Skip to content

RFC-011: AIGP Vendor Trust Package — 4. Vendor Trust Package Components

AIGP SpecificationRFC-011: AIGP Vendor Trust Package › 4. Vendor Trust Package Components

← 3. Conformance Levels · Section index · 5. Governance Modes →

4. Vendor Trust Package Components

4.1 Vendor Manifest

Identifies the vendor, product, supported AIGP version, and conformance level.

Schema: vendor-manifest.schema.json

Required fields:

Field Type Description
aigp_package_type const “VENDOR_TRUST_PACKAGE”
aigp_version string Protocol version (e.g., “1.1”)
vendor.vendor_id string Unique vendor identifier
vendor.legal_name string Legal entity name
vendor.product_name string Product name
vendor.product_version string Product version
vendor.support_contact string Trust/governance contact
conformance.level enum AIGP_OBSERVABLE | AIGP_GOVERNABLE | AIGP_ENFORCEABLE
conformance.supported_modes array Subset of [REPORT, REPORT_TRACE, ENFORCE, EVIDENCE]
tenant_binding.tenant_id string Customer tenant identifier

4.2 AI Capability Bill of Materials (AI-BOM)

Declares each AI capability the vendor exposes to the customer’s tenant.

Schema: ai-capability-bom.schema.json

Per-capability fields:

Field Type Description
capability_id string Unique capability identifier
capability_name string Human-readable name
capability_type string Category (summarization, generation, classification, action, etc.)
risk_classification enum LOW | MEDIUM | HIGH | CRITICAL
model.model_provider_type enum first_party | third_party
model.model_family string Model class (large_language_model, etc.)
data_use.customer_content_used boolean Whether customer content is processed
data_use.used_for_training boolean Whether data trains models
data_use.retention_days integer Data retention period
memory.session_memory boolean Per-session memory
memory.persistent_memory boolean Cross-session persistence
memory.cross_customer_memory boolean Cross-tenant memory (should be false)
actions.external_actions_supported boolean Can take external actions
actions.human_approval_supported boolean Supports HITL

4.3 Customer Policy Binding

Allows enterprise customers to express tenant-specific governance posture.

Schema: customer-policy-binding.schema.json

Fields:

Field Type Description
binding_id string Unique binding identifier
tenant_id string Customer tenant
effective_from datetime When binding takes effect
policy_mode enum REPORT | REPORT_TRACE | ENFORCE
allowed_capabilities array Permitted capability IDs
prohibited_capabilities array Blocked capability IDs
data_boundaries.training_use enum ALLOWED | PROHIBITED
data_boundaries.cross_tenant_processing enum ALLOWED | PROHIBITED
oversight.human_approval_required_for array Action types requiring HITL
oversight.timeout_action enum DENY | ALLOW | ESCALATE
evidence.audit_export_frequency string Export cadence

4.4 Evidence API

Vendors emit evidence for each AI invocation.

4.4.1 VENDOR_RECORD

Endpoint: POST /api/v1/record
Schema: vendor-record.schema.json

The VENDOR_RECORD extends the base AIGP RECORD message with vendor-specific context: data boundaries, model disclosure, and training-use attestation.

Required sections:

  • Protocol header (version, message_type, vendor_id, tenant_id)
  • Request context (request_id, session_id, capability_id, timestamp)
  • Policy result (mode, decision, constraints_applied)
  • Data boundary (classification, training use, retention)
  • Model disclosure (level, provider type, family)
  • Outcome (status, tokens, duration)

4.4.2 TRACE

Endpoint: POST /api/v1/trace

Per-invocation stage-level telemetry. Includes governance overhead measurement.

Summary fields:

  • total_duration_ms — end-to-end latency
  • model_latency_ms — model invocation time
  • governance_overhead_ms — total minus model
  • errors — count of failed stages

4.5 Temporal Chain API

Endpoint: POST /api/v1/chain
Schema: temporal-chain.schema.json

Links related AI interactions within a session. Enables pattern detection beyond single-event auditing.

Chain observations:

  • risk_trend — STABLE | INCREASING | DECREASING
  • policy_violations — count of DENY decisions in chain
  • repeated_sensitive_data_use — boolean flag
  • escalations — count of escalation triggers

4.6 Disclosure Profile

Defines what the vendor reveals at each tier:

Tier Audience Reveals
Minimal Low-risk SaaS Capability, timestamp, data class, training flag
Standard Enterprise procurement + model family, provider type, policy result, retention
Regulated Healthcare, finance, gov + trace, session chain, human oversight, risk classification
Confidential Audit NDA / regulator + exact model, internal controls, test evidence

Vendors MUST NOT be required to disclose proprietary implementation at Standard or lower tiers.


4.7 Audit Export Pack

A downloadable package for procurement and compliance:

vendor-manifest.json
ai-capability-bom.json
customer-policy-binding-template.json
disclosure-profile.md
conformance-attestation.json
framework-mapping/
├── nist-ai-rmf-map.md
├── iso-42001-map.md
└── eu-ai-act-map.md


← 3. Conformance Levels · Section index · 5. Governance Modes →