AGCP Runtime Governance Conformance Requirements Catalog
This catalog defines the normative runtime-governance requirements used to evaluate AGCP conformance across lifecycle governance, execution governance, governance object integrity, canonical-state governance, refusal and escalation governance, evidence continuity, multi-agent governance, interoperability, runtime-governance metrology, continuation integrity governance, composite proposal governance, and governance compilation and constitutional governance.
The applicable conformance level identifies the lowest cumulative AGCP conformance level at which the requirement applies.
RG-1 Lifecycle Governance
| Requirement ID | Requirement Name | Normative Requirement | Applicable Conformance Level |
|---|---|---|---|
| CR-001 | Submit → Authorized | A proposal that satisfies all governance constraints SHALL be eligible for authorization. | L2 |
| CR-002 | Submit → Pending HITL | Governance evaluation SHALL support escalation and deferred human adjudication paths. | L4 |
| CR-003 | Submit → Rejected (Hard Invariant Failure) | Actions that violate mandatory invariants SHALL NOT be authorized. | L2 |
| CR-004 | Schema Validation Failure | Governance evaluation SHALL reject structurally invalid proposals. | L1 |
| CR-005 | Provenance Validation Failure | Governance decisions SHALL require verifiable provenance where mandated. | L1 |
| CR-006 | Tenant Inactive on Submit | Governance evaluation SHALL enforce tenant operational status constraints. | L2 |
| CR-007 | Policy Not Found | Authorization SHALL require an applicable governance policy. | L2 |
| CR-008 | Idempotent Replay (Identical Payload) | Equivalent requests SHALL produce deterministic governance outcomes. | L3 |
| CR-009 | Idempotency Conflict | Non-equivalent requests SHALL NOT share governance identity. | L3 |
| CR-010 | GET Authorized Action | Authorized governance state SHALL be externally retrievable. | L1 |
| CR-011 | Transient State Not Externally Observable | Internal processing states SHALL NOT become canonical externally visible governance states. | L2 |
| CR-012 | Valid Cosign, Quorum Not Yet Met | Governance escalation SHALL support partial quorum accumulation. | L4 |
| CR-013 | Valid Cosign Completes Quorum | Required governance quorum satisfaction SHALL enable authorization. | L4 |
| CR-014 | Cosign Wrong State | Human authorization artifacts SHALL only apply to eligible lifecycle states. | L4 |
| CR-015 | Cosign Expired | Expired governance approvals SHALL NOT remain valid. | L4 |
| CR-016 | Cosign Invalid Signature | Governance approvals SHALL be cryptographically attributable and verifiable. | L4 |
| CR-017 | HITL Expiration → Rejected | Unresolved escalations SHALL terminate according to governance policy. | L4 |
| CR-018 | Governance Cancellation → Rejected | Governance authorities SHALL be able to terminate pending actions. | L4 |
RG-2 Execution Governance
| Requirement ID | Requirement Name | Normative Requirement | Applicable Conformance Level |
|---|---|---|---|
| CR-019 | Commit Authorized Action | Operational realization SHALL occur only after successful authorization. | L4 |
| CR-020 | Commit While Pending HITL | Pending governance evaluation SHALL NOT permit execution. | L4 |
| CR-021 | Commit While Rejected | Rejected actions SHALL NOT become operationally real. | L4 |
| CR-022 | Authorization Reference Mismatch | Execution SHALL remain bound to the specific authorization artifact that approved it. | L4 |
| CR-023 | Replay Commit After Executed | Executed actions SHALL be terminal and non-repeatable. | L4 |
| CR-024 | Tenant Suspended Before Commit | Commit admissibility SHALL be evaluated against current governance reality. | L4 |
| CR-025 | Tenant Decommissioned Before Commit | Governance authority SHALL terminate when governance subjects cease to exist. | L4 |
| CR-026 | Cross-Tenant GET | Governance visibility SHALL respect tenant isolation boundaries. | L5 |
| CR-027 | Cross-Tenant Cosign | Governance authority SHALL NOT cross tenant boundaries. | L5 |
| CR-028 | Cross-Tenant Commit | Execution authority SHALL NOT cross tenant boundaries. | L5 |
| CR-029 | Cross-Tenant Policy Resolution | Governance policy scope SHALL be tenant-isolated. | L5 |
| CR-030 | Cross-Tenant Ledger Access | Governance evidence SHALL be tenant-isolated. | L5 |
