AGCP Runtime Governance Conformance Requirements Catalog
This catalog defines the normative runtime-governance requirements used to evaluate AGCP conformance across lifecycle governance, execution governance, governance object integrity, canonical-state governance, refusal and escalation governance, evidence continuity, multi-agent governance, interoperability, and runtime-governance metrology.
The applicable conformance level identifies the lowest cumulative AGCP conformance level at which the requirement applies.
RG-1 Lifecycle Governance
| Requirement ID | Requirement Name | Normative Requirement | Applicable Conformance Level |
|---|---|---|---|
| CR-001 | Submit → Authorized | A proposal that satisfies all governance constraints SHALL be eligible for authorization. | L2 |
| CR-002 | Submit → Pending HITL | Governance evaluation SHALL support escalation and deferred human adjudication paths. | L4 |
| CR-003 | Submit → Rejected (Hard Invariant Failure) | Actions that violate mandatory invariants SHALL NOT be authorized. | L2 |
| CR-004 | Schema Validation Failure | Governance evaluation SHALL reject structurally invalid proposals. | L1 |
| CR-005 | Provenance Validation Failure | Governance decisions SHALL require verifiable provenance where mandated. | L1 |
| CR-006 | Tenant Inactive on Submit | Governance evaluation SHALL enforce tenant operational status constraints. | L2 |
| CR-007 | Policy Not Found | Authorization SHALL require an applicable governance policy. | L2 |
| CR-008 | Idempotent Replay (Identical Payload) | Equivalent requests SHALL produce deterministic governance outcomes. | L3 |
| CR-009 | Idempotency Conflict | Non-equivalent requests SHALL NOT share governance identity. | L3 |
| CR-010 | GET Authorized Action | Authorized governance state SHALL be externally retrievable. | L1 |
| CR-011 | Transient State Not Externally Observable | Internal processing states SHALL NOT become canonical externally visible governance states. | L2 |
| CR-012 | Valid Cosign, Quorum Not Yet Met | Governance escalation SHALL support partial quorum accumulation. | L4 |
| CR-013 | Valid Cosign Completes Quorum | Required governance quorum satisfaction SHALL enable authorization. | L4 |
| CR-014 | Cosign Wrong State | Human authorization artifacts SHALL only apply to eligible lifecycle states. | L4 |
| CR-015 | Cosign Expired | Expired governance approvals SHALL NOT remain valid. | L4 |
| CR-016 | Cosign Invalid Signature | Governance approvals SHALL be cryptographically attributable and verifiable. | L4 |
| CR-017 | HITL Expiration → Rejected | Unresolved escalations SHALL terminate according to governance policy. | L4 |
| CR-018 | Governance Cancellation → Rejected | Governance authorities SHALL be able to terminate pending actions. | L4 |
| CR-091 | Degraded Governance State | A governance object SHALL enter DEGRADED state when one or more governance assumptions, evidence artifacts, contextual dependencies, authorization conditions, or canonical-state dependencies required for continued admissibility can no longer be verified. | L4 |
| CR-092 | DEGRADED as Non-Terminal State | DEGRADED SHALL be a non-terminal lifecycle state. | L4 |
| CR-093 | Re-Evaluation Required from DEGRADED State | Objects in DEGRADED state SHALL require re-evaluation prior to authorization retention or execution. | L4 |
RG-2 Execution Governance
| Requirement ID | Requirement Name | Normative Requirement | Applicable Conformance Level |
|---|---|---|---|
| CR-019 | Commit Authorized Action | Operational realization SHALL occur only after successful authorization. | L4 |
| CR-020 | Commit While Pending HITL | Pending governance evaluation SHALL NOT permit execution. | L4 |
| CR-021 | Commit While Rejected | Rejected actions SHALL NOT become operationally real. | L4 |
| CR-022 | Authorization Reference Mismatch | Execution SHALL remain bound to the specific authorization artifact that approved it. | L4 |
| CR-023 | Replay Commit After Executed | Executed actions SHALL be terminal and non-repeatable. | L4 |
| CR-024 | Tenant Suspended Before Commit | Commit admissibility SHALL be evaluated against current governance reality. | L4 |
| CR-025 | Tenant Decommissioned Before Commit | Governance authority SHALL terminate when governance subjects cease to exist. | L4 |
