Intent Formalization
- Intent formalization is the process of converting ambiguous or latent intents into explicit, testable specifications used in verification, programming, and governed autonomous systems.
- It employs staged pipelines and structured representations—such as UPPAAL SMC queries, ICL triples, and 5W3H protocols—to achieve high semantic alignment and reliable enactment.
- Applications span safety-critical verification, AI governance, and human–AI interactions, ensuring that operational actions are both inspectable and controlled.
Intent formalization is the process of converting informal, ambiguous, or latent intent into explicit representations that can be inspected, checked, executed, or enforced. In contemporary work, the target artifact ranges from formal requirements for model checking, executable test suites, and logical postconditions to finite intent values, session-scoped intent certificates, KPI vectors, structured prompt schemas, and contract tuples. The term is therefore not confined to one discipline: in safety-critical verification it denotes semantically aligned property synthesis from prose; in programming languages it denotes the translation of informal user intent into checkable specifications; in governed autonomous systems it denotes first-class data that mediates effects; and in human–AI interaction it denotes structured representations that sit between latent purpose and model output (Tagliaferro et al., 20 Apr 2026, Lahiri, 17 Mar 2026, McCann, 21 May 2026, Peng, 24 May 2026).
1. Conceptual scope and theoretical antecedents
One foundational line treats intent formalization as a semantics-preserving translation problem. In natural-language query formalization, the objective is to construct a transformation function
such that the linguistic interpretation of the wh-query and the semantic interpretation of the formal expression coincide. In that setting, intent is decomposed into a “desire” and an “input,” then rendered as a Description Logic concept expression suitable for reasoning, normalization, and retrieval (Dasgupta et al., 2013).
A second line, originating in BDI-style agent theory, treats intentions as plans of action produced by deliberation. Rao and Georgeff model beliefs, goals, intentions, time, actions, probabilities, and payoffs in a branching-time possible-worlds framework
and connect deliberation over decision trees to intention formation via explicit deliberation procedures such as maximin and maximization of expected value (Rao et al., 2013). In this literature, “intent” is already formal, but the formalization problem concerns the passage from alternatives and utilities to committed plans.
A third antecedent concerns hyperintensionality. Explicit non-normal modal logic replaces opaque modal operators with formulas such as and , thereby making proofs and justifications first-class objects. The motivation is that deontic and related attitudes are sensitive not only to truth conditions but also to content and support; two equivalent propositions can differ in normative status. This blocks closure principles responsible for paradoxes such as Ross and gentle murder, and yields a fine-grained representation of reason-bearing commitments (Rohani et al., 2021).
A fourth precursor appears in component semantics and behavioral types. The OSGi formalization models bundles, objects, methods, method calls, and structural operations in an operational transition system, then adds protocol automata, regular-expression–like specifications, and invariants to describe what components are supposed to do and how they are supposed to interact. Although the paper is framed around behavioral specification rather than “intent” in modern AI terminology, it exemplifies the same shift from informal expectations to analyzable contracts (Blech, 2012).
2. Canonical formal objects
Across domains, intent formalization yields a small number of recurring formal object types.
| Setting | Formal object | Representative sources |
|---|---|---|
| Verification and programming | formal properties, tests, postconditions | (Tagliaferro et al., 20 Apr 2026, Lahiri et al., 2022, Lahiri, 2024) |
| Governed computation and authorization | ; ; | (McCann, 21 May 2026, Zhu et al., 22 Jun 2026, Armesto et al., 27 Apr 2026) |
| Prompting, finance, and operations | 5W3H/PPS structures; ICL triples ; KPI vectors ; editable goal–intent–dimension objects | (Gang, 31 Mar 2026, Pan et al., 4 Mar 2026, Dzeparoska et al., 2024, Kim et al., 29 Jul 2025) |
In safety-critical verification and programming-language settings, the formal object is usually a property over executions or I/O pairs. Examples include UPPAAL SMC queries over SHA models, unit tests as executable specifications, and Dafny postconditions 0 over inputs and outputs (Tagliaferro et al., 20 Apr 2026, Lahiri et al., 2022, Lahiri, 2024). These artifacts are “checkable” because they can be compiled, executed, or discharged by a verifier.
