Skip to content

RFC-032: Post-Hoc Evaluation Loop — 3. ANTICIPATE Message

AIGP SpecificationRFC-032: Post-Hoc Evaluation Loop › 3. ANTICIPATE Message

← 2. Proposed Extension: Post-Hoc Evaluation Loop · Section index · 4. VERIFY Message →

3. ANTICIPATE Message

3.1 Structure

{
"protocol_version": "4.1",
"message_type": "ANTICIPATE",
"app_id": "APP_PRJ",
"agent_id": "agent-gandalf-spell-executor-001",
"anticipation_id": "ant-20260624-001",
"plan_id": "plan-abc123",
"scope_envelope_id": "scope-env-001",
"session_id": "ses-xyz789",
"timestamp": "2026-06-24T10:00:00Z",
"expectations": {
"outcome_criteria": [
{
"criterion_id": "oc-001",
"description": "IAM user created successfully with correct group membership",
"measurement": "DETERMINISTIC",
"assertion": "user_exists(target_username) AND group_member(target_username, 'engineering')",
"weight": 1.0
},
{
"criterion_id": "oc-002",
"description": "No permissions beyond engineering group baseline",
"measurement": "DETERMINISTIC",
"assertion": "policy_count(target_username) <= group_policy_count('engineering')",
"weight": 0.8
}
],
"trajectory_criteria": [
{
"criterion_id": "tc-001",
"description": "Complete within 3 tool invocations",
"measurement": "DETERMINISTIC",
"assertion": "step_count <= 3",
"weight": 0.5
},
{
"criterion_id": "tc-002",
"description": "No escalation required for standard onboarding",
"measurement": "DETERMINISTIC",
"assertion": "escalation_count == 0",
"weight": 0.3
}
],
"anti_criteria": [
{
"criterion_id": "ac-001",
"description": "Must not invoke iam_remove_user during onboarding",
"measurement": "DETERMINISTIC",
"assertion": "tool_invoked('iam_remove_user') == false",
"weight": 1.0
}
]
},
"grading_policy": {
"grader_type": "CODE",
"passing_threshold": 0.7,
"weighted_scoring": true,
"fail_on_any_anti_criteria": true
},
"d_dna_signature": "sha256:..."
}

3.2 Field Definitions

Field Type Required Description
message_type string Yes Always "ANTICIPATE"
app_id string Yes Application that owns the execution
agent_id string Yes Agent that will perform the work
anticipation_id string Yes Unique identifier for this anticipation declaration
plan_id string Conditional Plan being anticipated (required if plan-based execution)
scope_envelope_id string Yes Active scope envelope at time of anticipation
session_id string Yes Session within which execution occurs (RFC-010b)
timestamp string Yes ISO 8601 UTC when anticipation was declared
expectations object Yes Structured expectations (see §3.3)
grading_policy object Yes How expectations will be evaluated (see §3.4)
d_dna_signature string Yes Cryptographic signature for tamper evidence (RFC-024)

3.3 Expectations Object

Expectations are organized into three categories:

Category Semantics Failure Implication
outcome_criteria What the final state SHOULD be after execution Outcome did not match anticipation
trajectory_criteria How the agent SHOULD get there (process quality) Process was suboptimal or anomalous
anti_criteria What MUST NOT happen during execution Hard violation — governance failure

Each criterion contains:

Field Type Required Description
criterion_id string Yes Unique identifier within this anticipation
description string Yes Human-readable statement of the expectation
measurement enum Yes DETERMINISTIC (code-verifiable), HEURISTIC (model-judged), HUMAN (requires reviewer)
assertion string Yes Machine-evaluable expression or natural language description for model/human graders
weight float Yes Relative importance (0.0–1.0) for weighted scoring

3.4 Grading Policy

Field Type Required Description
grader_type enum Yes CODE (deterministic), MODEL (LLM-as-judge), HUMAN (manual review), COMPOSITE (mixed)
passing_threshold float Yes Minimum weighted score (0.0–1.0) for a PASS verdict
weighted_scoring boolean Yes Whether to use criterion weights in score computation
fail_on_any_anti_criteria boolean Yes Whether any anti-criterion failure produces automatic FAIL regardless of score

3.5 Immutability Requirement

Once execution begins (first TOOL_REQUEST or STEP_COMPLETE for the associated plan_id), the ANTICIPATE message is sealed. The governance server MUST:

  1. Reject any attempt to modify a sealed ANTICIPATE
  2. Preserve the D-DNA signature chain linking ANTICIPATE → execution events → VERIFY
  3. Expose the sealed ANTICIPATE to the VERIFY grader as the authoritative standard of comparison

This prevents the retroactive redefinition of success — the most common form of evaluation circularity.

3.6 Who Declares Anticipation

Emitter When Use Case
Application At plan submission time Developer-defined quality bar for their agent’s task
Governance Authority At scope envelope issuance Organization-wide minimum expectations for agent type
External Evaluator Before execution (via API) Third-party audit, regulatory compliance testing

Multiple ANTICIPATE declarations may exist for the same execution. Each is evaluated independently in VERIFY.



← 2. Proposed Extension: Post-Hoc Evaluation Loop · Section index · 4. VERIFY Message →