Trajectory Verification: Methods & Applications
- Trajectory verification is the process of assessing whether a sequence of states or actions satisfies formal specifications, safety requirements, or evidential criteria.
- It employs formal methods, predictive runtime techniques, and test-time refinement to verify compliance across diverse domains such as autonomous driving and LLM agent behavior.
- Recent advancements include multi-agent verification, learning-based predictors, and conformal prediction methods that enhance accuracy and localize failures effectively.
Trajectory verification denotes the problem of determining whether a realized, predicted, or planned trajectory satisfies a specification, contract, safety requirement, or evidential criterion. In current literature, the term spans formal checking of LLM agent rollouts against Lean4-encoded workflow contracts, predictive runtime verification of stochastic system trajectories against bounded STL, test-time verification and refinement of motion plans in autonomous driving and video generation, certification of safety and robustness for dynamical systems, and post-hoc monitoring of long-horizon agent behavior (Wang et al., 2 Jun 2026, Lindemann et al., 2022, He et al., 1 Jul 2026, Huang et al., 21 Nov 2025, Jasour et al., 2021, Mittapalli et al., 5 Jun 2026).
1. Scope and objects of verification
The object called a “trajectory” is not uniform across domains. In Lean4Agent, a workflow is the designed graph of typed steps and transitions, while an execution trajectory is the realized rollout
with trajectory state
where and are the pre- and post-execution states, is the executed workflow node, and stores the LLM reasoning/tool-call trace for that step (Wang et al., 2 Jun 2026). In MAG-V, by contrast, a trajectory is the sequence of tool calls
where each is a structured tool invocation consisting of a tool name and its arguments (Sengupta et al., 2024).
In predictive runtime verification, the trajectory is a stochastic signal
of which only a prefix is observed at runtime; verification asks whether the full trajectory will satisfy a bounded STL formula with probability at least (Lindemann et al., 2022). In TRACE, the monitored object is a long-horizon LLM agent trajectory
0
where 1 are reasoning steps, tool calls, environment observations, and generated actions, and the verification task is the binary classification problem 2 under covert sabotage (Mittapalli et al., 5 Jun 2026).
Other literatures shift the meaning again. In motion-graphics verification, a prompt specifies a shape family
3
and a query trajectory is valid iff 4, operationalized by a warp-invariant distance threshold 5 (Ma et al., 31 Mar 2026). In autonomous driving, DriveVer treats a trajectory as the planner output
6
to be checked and, if necessary, geometrically refined at inference time (He et al., 1 Jul 2026). This heterogeneity is central: “trajectory verification” may target semantic contracts, temporal-logic satisfaction, geometric family membership, safety under uncertainty, or evidential support.
2. Agent trajectories: formal contracts, synthesized verification behavior, and tool-call consistency
The most explicit formalization appears in "Lean4Agent" (Wang et al., 2 Jun 2026). Layer 1 represents a workflow as the typed graph
7
and Layer 2 maps steps to Hoare-style semantic nodes
8
assembled into the semantic workflow graph
9
The paper states the well-formedness invariant
0
Trajectory verification is performed in Layer 3 against a formal environment
SemanticEnv := String → Option Value, with predicates drawn from an inductive PredicateType universe including nameExists, isNonEmptyString, isValidJson, matchesJsonSchema, toolExists, moduleExists, custom, and ext. Its key assumption is the Lean axiom
6
and runtime checking compares observed rollout states against required predicates for the executed step. The same stack supports failure localization: the point is not merely to label a run “good” or “bad,” but to localize the first failing step. Experimentally, verification-passing workflows outperform failing ones by an average of 14.80% on SWE and 9.07% on ELAIP, with overall averages reported in the abstract as 11.94%; LeanEvolve improves SWE performance by an additional 7.47% on average (Wang et al., 2 Jun 2026).
