RFC-032: Post-Hoc Evaluation Loop — 3. ANTICIPATE Message
AIGP Specification › RFC-032: Post-Hoc Evaluation Loop › 3. ANTICIPATE Message
← 2. Proposed Extension: Post-Hoc Evaluation Loop · Section index · 4. VERIFY Message →
3. ANTICIPATE Message
3.1 Structure
{ "protocol_version": "4.1", "message_type": "ANTICIPATE", "app_id": "APP_PRJ", "agent_id": "agent-gandalf-spell-executor-001", "anticipation_id": "ant-20260624-001", "plan_id": "plan-abc123", "scope_envelope_id": "scope-env-001", "session_id": "ses-xyz789", "timestamp": "2026-06-24T10:00:00Z", "expectations": { "outcome_criteria": [ { "criterion_id": "oc-001", "description": "IAM user created successfully with correct group membership", "measurement": "DETERMINISTIC", "assertion": "user_exists(target_username) AND group_member(target_username, 'engineering')", "weight": 1.0 }, { "criterion_id": "oc-002", "description": "No permissions beyond engineering group baseline", "measurement": "DETERMINISTIC", "assertion": "policy_count(target_username) <= group_policy_count('engineering')", "weight": 0.8 } ], "trajectory_criteria": [ { "criterion_id": "tc-001", "description": "Complete within 3 tool invocations", "measurement": "DETERMINISTIC", "assertion": "step_count <= 3", "weight": 0.5 }, { "criterion_id": "tc-002", "description": "No escalation required for standard onboarding", "measurement": "DETERMINISTIC", "assertion": "escalation_count == 0", "weight": 0.3 } ], "anti_criteria": [ { "criterion_id": "ac-001", "description": "Must not invoke iam_remove_user during onboarding", "measurement": "DETERMINISTIC", "assertion": "tool_invoked('iam_remove_user') == false", "weight": 1.0 } ] }, "grading_policy": { "grader_type": "CODE", "passing_threshold": 0.7, "weighted_scoring": true, "fail_on_any_anti_criteria": true }, "d_dna_signature": "sha256:..."}3.2 Field Definitions
| Field | Type | Required | Description |
|---|---|---|---|
message_type |
string | Yes | Always "ANTICIPATE" |
app_id |
string | Yes | Application that owns the execution |
agent_id |
string | Yes | Agent that will perform the work |
anticipation_id |
string | Yes | Unique identifier for this anticipation declaration |
plan_id |
string | Conditional | Plan being anticipated (required if plan-based execution) |
scope_envelope_id |
string | Yes | Active scope envelope at time of anticipation |
session_id |
string | Yes | Session within which execution occurs (RFC-010b) |
timestamp |
string | Yes | ISO 8601 UTC when anticipation was declared |
expectations |
object | Yes | Structured expectations (see §3.3) |
grading_policy |
object | Yes | How expectations will be evaluated (see §3.4) |
d_dna_signature |
string | Yes | Cryptographic signature for tamper evidence (RFC-024) |
3.3 Expectations Object
Expectations are organized into three categories:
| Category | Semantics | Failure Implication |
|---|---|---|
outcome_criteria |
What the final state SHOULD be after execution | Outcome did not match anticipation |
trajectory_criteria |
How the agent SHOULD get there (process quality) | Process was suboptimal or anomalous |
anti_criteria |
What MUST NOT happen during execution | Hard violation — governance failure |
Each criterion contains:
| Field | Type | Required | Description |
|---|---|---|---|
criterion_id |
string | Yes | Unique identifier within this anticipation |
description |
string | Yes | Human-readable statement of the expectation |
measurement |
enum | Yes | DETERMINISTIC (code-verifiable), HEURISTIC (model-judged), HUMAN (requires reviewer) |
assertion |
string | Yes | Machine-evaluable expression or natural language description for model/human graders |
weight |
float | Yes | Relative importance (0.0–1.0) for weighted scoring |
3.4 Grading Policy
| Field | Type | Required | Description |
|---|---|---|---|
grader_type |
enum | Yes | CODE (deterministic), MODEL (LLM-as-judge), HUMAN (manual review), COMPOSITE (mixed) |
passing_threshold |
float | Yes | Minimum weighted score (0.0–1.0) for a PASS verdict |
weighted_scoring |
boolean | Yes | Whether to use criterion weights in score computation |
fail_on_any_anti_criteria |
boolean | Yes | Whether any anti-criterion failure produces automatic FAIL regardless of score |
3.5 Immutability Requirement
Once execution begins (first TOOL_REQUEST or STEP_COMPLETE for the associated plan_id), the ANTICIPATE message is sealed. The governance server MUST:
- Reject any attempt to modify a sealed ANTICIPATE
- Preserve the D-DNA signature chain linking ANTICIPATE → execution events → VERIFY
- Expose the sealed ANTICIPATE to the VERIFY grader as the authoritative standard of comparison
This prevents the retroactive redefinition of success — the most common form of evaluation circularity.
3.6 Who Declares Anticipation
| Emitter | When | Use Case |
|---|---|---|
| Application | At plan submission time | Developer-defined quality bar for their agent’s task |
| Governance Authority | At scope envelope issuance | Organization-wide minimum expectations for agent type |
| External Evaluator | Before execution (via API) | Third-party audit, regulatory compliance testing |
Multiple ANTICIPATE declarations may exist for the same execution. Each is evaluated independently in VERIFY.
← 2. Proposed Extension: Post-Hoc Evaluation Loop · Section index · 4. VERIFY Message →