The Coherence Fee
The number of independent failure modes invisible to bilateral checking is a computable topological invariant of the typed composition
A composition with nonzero fee whose blind spots never produce observable failures across sufficiently diverse inputs
The Coherence Fee
Pricing composable truth for autonomous coordination
May 2026
Automation did not begin with agents. Long before models could write, bargain, retrieve, invoke tools, or explain themselves in fluent prose, machines had already entered the machinery of consequential life. Trading systems placed orders faster than any human clerk could see the market move. Credit models sorted borrowers into bands of trust and suspicion. Fraud engines froze accounts in the name of pattern recognition. Insurance systems priced risk; logistics systems routed goods; advertising exchanges auctioned attention in milliseconds. The modern economy has, for decades, been governed in part by systems no citizen could fully inspect and no operator could fully narrate in ordinary language.
Yet those systems, for all their opacity and speed, usually remained housed inside recognizable institutions. A bank deployed the credit model. An exchange member ran the trading strategy. An insurer operated the underwriting engine. A platform tuned the ranking system. The decision might have been automated, but the envelope around it was legible: a firm, a license, a compliance office, a regulator, a balance sheet, a litigation target, a set of logs, a domain of action. The machine could be obscure; the institutional author was not. If the system harmed someone, the law might struggle to allocate fault, but it did not have to begin by asking whether there was any durable actor to interrogate.
Autonomous coordination changes the location of the difficulty. Its novelty is not simply that machines decide, nor that they decide quickly, nor even that their internal reasoning may be opaque. The deeper shift is that consequential action can now be assembled across boundaries by processes that inherit authority from one place, draw context from another, invoke tools from a third, translate the result into a structured payload, and pass that artifact onward into systems governed by different assumptions. The action is no longer contained inside a single institutional chamber; it is assembled across them.
This composition is where the older vocabulary begins to fail. In the earlier regime, one could often ask whether a model inside an institution made a bad decision. In the new regime, the harder question is whether a chain of systems preserved the meaning on which the decision depended. A prompt confers authority; a retrieval step supplies context; a tool call computes a value; a schema translation drops a convention; a downstream service treats the result as valid; a payment condition, compliance representation, purchase instruction, or operational commitment follows. At each boundary, something crosses. But not everything crosses.
What crosses is usually a depiction: a message, a field, a JSON object, an instruction, a score, a recommendation, a receipt. What may not cross is the inheritance that gave the depiction its force — the prompt constraint, the source context, the authority scope, the day-count convention, the timezone basis, the risk metric, the tolerance rule, the unstated meaning of delivery, approval, exposure, settlement, or complete. The downstream system receives the artifact and validates its shape. It can check whether the field is present, whether the type is correct, whether the value falls within range. But the validity of the artifact as a bearer of meaning depends on assumptions that may have disappeared before the next system ever sees it.
This is why the ordinary answer — the corporation will be liable — is both true and insufficient. In many cases, a corporation will own the account, operate the workflow, deploy the model, sign the contract, or maintain the integration. There may be a defendant, insurance, indemnities, audit rights, warranties, and regulatory hooks. But legal personality is not semantic custody. A court can assign responsibility after the fact; it cannot reconstruct a convention that the architecture never preserved. Corporate liability supplies a defendant. It does not supply a witness.
The problem, then, is not a world without liability. It is liability after the evidence of meaning has thinned. When the disputed action has passed through prompts, retrieved documents, model outputs, tool schemas, vendor APIs, orchestration layers, and downstream agents, the question is no longer merely who owned the process. It is which hidden convention made the output false, which boundary failed to carry it, whether any local validator could have seen the failure, and whether any durable receipt remains by which the failure can be proven rather than merely alleged.
At 14:23:07, a procurement process commits to purchase 340 metric tons of Brazilian soybean meal, posts collateral, propagates delivery instructions to a shipping workflow, notifies a quality-inspection oracle, and terminates. The cooperative in Mato Grosso still expects delivery in eleven days. The escrow still holds collateral. The shipping workflow still acts on the delivery instruction. The payment oracle still evaluates whether release conditions were met.
The commitment endures. The committer does not.
That sentence marks the constitutional edge of the technical problem. A process that no longer exists can leave behind obligations that still bind counterparties, collateral, inventory, delivery infrastructure, compliance systems, and dispute mechanisms. Its output survives as a fact in the world. The assumptions that authorized the output may survive only if the architecture forced them to be carried.