"Marco DeepResearch" generalizes verification from runtime checking to data and training pipeline design (Zhu et al., 30 Mar 2026). Its verification-centric framework has three levels: QA Data Synthesis, Trajectory Construction, and Test-time scaling. The trajectory-construction level introduces two mechanisms: Multi-agent with Verification and Verification-Reflection Re-rollout on Failed Trajectories. The first uses a main agent, a search sub-agent, and a verifier sub-agent, so that intermediate sub-results and final answers are independently checked and revised if verification fails; the second starts from failed trajectories, has a verifier agent diagnose the failure, and then re-rolls out the trajectory conditioned on that feedback. The paper reports that Single-agent ReAct only versus Single-agent + Multi-agent (verified) yields an average improvement of +2.03, and that verifier-guided test-time scaling produces an average gain of +12.1 points (Zhu et al., 30 Mar 2026). This suggests that in agent settings, verification is increasingly treated as behavior to be learned, not only as an external audit.
MAG-V frames trajectory verification as consistency of tool-use behavior under reverse-engineered alternate questions (Sengupta et al., 2024). Starting from a response, a reverse engineer generates 3 alternate questions, the assistant answers them, and the resulting alternate trajectories are compared with the base trajectory using EM, EDIT, GEDIT, SS, AO, and LCSS, together with TF-IDF features from the base question. The paper states that its trajectory verification methodology, inspired by distant supervision and using traditional machine learning models, outperforms a GPT-4o judge baseline by 11% accuracy and matches the performance of a GPT-4 judge on the constructed dataset. A broader implication is that, for tool-using agents, verification can target the action path itself rather than the final answer alone.
3. Predictive runtime verification under uncertainty
"Conformal Prediction for STL Runtime Verification" formulates trajectory verification as a predictive runtime verification problem for an unknown stochastic system (Lindemann et al., 2022). Given an observed prefix 1 and a bounded STL specification 2 enabled at time 3, the goal is to decide whether
4
Because STL admits robust semantics, the paper works with the robustness measure
5
A learned predictor
6
is combined with conformal prediction to quantify uncertainty without distributional assumptions. The direct method constructs a conformal region for the robustness error
7
with threshold
8
so that if 9, then Theorem 1 yields
0
The indirect method first constructs statewise prediction regions, then lower-bounds STL robustness by worst-case robust semantics 1. The paper emphasizes that these are distribution-free, finite-sample guarantees and that the predictor can be any measurable trajectory predictor, including RNNs and LSTMs.
A related but distinct predictive verification problem appears in "Predictive Importance Sampling Based Coverage Verification for Multi-UAV Trajectory Planning" (Ghosh et al., 2 Mar 2026). Here verification asks whether a mobile user remains continuously in line-of-sight coverage during an entire decision interval, not merely at snapshot endpoints. The mobility set is the circle
2
and failure probability is
3
The proposal density for predictive importance sampling is the defensive mixture
4
where 5 is produced by an LSTM-MDN and 6 is uniform over 7. The resulting estimator
8
is proved unbiased, and the paper proves lower variance than uniform sampling under the stated condition 9 on the failure set. Reported verification ablation numbers include latency 0.57 ms for the proposed method with 0 and 11 ms for uniform sampling with 1 (Ghosh et al., 2 Mar 2026).
4. Test-time verification and refinement of candidate trajectories
A prominent recent pattern is to place verification between initial trajectory generation and expensive downstream execution. "SketchVerify" does this for physics-aware video generation by verifying and refining object trajectories before any full video is synthesized (Huang et al., 21 Nov 2025). For each sub-instruction 2, the planner samples 3 candidate trajectories
4
where each 5 is a sequence of bounding boxes. These candidates are rendered as lightweight video sketches and scored by a vision-language verifier for semantic correctness and physical plausibility, using the ranking rule
6
with 7. The appendix states 8, planner temperature 9, and an 0 diversity threshold of at least 1. Sketch verification reaches comparable or better quality than generation-based verification with about a 10× speedup (Huang et al., 21 Nov 2025).
