Skip to content

Verification

Distributed execution is valuable only while independent parties can later determine whether the recorded execution faithfully represents the computation that was requested.

Forge therefore treats verification as part of execution itself rather than as a post-processing integrity check.

Verification exists to establish computational confidence without requiring trust in any individual execution node.


Why Verification Exists

Distributed systems operate across infrastructure that is heterogeneous, geographically distributed, and only partially trusted.

Individual execution agents may differ in hardware, software, reliability, availability, or operational behavior.

Rather than assuming perfect infrastructure, Forge assumes mixed-trust participation and preserves sufficient execution evidence to evaluate computational integrity independently of any single participant.

Verification exists to ensure that execution remains explainable, reproducible, and defensible long after computation has completed.


Core Principle

Agents execute work.

They do not define computational truth.

The Hub remains responsible for:

  • execution planning
  • shard construction
  • verification policy
  • deterministic reduction
  • replay metadata
  • final result materialization

This separation is fundamental to the execution model.

A compromised, faulty, unstable, or malicious agent may influence an individual shard attempt.

It must not be able to silently determine the final computational result.


Verification as Execution Semantics

Verification is not an optional integrity feature layered on top of execution.

Verification defines how execution becomes trustworthy.

Every verification policy implicitly determines:

  • what evidence must be preserved
  • what redundancy is required
  • what validation must occur
  • what replay information survives execution
  • what level of computational confidence may be established

Changing verification policy therefore changes execution semantics—not merely execution cost.


Threat Model

Forge verification addresses practical execution failures including:

  • fabricated shard outputs
  • unstable hardware behavior
  • nondeterministic execution drift
  • interrupted or manipulated execution
  • incorrect execution accounting
  • partial execution presented as completed work
  • implementation defects inside workload handlers

The objective is not to eliminate every possible failure.

The objective is to make incorrect execution increasingly difficult to hide and increasingly straightforward to investigate.


Verification in the Execution Path

Verification is integrated into the canonical Kernel execution flow.

text
Execution Contract

Deterministic Shard Planning

Distributed Execution

Verification

Deterministic Reduction

Replay & Artifact Preservation

Verification occurs before final result materialization.

Invalid or suspicious shard outputs may be rejected, retried, compared, down-scored, or escalated according to the selected execution policy.


Verification Begins with the Execution Contract

Verification starts before the first shard is executed.

It begins when the execution contract becomes immutable.

Every subsequent execution decision is evaluated relative to that contract.

The execution contract establishes the computational identity against which replay, verification, benchmarking, billing, and audit are later performed.

See:


Verification Policies

Forge supports policy-driven verification.

Execution requests define verification behavior through the execution policy.

json
{
  "policy": {
    "verify": "none | spotcheck | full"
  }
}

none

No redundant verification is requested.

Suitable for:

  • development
  • trusted environments
  • exploratory workloads
  • low-consequence execution

Execution remains fully traceable through replay metadata and execution evidence.


spotcheck

A controlled subset of shard executions is independently validated.

Suitable for:

  • mixed-trust infrastructure
  • production workloads
  • probabilistic simulations
  • cost-sensitive execution

Spotcheck verification balances computational assurance against execution cost.


full

All shards, or a configured high-confidence equivalent, participate in redundant verification.

Suitable for:

  • regulated environments
  • financial workloads
  • insurance workloads
  • scientific reproducibility
  • enterprise audit scenarios

Full verification increases execution cost and latency while providing stronger computational assurance.


Signed Shard Contracts

Every shard is derived from the immutable execution contract.

A shard contract may include:

  • execution identity
  • shard identity
  • primitive identity
  • primitive version
  • profile identity
  • canonical argument hash
  • shard seed
  • verification requirements
  • execution boundaries
  • artifact requirements

Returned work must satisfy the assigned shard contract.

An execution agent cannot legitimately return results for different inputs, different seeds, different profiles, or different execution boundaries while claiming participation in the original workload.


Result Identity

Shard outputs may include deterministic result hashes.

Hashes establish execution identity.

They do not establish computational correctness.

Result identity allows Forge to compare:

  • redundant shard execution
  • replay execution
  • aggregation inputs
  • artifact integrity
  • repeated execution attempts

Result identity becomes one component of broader execution evidence.


Redundant Execution

Redundant execution assigns equivalent computational work to multiple execution agents.

Its purpose is to detect:

  • fabricated computation
  • unstable execution
  • faulty infrastructure
  • nondeterministic behavior
  • malicious deviation

For deterministic workloads, equivalent executions should converge to equivalent computational results.

For probabilistic workloads, equivalent executions are interpreted according to the workload's statistical semantics.


Statistical Validation

Certain workload classes require validation beyond byte-for-byte comparison.

Forge may evaluate statistical properties including:

  • mean stability
  • variance stability
  • distribution consistency
  • tail behavior
  • entropy bounds
  • convergence characteristics
  • expected value ranges

Statistical validation complements deterministic execution.

It does not replace it.

Different workload classes may therefore employ different validation semantics while remaining compatible with the same execution model.


Deterministic Reduction

Execution agents produce partial computational evidence.

The Hub constructs final computational truth.

Reduction must therefore remain deterministic.

This requires:

  • stable reduction semantics
  • deterministic shard ordering
  • versioned reducers
  • controlled floating-point behavior
  • exclusion of invalid shard outputs

Reduction is part of verification.

Not merely aggregation.


Agent Reliability

Execution agents accumulate operational history over time.

Reliability evaluation may consider:

  • successful execution rate
  • verification outcomes
  • statistical conformity
  • timeout frequency
  • latency stability
  • execution mismatch history
  • protocol compliance
  • long-term availability

Reliability is continuously earned.

It is never permanently granted.

The Scheduler may use reliability information to:

  • prioritize execution
  • reduce shard size
  • increase verification requirements
  • quarantine unreliable participants
  • remove persistent offenders

Quarantine

When execution evidence becomes suspicious, Forge may:

  • reject shard results
  • retry execution elsewhere
  • reduce scheduling priority
  • require stronger verification
  • quarantine execution agents
  • remove agents from future scheduling

A single invalid shard should never silently determine the final computational result.

Repeated execution failures should influence future participation.


Replay-Based Investigation

Verification continues after execution completes.

Replay metadata preserves sufficient information to reconstruct:

  • the execution contract
  • participating agents
  • shard allocation
  • seed assignment
  • returned results
  • verification outcomes
  • reduction behavior
  • execution artifacts

Replay transforms execution history into durable computational evidence.


Billing and Provider Integrity

Verification also protects the economic layer.

Economic settlement derives from verified computational contribution rather than declared participation.

Execution accounting may incorporate:

  • verified shard completion
  • verification outcomes
  • execution timing
  • work contribution
  • replay references
  • artifact integrity

Economic trust therefore derives from execution evidence.


Verification Boundaries

Verification establishes execution integrity.

It does not establish mathematical correctness.

Those are different problems.

Verification does not guarantee:

  • that every workload is mathematically correct
  • that every model assumption is valid
  • that every dataset is accurate
  • that every execution agent remains trustworthy indefinitely
  • that every verification policy provides identical assurance
  • that low-assurance execution behaves like high-assurance execution

Verification demonstrates that execution faithfully followed the selected execution contract and verification policy.

It does not replace scientific validation, domain expertise, or model governance.


Practical Mental Model

A useful way to understand Forge verification is:

text
Execution Contract

Distributed Execution

Verification

Deterministic Reduction

Replay Evidence

Computational Confidence

No individual execution agent represents the source of truth.

The execution contract defines truth.

Verification preserves it.


Deterministic execution infrastructure for distributed compute.