In the soybean transaction, every bilateral check passes. The escrow contract validates against the shipping manifest. The shipping manifest validates against the inspection report. The inspection report validates against the payment terms. Each edge is locally green. Every artifact has the required fields. Every type matches. Every value falls inside the declared range.
Yet the composition fails. The quality inspector used calendar-day conventions for the delivery window. The shipping workflow computed transit time in business days. The payment oracle applied a tolerance threshold calibrated to a risk metric that neither the inspector nor the shipper declared in its output. No party lied. No schema was violated. No local validator malfunctioned. The inconsistency lived in assumptions that shaped every output but appeared in no interface.
This is the class of failure that ordinary integration language tends to misname. It is not, in the first instance, a bug in one component. Nor is it simply a failure of explainability, governance, or model transparency. Each component may have done what it was locally asked to do. Each edge may have enforced the interface it was given. The failure belongs to the composition: to the difference between the meanings the system required and the meanings its boundaries preserved.
A local validator can check the depiction. It cannot, from the depiction alone, recover the witness. It can confirm that a message conforms to a schema. It cannot confirm that the schema carried every convention the next system would need in order to use the message truthfully. The gap is not between careful and careless engineering. It is between local form and global meaning.
That gap has a number.
In a composition of tools, agents, services, departments, standards, or jurisdictions, the number of independent failure modes invisible to bilateral checking is a topological invariant of the composition graph. It can be computed before execution from the observable schemas and the declared consistency requirements of the composition. It identifies the dimensions of meaning that coordination requires but the interfaces do not expose. It determines the minimum number of typed bridge concepts required to eliminate the blind spots. It is constructively repairable, verifiable after repair, and irreducibly minimal within the fixed bilateral regime.
That invariant is the coherence fee.
The intuition is spatial. A composition is a graph. Its nodes are tools, agents, services, institutions, or standards. Its edges are the boundaries where one system's output becomes another system's input. Along a tree, local consistency has no independent cyclic obstruction. Errors can still occur, and bad assumptions can still propagate, but a contradiction cannot return disguised as agreement: there is no closed path for it to close around. There is no hole.
A cycle changes the geometry. A feedback loop, a multi-source join, a reconciliation process, a human review that re-enters the workflow, a peer-to-peer service mesh, a cross-jurisdictional taxonomy, or an agent chain that consumes the products of its own prior action creates a closed path. Around such a path, each local handoff can be valid while the whole circuit fails. The inconsistency need not appear at any single edge because it is completed only by the loop.
The coherence fee counts the holes in that verification surface: the independent dimensions of consistency that the composition depends on but bilateral checking cannot observe. Each hole corresponds to a semantic obligation that shaped some output without being carried across the boundary where it later mattered. Each repair requires a bridge concept — a typed field, convention, predicate, manifest entry, or shared definition — that makes the hidden dimension explicit enough to be checked.
The cost of crossing composition boundaries has collapsed faster than the cost of witnessing what those crossings preserve. MCP made tool integration cheap. OpenAPI made endpoints legible. Agent frameworks made delegation fluent. Large language models made translation between heterogeneous systems feel almost free. But semantic verification did not become free merely because invocation became fluent. The payload is not the inheritance. The interface is not the witness. A system can be locally green at every boundary and still globally false.
The industry has tended to imagine the frontier as the arrival of a single more capable mind. But the economy does not act as a single mind. It acts through ledgers, interfaces, credentials, vendors, agencies, workflows, counterparties, and inherited conventions. Any intelligence powerful enough to matter must enter that machinery. Once it does, its problem is no longer only cognition; it is coordination — whether the meanings that authorize action can survive the crossings through which action becomes binding. The single-model frontier is real, but incomplete. The deployment frontier is compositional.
This document puts a number on that difference.
The argument proceeds in two movements. First, the coherence fee is real, computable, and empirically confirmed at scale: bilateral validation has provable blind spots; their count is a topological invariant of the composition; and the invariant predicts composition failures across hundreds of real MCP server compositions. Second, the coherence fee creates a market: bridge concepts are goods with computable value, fraud proofs make non-bridging consequential, and high-value autonomous coordination requires settlement infrastructure capable of preserving commitments, bonds, and verification rights after the process that made the commitment has disappeared.
The companion settlement essay asks what kind of substrate can enforce commitments after institutional authorship thins. This essay supplies the prior measurement primitive: the billable unit of verification risk.