| CR-026 | Cross-Tenant GET | Governance visibility SHALL respect tenant isolation boundaries. | L5 |
| CR-027 | Cross-Tenant Cosign | Governance authority SHALL NOT cross tenant boundaries. | L5 |
| CR-028 | Cross-Tenant Commit | Execution authority SHALL NOT cross tenant boundaries. | L5 |
| CR-029 | Cross-Tenant Policy Resolution | Governance policy scope SHALL be tenant-isolated. | L5 |
| CR-030 | Cross-Tenant Ledger Access | Governance evidence SHALL be tenant-isolated. | L5 |
| CR-031 | Dual Authorized Conflicting Actions | Authorization SHALL NOT imply unconditional future execution authority. | L4 |
| CR-032 | Stale Authorization After Prior Commit | Commit admissibility SHALL be derived from current canonical state, not historical authorization alone. | L4 |
| CR-033 | Divergent State Assumption Conflict | Execution authority SHALL remain valid only while its governing assumptions remain valid. | L4 |
| CR-034 | Concurrent Authorization Race | Governance outcomes SHALL remain consistent under concurrent evaluation. | L3 |
| CR-035 | Canonical State Changes During HITL | Escalated actions SHALL be re-evaluated against current canonical state before execution. | L4 |
RG-3 Governance Object Integrity
| Requirement ID | Requirement Name | Normative Requirement | Applicable Conformance Level |
|---|---|---|---|
| CR-036 | Missing Intent | Governed proposals SHALL declare operational intent. | L1 |
| CR-037 | Missing Target Resource | Governed proposals SHALL identify the object of governance action. | L1 |
| CR-038 | Missing Requested Effect | Governed proposals SHALL declare intended operational effect. | L1 |
| CR-039 | Expired Proposal | Governance requests SHALL respect temporal validity constraints. | L1 |
| CR-040 | Malformed Delegation References | Delegated governance authority SHALL be verifiable. | L1 |
| CR-041 | Malformed Evidence References | Governance evidence references SHALL be resolvable and verifiable. | L1 |
| CR-042 | Canonical Hash Mismatch | Governance objects SHALL support deterministic replay integrity. | L3 |
| CR-043 | Missing Mission/Task Lineage | Governance context SHALL preserve operational lineage when required. | L1 |
| CR-044 | Broken Delegation Chain | Governance continuity SHALL be preserved across delegation boundaries. | L2 |
| CR-045 | Conflicting Originating Actor | Governance attribution SHALL remain consistent and unambiguous. | L1 |
| CR-046 | Context Attempts to Override Canonical State | Governance context SHALL NOT supersede canonical governance reality. | L2 |
| CR-047 | Provenance Continuity Gap | Governance provenance SHALL remain continuous across lifecycle transitions. | L2 |
RG-4 Canonical-State Governance
| Requirement ID | Requirement Name | Normative Requirement | Applicable Conformance Level |
|---|---|---|---|
| CR-048 | Canonical State Unavailable | Commit decisions SHALL require authoritative governance state. | L2 |
| CR-049 | Stale Canonical State | Governance evaluation SHALL use sufficiently current canonical state. | L3 |
| CR-050 | Conflicting Canonical-State Sources | Governance evaluation SHALL resolve a single authoritative state. | L3 |
| CR-051 | Telemetry Conflicts With Canonical State | Canonical state SHALL take precedence over non-authoritative observations. | L3 |
| CR-052 | Canonical-State Hash Mismatch | Canonical-state integrity SHALL be verifiable and replayable. | L3 |
RG-5 Refusal and Escalation Governance
| Requirement ID | Requirement Name | Normative Requirement | Applicable Conformance Level |
|---|---|---|---|
| CR-053 | Structural Refusal Due to Invariant Violation | Inadmissible actions SHALL be structurally refused. | L2 |
| CR-054 | Structural Refusal Due to Missing Evidence | Evidence insufficiency SHALL prevent authorization. | L2 |
| CR-055 | Structural Refusal Due to Canonical-State Conflict | Governance conflicts SHALL prevent operational realization. | L3 |
| CR-056 | Refusal Record Missing Attribution | Refusals SHALL be attributable governance outcomes. | L2 |
| CR-057 | Refusal Record Not Replayable | Refusals SHALL be reconstructable and replayable. | L3 |
| CR-058 | Escalation Required but Missing Artifact | Escalation decisions SHALL be evidenced. | L4 |
