Skip to content

RFC-010: Autonomous Intelligence Governance Protocol (AIGP) — 2. Core Principles

AIGP SpecificationRFC-010: Autonomous Intelligence Governance Protocol (AIGP) › 2. Core Principles

← 1. Purpose · Section index · 3. Protocol Messages →

2. Core Principles

  1. Consent-Based Governance

    • Applications opt into governance by registering with the governance authority.
    • Governance is not imposed it is a contract.
  2. Pre-Invocation Check

    • Before every AI call, the application MUST check if the invocation is allowed.
  3. Post-Invocation Record

    • After every AI call, the application MUST record the invocation details.
  4. Fail-Open by Default

    • If the governance authority is unreachable, the application MAY proceed (REPORT mode).
    • In ENFORCE mode, the application MUST block if the authority is unreachable.
  5. HMAC Authentication

    • All protocol messages are authenticated via HMAC-SHA256.
  6. Protocol-Agnostic, Policy-Specific

    • The AIGP protocol is cloud-agnostic and deployment-agnostic. The governance authority and governed applications can run on-premise, in AWS, Azure, GCP, or any combination.
    • Policies are where provider specificity lives. A policy MAY be generic (e.g., rate limit of 100 invocations/hour) or provider-specific (e.g., apply Bedrock Guardrail gr-abc123). Provider-specific policies carry a provider field; generic policies omit it.
    • The governance authority evaluates generic policies at the protocol layer and delegates provider-specific policies to the appropriate enforcement adapter.

← 1. Purpose · Section index · 3. Protocol Messages →