The claim is narrower than a general indictment of automation and stronger than a complaint about integration quality. Prior algorithmic systems were often consequential, opaque, and harmful. But they generally acted within institutional envelopes whose authorship could be named even when their internal logic was obscure. Agentic composition introduces a different problem: consequential action carried by short-lived, string-mediated processes across heterogeneous trust boundaries, where the artifact survives but the assumptions that made it meaningful may not.
A perfect local audit does not certify the composition. A transparent component does not guarantee that its conventions survived the crossing. A valid interface does not imply a valid world.
The coherence fee measures the difference.
I. The fee is real and computable
The bilateral blindness problem
Every tool-calling protocol in production validates bilaterally. MCP (Model Context Protocol, a widely adopted standard for tool integration) checks that a tool's output conforms to its declared schema. A2A (Agent-to-Agent) checks that one system's message matches another's expected input, whether within a single orchestrator or across autonomous services. OpenAPI validates request and response objects at each endpoint. If the fields are present, the types match, and the values fall within declared ranges, the check passes.
This regime catches an important class of errors: missing fields, type mismatches, malformed outputs, constraint violations. What it cannot catch — provably, not merely in practice — are inconsistencies that arise from assumptions internal to each tool that shape every output but appear in no schema. The soybean transaction is one instance. A second instance, closer to where most readers live, makes the structural property easier to formalize.
A data provider retrieves market prices using calendar days. A financial-analysis tool computes risk-adjusted returns using 252 trading days per year and reports a Sortino ratio. A portfolio verifier checks whether the return exceeds a threshold — but internally expects a Sharpe ratio, not Sortino. Every bilateral check passes. The day-count mismatch silently annualizes with the wrong denominator. The risk-metric mismatch silently evaluates Sortino against a Sharpe threshold. Neither error is visible at any single interface, because the information needed to detect it — which convention was used, which metric was computed — was projected away by the tools' own schemas. The data provider's schema declares prices, dividends, period unit, date range; it does not declare which day-count convention it used. The financial-analysis tool's schema declares risk-adjusted return, volatility, maximum drawdown, annualized return; it does not declare which day-count convention it assumed or which risk metric it computed.
The same limitation applies recursively to the agent itself. A consumer of an agent's output can validate the depiction it receives, but not the hidden inheritance — system prompt, retrieved context, tool-access permissions, policy constraints — that shaped the output, just as a downstream tool cannot verify the hidden convention that shaped an upstream payload. The system prompt is the undeclared convention of the agent. Whoever edits the inheritance controls the output without appearing in it.
Interpretability and mechanistic transparency improve what happens inside a tool: they reveal a model's internal reasoning and allow auditors to verify that local outputs reflect local intentions. But they cannot force independently authored systems to declare the conventions they project away. A perfectly transparent data provider still drops its day-count convention from the output schema if its designers considered that convention obvious. The coherence fee is a composition invariant, not a model invariant — it measures the gap between what tools expose and what composition requires, and that gap persists even under perfect local transparency.
What the blind spots look like
The structure becomes precise when the tools' internal states and observable outputs are written down side by side.
Each tool has an internal semantic state — every assumption it carries, whether or not it appears in the output. Each tool has an observable schema — the subset of that state declared in its output. The projection from internal state to observable schema drops dimensions. Those dropped dimensions are invisible to any downstream consumer and to any bilateral check.
| Tool | Internal state S(v) | Observable schema F(v) | Projection kills |
|---|---|---|---|
| data_provider | prices, dividends, period_unit, data_start, data_end, day_convention | prices, dividends, period_unit, data_start, data_end | day_convention |
| financial_analysis | risk_adj_return, volatility, max_drawdown, ann_return, day_convention, risk_metric | risk_adj_return, volatility, max_drawdown, ann_return | day_convention, risk_metric |
| portfolio_verifier | pass, score, recommendation, risk_metric | pass, score, recommendation | risk_metric |
Two dimensions — day_convention and risk_metric — live in the internal state but not in any observable schema. The projection kills them.
The three tools form a directed cycle (a feedback loop where the verifier's output influences the next round of data retrieval). At each edge of this cycle, a bilateral interface specifies which semantic dimensions must be consistent: does the data match? Are the time periods aligned? Do the risk assessments cohere? Some of these dimensions are observable — both tools declare them. Others are blind spots: they live in the internal state of one or both tools but appear in neither output schema.
The mathematical object that captures this structure is a matrix called the observable coboundary — in plain terms, the checklist of consistency requirements that bilateral checks can actually reach, built only from the fields tools expose rather than from their internal assumptions. Its rows correspond to semantic consistency requirements across edges and its columns correspond to observable fields at each tool. A nonzero entry means the consistency requirement can reference that field. A zero row means the requirement cannot reference any observable field at either endpoint: bilateral checking has no access to the information needed to verify it.
