RFC-010 Extension: Multi-Agent Governance — Reference Register
RFC-010 Extension: Multi-Agent Governance — Reference Register
© 2024-2026 Kanjani AI Research & Causum. All rights reserved.
Multi-Agent Delegation and Authorization
| # | Reference | Relevance to RFC |
|---|---|---|
| 1 | Bichsel, B. et al. “A Compositional Authorization Framework for Delegation and Scope in Agentic AI.” arXiv:2606.03518, 2026. | Defines compositional governance primitives for delegation and scope attenuation — directly validates AIGP’s scope envelope and scope narrowing invariant design. |
| 2 | Hossain, T. et al. “Authorization Propagation in Multi-Agent AI Systems.” arXiv:2605.05440, 2025. | Addresses maintaining authorization invariants as non-human principals delegate tasks — validates AIGP’s delegation token and budget propagation design. |
| 3 | Fang, X. et al. “Authenticated Delegation and Authorized AI Agents.” arXiv:2501.09674, 2025. | Proposes authenticated, authorized, and auditable delegation of authority to AI agents — aligns with AIGP’s HMAC-signed delegation tokens and audit trail. |
| 4 | Debenedetti, E. et al. “Intelligent AI Delegation.” arXiv:2602.11865, 2026. | Examines how agents decompose problems and safely delegate to sub-agents — validates the need for bounded delegation depth and scope restrictions. |
| 5 | Lipton, Z. et al. “Bridging the Gap Between AI Agent Governance and Robot Ethics.” arXiv:2605.16300, 2025. | Explores how consent propagates and degrades across chains of delegation between autonomous agents — validates AIGP’s delegation chain tracking and consent tier enforcement. |
Circuit Breaker and Cascading Failure Prevention
| # | Reference | Relevance to RFC |
|---|---|---|
| 6 | Nygard, M. Release It! 2nd ed. Pragmatic Programmers, 2018. Chapter 4: Stability Patterns. | Foundational work on the circuit breaker pattern for distributed systems — the original formulation of CLOSED/OPEN/HALF-OPEN state machine that AIGP extends to multi-agent governance. |
| 7 | Microsoft Azure Architecture Center. “Circuit Breaker Pattern.” 2024. | Production reference architecture for circuit breaker implementation — AIGP extends this with cascading halt propagation across delegation chains. |
| 8 | Agentic Patterns. “Agent Circuit Breaker.” 2025. https://agentic-patterns.com/patterns/agent-circuit-breaker | Describes failure modes specific to AI agents using external tools — validates AIGP’s circuit breaker design for agentic workloads with token/cost/time dimensions. |
Zero Trust and Default-Deny for AI Agents
| # | Reference | Relevance to RFC |
|---|---|---|
| 9 | Cloud Security Alliance. “Agentic Trust Framework: Zero Trust for AI Agents.” 2025. | Applies Zero Trust principles to AI agents — validates AIGP’s default-deny agency where agents possess zero capabilities until explicitly granted via scope envelope. |
| 10 | Anthropic. “Securing AI Agents: A Zero Trust Guide.” 2025. | Reports 80% of organizations have experienced AI agents acting beyond intended scope — validates the need for AIGP’s tool allowlist and mandatory pre-invocation authorization. |
| 11 | Tianpan.co. “The Authorization Debt Nobody Audits.” 2026. | Reports 4.5x higher security incident rate for over-privileged AI agents vs. least-privilege enforcement — empirical evidence for AIGP’s default-deny design. |
| 12 | Non-Human Identity Management Group. “Deny by Default.” 2025. | Defines deny-by-default authorization posture for non-human identities including AI agents — directly aligns with AIGP’s core design principle. |
Multi-Agent Risk Analysis
| # | Reference | Relevance to RFC |
|---|---|---|
| 13 | Charisi, V. et al. “Risk Analysis Techniques for Governed LLM-based Multi-Agent Systems.” arXiv:2508.05687, 2025. | Demonstrates that multi-agent systems transform the risk landscape rather than simply adding to single-agent risks — validates the need for agent-to-agent governance at the protocol level. |
| 14 | Hoffmann, J. et al. “Toward Adaptive Categories.” arXiv:2505.11579, 2025. | Argues fixed governance categories are insufficient for dynamic AI agents — supports AIGP’s per-invocation evaluation model over static classification. |
Distributed Observability and Tracing
| # | Reference | Relevance to RFC |
|---|---|---|
| 15 | OpenTelemetry Project. “OpenTelemetry Specification.” CNCF, 2024. https://opentelemetry.io/docs/specs/otel/ | Industry standard for distributed tracing with parent-child span relationships — AIGP’s trace chaining (parent_trace_id) follows established OTEL patterns. |
| 16 | Sigelman, B. et al. “Dapper, a Large-Scale Distributed Systems Tracing Infrastructure.” Google, 2010. | Foundational work on distributed tracing — AIGP’s multi-agent trace visualization follows Dapper’s causal relationship model extended to agent delegation chains. |
Last updated: June 2026