| CR-031 | Dual Authorized Conflicting Actions | Authorization SHALL NOT imply unconditional future execution authority. | L4 |
| CR-032 | Stale Authorization After Prior Commit | Commit admissibility SHALL be derived from current canonical state, not historical authorization alone. | L4 |
| CR-033 | Divergent State Assumption Conflict | Execution authority SHALL remain valid only while its governing assumptions remain valid. | L4 |
| CR-034 | Concurrent Authorization Race | Governance outcomes SHALL remain consistent under concurrent evaluation. | L3 |
| CR-035 | Canonical State Changes During HITL | Escalated actions SHALL be re-evaluated against current canonical state before execution. | L4 |
| CR-094 | Admissible Set Determination | Governance evaluation SHALL support identification of multiple simultaneously admissible transitions. | L3 |
| CR-095 | Deterministic Adjudication of Competing Futures | When multiple admissible transitions contend for the same governance horizon, the control plane SHALL deterministically adjudicate which transition may bind. | L4 |
| CR-096 | Authority Re-Derivation at Commit | Execution authority SHALL be re-derived from current canonical state at commit time. | L4 |
| CR-102 | Governance Realization Layer | Governance systems SHALL provide a governance realization function capable of determining whether a proposed transition may bind under current conditions. | L4 |
RG-3 Governance Object Integrity
| Requirement ID | Requirement Name | Normative Requirement | Applicable Conformance Level |
|---|---|---|---|
| CR-036 | Missing Intent | Governed proposals SHALL declare operational intent. | L1 |
| CR-037 | Missing Target Resource | Governed proposals SHALL identify the object of governance action. | L1 |
| CR-038 | Missing Requested Effect | Governed proposals SHALL declare intended operational effect. | L1 |
| CR-039 | Expired Proposal | Governance requests SHALL respect temporal validity constraints. | L1 |
| CR-040 | Malformed Delegation References | Delegated governance authority SHALL be verifiable. | L1 |
| CR-041 | Malformed Evidence References | Governance evidence references SHALL be resolvable and verifiable. | L1 |
| CR-042 | Canonical Hash Mismatch | Governance objects SHALL support deterministic replay integrity. | L3 |
| CR-043 | Missing Mission/Task Lineage | Governance context SHALL preserve operational lineage when required. | L1 |
| CR-044 | Broken Delegation Chain | Governance continuity SHALL be preserved across delegation boundaries. | L2 |
| CR-045 | Conflicting Originating Actor | Governance attribution SHALL remain consistent and unambiguous. | L1 |
| CR-046 | Context Attempts to Override Canonical State | Governance context SHALL NOT supersede canonical governance reality. | L2 |
| CR-047 | Provenance Continuity Gap | Governance provenance SHALL remain continuous across lifecycle transitions. | L2 |
RG-4 Canonical-State Governance
| Requirement ID | Requirement Name | Normative Requirement | Applicable Conformance Level |
|---|---|---|---|
| CR-048 | Canonical State Unavailable | Commit decisions SHALL require authoritative governance state. | L2 |
| CR-049 | Stale Canonical State | Governance evaluation SHALL use sufficiently current canonical state. | L3 |
| CR-050 | Conflicting Canonical-State Sources | Governance evaluation SHALL resolve a single authoritative state. | L3 |
| CR-051 | Telemetry Conflicts With Canonical State | Canonical state SHALL take precedence over non-authoritative observations. | L3 |
| CR-052 | Canonical-State Hash Mismatch | Canonical-state integrity SHALL be verifiable and replayable. | L3 |
| CR-103 | State Qualification Prior to Admissibility | Canonical state SHALL be qualified for freshness, provenance, completeness, consistency, and ordering integrity prior to admissibility evaluation. | L3 |
| CR-104 | Governance Decision State Suitability | Governance systems SHALL refuse admissibility evaluation when canonical-state suitability requirements cannot be established. | L3 |
RG-5 Refusal and Escalation Governance
| Requirement ID | Requirement Name | Normative Requirement | Applicable Conformance Level |
|---|---|---|---|
| CR-053 | Structural Refusal Due to Invariant Violation | Inadmissible actions SHALL be structurally refused. | L2 |
| CR-054 | Structural Refusal Due to Missing Evidence | Evidence insufficiency SHALL prevent authorization. | L2 |