The observable coboundary for this pipeline has eight rows. The compressed form shows what each consistency requirement can reference:
| Row | Semantic dimension | Observable entry | Status |
|---|---|---|---|
| 0 | data_match | −1 · dp.prices | checkable |
| 1 | time_match | −1 · dp.period_unit | checkable |
| 2 | day_conv_match | all zeros | blind spot |
| 3 | rar_match | −1 · fa.risk_adj_return | checkable |
| 4 | vol_match | −1 · fa.volatility | checkable |
| 5 | metric_type_match | all zeros | blind spot |
| 6 | feedback_match | −1 · pv.score | checkable |
| 7 | granularity_match | −1 · pv.recommendation | checkable |
Six rows have nonzero entries — these are the consistency requirements that bilateral checks can reach. Two rows are entirely zero: day_conv_match and metric_type_match. These are the blind spots. No bilateral check, no matter how strict, can detect an inconsistency on these dimensions, because the information needed to detect it has been projected away by the tools' own schemas.
The full coboundary — built from the internal states rather than the observable schemas — is an 8×16 matrix with no zero rows. Every consistency requirement can reference at least one internal-state field. If you could see the full internal state, you could check everything. But you cannot see the full internal state. The tools do not publish it. The bilateral regime operates on projections.
The coherence fee for this pipeline is 2: two independent dimensions of consistency that bilateral verification cannot reach because the projection kills them. The number is not an estimate. It is the rank deficiency of the observable coboundary — the precise count of structurally invisible failure modes.
Eliminating the fee
A bridge annotation for a blind-spot dimension extends the observable schemas on both sides of the affected edge: add a named field so that the projection no longer kills the dimension. For day_convention, add a day_convention field to both data_provider and financial_analysis output schemas. For risk_metric, add a risk_metric field to both financial_analysis and portfolio_verifier output schemas.
After bridging, the previously zero rows of the observable coboundary become nonzero. The consistency requirements now reference observable fields. The coherence fee drops to zero.
The same data that previously caused a silent compositional failure — calendar days at the data provider, trading days at the analysis tool, Sortino reported where Sharpe was expected — now triggers two bilateral failures at the edges where the inconsistency lives. The blind spots become type errors. The silent failure becomes a loud one, catchable by the same bilateral checks that were structurally powerless before bridging.
The theorem
The pattern generalizes. The companion papers (Predicate Invention Under Sheaf Constraints and The Seam Protocol) establish the following result for any composition of tools with cyclic dependencies:
The minimum number of typed bridge concepts required to eliminate all bilateral blind spots is exactly dim H¹ of the interpretation sheaf on the coordination graph. This quantity is:
(a) Computable in polynomial time via the Smith normal form of the coboundary matrix.
(b) Achievable by a constructive algorithm: for each blind-spot generator, the bridge concept is the kernel of the restricted coboundary on the corresponding cycle.
(c) Verifiable: after adding the bridge concepts, re-run the diagnostic and confirm the fee has dropped to zero.
(d) Minimal: no admissible repair uses fewer bridge concepts.
The theorem says more. The minimal repair is initial: any other repair that eliminates the blind spots factors through it. Bridge concepts are not design choices among alternatives. They are the structurally inevitable shared concepts that the topology of the composition forces into existence. Different operationalizations may name them differently — one team's day_convention is another's trading_calendar_basis — but the topological role is unique up to relabeling.
The mathematics behind this result is the first cohomology of a cellular sheaf on the composition graph — a construction from applied algebraic topology that classifies exactly which local consistencies fail to compose into global consistency. The construction originates in work on topological signal processing and sensor networks; what is new here is the application to tool composition and the operational consequence that follows from it: the verification gap has a number, the number determines the minimum cost of eliminating it, and no protocol operating within the fixed bilateral regime can reduce that cost below the topological minimum. The structural identities behind the diagnostic are machine-checked in Lean 4 across the companion papers.
The institutional case
The theorem applies to any composition of typed interfaces with cyclic dependencies. Software tool pipelines are one instance. Regulatory compliance across jurisdictions is another.
