Graph Traversal Control Algorithm (GTCA)

The Graph Traversal Control Algorithm (GTCA) is the execution kernel of the Causal Reachability Model (CRM).

It determines what nodes, actions, or states are accessible by computing a constrained traversal over a causal graph.

Access is not granted. Traversal is constrained.

This transforms authorization from a predicate evaluation problem into a state-space reachability problem.

2. Core Principle

A node is reachable if and only if there exists a valid path from a starting state under all constraints.

reachable(v) ⇔ ∃ path(start → v) satisfying all constraints

If no such path exists:

The state is unreachable and therefore impossible to execute.

3. Graph Model

Let:

G = (V, E)

• V: set of nodes (states, decisions, resources, actions)
• E: set of directed edges

Each edge:

e = (u, v, type, metadata)

4. Reachability Function

ReachableSet(
  G,
  start,
  actor,
  role,
  context,
  policy,
  max_depth
) → R ⊆ V

5. Constraint Layers

Traversal is governed by multiple constraint layers.

5.1 Role Constraints

Defines allowed edge types:

allowed_types(role)

5.2 Context Constraints

Dynamic execution conditions:

context ∈ {normal, incident, audit, emergency}

5.3 Edge Policy (Local Constraint)

EdgePolicy(edge, node, actor, context, path) → bool

• time validity
• ownership
• approval flags
• node state

5.4 Path Policy (Global Constraint)

PathPolicy(path, actor, context) → bool

• approval chain completeness
• separation of duty
• multi-step constraints
• cumulative trust thresholds

5.5 Depth Constraint

depth ≤ max_depth

5.6 Weight / Ranking

score(v) = f(relevance, trust, priority)

Used for ordering traversal or output.

6. Traversal State

Traversal must be stateful.

TraversalState = {
  node,
  depth,
  path,
  context_snapshot
}

Visited tracking must include state:

visited_key = (node, path_signature, context_snapshot, depth)

R(k+1) =
  R(k) ∪ {
    v | ∃ u ∈ R(k), (u, v) ∈ E
  }

The reachable set is expanded iteratively under traversal constraints.

7. Core Algorithm (v0.2)

reachable = {}
visited = {}

initial_path = Path.empty()
initial_state = (start, 0, initial_path)

queue = priority_queue()
push(queue, initial_state)

while queue not empty:

    node, depth, path = pop(queue)

    state_key = (node, path.signature(), context, depth)

    if state_key in visited:
        continue

    visited.add(state_key)

    if not PathPolicy(path, actor, context):
        continue

    reachable.add(node)

    if depth >= max_depth:
        continue

    for edge in outgoing(node):

        if edge.type not in allowed_types(role):
            continue

        if not EdgePolicy(edge, node, actor, context, path):
            continue

        next_node = edge.target
        next_path = path.extend(edge)

        next_state = (next_node, depth + 1, next_path)

        push(queue, next_state)

8. Traversal Flow

Start (Case / Situation)
    ↓
Initialize traversal state
    ↓
Apply Role constraints
    ↓
Apply EdgePolicy (local validation)
    ↓
Extend path
    ↓
Apply PathPolicy (global validation)
    ↓
Check depth bound
    ↓
Expand traversal
    ↓
Rank reachable nodes
    ↓
Return reachable subgraph

9. Key Properties

9.1 Structural Security

No valid path → No access

Security is enforced structurally, not procedurally.

9.2 Determinism

Same graph + same inputs → identical reachable set

• replay
• audit
• CI validation
• reproducibility

9.3 Monotonicity

Stronger constraints ⇒ smaller reachable set

This ensures predictable security behavior.

9.4 Context Sensitivity

Reachability = f(context)

Access dynamically adapts to system state.

9.5 Composability

EdgePolicy ∧ PathPolicy ∧ RoleConstraint ∧ ContextConstraint

10. Comparison

ACL / RBAC
subject → permission → resource

RAG
query → retrieve → filter

GTCA (CRM)
case → constrained traversal → reachable subgraph

11. AI Integration

reachable_subgraph = prompt_context

AI operates only within reachable space.

Reachability defines the cognitive boundary of the agent.

12. Design Principle

Traditional systems ask:
“Is this allowed?”

GTCA asks:
“Is this reachable?”

13. Implementation Notes

13.1 Deterministic Ordering

priority = score(node)

13.2 Incremental Computation

ΔG → ΔReachableSet

Supports real-time systems.

13.3 Caching

cache_key = (start, role, context, policy_hash)

14. Closing Principle

Control the reachable state space, and you control the system.

The GTCA is not merely an access control algorithm.

It is a state-space constraint engine that defines what is possible within a system.

15. Summary

Permission → predicate
Reachability → structure

Query → evaluation
Traversal → construction

Security → enforcement
CRM → state-space design