| CR-055 | Structural Refusal Due to Canonical-State Conflict | Governance conflicts SHALL prevent operational realization. | L3 |
| CR-056 | Refusal Record Missing Attribution | Refusals SHALL be attributable governance outcomes. | L2 |
| CR-057 | Refusal Record Not Replayable | Refusals SHALL be reconstructable and replayable. | L3 |
| CR-058 | Escalation Required but Missing Artifact | Escalation decisions SHALL be evidenced. | L4 |
| CR-059 | Escalation Resolved to Commit | Escalation outcomes SHALL integrate into lifecycle progression. | L4 |
| CR-060 | Escalation Resolved to Refusal | Escalation outcomes SHALL support negative adjudication. | L4 |
| CR-061 | Deferred Authorization Expires | Deferred governance decisions SHALL honor validity periods. | L4 |
RG-6 Governance Evidence and Receipts
| Requirement ID | Requirement Name | Normative Requirement | Applicable Conformance Level |
|---|---|---|---|
| CR-062 | Missing Canonical-State Reference | Governance outcomes SHALL reference governing state. | L2 |
| CR-063 | Missing Invariant References | Governance outcomes SHALL identify governing constraints. | L2 |
| CR-064 | Missing Evidence Hashes | Governance outcomes SHALL preserve evidence integrity. | L2 |
| CR-065 | Invalid Signer Identity | Governance outcomes SHALL be attributable to accountable actors. | L2 |
| CR-066 | Receipt Replay Hash Mismatch | Governance outcomes SHALL support replay verification. | L3 |
| CR-067 | Evidence Changes Between Proposal and Commit | Governance evidence SHALL remain consistent across evaluation and execution. | L3 |
| CR-068 | Evidence Unavailable at Commit | Commit decisions SHALL remain supportable by evidence. | L2 |
| CR-069 | Evidence Lineage Gap Across Agents | Evidence continuity SHALL survive multi-agent workflows. | L2 |
| CR-097 | Evidence Qualification Before Admissibility | Governance evaluation SHALL qualify required evidence for freshness, provenance, integrity, and authority prior to admissibility evaluation. | L2 |
RG-7 Multi-Agent Runtime Governance
| Requirement ID | Requirement Name | Normative Requirement | Applicable Conformance Level |
|---|---|---|---|
| CR-070 | Governance Context Preserved Across Handoff | Governance continuity SHALL survive agent handoffs. | L2 |
| CR-071 | Downstream Agent Drops Context | Agents SHALL preserve required governance context. | L2 |
| CR-072 | Cross-Domain Delegation Requires Escalation | Governance-domain transitions SHALL remain governed. | L4 |
| CR-115 | Recursive Authority Containment | Execution authority SHALL remain bounded across recursive delegation chains. | L4 |
| CR-116 | Cross-Domain Authority Isolation | Authority granted within one governance domain SHALL NOT implicitly confer authority within another domain. | L5 |
| CR-117 | Governance Self-Modification Isolation | Governed systems SHALL NOT modify their own admissibility conditions without externally authorized governance approval. | L4 |
| CR-118 | Autonomous Coordination Bounds | Autonomous coordination behavior SHALL remain within explicitly governed interaction limits. | L4 |
RG-8 Governance Interoperability
| Requirement ID | Requirement Name | Normative Requirement | Applicable Conformance Level |
|---|---|---|---|
| CR-073 | REST vs Message Bus Same Result | Governance semantics SHALL be transport-independent. | L3 |
| CR-074 | Canonically Equivalent Payloads Same Result | Governance evaluation SHALL be semantically deterministic. | L3 |
| CR-075 | Different Implementations Produce Same Decision | Conformant implementations SHALL produce equivalent governance outcomes. | L3 |
RG-9 Runtime Governance Metrology
| Requirement ID | Requirement Name | Normative Requirement | Applicable Conformance Level |
|---|---|---|---|
| CR-076 | Same Proposal + Same State + Same Invariants = Same Decision | Governance evaluation SHALL be deterministic. | L3 |
| CR-077 | Same Proposal Across Distributed Nodes | Governance evaluation SHALL be node-independent. | L3 |
| CR-078 | Determinism Under Non-Deterministic Agent Inputs | Governance outcomes SHALL be independent of internal agent reasoning variability. | L3 |
| CR-079 | Authorized Actions Successfully Commit | Governance SHALL correctly admit admissible actions. | L4 |
| CR-080 | Unauthorized Actions Never Commit | Governance SHALL correctly reject inadmissible actions. | L4 |
