RFC-011: AIGP Vendor Trust Package — 4. Vendor Trust Package Components
AIGP Specification › RFC-011: AIGP Vendor Trust Package › 4. Vendor Trust Package Components
← 3. Conformance Levels · Section index · 5. Governance Modes →
4. Vendor Trust Package Components
4.1 Vendor Manifest
Identifies the vendor, product, supported AIGP version, and conformance level.
Schema: vendor-manifest.schema.json
Required fields:
| Field | Type | Description |
|---|---|---|
aigp_package_type |
const | “VENDOR_TRUST_PACKAGE” |
aigp_version |
string | Protocol version (e.g., “1.1”) |
vendor.vendor_id |
string | Unique vendor identifier |
vendor.legal_name |
string | Legal entity name |
vendor.product_name |
string | Product name |
vendor.product_version |
string | Product version |
vendor.support_contact |
string | Trust/governance contact |
conformance.level |
enum | AIGP_OBSERVABLE | AIGP_GOVERNABLE | AIGP_ENFORCEABLE |
conformance.supported_modes |
array | Subset of [REPORT, REPORT_TRACE, ENFORCE, EVIDENCE] |
tenant_binding.tenant_id |
string | Customer tenant identifier |
4.2 AI Capability Bill of Materials (AI-BOM)
Declares each AI capability the vendor exposes to the customer’s tenant.
Schema: ai-capability-bom.schema.json
Per-capability fields:
| Field | Type | Description |
|---|---|---|
capability_id |
string | Unique capability identifier |
capability_name |
string | Human-readable name |
capability_type |
string | Category (summarization, generation, classification, action, etc.) |
risk_classification |
enum | LOW | MEDIUM | HIGH | CRITICAL |
model.model_provider_type |
enum | first_party | third_party |
model.model_family |
string | Model class (large_language_model, etc.) |
data_use.customer_content_used |
boolean | Whether customer content is processed |
data_use.used_for_training |
boolean | Whether data trains models |
data_use.retention_days |
integer | Data retention period |
memory.session_memory |
boolean | Per-session memory |
memory.persistent_memory |
boolean | Cross-session persistence |
memory.cross_customer_memory |
boolean | Cross-tenant memory (should be false) |
actions.external_actions_supported |
boolean | Can take external actions |
actions.human_approval_supported |
boolean | Supports HITL |
4.3 Customer Policy Binding
Allows enterprise customers to express tenant-specific governance posture.
Schema: customer-policy-binding.schema.json
Fields:
| Field | Type | Description |
|---|---|---|
binding_id |
string | Unique binding identifier |
tenant_id |
string | Customer tenant |
effective_from |
datetime | When binding takes effect |
policy_mode |
enum | REPORT | REPORT_TRACE | ENFORCE |
allowed_capabilities |
array | Permitted capability IDs |
prohibited_capabilities |
array | Blocked capability IDs |
data_boundaries.training_use |
enum | ALLOWED | PROHIBITED |
data_boundaries.cross_tenant_processing |
enum | ALLOWED | PROHIBITED |
oversight.human_approval_required_for |
array | Action types requiring HITL |
oversight.timeout_action |
enum | DENY | ALLOW | ESCALATE |
evidence.audit_export_frequency |
string | Export cadence |
4.4 Evidence API
Vendors emit evidence for each AI invocation.
4.4.1 VENDOR_RECORD
Endpoint: POST /api/v1/record
Schema: vendor-record.schema.json
The VENDOR_RECORD extends the base AIGP RECORD message with vendor-specific context: data boundaries, model disclosure, and training-use attestation.
Required sections:
- Protocol header (version, message_type, vendor_id, tenant_id)
- Request context (request_id, session_id, capability_id, timestamp)
- Policy result (mode, decision, constraints_applied)
- Data boundary (classification, training use, retention)
- Model disclosure (level, provider type, family)
- Outcome (status, tokens, duration)
4.4.2 TRACE
Endpoint: POST /api/v1/trace
Per-invocation stage-level telemetry. Includes governance overhead measurement.
Summary fields:
total_duration_ms— end-to-end latencymodel_latency_ms— model invocation timegovernance_overhead_ms— total minus modelerrors— count of failed stages
4.5 Temporal Chain API
Endpoint: POST /api/v1/chain
Schema: temporal-chain.schema.json
Links related AI interactions within a session. Enables pattern detection beyond single-event auditing.
Chain observations:
risk_trend— STABLE | INCREASING | DECREASINGpolicy_violations— count of DENY decisions in chainrepeated_sensitive_data_use— boolean flagescalations— count of escalation triggers
4.6 Disclosure Profile
Defines what the vendor reveals at each tier:
| Tier | Audience | Reveals |
|---|---|---|
| Minimal | Low-risk SaaS | Capability, timestamp, data class, training flag |
| Standard | Enterprise procurement | + model family, provider type, policy result, retention |
| Regulated | Healthcare, finance, gov | + trace, session chain, human oversight, risk classification |
| Confidential Audit | NDA / regulator | + exact model, internal controls, test evidence |
Vendors MUST NOT be required to disclose proprietary implementation at Standard or lower tiers.
4.7 Audit Export Pack
A downloadable package for procurement and compliance:
vendor-manifest.jsonai-capability-bom.jsoncustomer-policy-binding-template.jsondisclosure-profile.mdconformance-attestation.jsonframework-mapping/├── nist-ai-rmf-map.md├── iso-42001-map.md└── eu-ai-act-map.md← 3. Conformance Levels · Section index · 5. Governance Modes →