Skip to content

RFC-010: Autonomous Intelligence Governance Protocol (AIGP) — 3. Protocol Messages

AIGP SpecificationRFC-010: Autonomous Intelligence Governance Protocol (AIGP) › 3. Protocol Messages

← 2. Core Principles · Section index · 4. HMAC Authentication →

3. Protocol Messages

3.1 REGISTER (Heartbeat)

Sent periodically to confirm the application is alive and governed.

GET /api/v1/register/{app_id}
Headers:
X-AIGP-Signature: hmac-sha256={signature}
X-AIGP-Timestamp: {iso_timestamp}
X-AIGP-App-Id: {app_id}

Response:

{
"status": "REGISTERED",
"app_id": "APP_PRJ",
"consent_tier": "STANDARD",
"last_heartbeat": "2026-04-30T12:00:00Z"
}

3.2 REQUEST (Pre-Invocation Check)

Sent before every AI invocation to check if it is allowed.

POST /api/v1/request
Headers:
X-AIGP-Signature: hmac-sha256={signature}
X-AIGP-Timestamp: {iso_timestamp}
X-AIGP-App-Id: {app_id}
Content-Type: application/json
Body:
{
"protocol_version": "2.0",
"message_type": "REQUEST",
"app_id": "APP_PRJ",
"request_id": "req-1714500000000",
"use_case": "gandalf_magic",
"model_id": "us.anthropic.claude-opus-4-7",
"user_id": "someperson@somewhere.com",
"estimated_input_tokens": 2000,
"data_classification": "MEDIUM"
}

Response:

{
"decision": "ALLOW",
"request_id": "req-1714500000000",
"constraints": {},
"budget_status": {
"daily_remaining": 50000,
"monthly_remaining": 1000000
},
"ttl_seconds": 300
}

Decision values:

Decision Meaning
ALLOW Proceed with invocation
ALLOW_WITH_CONSTRAINTS Proceed but apply constraints (e.g., max tokens)
DENY Do not invoke policy violation

3.3 RECORD (Post-Invocation Record)

Sent after every AI invocation to record usage.

POST /api/v1/record
Headers:
X-AIGP-Signature: hmac-sha256={signature}
X-AIGP-Timestamp: {iso_timestamp}
X-AIGP-App-Id: {app_id}
Content-Type: application/json
Body:
{
"protocol_version": "2.0",
"message_type": "RECORD",
"app_id": "APP_PRJ",
"request_id": "req-1714500000000",
"use_case": "gandalf_magic",
"model_id": "us.anthropic.claude-opus-4-7",
"user_id": "someperson@somewhere.com",
"timestamp": "2026-04-30T12:00:05Z",
"duration_ms": 3200,
"status": "SUCCESS",
"tokens": {
"input_tokens": 1850,
"output_tokens": 620,
"total_tokens": 2470
},
"guardrail": {
"applied": false,
"intervention": false
},
"prompt_metadata": {
"source": "bedrock_prompt_management",
"prompt_arn": "arn:aws:bedrock:us-east-1:705909755305:prompt/JKYDTVWWOD",
"system_prompt_hash": "a1b2c3d4..."
}
}

3.4 STATUS

Query the governance authority’s capabilities.

GET /api/v1/status
Response:
{
"protocol_version": "2.0",
"service": "gov-app",
"version": "0.2.13",
"mode": "ENFORCE",
"providers": ["aws", "azure", "gcp"],
"capabilities": ["REGISTER", "REQUEST", "RECORD", "POLICY_SYNC", "AUDIT", "ALERT", "ENFORCE"],
"supported_rule_types": [
"MODEL_ALLOWLIST", "RATE_LIMIT", "GUARDRAIL_REQUIRED",
"CONTENT_POLICY", "COST_CEILING", "PROMPT_GOVERNANCE",
"DATA_RETENTION", "AUTONOMY_LIMIT"
]
}

← 2. Core Principles · Section index · 4. HMAC Authentication →