Planning Graph Delegation and Forking

Mechanism

Delegation forking begins inside the forecasting engine when a candidate branch satisfies a fork-eligibility predicate. The predicate is policy-defined and consults canonical fields including branch cost estimate, available local capacity, the trust slope of candidate delegates, and the admissibility class of the work to be delegated. If the predicate evaluates true, the engine emits a fork directive rather than expanding the branch in place. Expansion-in-place and fork are mutually exclusive at a given node; the planner does not pursue both, and the decision is recorded.

A fork directive carries a bounded scope. The scope is a structured object that names the canonical fields the delegate is permitted to read, the canonical fields the delegate is permitted to write into its return value, the admissibility classes under which the delegate may operate, the maximum horizon and speculation depth the delegate may consume, and a deadline. The delegate cannot widen any of these bounds; attempts to do so are rejected at the delegate's own admissibility gate using the same policy machinery that governs first-party inference. Scope is the contract; the delegate executes within it or not at all.

The delegated branch executes in the delegate's own cognitive architecture. From the delegate's perspective, the bounded scope appears as an ordinary work item with its own lineage tail, and the delegate's planning graph treats it as a top-level objective. Importantly, the delegate's full state is not exposed to the parent; only the typed return artifact crosses the boundary. The boundary is structural: the parent and delegate maintain disjoint planning graphs that touch only at the fork site and the recombination site.

Recombination occurs when the delegate returns its artifact, when the deadline expires, or when the parent rescinds the directive. The artifact is validated against the scope's declared write-fields and admissibility classes before any merge. A valid artifact becomes a sealed branch in the parent graph, annotated with the delegate's identity, the directive identifier, the input and output canonical fields, and the integrity hash chain that links them. An invalid artifact is recorded as a rejection event without affecting the parent's semantic state, and the parent planner falls back to the alternative it preserved when the fork was issued.

Rescission is a symmetric counterpart to issuance. The parent may rescind an outstanding directive at any time before recombination, and the rescission propagates to the delegate as a structural cancellation rather than a network error. The delegate observes the cancellation through its own canonical-field interface and is required to halt work on the directive within a policy-defined drain interval. Any artifact produced after rescission is discarded at the recombination boundary regardless of its content; rescission is final from the parent's perspective.

Throughout the lifecycle, the parent retains a reservation in its planning graph at the fork site. The reservation holds the position the delegated branch will occupy if it returns successfully, and it holds the alternative branch the planner will continue with if it does not. Reservations are not optimistic placeholders; they are explicit canonical entries that downstream consumers can observe. An observer of the parent graph can therefore see, at any moment, which branches are local, which are delegated, and which alternatives are being preserved against fork failure.

Operating Parameters

Fork eligibility is parameterized by a cost-benefit margin: the predicted reduction in parent latency or compute must exceed the overhead of crossing the delegation boundary by a policy-defined factor. Below the margin, the engine prefers in-place expansion. Above the margin, fork is preferred. The margin can be tightened in domains where boundary crossings are expensive or where delegate trust is low, and loosened where delegates are cheap and well-attested.

Scope width is parameterized by a least-privilege default: the directive scope is initialized to the minimum set of canonical fields the delegate provably needs, computed from the branch's data dependencies. Operators may relax this default through policy, but relaxations are themselves audited. Deadlines are required, not optional; a directive without a deadline cannot be issued. Deadlines bound the parent's exposure to delegate non-response and ensure that the planner can always recover the branch.

Recombination is governed by an admissibility re-check at the merge boundary. The artifact is treated as untrusted input until it has been gated under the parent's policy. The re-check is not a duplicate of the delegate's own gate; it enforces parent-side invariants that the delegate may not have known about. This double-gate property means that a delegate operating under a more permissive policy cannot smuggle results into a parent operating under a stricter one.

Trust slope is a parameter the parent maintains for each candidate delegate. The slope reflects the recent rate at which a delegate's artifacts have been admitted, rejected, or rescinded, and it influences the cost-benefit margin used at fork eligibility. A delegate whose slope is declining is preferred less, all else equal, even if its quoted capacity is higher. The slope is observational, derived from the parent's own ledger, and is not solicited from the delegate; this prevents delegates from advertising trust they do not have.

