiny. We started asking ourselves: how could we prove, beyond doubt, exactly what happened? How could we guarantee that a complex, automated, AI-driven workflow is not just correct, but also entirely transparent and reproducible?

We’ve made great strides with agentt in structuring AI collaboration using the NHI framework (our MUST/SHOULD guidelines) and encapsulating capabilities within Reflexes. These bring order to the often chaotic world of development automation. Yet, we felt a deeper level of trust was needed, especially as AI takes on more critical tasks. What if the very fabric of our execution engine could guarantee transparency and reproducibility?

This quest led us down a fascinating path, towards a foundational shift in how we think about computation itself. We’re moving beyond merely structured processes towards provably verifiable computation. The core ideas? Content-Addressing and Verifiable Directed Acyclic Graphs (DAGs). Buckle up. 😉

Foundational Shift: Embracing Content-Addressable Computation

Think Git Blobs, but for Every Computational Artifact and Step.

The first pillar of this vision is content-addressing. Instead of identifying data by a filename or a database ID, we identify it by a cryptographic hash of its actual content – its unique, immutable fingerprint. Change a single byte, and the fingerprint changes completely.

This isn’t just a storage trick. When every piece of data, every code snippet, every configuration file, every input, and every output is represented as a “Content-Addressable Artifact”, it gains a verifiable identity. You don’t need to trust that config.yaml wasn’t tampered with; you can simply verify its fingerprint matches the expected one. Immutability isn’t an add-on; it’s inherent.

This forms the bedrock. In this world, history isn’t something you meticulously record; it’s something that automatically emerges from the verifiable identities of the artifacts themselves.

The Architecture of Trust: Verifiable DAGs and Isolated Contexts

Okay, so data has fingerprints. How does computation fit in?

Imagine computation less like a linear script and more like a Blockchain ledger, but for general-purpose tasks (without necessarily the distributed consensus burden, but retaining the verifiable chain-of-events).

“Verifiable Computational Steps” are deterministic transformations that take specific, content-addressed artifacts as input and produce new content-addressed artifacts as output. Because both inputs and outputs have unique fingerprints, the step itself becomes verifiable and reproducible. Run the same step with the same input artifacts (verified by their fingerprints), and you must get the same output artifacts (with their corresponding fingerprints).

These steps naturally link together based on their inputs and outputs, forming a Verifiable Directed Acyclic Graph (DAG). Each node represents an artifact (data/code), and each edge represents a verifiable computational step. The entire graph tells an immutable story of how a final result was derived.

To make this work robustly, each computational step operates within an “Isolated Computational Context” (or a “Verifiable State Snapshot”). This context precisely defines the exact, fingerprinted versions of all inputs needed for that step. No ambiguity, no reliance on external state – just the verifiable artifacts required to produce the next verifiable artifact(s).

The emergent properties here are powerful:

  • Automatic Lineage: The DAG is the lineage. Tracing how any artifact was created is a matter of walking the graph.
  • Guaranteed Idempotency: Running the same computational step (or entire graph) with the same fingerprinted inputs always yields the same fingerprinted outputs.
  • Maximally Effective Caching: If an artifact with a specific fingerprint already exists anywhere in the system (memory, disk, remote store), there’s no need to recompute it. The DAG structure makes finding reusable results trivial.
  • Inherent Auditability: The entire process is transparent and mathematically verifiable. “Trust me” is replaced by “Verify the graph.”

agentt Reimagined: Running on Verifiable Rails ✨

So, how does this radical foundation connect back to agentt? Imagine agentt Reflexes evolving from simple commands or scripts into immutable entries within this verifiable computational ledger.

The mapping is surprisingly elegant:

  • Reflexes: Trigger specific verifiable computational steps or entire sub-graphs within the DAG. Running a Reflex doesn’t just do something; it provably adds to the computational history.
  • NHI Framework: Rules (MUST/SHOULD) become provable constraints checked during DAG execution. A step might require input artifacts that satisfy certain schema constraints (verified via their content hash) or might only be allowed if a preceding “linting” step produced a specific “success” artifact.
  • AI Interactions: This is where it gets really exciting. Prompts sent to an LLM? They become content-addressed artifacts. The LLM’s response? Another content-addressed artifact. The parameters used (temperature, model ID)? Also artifacts. The entire interaction is captured as immutable, linked nodes within the DAG. You can cryptographically verify exactly what question was asked and what answer was given.

Let’s revisit generating a blog post:

  1. agentt triggers the “Generate Post” Reflex (a verifiable procedure).
  2. The procedure fetches recent git commits. These commits, identified by their SHAs (already content-addressed!), form input artifacts.
  3. It constructs a prompt using a template and the commit data. This prompt becomes a new artifact with its own fingerprint.
  4. It calls an LLM interaction step, passing the prompt artifact’s fingerprint and model parameters (also artifacts).
  5. The LLM response is captured as another artifact.
  6. A formatting step takes the LLM response artifact and produces the final Markdown artifact.

The result isn’t just the blog post; it’s the entire, verifiable DAG documenting its creation, including the precise data fetched and the exact AI interaction.

A Glimpse of What’s Coming… 😉

This isn’t just a theoretical exercise; this fusion of structured AI interaction and verifiable computation represents the direction we’re actively building, the next evolution for agentt.

Why go to all this trouble? Because the potential applications are vast and transformative:

  • Radically Transparent CI/CD: Imagine builds where every dependency, compiler flag, and test result is a verifiable artifact in a DAG. Build provenance is guaranteed.
  • Reproducible ML & Science: Track datasets, model training parameters, and results with cryptographic certainty. Share not just results, but the verifiable process that generated them.
  • Auditable Data Pipelines: Know exactly how your data was transformed at every stage, with verifiable proof.
  • Trustworthy AI Systems: Move beyond hoping AI follows instructions to verifying its inputs, outputs, and parameters within a larger computational context.
  • Secure Software Supply Chains: Verifiably trace the origin and processing of every component.

We’re moving from opaque automation, even sophisticated AI-driven automation, towards glass-box, verifiable computational processes. It’s a complex undertaking, but we believe it’s essential for building truly trustworthy automated systems.

Stay tuned as we continue laying this foundation, one content-addressed block at a time. The future of development is verifiable. 🚀

This article was originally created in commit 7e36a6433e516a9b7c4a2dcbab86e4b86b0d86ee, prompted by commit 7e36a6433e516a9b7c4a2dcbab86e4b86b0d86ee.