Skip to content

AIGP-Lite — AI Governance Protocol for Edge and IoT

AIGP-Lite — AI Governance Protocol for Edge and IoT

PRIVATE AND PROPRIETARY. Owned by Kanjani AI Research & Causum. See NOTICE.md.

Status: SPEC

Purpose

Extend AIGP governance to resource-constrained, intermittently connected devices running AI at the edge. Provides eventual governance where real-time governance is not feasible.

Protocol Comparison

Full AIGP AIGP-Lite
Connectivity Always-on Intermittent or air-gapped
Governance timing Synchronous (before execution) Asynchronous (after execution)
Policy check Real-time REQUEST Cached policy, local evaluation
Audit record Immediate RECORD Buffered, batch sync
DNA signing Per-record, real-time Batch, on sync
Compute requirement Standard (cloud/server) Minimal (embedded/edge)

Core Operations

1. REGISTER (once, on provisioning)

Device → governance-server: REGISTER
{
"device_type": "predictive-maintenance-v2",
"fleet_id": "factory-floor-east",
"model_id": "vibration-classifier-v3",
"capabilities": ["anomaly_prediction", "maintenance_scheduling"],
"aigp_version": "lite-0.1",
"sync_interval_seconds": 3600
}

One registration per device type. Individual devices inherit from fleet registration.

2. EXECUTE (local, no network required)

Device runs AI inference locally. No REQUEST check (latency-sensitive). Records buffered.

3. BUFFER (local storage)

{
"sequence": 12847,
"timestamp": "2026-05-26T14:30:00.123Z",
"operation": "anomaly_prediction",
"model_id": "vibration-classifier-v3",
"input_hash": "sha256:...",
"output_summary": "bearing_failure_predicted",
"confidence": 0.94,
"action_taken": "maintenance_ticket_created",
"safety_level": "MEDIUM",
"latency_ms": 12
}

Records stored in local secure buffer (TPM/TEE if available).

4. SYNC (periodic, when connected)

Device → governance-server: SYNC
{
"device_id": "factory-floor-unit-042",
"device_type": "predictive-maintenance-v2",
"last_sync_sequence": 12000,
"records": [...], // batch of buffered records
"batch_size": 847,
"sync_timestamp": "2026-05-26T15:00:00Z"
}

governance-server:

  1. Receives batch
  2. DNA-signs the batch (server-side)
  3. Detects sequence gaps (missing records = potential tampering)
  4. Updates Neptune graph (device topology)
  5. Evaluates records against current policy (retroactive governance)
  6. Returns updated policy cache to device

5. POLICY_CACHE (returned on sync)

{
"policy_version": "2026-05-26T14:00:00Z",
"ttl_seconds": 86400,
"rules": [
{"operation": "anomaly_prediction", "action": "ALLOW", "log": true},
{"operation": "autonomous_shutdown", "action": "REQUIRE_CONFIRMATION", "safety": "CRITICAL"}
]
}

Device caches policy locally. If policy expires and no sync available, device falls back to conservative mode (log everything, restrict CRITICAL operations).

Security Model

Threat Mitigation
Record tampering on device Secure enclave (TPM/TEE), sequence numbers
Records lost before sync Local redundancy, gap detection on governance-server
Stale policy TTL + conservative fallback
Device impersonation Device certificate (mTLS on sync)
Fleet-wide compromise Anomaly detection on sync patterns
Replay attack Sequence numbers + timestamps

Applicability

Sector Use Case Sync Pattern
Manufacturing Predictive maintenance, quality control Hourly (WiFi available)
Healthcare Diagnostic AI, patient monitoring Real-time where possible, buffered in ambulance/remote
Automotive ADAS decisions, route optimization Cellular when available, batch on return to depot
Energy Grid optimization, demand prediction Satellite sync every 4-6 hours
Defense Tactical inference Air-gapped, manual export
Retail In-store analytics Nightly batch sync

Client SDK (Target)

Lightweight C/Rust library for embedded systems:

  • ~50KB footprint
  • No dynamic allocation
  • Ring buffer for records
  • mTLS for sync
  • JSON or CBOR serialization

Deployment Modes — From Cloud to Air-Gap

Mode 1: Full AIGP (Cloud/PaaS)

App → AIGP REQUEST → governance-server → allow/deny → execute → AIGP RECORD → DNA sign
  • Real-time governance
  • Requires always-on connectivity to governance-server

Mode 2: AIGP Gateway (Self-hosted in VPC)

App → Model Runtime
↕ (intercepted)
AIGP Gateway Sidecar
↓ mTLS
governance-server (external)

For self-hosted models that CAN reach a trusted host but shouldn’t call governance-server directly:

  • Gateway sidecar deployed in same VPC/subnet as model
  • Intercepts all model invocations transparently
  • Performs REQUEST (policy check) and RECORD (audit)
  • Model runtime doesn’t need AIGP awareness — gateway wraps it
  • Communication to governance-server over mTLS (encrypted, authenticated)

Deployment:

# docker-compose or K8s sidecar
aigp-gateway:
image: aigp-gateway:latest
environment:
governance-server_URL: https://www.your-governance-server.com
AIGP_APP_ID: self-hosted-llama
AIGP_MODE: INTERCEPT
network_mode: service:model-runtime # shares network with model

Mode 3: AIGP-Lite (Edge/IoT)

Device → execute locally → buffer RECORD → sync when connected → DNA sign on sync
  • Eventual governance (hours)
  • For intermittently connected devices
  • Detailed in sections above

Mode 4: AIGP-Offline (Air-Gapped)

Air-gapped env:
Model → local AIGP agent → encrypted buffer → signed locally
Audit cycle:
Export encrypted archive → secure media → governance-server import → verify + ingest

For environments with NO network connectivity to governance-server:

Provisioning (before deployment):

governance-server → generate:
- Policy snapshot (what's allowed)
- Signing key pair (pre-provisioned, rotated on maintenance)
- Device/model registration
→ export to secure media
→ load into air-gapped environment

Runtime (air-gapped, no connectivity):

Model invocation
→ local AIGP agent intercepts
→ evaluates against cached policy (allow/warn/block)
→ buffers RECORD with local signature (pre-provisioned key)
→ sequence numbered (gap detection)

Audit export (periodic — days/weeks):

Local AIGP agent
→ exports encrypted archive of all records since last export
→ writes to removable media (USB/optical) or one-way data diode
→ archive includes: records + signatures + sequence manifest

Import at governance-server:

Secure media → governance-server import endpoint
→ verify signatures against pre-provisioned public key
→ detect sequence gaps (potential tampering/loss)
→ DNA-sign the batch (server-side, adds to evidence chain)
→ ingest into audit trail
→ update Neptune graph (device activity)
→ flag anomalies for review

Policy updates (on maintenance windows):

governance-server → generate updated policy snapshot
→ export to secure media
→ load into air-gapped environment
→ local AIGP agent picks up new policy

Governance Guarantee by Mode

Mode Latency Prevention Detection Audit
Full AIGP Real-time
AIGP Gateway Near real-time
AIGP-Lite Hours ⚠️ Cached policy ✅ Eventual ✅ Eventual
AIGP-Offline Days/weeks ⚠️ Cached policy ✅ On export ✅ On import

Key Principle

Governance does not require real-time connectivity. It requires eventual accountability.

Even in an air-gapped environment, you can prove what happened. The latency of governance varies — the existence of governance does not.