Alternative Embodiments

In a single-tenant embodiment, all delegates are first-party agents under common operational control, and the delegation boundary serves primarily to isolate compute and latency rather than trust. In a federated embodiment, delegates belong to distinct trust domains, and the bounded scope is also a privacy contract: canonical fields outside the scope cannot be observed by the delegate, even via side channels, because they were never serialized into the directive.

In a parallel-exploration embodiment, the engine forks the same branch to multiple delegates with overlapping scopes and recombines the artifacts using a policy-defined reconciliation function. The reconciliation function may select the highest-confidence artifact, intersect the artifacts to extract consensus, or reject the fork if artifacts disagree beyond a threshold. In a sequential-refinement embodiment, the engine forks a coarse branch to one delegate and, upon recombination, forks a refined sub-branch to another, building a chain of delegated work each segment of which is independently auditable.

In a heterogeneous embodiment, delegates are not necessarily peer agents. A delegate may be a specialized solver, a human-in-the-loop reviewer, or a regulated external service. The mechanism is unchanged: each delegate consumes a bounded scope and produces a typed artifact, and the parent's recombination logic does not need to know which kind of delegate produced the result.

In a transitive-delegation embodiment, a delegate may itself fork a sub-directive to a further delegate, producing a chain of bounded scopes each strictly contained within the previous one. Containment is structural: a sub-directive cannot widen any of its parent's bounds, and the parent's recombination only ever sees the top-level artifact. The transitive chain is recorded in the integrity ledger as a tree, so an auditor can reconstruct any branch of the chain without having to traverse the live agents.

Composition

Delegation forking composes with the admissibility gate at three points: at fork issuance, where the directive itself must be admissible under parent policy; at delegate entry, where the delegate's own gate evaluates the directive against its policy; and at recombination, where the returned artifact is gated against the parent again. It composes with the integrity ledger, which records the directive, the artifact, and the rescission or completion event in a chain that links parent and delegate lineages without merging them. It composes with the biological signal coupling, which can lower the parent's local horizon and thereby shift work toward fork even when local compute is otherwise available.

Because the directive and artifact are canonical-field objects, delegation composes with any agent that implements the canonical-field interface. There is no special protocol for being a delegate; an agent capable of executing under bounded scope and emitting typed artifacts is structurally already a delegate. This compositional property allows multi-agent systems to scale without bespoke integrations between every pair of participants.

Delegation further composes with the ledger's audit interface to produce a parent-side reconstruction of any delegated reasoning. Because the parent retains the directive, the artifact, the reservation, and any rescission events, an auditor working only from the parent's ledger can reconstruct what was asked of the delegate, what was returned, and how the parent merged or rejected the result, without ever consulting the delegate's own state.

Prior-Art Distinction

Conventional remote-procedure-call and task-queue systems delegate work but do not delegate planning. The caller does not retain a planning graph that names the delegated branch as a typed sub-branch; it merely awaits a return value. Conventional multi-agent frameworks coordinate through shared blackboards or message buses, which expose state beyond the bounds of any single task and do not produce auditable parent-side lineage for delegated reasoning.

The structural distinction here is that fork is a planning-graph operation with a bounded canonical-field scope, a parent-side admissibility re-check at recombination, and a lineage chain that links parent and delegate without merging their internal states. The parent graph remains canonical, the delegate's state remains private, and the contract between them is the directive scope. No prior-art system exhibits this combination of bounded-scope planning fork, double-gated recombination, and disjoint-graph audit.

Workflow engines and saga orchestrators provide a partial analogue but operate at the level of named tasks with explicit compensations rather than as planning-graph branches with admissibility-class scopes. They do not produce parent-side reconstructions of delegated reasoning, do not re-gate returned artifacts under parent policy, and do not preserve trust-slope observations across delegate selection decisions. The disclosed mechanism subsumes their orchestration role while adding the structural properties that make delegated reasoning auditable.

Disclosure Scope

This disclosure covers the forking of forecast branches into delegated sub-branches under bounded canonical-field scope; the issuance of directives carrying read-fields, write-fields, admissibility classes, horizon and depth limits, and deadlines; the execution of delegated work in disjoint planning graphs; the validation and admissibility re-check of returned artifacts at recombination; the recording of directives, artifacts, and rescissions in an integrity ledger that links parent and delegate lineages without merging them; and the composition of delegation with admissibility, integrity, and biological-coupling components. The disclosure contemplates single-tenant, federated, parallel-exploration, sequential-refinement, and heterogeneous-delegate embodiments, and is not limited to any specific delegate type or trust topology.