Three accounting standards govern lease accounting worldwide: US-GAAP (ASC 842), IFRS 16, and Japan-GAAP (ASBJ). Each jurisdiction maintains its own taxonomy of lease concepts — 14 for US-GAAP, 11 for IFRS, 12 for Japan-GAAP, totaling 37 distinct taxonomy entries across the three standards. The jurisdictions maintain bilateral correspondence mappings: 8 correspondences between US-GAAP and IFRS, 6 between IFRS and Japan-GAAP, 7 between US-GAAP and Japan-GAAP — 21 bilateral mappings in total.
Every bilateral mapping is internally consistent. US-GAAP concepts map cleanly to their IFRS equivalents. IFRS concepts map cleanly to their Japan-GAAP equivalents. But the three-way composition does not close. The coboundary matrix — 37 columns, 21 rows — has rank 17. The coherence fee is 4: four independent dimensions of composition failure invisible to any pairwise taxonomy mapping. (Taxonomy construction and rank computation derived in The Bridge Conjecture.)
The four blind spots trace to specific structural asymmetries: IFRS 16 eliminated lessee lease classification (operating vs. finance) that both ASC 842 and Japan-GAAP retain; Japan-GAAP keeps operating leases off the balance sheet while the other two do not; scope rules diverge for intangible asset leases; and sale-leaseback qualification criteria differ across all three jurisdictions.
The striking observation is that these four missing bridge concepts — the shared definitions that would reduce the coherence fee to zero — correspond precisely to the harmonization targets that the 2002–2014 FASB/IASB convergence program attempted and failed to achieve. The convergence failure was not merely a failure of political will. The taxonomy structure itself exposed missing bridge concepts that any durable harmonization would have had to invent. The coherence-fee framework, applied to the schema structure of the three standards, identifies from the taxonomy alone which shared concepts are missing and how many are needed.
The same diagnostic applies wherever multiple jurisdictions, standards, or ontologies must compose: FHIR healthcare interoperability across vendors, cross-border financial reporting, multi-framework AI governance compliance. In each case, bilateral mappings pass while the three-way composition fails, and the coherence fee predicts the exact count and character of the failures.
Evidence at scale
The theorem predicts. The question is whether the prediction holds against production schemas authored by developers who have never heard of sheaf cohomology and whose conventions were not designed to test any theory.
bulla computes the coherence fee from MCP server manifests and YAML composition specifications. Its registry-scale deployment has now processed 703 pairwise compositions drawn from 38 real-schema MCP servers — official servers maintained by the MCP project, community servers, and third-party integrations — using tool schemas captured directly from live server introspection.
The central finding: when the diagnostic partitions blind spots into within-server (both mismatched tools belong to the same server) and cross-server (the mismatch spans a server boundary), the cross-server boundary fee achieves a Spearman rank correlation of ρ = 0.996 against observed composition failures. Among 678 compositions with available ground truth, a boundary fee of zero has produced zero false negatives. In this corpus, when the boundary fee says two servers compose cleanly, no observed failure has contradicted it.
Three convention dimensions account for 173 of 183 confirmed cross-server mismatches:
| Convention | Mismatches | What is happening |
|---|---|---|
| Path format | 163 | filesystem servers use absolute paths; GitHub uses repository-relative; browser-automation uses local URLs |
| Date format | 5 | ISO-8601 versus epoch versus vendor-specific encodings |
| Sort direction | 5 | equivalent semantics, incompatible value conventions |
Each dimension lives in the internal state of the tools involved but appears in no output schema. Each is invisible to bilateral checking. Each is identified and named by the diagnostic.
Separately, the Coherence Cliff experiment tested whether the diagnostic's advantage persists as compositions grow. Five hundred composition graphs were generated across seven scales from 5 to 50 agents, with six convention dimensions grounded in real-world divergence patterns (including day-count conventions from ISDA settlement disputes, rate-scale variation from Basel RCAP methodology, and precision differences from ARRC specifications). The sheaf diagnostic — mean cycle frustration — achieved R² > 0.96 against ground-truth failure rates at every scale tested. No conventional baseline came close. The strongest single graph-topological metric peaked at R² = 0.55 and collapsed below 0.30 at the largest scales. Even a Random Forest given the entire graph-topological feature vector — cycle count, spectral gap, clustering coefficient, convention distance, and more — reached only R² = 0.79 at five agents and degraded to R² = 0.45 at fifty. The gap between the sheaf diagnostic and the best alternative widened from +0.19 at five agents to +0.52 at fifty (Figure 1).
Conventional graph metrics lose their predictive power at precisely the scales where autonomous coordination operates. The sheaf diagnostic does not.
