RFC-010: Autonomous Intelligence Governance Protocol (AIGP) — 2. Core Principles
AIGP Specification › RFC-010: Autonomous Intelligence Governance Protocol (AIGP) › 2. Core Principles
← 1. Purpose · Section index · 3. Protocol Messages →
2. Core Principles
-
Consent-Based Governance
- Applications opt into governance by registering with the governance authority.
- Governance is not imposed it is a contract.
-
Pre-Invocation Check
- Before every AI call, the application MUST check if the invocation is allowed.
-
Post-Invocation Record
- After every AI call, the application MUST record the invocation details.
-
Fail-Open by Default
- If the governance authority is unreachable, the application MAY proceed (REPORT mode).
- In ENFORCE mode, the application MUST block if the authority is unreachable.
-
HMAC Authentication
- All protocol messages are authenticated via HMAC-SHA256.
-
Protocol-Agnostic, Policy-Specific
- The AIGP protocol is cloud-agnostic and deployment-agnostic. The governance authority and governed applications can run on-premise, in AWS, Azure, GCP, or any combination.
- Policies are where provider specificity lives. A policy MAY be generic
(e.g., rate limit of 100 invocations/hour) or provider-specific (e.g.,
apply Bedrock Guardrail
gr-abc123). Provider-specific policies carry aproviderfield; generic policies omit it. - The governance authority evaluates generic policies at the protocol layer and delegates provider-specific policies to the appropriate enforcement adapter.