Skip to content

RFC-032: Post-Hoc Evaluation Loop — 2. Proposed Extension: Post-Hoc Evaluation Loop

AIGP SpecificationRFC-032: Post-Hoc Evaluation Loop › 2. Proposed Extension: Post-Hoc Evaluation Loop

← 1. Problem Statement · Section index · 3. ANTICIPATE Message →

2. Proposed Extension: Post-Hoc Evaluation Loop

2.1 Design Principles

  1. Separation of anticipation from authorization. A CHECK/ALLOW decision says “you may do this.” An ANTICIPATE declaration says “if you do this, here is what we expect to result.” These are independent statements.

  2. Separation of outcome from verdict. A RECORD says “this is what happened.” A VERIFY says “here is whether what happened matches what was anticipated.” These are independent judgments.

  3. Non-circularity. The VERIFY grader MUST reference the ANTICIPATE declaration (written before execution) — never the RECORD alone. The standard of comparison is the prior expectation, not the observed outcome.

  4. Temporal integrity. ANTICIPATE MUST be immutable once execution begins. It cannot be retroactively modified to match the outcome. D-DNA signing (RFC-024) provides tamper evidence.

  5. Grader independence. The entity that performs VERIFY MUST NOT be the same entity that performed the action being verified. Self-evaluation is structurally invalid.

2.2 New Message Types

This RFC introduces two new protocol message types:

Message Type Temporal Position Emitter Purpose
ANTICIPATE Pre-execution (after PLAN_SUBMIT approval, before first STEP_COMPLETE) Application or Governance Authority Declare measurable expectations for what the governed execution should produce
VERIFY Post-execution (after final RECORD or TRACE) Governance Authority or independent evaluator Compare actual outcome against declared anticipation and emit a verdict


← 1. Problem Statement · Section index · 3. ANTICIPATE Message →