| CR-081 | Every Action Follows Valid Lifecycle Transitions | Governance lifecycle progression SHALL preserve lifecycle integrity. | L2 |
| CR-082 | Derived State Matches Ledger Reconstruction | Governance state SHALL be derivable from governance records. | L3 |
| CR-083 | Canonical State and Decision Remain Synchronized | Governance decisions SHALL remain synchronized with authoritative state. | L3 |
| CR-084 | Commit Uses Latest Canonical State | Admissibility SHALL be commit-bound. | L4 |
| CR-085 | Decision Fully Reconstructable from Ledger | Governance decisions SHALL be replayable. | L3 |
| CR-086 | Receipt Reproduces Original Decision | Governance outcomes SHALL support independent verification. | L3 |
| CR-087 | Inadmissible Actions Produce Structural Refusal | Governance SHALL reliably detect inadmissibility. | L2 |
| CR-088 | Refused Actions Never Execute | Structural refusal SHALL be enforceable. | L4 |
| CR-089 | Implementation Passes AGCP Conformance Suite | Implementations SHALL conform to AGCP governance semantics. | L5 |
| CR-090 | Independent Implementations Produce Equivalent Outcomes | Governance semantics SHALL be interoperable and semantically equivalent across implementations. | L5 |
RG-10 Continuation Integrity Governance
| Requirement ID | Requirement Name | Normative Requirement | Applicable Conformance Level |
|---|---|---|---|
| CR-091 | Degraded Governance State | A governance object SHALL enter DEGRADED state when one or more governance assumptions, evidence artifacts, contextual dependencies, authorization conditions, or canonical-state dependencies required for continued admissibility can no longer be verified. | L4 |
| CR-092 | DEGRADED as Non-Terminal State | DEGRADED SHALL be a non-terminal lifecycle state. | L4 |
| CR-093 | Re-Evaluation Required from DEGRADED State | Objects in DEGRADED state SHALL require re-evaluation prior to authorization retention or execution. | L4 |
| CR-098 | Continuation Integrity Preservation | Governance systems SHALL preserve continuation integrity across the execution horizon until bind-time admissibility resolution completes. | L4 |
| CR-099 | Admissible Path Viability Tracking | Governance systems SHALL be capable of detecting degradation of admissible paths to bind. | L2 |
| CR-100 | Degraded Continuation Detection | Governance systems SHALL detect degraded continuation conditions that may reduce bind viability. | L2 |
| CR-101 | Continuation Recovery Support | Governance systems SHALL support recovery of continuation legitimacy through re-derivation, recomputation, reconstruction, or escalation. | L4 |
RG-11 Composite Governance
| Requirement ID | Requirement Name | Normative Requirement | Applicable Conformance Level |
|---|---|---|---|
| CR-105 | Composite Proposal Representation | Governance systems SHALL support proposals composed of multiple governed sub-transitions. | L3 |
| CR-106 | Governance Dependency Graph Evaluation | Governance evaluation SHALL preserve dependency relationships required for admissible composite execution. | L4 |
| CR-107 | Composite Admissibility Re-Evaluation | Previously admissible composite proposals SHALL be re-evaluated when dependency conditions change prior to bind. | L4 |
| CR-108 | Coupling Classification | Composite proposals SHALL support explicit declaration of weakly coupled and strongly coupled execution semantics. | L3 |
| CR-109 | Partial Bind Governance | Governance systems SHALL explicitly determine whether partial execution preserves overall proposal admissibility. | L4 |
RG-12 Governance Compilation and Constitutional Governance
| Requirement ID | Requirement Name | Normative Requirement | Applicable Conformance Level |
|---|---|---|---|
| CR-110 | Governance Compilation | Human governance intent SHALL be transformed into machine-evaluable governance semantics prior to runtime governance evaluation. | L2 |
| CR-111 | Constitutional Validation | Governance artifacts SHALL undergo constitutional validation prior to activation. | L3 |
| CR-112 | Constitutional Constraint Preservation | Governance artifacts SHALL NOT weaken constitutional governance constraints. | L3 |
| CR-113 | Governance Self-Protection | Governance systems SHALL prevent governance artifacts from disabling constitutional safeguards. | L4 |
| CR-114 | Governance Omission Analysis | Constitutional validation SHALL support detection of material governance omissions. | L3 |