In governed autonomous systems, intent is reified as finite data. Intent-driven computing defines an intent as
1
a finite, structured data value that stands between computation and the realization of effects (McCann, 21 May 2026). Intent-Governed Access Control introduces an operational intent certificate
2
whose fields bind request hash, intent classes, resource bounds, effect bounds, confidence, review mode, expiry, and provenance (Zhu et al., 22 Jun 2026). For open-world agents, intent compilation produces a contract tuple
3
where semantics, evidence, procedure, and institution are explicit control surfaces (Armesto et al., 27 Apr 2026).
Other domains use structured programs or schemas. OmniIntent represents a DeFi intent as a triggered, constraint-guarded sequence of actions; each trigger statement is parsed into a triple 4 and compiled to a transaction tuple 5 (Pan et al., 4 Mar 2026). Structured prompting work models intent as an eight-dimensional 5W3H/PPS object with optional fields for What, Why, Who, When, Where, How-to-do, How-much, and How-feel, plus metadata such as version, timestamp, instruction ID, and SHA-256 fingerprint (Gang, 31 Mar 2026). Intent Signal Theory distinguishes four objects in the transmission chain,
6
namely latent source intent, observable intent proxy, encoded carrier, and model output (Peng, 24 May 2026). IntentFlow, finally, renders writing intent as an editable hierarchy of goal fields, intent statements, and intent dimensions represented as likert controls, sliders, or hashtags (Kim et al., 29 Jul 2025).
Taken together, these formulations suggest two dominant design traditions: one treats intent formalization as specification synthesis for checking; the other treats it as runtime data and contracts that govern action.
3. Translation pipelines from language to formal artifacts
A central methodological pattern is staged translation rather than one-shot generation. In safety-critical systems, an agentic pipeline transforms unstructured specifications into verification-ready properties through three coordinated stages: requirement extraction, compatibility filtering with respect to a target model and formalism, and formal translation into UPPAAL SMC queries over an SHA generated from a LIrAs DSL scenario description (Tagliaferro et al., 20 Apr 2026). The target logic is MITL-like, with canonical patterns such as
7
The paper reports 81.8% semantic alignment for generated requirements in Stage 1, 88.7% accuracy for verifiability filtering in Stage 2, 69/72 syntactically correct queries in Stage 3, and 56/72 total semantically correct queries, yielding 77.8% under the relaxed metric (Tagliaferro et al., 20 Apr 2026).
Interactive test-driven code generation adopts a different pipeline. TiCoder treats tests as the formalization of user intent: the system generates candidate implementations and candidate tests, the user labels tests with Yes/No/Unknown, and approved tests become a suite 8 such that every returned candidate satisfies every test in 9 (Lahiri et al., 2022). This workflow improved pass@1 by 22.49% to 37.71% on MBPP and by 24.79% to 53.98% on HumanEval using between 1 and 5 simulated user queries, while also turning accepted tests into debugging and regression artifacts (Lahiri et al., 2022).
Verification-aware languages require a more symbolic variant of the same idea. For Dafny-style postconditions 0, correctness is defined by Hoare triples over concrete test assignments, and completeness is measured by the fraction of mutated outputs rejected by the specification. The paper formalizes correctness as
1
and completeness as a mutation-kill ratio over output mutants, thereby evaluating specifications without requiring implementation mutants or purely dynamic execution (Lahiri, 2024). The same study reports cases where human labels marked a specification “strong” even though symbolic testing exposed one-directional under-specification, as in 2 versus the stronger biconditional (Lahiri, 2024).
