AG2 Multi-Agent Orchestration Framework

• AG2 is a hierarchical multi-agent framework that decomposes global missions into local tasks using formal methods and assume-guarantee reasoning.
• It integrates top-down mission planning with bottom-up motion planning via pre-verified control primitives and SMT-based trajectory synthesis to guarantee safety and performance.
• The framework features reactive adaptability and online reconfiguration, validated in complex scenarios like automated warehouse coordination to ensure global mission success.

The AG2 Multi-Agent Orchestration Framework is a hierarchical, formally grounded system for synthesizing control policies and coordination strategies in cooperative multi-agent settings. By unifying top-down mission planning with bottom-up, reactive motion planning, AG2 enables the automatic decomposition of high-level global missions into agent-specific tasks, while ensuring by design that the integrated behaviors of all agents fulfill global performance specifications in dynamic and partially-known environments.

1. Hierarchical Framework Organization

AG2 is structured around two tightly-coupled layers:

• Top-Down Mission Planning Layer: Accepts a global mission given as a prefix-closed regular language defined over all agents’ capabilities. This layer decomposes the mission via natural projection to local event sets, producing local mission plans for each agent. Critical correctness is preserved through compositional verification under the “assume-guarantee” paradigm, ensuring that the parallel execution of all local missions implies satisfaction of the global specification. The process is inherently iterative, using a counterexample-guided synthesis strategy (via a modified L* learning algorithm) to refine assumptions and mission decompositions until the synchronous product of agent behaviors is correct.
• Bottom-Up Motion Planning Layer: Maps local tasks to executable motion plans by composing pre-verified motion primitives (“GoTo”, “PickUp”, “DropOff”, and communication events). Each primitive is formally verified (e.g., via differential dynamic logic, d𝓛) to satisfy required safety and performance invariants. Constraints stemming from tasks, primitives, and environment are encoded in Counter Linear Temporal Logic with constraints (CLTLB(𝒟)) and handed to an SMT solver (such as Z3), enabling computation of feasible, correct-by-construction trajectories.

This architecture guarantees that both high-level global task satisfaction and low-level safety/adaptivity are systematically obtained.

2. Mission Planning Layer: Specification, Decomposition, and Verification

At the planning layer:

• Global Specifications: Missions are expressed as regular languages, typically prefix-closed, over the event alphabet of all agents (e.g., event sets denoting capabilities such as “robot $i$ picks up object $j$”).
• Natural Projection: The global mission is projected onto each agent’s individual event set, producing a local specification $K_{mi}^i$ for the $i$-th agent.
• Assume-Guarantee Reasoning: Each agent’s controller is specified by an assume-guarantee triple $\langle A \rangle M \langle P \rangle$, with $A$ as environmental assumptions, $M$ as the local mission, and $P$ as the global property. The composition is validated by checking

$\|_{i} K_{mi}^i \subseteq K_{mi}$

• Iterative Synthesis with L* Algorithm: When the local specifications fail to cover the global mission, counterexamples are generated and used to refine the decomposition. The process iterates as “assume–check–refine” until compositional correctness is proven.

This compositional synthesis ensures that the deconstruction into local missions does not miss global constraints—critical in multi-agent coordination where naively assigned local tasks may not compose to achieve the intended global outcome.

3. Motion Planning Layer: Verified Control and Adaptive Execution

The motion planning layer operationalizes the local missions by:

• Pre-verified Motion Primitives: Each agent is endowed with a library $\mathcal{P}^i$ of motion/control primitives, each formally proven safe and performant. For example, for the GoTo controller, the safety property is encoded as

$$\varphi_{\text{safe}}^1 \equiv (v = 0) \vee (\|p - p_o\|_\infty > v^2/2b + V v/b)$$

ensuring collision only occurs at rest, never during motion. These properties are established using d𝓛 over hybrid programs $[\alpha^*]\varphi$.

• Temporal Logic Specification (CLTLB($\mathcal{D}$)): Each agent’s planning problem is encoded as bounded temporal logic formulas, e.g.,

$$\varphi_{\mathcal{P}(\mathcal{M})} \equiv \bigwedge_j \varphi_{\pi}^j$$

for all primitives.

