Existing formal models of concurrent and distributed systems often neglect the role of human participants, making it difficult to accurately capture grassroots platforms where users engage via personal devices such as smartphones. This work proposes a multi-agent atomic transaction model that integrates human intent with machine execution, introducing human willingness as a transaction guard condition for the first time. The model jointly captures human-machine states and their collective influence on system behavior, providing a formal specification for grassroots platforms like social networks and tokenized bonds. It supports verification of safety and liveness properties and enables automatic generation of executable implementations. The study also offers an intuitively refined definition of “grassroots” and demonstrates that several platforms satisfy grassroots properties under both the new and existing definitions.

Formal models for concurrent and distributed systems describe machines; the people who operate them are either ignored or treated as external environment. Yet key distributed systems -- notably grassroots platforms -- include people operating their personal machines (smartphones), and their faithful description must include the states of both people and machines and how they jointly effect system behaviour. Here, we propose volitional multiagent atomic transactions -- executed atomically by machines and guarded by their people's volitions -- as a novel mathematical foundation for specifying systems consisting of people operating machines. Each agent's state consists of a volitional state and machine state; a transaction is enabled when the machine precondition holds and the guarding persons are willing. For example, befriending two people is guarded by both; unfriending, by either; voluntary swap of coins and bonds is guarded by both parties, while a payment is guarded by the payer. We develop the mathematical machinery to express safety and liveness of platforms specified in this framework, and provide example specifications of two grassroots platforms: social networks, and coins and bonds. These specifications are then used by AI to derive working implementations. % We employ here a novel and simpler definition of `grassroots' that better captures the informal notion -- multiple instances can form and operate independently, yet may coalesce -- and show that the platforms specified here, as well as those hitherto proven grassroots under the original definition, are grassroots under the new definition.