| CR-059 | Escalation Resolved to Commit | Escalation outcomes SHALL integrate into lifecycle progression. | L4 |
| CR-060 | Escalation Resolved to Refusal | Escalation outcomes SHALL support negative adjudication. | L4 |
| CR-061 | Deferred Authorization Expires | Deferred governance decisions SHALL honor validity periods. | L4 |
RG-6 Governance Evidence and Receipts
| Requirement ID | Requirement Name | Normative Requirement | Applicable Conformance Level |
|---|---|---|---|
| CR-062 | Missing Canonical-State Reference | Governance outcomes SHALL reference governing state. | L2 |
| CR-063 | Missing Invariant References | Governance outcomes SHALL identify governing constraints. | L2 |
| CR-064 | Missing Evidence Hashes | Governance outcomes SHALL preserve evidence integrity. | L2 |
| CR-065 | Invalid Signer Identity | Governance outcomes SHALL be attributable to accountable actors. | L2 |
| CR-066 | Receipt Replay Hash Mismatch | Governance outcomes SHALL support replay verification. | L3 |
| CR-067 | Evidence Changes Between Proposal and Commit | Governance evidence SHALL remain consistent across evaluation and execution. | L3 |
| CR-068 | Evidence Unavailable at Commit | Commit decisions SHALL remain supportable by evidence. | L2 |
| CR-069 | Evidence Lineage Gap Across Agents | Evidence continuity SHALL survive multi-agent workflows. | L2 |
RG-7 Multi-Agent Runtime Governance
| Requirement ID | Requirement Name | Normative Requirement | Applicable Conformance Level |
|---|---|---|---|
| CR-070 | Governance Context Preserved Across Handoff | Governance continuity SHALL survive agent handoffs. | L2 |
| CR-071 | Downstream Agent Drops Context | Agents SHALL preserve required governance context. | L2 |
| CR-072 | Cross-Domain Delegation Requires Escalation | Governance-domain transitions SHALL remain governed. | L4 |
RG-8 Governance Interoperability
| Requirement ID | Requirement Name | Normative Requirement | Applicable Conformance Level |
|---|---|---|---|
| CR-073 | REST vs Message Bus Same Result | Governance semantics SHALL be transport-independent. | L3 |
| CR-074 | Canonically Equivalent Payloads Same Result | Governance evaluation SHALL be semantically deterministic. | L3 |
| CR-075 | Different Implementations Produce Same Decision | Conformant implementations SHALL produce equivalent governance outcomes. | L3 |
RG-9 Runtime Governance Metrology
| Requirement ID | Requirement Name | Normative Requirement | Applicable Conformance Level |
|---|---|---|---|
| CR-076 | Same Proposal + Same State + Same Invariants = Same Decision | Governance evaluation SHALL be deterministic. | L3 |
| CR-077 | Same Proposal Across Distributed Nodes | Governance evaluation SHALL be node-independent. | L3 |
| CR-078 | Determinism Under Non-Deterministic Agent Inputs | Governance outcomes SHALL be independent of internal agent reasoning variability. | L3 |
| CR-079 | Authorized Actions Successfully Commit | Governance SHALL correctly admit admissible actions. | L4 |
| CR-080 | Unauthorized Actions Never Commit | Governance SHALL correctly reject inadmissible actions. | L4 |
| CR-081 | Every Action Follows Valid Lifecycle Transitions | Governance lifecycle progression SHALL preserve lifecycle integrity. | L2 |
| CR-082 | Derived State Matches Ledger Reconstruction | Governance state SHALL be derivable from governance records. | L3 |
| CR-083 | Canonical State and Decision Remain Synchronized | Governance decisions SHALL remain synchronized with authoritative state. | L3 |
| CR-084 | Commit Uses Latest Canonical State | Admissibility SHALL be commit-bound. | L4 |
| CR-085 | Decision Fully Reconstructable from Ledger | Governance decisions SHALL be replayable. | L3 |
| CR-086 | Receipt Reproduces Original Decision | Governance outcomes SHALL support independent verification. | L3 |
| CR-087 | Inadmissible Actions Produce Structural Refusal | Governance SHALL reliably detect inadmissibility. | L2 |
| CR-088 | Refused Actions Never Execute | Structural refusal SHALL be enforceable. | L4 |
| CR-089 | Implementation Passes AGCP Conformance Suite | Implementations SHALL conform to AGCP governance semantics. | L5 |
| CR-090 | Independent Implementations Produce Equivalent Outcomes | Governance semantics SHALL be interoperable and semantically equivalent across implementations. | L5 |