RFC-032: Post-Hoc Evaluation Loop — 2. Proposed Extension: Post-Hoc Evaluation Loop
AIGP Specification › RFC-032: Post-Hoc Evaluation Loop › 2. Proposed Extension: Post-Hoc Evaluation Loop
← 1. Problem Statement · Section index · 3. ANTICIPATE Message →
2. Proposed Extension: Post-Hoc Evaluation Loop
2.1 Design Principles
-
Separation of anticipation from authorization. A CHECK/ALLOW decision says “you may do this.” An ANTICIPATE declaration says “if you do this, here is what we expect to result.” These are independent statements.
-
Separation of outcome from verdict. A RECORD says “this is what happened.” A VERIFY says “here is whether what happened matches what was anticipated.” These are independent judgments.
-
Non-circularity. The VERIFY grader MUST reference the ANTICIPATE declaration (written before execution) — never the RECORD alone. The standard of comparison is the prior expectation, not the observed outcome.
-
Temporal integrity. ANTICIPATE MUST be immutable once execution begins. It cannot be retroactively modified to match the outcome. D-DNA signing (RFC-024) provides tamper evidence.
-
Grader independence. The entity that performs VERIFY MUST NOT be the same entity that performed the action being verified. Self-evaluation is structurally invalid.
2.2 New Message Types
This RFC introduces two new protocol message types:
| Message Type | Temporal Position | Emitter | Purpose |
|---|---|---|---|
ANTICIPATE |
Pre-execution (after PLAN_SUBMIT approval, before first STEP_COMPLETE) | Application or Governance Authority | Declare measurable expectations for what the governed execution should produce |
VERIFY |
Post-execution (after final RECORD or TRACE) | Governance Authority or independent evaluator | Compare actual outcome against declared anticipation and emit a verdict |
← 1. Problem Statement · Section index · 3. ANTICIPATE Message →