The cost of non-bridging grows with composition size because each undeclared convention creates a blind spot at every boundary it crosses. Bridge annotations have increasing marginal returns: declaring a convention once eliminates its contribution at every boundary simultaneously.
Identification versus specification
A further structural result separates two problems that practice routinely conflates: knowing which bridge concepts are missing, and knowing what operational content each must carry.
The decomposition is testable. When three independent language models — GPT-4o, Claude 3.5 Sonnet, Gemini 2.0 Flash — are shown only the failing records and the cycle failure (no sheaf theory, no mathematical notation, no hints about timing or decomposition), and asked "what shared rule would all three tools need to agree on before processing, so that their records compose consistently?", every model correctly identifies the topologically prescribed bridge types. Fifteen queries across five scenarios and three models: 15 out of 15 correct identifications. (Replication protocol and full results in The Seam Protocol.) The names differ — GPT-4o calls it a "Unified Period Definition," Sonnet calls it fiscal_period_boundary, Gemini calls it a "Revenue Recognition Timing Rule" — but the semantic content converges on the same topological role.
Yet when those LLM-discovered descriptions are injected verbatim into the tool prompts, they do not close the cycles. In four out of five scenarios, the tools change their outputs enough to break bilateral agreement entirely — producing a worse outcome than no intervention at all. The imprecise bridge descriptions overconstrain the tools. Meanwhile, hand-crafted typed bridge concepts — precise schema artifacts specifying which date governs, which decomposition rule applies — close four out of five cycles.
The boundary between identification and specification is structural, not a limitation of any particular reasoner. Identification — which bridge concepts are needed, which H¹ generators they must kill — is topologically determined and discoverable from the failure pattern alone. Specification — the operational content that makes each bridge concept precise enough to close the cycle without breaking bilateral agreement — requires domain-specific engineering that the topology alone does not provide. The topology tells you the shape of the lock; it does not cut the key.
Cutting the key is an act of predicate invention. A bridge concept is not merely an extra field; it is the explicit condition under which an artifact remains valid after it crosses a boundary — delivery under which calendar, return under which risk metric, path under which namespace, approval under which authority. Once named, the predicate can travel with the artifact: checked by the next system, cited in a receipt, priced by an orchestrator, and opened in a dispute. Inline validity of this kind — predicates carried with the action itself, not reconstructed afterward in a dispute — is the missing layer between local schema conformance and compositional truth.
This decomposition is where the commercial opportunity lives. The topology provides the diagnostic: which concepts are missing, how many, and at which composition boundaries. Filling each concept with operational content is a domain engineering task that admits multiple valid specifications and whose quality is measurable by whether it closes the cycle.
II. The fee creates a market
Identification is infrastructure. Specification is the service built on top of it.
Bridge concepts as goods
A bridge concept is a typed schema artifact — a field definition added to tool output schemas that makes an implicit assumption explicit and bilaterally checkable. It kills a specific blind-spot generator. Its value is computable: the coherence-fee reduction it provides to any pipeline that includes the bridged tools.
Tool authors who publish bridge annotations lower their fee footprint: the coherence-fee contribution of their tool to any pipeline that includes it. A tool with zero fee footprint adds no blind spots to any composition. A tool that refuses to bridge forces every downstream orchestrator to absorb the coherence fee — to accept silent failure modes that no bilateral check can detect, or to build bespoke verification for each pipeline.
The competitive dynamic activates once the diagnostic sits inside the procurement loop — once orchestrators can compute the fee delta of adding or removing a tool before composition, not merely after failure. An enterprise orchestrator issues an RFP for a three-tool financial analysis pipeline: data feed, risk analytics, and portfolio verification. The RFP specifies a maximum coherence fee of 2 and requires all tools to publish semantic manifests. Two risk-analytics vendors bid. Vendor A is twelve percent cheaper per query but publishes no convention fields — its fee footprint is 4, because day-count convention and risk-metric type are projected away at both edges. Vendor B costs more but declares day_convention and risk_metric in its output schema — fee footprint 0. The orchestrator runs bulla audit on both candidate compositions. Vendor A's pipeline has a total coherence fee of 5, exceeding threshold. Vendor B's pipeline has a fee of 1 (a residual blind spot in the data feed's timezone handling). The risk-adjusted procurement decision flips: Vendor B wins despite the higher unit cost, because the cost of undetectable composition failures in a financial pipeline exceeds the per-query savings. Vendor A's choices are to bridge or to lose the risk-sensitive segment.