A related concern is cross-layer coherency. In the FRETish case study, the proposed guideline “Coherency through Formalisations” requires different layers—natural language, structured natural language, diagrams, and formal logic—to preserve a common logical structure. The alternative FRETish-to-MTL translation therefore decomposes each requirement into scope, condition, timing, and response, then composes them through a single implication schema
3
lifted globally by 4, 5, or 6 depending on the semantics. The resulting formulas are proved equivalent to NASA’s original translation by model checking (Joosten et al., 11 May 2026).
4. Semantic alignment, structured prompting, and measurement
A recurring claim is that syntactic validity is insufficient. In the safety-critical pipeline, the distinction between compilation, exact string match, and semantic equivalence is explicit: string equality underestimates performance because many generated queries are alternative but correct formulations, while semantic mismatches such as confusing reachability with safety remain unacceptable (Tagliaferro et al., 20 Apr 2026). The same distinction reappears in prompting research, where a structurally well-formed response may still fail to preserve user-specific content.
Structured prompting work formalizes this by treating intent representation as a protocol-like communication layer. PPS/5W3H decomposes intent into eight dimensions and adds protocol metadata; across 3,240 outputs over three languages, six conditions, three models, and three domains, structured conditions reduce cross-language score variance relative to unstructured baselines, with the strongest structured conditions reducing cross-language 7 from 0.470 to about 0.020 (Gang, 31 Mar 2026). The same study reports a weak-model compensation effect: Gemini, the lowest-baseline model, obtains a D-A gain of +1.006, whereas Claude obtains +0.217 (Gang, 31 Mar 2026). Under the paper’s evaluation resolution, 5W3H, CO-STAR, and RISEN are statistically equivalent, which the authors interpret as evidence that dimensional decomposition itself is a primary active ingredient.
Intent Signal Theory sharpens the measurement problem by separating latent source intent 8, observable proxy 9, carrier 0, and output 1, then defining weighted structural and fidelity recovery scores
2
and intent drift
3
Its Theorem of Irreversible Intent Loss states that private intent absent from the carrier cannot be recovered beyond generic substitution under single-turn, carrier-only conditions (Peng, 24 May 2026). Empirically, the associated measurement study reports structural–fidelity split zones in which outputs receive high holistic scores but low fidelity scores, and human ratings correlate much more strongly with 4 than with a holistic GA metric (Peng, 24 May 2026).
Interface design can exploit these distinctions. IntentFlow extracts goals and intents from prompts, renders them as editable components, and visually links them to affected output segments. In a within-subjects study with 5, participants using IntentFlow, compared to a chat baseline, expressed intents more easily and in more detail, performed more meaningful intent-communication actions such as adjusting and deleting, and produced outputs that better aligned with evolving intents (Kim et al., 29 Jul 2025). This suggests that formalization need not be purely symbolic; it can also be interface-mediated, provided the representation is inspectable and revisable.
5. Governance, authorization, and runtime control
In one family of systems, intent formalization is not merely preparatory to verification; it is the mechanism by which action becomes governable. Intent-driven computing imposes a language in which programs do not directly execute effects. Instead, the only effectful path is through 6, which produces an intent, submits it to a governance interpreter 7, records the decision in a tamper-evident ledger, and only then, in the Allow rule, realizes the effect (McCann, 21 May 2026). Theorems such as Mediation Soundness, Ledger Completeness, and Non-Bypass formalize the claim that every effect must arise from an allowed intent and every intent must be logged.
Intent-Governed Access Control extends this logic to AI-agent tool use. IGAC treats intent as a session-scoped, monotone policy attribute that may only narrow static authority. Its core invariant is
8
and its visible tool set is defined by
9
Call-time authorization additionally requires certificate validity and an intent–tool–payload consistency predicate over intent classes, resource bounds, effect bounds, and review mode (Zhu et al., 22 Jun 2026). The paper states manifest monotonicity and non-expansion propositions, thereby ensuring that classifier error cannot create new authority.
