Auditable Early Stopping for Agentic Routing: Ledger-Verified Run-Wise Certificates under Local DP
Abstract
In production tool-use agents (e.g., retrieval $\to$ summarization $\to$ calculator), routers must know when to stop exploring while preserving local DP and leaving an auditable trail. We present run-wise early-stopping certificates for perturb-and-MAP (PaM) best-first search on context-indexed prefix DAGs whose children partition the leaves. We couple realized path scores and pruning keys to a single exponential race realized lazily via offset propagation. With exact leaf counts $N(v)$, lazy reuse at winners and independent residuals yield an Exact mode with a sound halting rule based on Key$(v) = M_tau(v) - \log t(v)$, where $t(v)$ is the minimum arrival time among leaves under $v$. With only upper bounds $N_{ub} \ge N$, a Surrogate mode uses a parent-anchored surrogate race without winner reuse; because $-\log \hat t \ge -\log t$, the frontier invariant holds and stopping remains sound. We add a compiler from shared-node DAGs to prefix DAGs, local finiteness checks, a SuffixCountDP routine for exact counts with safe downgrades, a validator-side tightening term $\kappa = \log(N/N_{ub})$, and an auditable ledger/validator that replays runs deterministically. We also give an absolute LogSumExp tail bound, an acyclicity certificate, and a fallback PRF-per-leaf scheme (NoCert) whose work matches a realized-score best-first baseline up to a small per-node overhead. Finally, we integrate a price/latency/$(\epsilon, \delta)$-aware multi-LLM controller and DP-trained LoRA adapters chosen at runtime; these choices do not affect the two-mode frontier invariants. We report Mac/commodity-hardware reproducible results, a small real tool-use pipeline, and validator-checked audit trails, with code and ledgers provided.