The pressure drives dim H¹ toward zero at equilibrium. Not because every tool will bridge immediately, but because the tools that bridge capture the risk-sensitive segment of the market, and the tools that don't are progressively confined to contexts where the coherence fee is tolerable — short pipelines, low-value transactions, same-team compositions where conventions are shared by construction.
Fraud proofs as enforcement
A diagnostic that identifies blind spots is useful. A mechanism that makes blind spots consequential is infrastructure.
The Seam Protocol's trustless mode provides that mechanism. At composition time, each tool publishes two things: its observable output in the clear, and a cryptographic commitment to its full internal state — a semantic manifest, constructed as a hash of the concatenated per-dimension hashes of every internal-state dimension, whether or not it appears in the output. Manifest construction requires each tool to declare an internal-state schema — an enumeration of the dimensions it carries, even if the values remain private until a selective opening is triggered. In normal operation, only the observable output is visible. The internal dimensions remain private.
If a composition fails despite passing all bilateral checks, any verifier can construct a composition fraud proof: a structured artifact containing the cycle in the composition graph, the schema hashes (proving which tools were composed), the manifest root hashes (proving what each tool committed to at composition time), and selective openings — revelations of specific internal-state dimensions showing inconsistent values on dimensions that the projection killed.
Verification is efficient — five steps:
(a) Confirm that all bilateral checks pass. (b) Verify schema hashes against the registry. (c) Verify manifest roots against the published commitments. (d) Verify each selective opening against the manifest hash. (e) Confirm that the opened dimensions disagree across the cycle.
Step (a) is what makes the fraud proof non-trivial: the interesting case is precisely when everything looks correct to every local check. If all five steps pass, the receipt certifies a composition that is globally inconsistent despite being locally valid at every edge.
The soundness theorem provides the converse: if all bridge annotations have been applied and all bilateral checks pass, no valid blind-spot fraud proof can be constructed. Once fully bridged, the failure mode ceases to be hidden: any inconsistency must surface as an ordinary bilateral violation rather than as a composition fraud proof. The pipeline is not immune from fraud; it is immune from this class of fraud.
The fraud proof transforms the coherence fee from a diagnostic metric into an economic signal. A valid fraud proof has consequences: in a reputational regime, the tools involved see their fee-footprint scores increase; in a financial regime, bonds are slashed or insurance claims triggered; in an operational regime, the pipeline is halted pending bridge resolution. The specific consequences are application-dependent. What the protocol provides is the receipt — the portable, verifiable artifact that certifies the failure occurred and identifies its topological character.
Settlement requirements
The fraud-proof mechanism is operationally simple at low stakes. Reputation systems, escrow holds in trusted pools, and platform-mediated dispute resolution all suffice when the parties are repeat players inside the same accountability stack. The constraints sharpen in adversarial or high-value settings, where the disputed obligation may outlive the agent that produced it and where every party with adjudication power may be a counterparty rather than a neutral.
In that regime, the fraud-proof layer requires settlement rails with four properties: manifest commitments that cannot be tampered with retroactively, bonds that cannot be frozen by intermediaries before slashing executes, a settlement asset whose supply cannot be expanded by discretionary decision during the contract window, and verification that requires no permission to run. These four requirements — censorship resistance, low issuer dependency, dilution resistance, permissionless access — are, line for line, the settlement-asset properties that the companion essay Bitcoin After Money derives from constitutional first principles. The convergence is the point: the same properties are required whether the reasoning begins from the engineering question (under what conditions does a fraud-proof mechanism function?) or from the constitutional question (under what conditions is coercive authority legitimate over entities without legal standing?). Bitcoin currently satisfies these requirements at a scale and infrastructure maturity that no other liquid asset matches for programmatic use; the claim is comparative and defeasible. A different asset that met the same constraints with lower friction would serve equally well.
The three layers of the coordination stack — enforcement, settlement, verification — each impose an irreducible minimum cost. The enforcement layer's cost is thermodynamic: energy must be expended to make the ledger expensive to falsify. The settlement layer's cost is economic: some cost of verification is structural, while charges above it are rent that persists only until architectural alternatives route around the intermediary. The verification layer's cost is topological: dim H¹ shared concepts must be added for composition to work, and no amount of bilateral checking can substitute for them. A coordination stack is complete when all three costs are specified and connected.
