Protocol-Driven Development: Governing Generated Software Through Invariants and Continuous Evidence

TL;DR

Protocol-Driven Development (PDD) offers a governance framework for generated software by using enforceable protocols and continuous evidence, ensuring admissibility and compliance without trusting the generator.

Contribution

Introducing PDD, a novel approach that governs generated software through protocols, evidence chains, and runtime verification, enhancing control and trust in automated development.

Findings

Protocols define admissible implementation space.

Evidence chains enable verifiable compliance.

Dynamic evidence ledger supports continuous attestation.

Abstract

Automated program synthesis lowers the cost of producing implementations but introduces a harder governance problem: determining which generated artifacts are admissible. Natural-language specifications are ambiguous, and example-based tests sample only part of the behavioral space. Used alone, neither provides a sufficient control boundary. We introduce Protocol-Driven Development (PDD), where the primary software artifact is a machine-enforceable protocol rather than code. We define a protocol as the triplet P = (S, B, O), specifying structural, behavioral, and operational invariants. Their conjunction defines the admissible implementation space of a software component. Under PDD, implementations are replaceable realizations discovered through constrained search. An implementation is admitted only if it satisfies the protocol and produces a verifiable Evidence Chain of compliance. Admission is grounded in protocol satisfaction and recorded evidence rather than trust in the generator. For deployed systems, we extend the Evidence Chain into a Dynamic Evidence Ledger. Runtime verifiers append signed observations, invariant checks, and violations to the ledger, allowing monitorable obligations to be continuously attested. This connects live failures back to the generation loop without granting the generator runtime authority. Combining formal methods, property testing, runtime verification, policy-as-code, and software provenance, PDD defines a governance model for automated software engineering. Its organizing principle is that code is transient, while the protocol carries durable authority.