• SMT-based Trajectory Synthesis: The motion planning algorithm reduces feasible motion generation to SMT queries (solved by Z3) with time-indexed variables representing the temporal evolution through discrete steps. State transitions ensure that, between $q(k-1)$ and $q(k)$, there exists a correct sequence of primitive executions satisfying all constraints.

This correct-by-construction approach ensures that execution is safe under all anticipated environment and task constraints, and that primitives’ local guarantees suffice to satisfy the temporal requirements induced by local missions.

4. Adaptivity and Online Reconfiguration

AG2 exhibits robust adaptability within dynamic or partially known environments:

• Reactive Primitives: Controllers—especially GoTo—are implemented using an extended Dynamic Window Approach (DWA), providing local real-time reactivity to moving or unexpected obstacles by adjusting trajectory based on current sensor input.
• Online Feasibility Checks and Mission Reconfiguration: The SMT solver continuously verifies plan feasibility. If no solution exists (e.g., due to new obstacles or deadlocks), a “failure” triggers feedback to the planning layer, prompting on-the-fly resynthesis—potentially with the addition of new coordination events (like request-response handshakes) to resolve impasses.
• Receding Horizon Execution: The planning-execution cycle recedes forward as the environment model $\mathcal{M}$ evolves, enabling plans to be frequently recomputed over updated, shorter horizons, thus maintaining robust responsiveness to non-stationary and uncertain environments.

This feedback architecture ensures that global mission satisfaction is retained even through environmental contingencies not captured at design time.

5. Formal Safety Guarantees

A central feature of AG2 is its reliance on formal methods for controller verification:

• Differential Dynamic Logic (d𝓛): Each motion primitive is modeled as a hybrid program; invariants such as collision avoidance, passive safety, or bounded stopping distance are proven over all executions $[\alpha^*]\varphi$.
• SMT Checking with Temporal Logic: All high-level and motion-layer constraints are compiled into bounded temporal logic and verified for joint satisfiability over the agent’s finite action horizon.
• Certified Passive Safety: For example, the GoTo controller can be certified such that

$v = 0 \vee (\|p - p_o\|_\infty > v^2/2b + V v/b)$

is guaranteed throughout plan execution.

The formal assurance provided by AG2 is particularly significant in safety-critical applications where incorrect local plans or primitive implementations could result in global mission failure or hazardous outcomes.

6. Case Study: Automated Warehouse Coordination

The effectiveness and scalability of AG2 are validated in simulated automated warehouse scenarios:

• Problem Setup: Teams of robots process the movement of goods from input areas to designated workspaces, governed by event-based global missions (e.g., “robot $i$ picks up object $j$” and “robot $i$ drops object $j$ at workspace $k$”).
• Decomposition/Verification: Global specifications are decomposed and verified as outlined above to guarantee that distributed execution meets centralized goals.
• Reactive and Coordinated Execution: Robots use DWA-based GoTo to avoid both static and dynamic obstacles, while event-based communication enables coordination (for example, one robot waiting for another to clear a shared location).
• Scalability: The framework demonstrates robust behavior in scenarios scaling up to ten robots and ten objects in dense spaces, coordinating collision avoidance, shared resource use, and task dependencies.

The results confirm that AG2’s integrated, formally verified orchestration can scale to practical, real-world multi-agent settings with complex, evolving mission requirements.

7. Significance and Impact

AG2 advances the field of multi-agent task and motion planning by providing:

• A provably correct-by-design synthesis methodology that integrates global specification decomposition, compositional verification, and low-level motion planning.
• A mechanism for structured online adaptation via reactive primitives and feedback-driven mission reconfiguration, enabling resilience in dynamic, partially unknown environments.
• A systematic, scalable architecture for coordinating cooperative agents that combines global task correctness with local execution safety, certified through formal methods.

In summary, the AG2 Multi-Agent Orchestration Framework sets a rigorous foundation for deploying multi-agent systems in mission-critical domains by jointly leveraging high-level mission synthesis, formal verification, and adaptive, reactive execution—delivering guarantees impossible with conventional heuristic or ad hoc orchestration strategies (Silva et al., 2016).