For open-world agents, the same problem is generalized. Intent compilation yields a contract tuple 0, residual openness is represented by a closure-gap vector
1
and autonomous action is constrained by a delegation envelope
2
The paper distinguishes misclosure from undersearch and proposes benchmark metrics such as time-to-authorized-action, false-autonomy rate, over-escalation rate, and envelope stability to evaluate when closure interventions outperform additional inference-time search (Armesto et al., 27 Apr 2026).
Domain-specific runtimes instantiate the same pattern. OmniIntent introduces ICL, a DSL in which each intent is a trigger statement parsed as 3 and compiled inside a TEE into signed, state-bound transactions; an optimizer builds a transaction dependency graph subject to predicted-balance safety invariants, and a mempool-aware feasibility checker estimates execution success (Pan et al., 4 Mar 2026). The prototype reports 89.6% intent coverage, up to 7.3x throughput speedup via parallel execution, and feasibility-prediction accuracy up to 99.2% (Pan et al., 4 Mar 2026). In networking, intent assurance is expressed in KPI space: an intent is represented by a target KPI vector 4, operational divergence is
5
and intent drift is modeled by the gradient
6
LLMs then synthesize corrective policies from this formal drift signal (Dzeparoska et al., 2024).
6. Limitations, controversies, and the research agenda
A persistent limitation is that there is no general oracle for specification correctness. The “Intent Formalization” position paper identifies validation of specifications as the central bottleneck: intent formalization is the automatic translation of informal user intent into formal, checkable program specifications, but specification correctness can only be grounded indirectly, through user interaction and proxy artifacts such as tests (Lahiri, 17 Mar 2026). Symbolic testing of Dafny specifications, interactive test approval, and relaxed semantic metrics are all responses to this difficulty rather than full solutions (Lahiri, 2024, Lahiri et al., 2022).
Ambiguity and omission remain endemic. In safety-critical requirement extraction, failures include omissions of crucial constraints, hallucination of plausible but unstated requirements, granularity mismatches, modeling abstraction gaps, and reliance on LLM-as-judge for semantic evaluation (Tagliaferro et al., 20 Apr 2026). In structured prompting, improvements in alignment coexist with ceiling effects, judge bias, and encoding overhead; in one reported anomaly, full 8-dimensional 5W3H lowered GA for GPT-4o in Japanese on complex tasks (Gang, 31 Mar 2026). Intent Signal Theory formalizes this as an information-theoretic boundary: absent private intent cannot be reconstructed merely by scaling the model (Peng, 24 May 2026).
Runtime-governance systems face a different set of limits. OmniIntent is intentionally non-Turing-complete, limited to predefined DeFi operators, and dependent on TEE trust assumptions; its dependency minimization is NP-hard, and NFT coverage is substantially lower than transfer or swap coverage (Pan et al., 4 Mar 2026). IGAC still depends on classifier quality for extracting precise bounds and on clear tool effect contracts; the current implementation remains in-memory and single-process, and multi-intent, long-lived workflows are explicitly identified as an open problem (Zhu et al., 22 Jun 2026). Open-world agent frameworks are similarly preliminary: closure gaps, ratification oracles, and delegation envelopes are formalized, but benchmark protocols and empirical validation remain an open research program (Armesto et al., 27 Apr 2026).
The broader agenda therefore spans several fronts. The grand-challenge framing emphasizes scaling beyond benchmarks, compositionality over changes, cost-effective prioritization of which properties to formalize, richer logics for concurrency and distributed systems, and human–AI interfaces for specification authoring and review (Lahiri, 17 Mar 2026). Coherency work on FRETish adds that different formalization layers should preserve a shared logical structure, especially if structured natural language is to mediate between LLMs and formal tools (Joosten et al., 11 May 2026). Taken together, these strands suggest that intent formalization is not a single technique but an emerging discipline concerned with semantic fidelity, inspectable representations, traceable refinement, and controlled delegation of action.