Composing Verifiers Across Multi-Step Trajectories

Determine principled methods for composing per-step verifiers across complete execution trajectories of LLM-based AI agents so that local safety checks imply global plan-level policy compliance and bounded cumulative risk, including when tools are nondeterministic or have hidden state.

Background

Agents execute sequences of tool calls under uncertainty; even if each action is locally validated, the aggregate plan may violate policy or accumulate unacceptable risk. This compositional gap is especially acute when tools are nondeterministic or stateful, making stepwise guarantees insufficient.

A solution requires formal notions of trajectory-level safety, policies for cumulative risk, and mechanisms to compose local verifications into global guarantees, potentially with sandboxing, permissions, and trace-level auditing for evidence-based assurance.

References

Another open question is how to compose verifiers across a multi-step trajectory. Even if each step is locally "safe", the global plan may still violate policy or create unacceptable cumulative risk; compositional safety is especially hard when tools are nondeterministic or have hidden state.

AI Agent Systems: Architectures, Applications, and Evaluation  (2601.01743 - Xu, 5 Jan 2026) in Section 7.1 (Verification and Trustworthy Tool Execution)