III. Disconfirmation
The thesis stands or falls on whether topological blind spots produce economically meaningful failures in practice. The papers prove existence: bilaterally-invisible cycle failures occur whenever dim H¹ > 0 and the event stream contains schema-structural ambiguity. The registry-scale deployment identifies real-world instances across 703 compositions, with three convention dimensions accounting for the vast majority of confirmed cross-server mismatches. What remains to be shown at full production scale is frequency and cost — whether these structural failure modes produce losses large enough to justify the overhead of bridge adoption, diagnostic infrastructure, and fraud-proof settlement.
Four conditions would disconfirm specific claims:
Diagnostic accuracy degrades. The current ρ = 0.996 correlation between boundary fee and observed failures is measured across 678 compositions. If the correlation weakens materially as the corpus expands to thousands of servers and diverse deployment contexts, the diagnostic's value as a procurement instrument diminishes accordingly.
Platform fiat displaces competition. If platforms mandate bridge annotations through policy rather than through fee-footprint competition — and if that mandate proves sufficient — the market mechanism is unnecessary and the commercial position reduces to tooling for compliance rather than infrastructure for coordination.
Alternative frameworks outperform. The coherence fee is one formalization of compositional verification. If a different approach — one not based on sheaf cohomology, or not based on topological invariants at all — provides equivalent diagnostic and enforcement capability with lower overhead, the specific framework loses its advantage even if the verification problem remains.
Non-Bitcoin rails suffice. If issuer-backed stablecoins or permissioned settlement layers prove adequate for fraud-proof settlement — because freeze risk is lower than assumed, because issuer credit risk is manageable, because the relevant transaction sizes and durations do not trigger the failure modes identified here and in Bitcoin After Money — then the Bitcoin-specific thesis reduces to a preference rather than a constraint.
Closing
The verification gap at the center of autonomous coordination is a topological invariant — dim H¹ of the interpretation sheaf on the composition graph — computable before execution, constructively repairable, verifiable after repair, and irreducibly minimal. No protocol operating within the bilateral regime can reduce it further.
The invariant creates a market. Bridge concepts are goods with computable value. Fraud proofs make non-bridging consequential. The competitive dynamic — tools with lower fee footprints preferred by risk-sensitive orchestrators — drives the fee toward zero at equilibrium. In adversarial or high-value settings, the enforcement mechanism requires settlement properties — tamper-resistant commitments, non-revocable bonds, dilution-resistant settlement, permissionless verification — that the companion essay derives from both constitutional theory and protocol engineering.
Whether the fee bites hard enough at production scale to justify the infrastructure is the central empirical question. The 703-composition corpus and the Coherence Cliff scaling experiment provide the strongest current evidence in favor of that claim. The boundary fee predicts cross-server failures with a Spearman correlation of ρ = 0.996 in the registry corpus. The magnitude is unusual, but the explanation is structural: the diagnostic is aimed at the topological gap rather than at component quality. The three dominant blind-spot conventions correspond to failure modes practitioners already encounter. The sheaf diagnostic's advantage over conventional approaches widens as compositions grow.
For twenty years the integration problem wore the face of a quality complaint — better tools, cleaner schemas, more careful engineering. The coherence fee reveals a structural floor beneath the complaint: failures that persist under perfect local transparency, because they live in the topology of composition rather than in the quality of components. The floor is computable. The minimum repair is constructive. And the engineering that closes the gap begins, as it must, with the measurement.
Corporate liability supplies a defendant. It does not supply a witness. The novelty of the agentic regime is not liability without a legal person; it is liability after semantic custody has been lost. The coherence fee is the billable unit for verification risk under that condition — computable before execution from observable schemas and declared consistency requirements, and enforceable through receipts that preserve the semantic facts local interfaces discard. Whether a full term structure can be built on this primitive — forward curves for collateral ratios, rollover costs, dispute risk, and termination penalties — remains an open institutional question. So does the form of enforcement: collateral, insurance, bonded commitments, or settlement in a censorship-resistant asset. These are design questions rather than premises of the measurement. Whoever builds the instruments that price this unit over time will occupy an infrastructurally privileged position in machine coordination. The position is not yet filled. The pricing primitive now exists.
This essay is the first of two gateway essays for the Res Agentica research program. The companion essay, Bitcoin After Money, specifies the settlement substrate. Formal results, protocol specifications, and empirical evidence are developed in the Technical Spine: Predicate Invention Under Sheaf Constraints, The Coherence Fee (Bridge), The Seam Protocol, The SHEAF Protocol, and the BABEL benchmark. The broader constitutional, economic, and epistemic synthesis appears in the abridged and full editions of Res Agentica: Coordination After the Absent Master. The reference implementation is available as bulla.