{"state_type":"pith_open_graph_state","state_version":"1.0","pith_number":"pith:2025:OYHSK3MNS5ENCRPOOBFH6ZDCRR","merge_version":"pith-open-graph-merge-v1","event_count":2,"valid_event_count":2,"invalid_event_count":0,"equivocation_count":0,"current":{"canonical_record":{"metadata":{"abstract_canon_sha256":"a2e3c0a4df27cd97e92328bed6942fd95bd3568fca2d7c1d1377f4dc0e9f7dc2","cross_cats_sorted":["cs.CL"],"license":"http://creativecommons.org/licenses/by/4.0/","primary_cat":"cs.AI","submitted_at":"2025-03-24T13:31:48Z","title_canon_sha256":"4b5b3b3fe1a5d5c061c5e8df5be7179fca37d0e7698584aea28f285ed734c5bf"},"schema_version":"1.0","source":{"id":"2503.18666","kind":"arxiv","version":3}},"source_aliases":[{"alias_kind":"arxiv","alias_value":"2503.18666","created_at":"2026-05-17T23:39:21Z"},{"alias_kind":"arxiv_version","alias_value":"2503.18666v3","created_at":"2026-05-17T23:39:21Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.2503.18666","created_at":"2026-05-17T23:39:21Z"},{"alias_kind":"pith_short_12","alias_value":"OYHSK3MNS5EN","created_at":"2026-05-18T12:33:37Z"},{"alias_kind":"pith_short_16","alias_value":"OYHSK3MNS5ENCRPO","created_at":"2026-05-18T12:33:37Z"},{"alias_kind":"pith_short_8","alias_value":"OYHSK3MN","created_at":"2026-05-18T12:33:37Z"}],"graph_snapshots":[{"event_id":"sha256:f35e506e0fe3448f22ae02edd2eefe1709c6aa8d867d5a7141ea1f106c74c636","target":"graph","created_at":"2026-05-17T23:39:21Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"graph_snapshot":{"author_claims":{"count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","strong_count":0},"builder_version":"pith-number-builder-2026-05-17-v1","claims":{"count":4,"items":[{"attestation":"unclaimed","claim_id":"C1","kind":"strongest_claim","source":"verdict.strongest_claim","status":"machine_extracted","text":"Our evaluation shows that AgentSpec successfully prevents unsafe executions in over 90% of code agent cases, eliminates all hazardous actions in embodied agent tasks, and enforces 100% compliance by autonomous vehicles (AVs)."},{"attestation":"unclaimed","claim_id":"C2","kind":"weakest_assumption","source":"verdict.weakest_assumption","status":"machine_extracted","text":"That comprehensive safety rules can be predefined to cover all relevant unsafe scenarios while remaining practical to write and that runtime interception of agent actions is feasible and accurate across domains without introducing unacceptable false positives."},{"attestation":"unclaimed","claim_id":"C3","kind":"one_line_summary","source":"verdict.one_line_summary","status":"machine_extracted","text":"AgentSpec introduces a customizable DSL for runtime enforcement of safety constraints on LLM agents, achieving over 90% prevention of unsafe code actions, zero hazardous embodied actions, and 100% AV compliance in evaluations."},{"attestation":"unclaimed","claim_id":"C4","kind":"headline","source":"verdict.pith_extraction.headline","status":"machine_extracted","text":"AgentSpec lets users write runtime rules that stop LLM agents from unsafe actions in code, robots, and cars."}],"snapshot_sha256":"564f5008fd3ee679e543bb896676fc0b0acb1594740adde8e6eb76042eaa719f"},"formal_canon":{"evidence_count":2,"snapshot_sha256":"d991a4f9e79cef635c52d38f7f260ca68ddb3570c50ad81e13281dc30287d677"},"paper":{"abstract_excerpt":"Agents built on LLMs are increasingly deployed across diverse domains, automating complex decision-making and task execution. However, their autonomy introduces safety risks, including security vulnerabilities, legal violations, and unintended harmful actions. Existing mitigation methods, such as model-based safeguards and early enforcement strategies, fall short in robustness, interpretability, and adaptability. To address these challenges, we propose AgentSpec, a lightweight domain-specific language for specifying and enforcing runtime constraints on LLM agents. With AgentSpec, users define ","authors_text":"Christopher M. Poskitt, Haoyu Wang, Jun Sun","cross_cats":["cs.CL"],"headline":"AgentSpec lets users write runtime rules that stop LLM agents from unsafe actions in code, robots, and cars.","license":"http://creativecommons.org/licenses/by/4.0/","primary_cat":"cs.AI","submitted_at":"2025-03-24T13:31:48Z","title":"AgentSpec: Customizable Runtime Enforcement for Safe and Reliable LLM Agents"},"references":{"count":59,"internal_anchors":2,"resolved_work":59,"sample":[{"cited_arxiv_id":"","doi":"","is_internal_anchor":false,"ref_index":1,"title":"AgentSpec. https://github.com/haoyuwang99/AgentSpec, 2025","work_id":"fa785603-cf6e-43f7-beb4-32c853d10e4c","year":2025},{"cited_arxiv_id":"","doi":"","is_internal_anchor":false,"ref_index":2,"title":"Runtime verification for trustworthy computing","work_id":"7dddb913-3bd7-4d9c-9ff7-1e6e4d038c0a","year":2023},{"cited_arxiv_id":"","doi":"","is_internal_anchor":false,"ref_index":3,"title":"Apollo Self-Driving","work_id":"909de431-0bfc-410b-99c4-7496d8d63eec","year":null},{"cited_arxiv_id":"","doi":"","is_internal_anchor":false,"ref_index":4,"title":"Accessed: 2025-02-11","work_id":"f11b9b96-ef0b-487b-87b8-f12dbff93e81","year":2025},{"cited_arxiv_id":"","doi":"","is_internal_anchor":false,"ref_index":5,"title":"Principles of model checking","work_id":"f2d9a6fd-6cf6-4179-8614-511d89cb8ee9","year":2008}],"snapshot_sha256":"b23902b547bd3abb1d736e1acd1600982b394d745678c2c73a35151fd545f40b"},"source":{"id":"2503.18666","kind":"arxiv","version":3},"verdict":{"created_at":"2026-05-14T21:20:33.486922Z","id":"d7ee02ef-132c-40af-8e19-23b4b90a0753","model_set":{"reader":"grok-4.3"},"one_line_summary":"AgentSpec introduces a customizable DSL for runtime enforcement of safety constraints on LLM agents, achieving over 90% prevention of unsafe code actions, zero hazardous embodied actions, and 100% AV compliance in evaluations.","pipeline_version":"pith-pipeline@v0.9.0","pith_extraction_headline":"AgentSpec lets users write runtime rules that stop LLM agents from unsafe actions in code, robots, and cars.","strongest_claim":"Our evaluation shows that AgentSpec successfully prevents unsafe executions in over 90% of code agent cases, eliminates all hazardous actions in embodied agent tasks, and enforces 100% compliance by autonomous vehicles (AVs).","weakest_assumption":"That comprehensive safety rules can be predefined to cover all relevant unsafe scenarios while remaining practical to write and that runtime interception of agent actions is feasible and accurate across domains without introducing unacceptable false positives."}},"verdict_id":"d7ee02ef-132c-40af-8e19-23b4b90a0753"}}],"author_attestations":[],"timestamp_anchors":[],"storage_attestations":[],"citation_signatures":[],"replication_records":[],"corrections":[],"mirror_hints":[],"record_created":{"event_id":"sha256:0051d3304a881fca1e9b9acb6a9df5766fd2250baebe0888bfd9365fee8aa396","target":"record","created_at":"2026-05-17T23:39:21Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"attestation_state":"computed","canonical_record":{"metadata":{"abstract_canon_sha256":"a2e3c0a4df27cd97e92328bed6942fd95bd3568fca2d7c1d1377f4dc0e9f7dc2","cross_cats_sorted":["cs.CL"],"license":"http://creativecommons.org/licenses/by/4.0/","primary_cat":"cs.AI","submitted_at":"2025-03-24T13:31:48Z","title_canon_sha256":"4b5b3b3fe1a5d5c061c5e8df5be7179fca37d0e7698584aea28f285ed734c5bf"},"schema_version":"1.0","source":{"id":"2503.18666","kind":"arxiv","version":3}},"canonical_sha256":"760f256d8d9748d145ee704a7f64628c5655c72569cb06d38ee983c35846fddb","receipt":{"algorithm":"ed25519","builder_version":"pith-number-builder-2026-05-17-v1","canonical_sha256":"760f256d8d9748d145ee704a7f64628c5655c72569cb06d38ee983c35846fddb","first_computed_at":"2026-05-17T23:39:21.632828Z","key_id":"pith-v1-2026-05","kind":"pith_receipt","last_reissued_at":"2026-05-17T23:39:21.632828Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","receipt_version":"0.3","signature_b64":"iujN/yCtZ3xNIPiosgmIBiAwtGTlh5cUTTE7+iEFnj0aV7jo56OsbZO10qvnKfi4mR+CPSL/2MgUUzX3+VAzBg==","signature_status":"signed_v1","signed_at":"2026-05-17T23:39:21.633516Z","signed_message":"canonical_sha256_bytes"},"source_id":"2503.18666","source_kind":"arxiv","source_version":3}}},"equivocations":[],"invalid_events":[],"applied_event_ids":["sha256:0051d3304a881fca1e9b9acb6a9df5766fd2250baebe0888bfd9365fee8aa396","sha256:f35e506e0fe3448f22ae02edd2eefe1709c6aa8d867d5a7141ea1f106c74c636"],"state_sha256":"f3aa10feac0d5cd078de8c384c09d49160d5aa1c5399f82ac344af5a7a1b4c7c"}