"Self-Consistency for LLM-Based Motion Trajectory Generation and Verification" converts verification into cluster membership under geometric transformation groups (Ma et al., 31 Mar 2026). A prompt specifies a family
2
where 3 may be 4, 5, 6, 7, 8, or 9. The warp-invariant distance is
0
computed after resampling trajectories by arc length to 1 points and aligning them with a generalized ICP procedure. Clustering is performed with DBSCAN, and verification accepts a query iff 2. Reported verification results show precision 85.8 and F1 74.6 for Majority-Consensus, precision 80.5, recall 89.0, and F1 84.6 for Hierarchical-Consistency, and an 11.8 percentage point precision gain over GPT-4.1 (Ma et al., 31 Mar 2026).
DriveVer instantiates the same verifier-refiner pattern in autonomous driving (He et al., 1 Jul 2026). Given multi-view images, ego kinematics, a navigation command, and an initial trajectory 3, DriveVer predicts a confidence score 4 and a refinement direction vector 5. If 6, refinement is triggered and
7
The confidence branch is trained with
8
the refinement branch with
9
and the total loss is
0
with 1. The method has only 34M parameters and adds about 80 ms latency per trajectory on a single NVIDIA 4090 GPU. On NAVSIMv1, PDMS improves from 88.1 to 89.0 for DiffusionDrive and from 90.3 to 90.9 for AdaThinkDrive; on NAVSIMv2, EPDMS improves from 84.5 to 85.5 for DiffusionDrive (He et al., 1 Jul 2026).
5. Safety, robustness, and reachability verification in autonomous and dynamical systems
One major branch of the literature treats trajectory verification as certification of robustness for learned predictors. TrajPAC formalizes two notions for pedestrian trajectory prediction models (Zhang et al., 2023). Label robustness requires that, for all admissible perturbations in the 2 disturbance region 3, every attacked prediction remains within a safety constant 4 of the ground-truth future trajectory under ADE. Pure robustness instead requires proximity to the model’s own unperturbed prediction distribution. TrajPAC learns an affine PAC surrogate
5
for the robustness-relevant distance function and proves that if
6
then with confidence at least 7,
8
Operationally, TrajPAC returns YES, NO, or UNKNOWN, can produce true counterexamples, and gives sensitivity-based analyses through critical steps and critical paths.
A second branch develops analytic or convex certificates over continuous time. "Real-Time Risk-Bounded Tube-Based Trajectory Safety Verification" considers a polynomial trajectory 9 under uncertain time-varying nonlinear safety constraints 0 and defines risk by
1
Using moments of the uncertainty distribution, it constructs the deterministic inner approximation
2
with 3 and 4, and then verifies the resulting polynomial inequalities over the full planning horizon via SOS certificates without time discretization. The same framework extends to an ellipsoidal tube
5
Reported runtimes include 0.45 s for autonomous vehicle lane-changing trajectory verification, 0.88 s for lane-changing tube verification, 0.36 s for autonomous flight trajectory verification, and 0.77 s for autonomous flight tube verification (Jasour et al., 2021).
Other methods derive trajectory certificates from geometric structure or system order. "Vandermonde Trajectory Bounds for Linear Companion Systems" represents companion-dynamics trajectories in a Vandermonde basis and proves containment in a convex hull, the Vandermonde simplex, yielding a state-specific analytic outer bound for collision checking and safe-region containment (Arslan et al., 2023). "Feedback Motion Plan Verification for Vehicles with Bounded Curvature Constraints" verifies all trajectories induced by a feedback motion plan offline by computing backward reachable sets on cell borders for Dubins-like vehicles with minimum turning radius 6 and cell size 7 (Miraglia et al., 2019). "Trajectory-based Safety of Monotone Systems" introduces upper and lower dominance functions 8 and 9 from collected trajectories, proves monotonicity, dissipation, and invariance of their sublevel sets, and constructs robust or control barrier certificates as nonnegative affine combinations of these basis functions directly from trajectory data (Galarza-Jimenez et al., 15 May 2026).
Trajectory verification also appears in model checking and SLAM. The ballistic rocket report models flight as a probabilistic transition system
0
with state
1
labels states as GoodState, BadState, Disengaged, and Finish, and verifies PATL properties such as
2
under several probability thresholds (Kurpiewski et al., 27 Nov 2025). ROVER verifies loop closures by adding each candidate to pose-graph optimization, aligning the original and optimized trajectories, and scoring the RMS difference
3
Its reported average performance is 99.25 AP / 87.39 MR, and integration into ORB-SLAM2 and VINS-Fusion improves localization in repetitive environments (Yu et al., 19 Aug 2025).
6. Monitoring, evidence extraction, and the fragility of trajectory-dependent verification
When trajectories are long and semantically diffuse, verification itself becomes an evidence-aggregation problem. TRACE addresses long-horizon LLM agents with a TIJ loop—Triage, Inspect, Judge—that identifies suspect windows, performs structured analysis actions (InspectStep, CompareSteps, CheckPolicy, AnalyzeDecisions), maintains persistent evidence state across windows, and synthesizes a final suspicion score on a 1–5 scale, with scores 4 classified as malicious (Mittapalli et al., 5 Jun 2026). On SHADE-Arena, TRACE achieves aggregate F1 0.713 and recall 0.844, compared with F1 0.577 / recall 0.405 for a Full-Trajectory Monitor and F1 0.700 / recall 0.580 for a Sequential Monitor, while using about 12.3 LLM calls per trajectory versus 18.8 for the sequential monitor. The paper’s central point is that sabotage may be temporally sparse, ambiguous, and distributed across distant steps.
HANSEL shifts emphasis from classifier outputs to interactive evidence extracted from web-agent trajectories (Zhang et al., 17 Jun 2026). It standardizes raw logs into
5
uses an LLM to identify evidence pages and snippets, reconstructs each evidence page as a live interactive webpage with preserved state such as search queries, filters, sort order, and scrolling, and explicitly flags cases where the final answer cannot be traced to any visited page. On 45 tasks from AssistantBench and Online-Mind2Web, HANSEL achieves 83.7% precision, 88.8% recall, and 0.861 F1 in identifying evidence pages while reducing trajectory volume by 61.6%. In the user study, for correct submissions, HANSEL reduces completion time from 167.7 sec to 130.4 sec, and all 14 participants preferred HANSEL over the baseline.
The same literature also exposes a structural limitation: some verification schemes are only as reliable as their trajectory assumptions. SHIFT argues that diffusion watermark verification depends on faithful reconstruction of the watermark-bearing generative trajectory and exploits this dependence by stochastic hidden-trajectory deflection (Bao et al., 31 Mar 2026). After partial forward diffusion and stochastic ancestral resampling, the attacked image remains visually plausible while the latent trajectory becomes a different random path, breaking the coupling required by inversion-based verification. Across nine representative diffusion watermarking methods, SHIFT reports 95%–100% ASR, with average ASR 97.8%. This does not negate the value of trajectory verification; rather, it identifies a concrete controversy in provenance settings, namely that verification tied to a single reconstructable trajectory may be structurally fragile.
Across these literatures, trajectory verification is less a single technique than a family of formalisms for making sequential behavior inspectable. The common thread is that trajectories are treated as first-class technical objects: typed execution traces, stochastic signals, candidate plans, policy-induced state paths, or evidence-bearing logs. The verification question then becomes domain-specific—contract satisfaction, probabilistic temporal correctness, safety under disturbances, consistency under transformation groups, or evidential support—but the underlying aim is stable: to determine whether sequential behavior is not merely produced, but justified.