Implementing Conformance

Implement ACGP governance in your application with the correct alpha conformance path.

---

Choosing a Profile

ACGP v1.0 alpha exposes one active claimable profile plus related tracks/modes:

• Claimable now: Standard
• Optional additive badge: Regulated Controls Badge
• Non-conformant runtime mode: Dev Mode
• Future profile track: Safety-Critical (not claimable in alpha)

Choose based on your risk requirements:

Profile	Use Case	Time to Implement
Standard	Production systems, customer-facing agents, most workloads	~1-2 days
Safety-Critical (future track)	High-assurance, regulated, autonomous systems	evaluation / roadmap prep

See ACGP-6: Conformance for the full profile requirements.

---

Minimal Useful Standard Implementation

If you want the smallest serious alpha.2 path, start here before adding advanced deployment patterns:

• one Governance Steward
• one Operating Agent runtime
• one active baseline blueprint
• deterministic checks and tripwire evaluation
• CTQ aggregation using the five standard metrics
• threshold mapping and orthogonal flag support
• default trust debt provider behavior
• Governance Store or equivalent durable governance persistence

The normative baseline and scorer-processing rules are defined in ACGP-3.

---

Standard Profile Implementation

1. Initialize Steward

The initialization snippets in this section are conceptual pseudocode showing surrounding infrastructure concerns. For the exact runnable constructor surface, use the Blueprint Usage guide. For concrete production bootstrap, prefer GovernanceSteward.production(...).

Conceptual pseudocode

from acgp import GovernanceSteward, AuditLogHandler

steward = GovernanceSteward(
    conformance_level="standard",
    blueprint_id="production-v1",
    audit_log_handler=AuditLogHandler(db_connection),
    tripwires={
        "max_transaction": 1000,
        "daily_limit": 5000
    }
)

2. Create Cognitive Traces

from acgp import CognitiveTrace

trace = CognitiveTrace(
    reasoning="User requested data export for reporting",
    action="export_data",
    parameters={"format": "json", "scope": "quarterly"},
    context={
        "user_id": "12345",
        "session_id": "abc",
        "timestamp": datetime.now()
    },
    metadata={
        "agent_version": "1.0",
        "model": "gpt-4"
    }
)

3. Handle All Intervention Types

Standard profile requires all 5 primary interventions plus orthogonal Flag:

result = steward.evaluate(trace)

handlers = {
    "ok": execute_action,
    "nudge": log_and_execute,
    "escalate": request_approval,
    "block": notify_block,
    "halt": emergency_halt
}

handlers[result.intervention](trace, result)

# Flag is orthogonal — check separately
if result.flagged:
    record_flag(trace, result.flag_severity)

4. Trust Debt Tracking

# Get current trust debt for an agent
debt = steward.get_trust_debt(agent_id)

# Record outcome to update debt
steward.record_outcome(
    trace_id=trace.id,
    intervention=result.intervention,
)

# Check if re-tier review needed
if debt >= steward.config.retier_threshold:
    trigger_retier_review(agent_id)

5. Standard Profile Checklist

• All protocol message types (TRACE, EVAL, INTERVENTION, HITL, SESSION_INIT, BUNDLE_UPDATE, VERSION_NEGOTIATION, VERSION_SELECTED)
• All 5 primary interventions + Flag
• CTQ evaluation with 5 standard metrics
• Tripwire enforcement with fail-closed semantics
• Blueprint parsing with inheritance
• Trust debt rolling-window accumulation
• Audit logging with 90-day retention
• TLS 1.3+ transport security
• ES256 signing for GT-3+ (RECOMMENDED but not required for Standard profile)

---

Safety-Critical Profile

Safety-Critical requirements are retained for architecture continuity and evaluation, but are not part of the active external claim surface for v1.0.0-alpha.2.

Safety-Critical includes everything in Standard plus high-assurance controls.

Additional Requirements

Conceptual pseudocode

steward = GovernanceSteward(
    conformance_level="safety-critical",
    blueprint_id="healthcare-critical-v1",
    audit_log_handler=ImmutableAuditLog(db_connection),
    hsm_provider=HSMKeyProvider(),
    kill_switch=KillSwitch(dual_control=True),
    retention_years=7
)

Safety-Critical Checklist

• All Standard profile requirements
• ES256 signing for GT-3+ (MUST for Safety-Critical profile)
• HSM-backed key storage
• Kill-switch capability
• Dual control (two-person rule) for GT-5
• Immutable audit trail with 7-year retention
• Merkle integrity proofs
• 99.99% availability target
• Real-time anomaly detection
• Emergency override procedures with audit trail

---

Regulated Controls Badge

The Regulated Controls Badge is additive — either profile can claim it:

For v1.0.0-alpha.2, the publishable form is:

ACGP v1.0 Standard Conformant + Regulated Controls Badge

# Add regulated controls to any profile
steward = GovernanceSteward(
    conformance_level="standard",
    regulated_controls=True,
    wal_config=WALConfig(max_buffer_mb=512),
    pii_handler=PIIDetector(auto_redact=True),
    retention_policy=RetentionPolicy(
        trace_days=90,
        intervention_days=365,
        deletion_evidence=True
    )
)

---

Standard End-to-End Example

Use this path when you want a concrete alpha.2 flow that is aligned with the active claim surface.

from acgp import GovernanceSteward, CognitiveTrace, PostgresStateStorage

steward = GovernanceSteward.production(
    blueprint_file="sdk/python-sdk/examples/blueprint-standard.yaml",
    state_storage=PostgresStateStorage(connection_string="postgresql://runtime/acgp"),
)

session_trace = CognitiveTrace(
    trace_id="trace-root-001",
    hook="session_init",
    reasoning="Open a governed funds-transfer session for a known business user.",
    action="start_session",
    parameters={"channel": "web", "workflow": "funds_transfer"},
    governance_tier="GT-3",
    context={"user_id": "cust-123", "session_id": "sess-001"},
)

tool_trace = CognitiveTrace(
    trace_id="trace-child-002",
    parent_trace_id="trace-root-001",
    hook="tool_call",
    reasoning="Transfer request is within the local approval band and can be evaluated automatically.",
    action="transfer_funds",
    parameters={"amount": 2500, "currency": "USD", "destination": "acct-77"},
    governance_tier="GT-3",
    context={"user_id": "cust-123", "session_id": "sess-001"},
    metadata={"agent_version": "1.0.0-alpha.2", "model": "gpt-5.4"},
)

session_result = steward.evaluate(session_trace)
tool_result = steward.evaluate(tool_trace)

if tool_result.flagged:
    export_observability_event(
        trace_id=tool_trace.trace_id,
        parent_trace_id=tool_trace.parent_trace_id,
        intervention=tool_result.intervention,
        flagged=True,
        governance_tier=tool_trace.governance_tier,
    )

if tool_result.intervention == "ok":
    execute_transfer(tool_trace.parameters)
elif tool_result.intervention == "nudge":
    require_operator_ack(tool_trace, tool_result)
elif tool_result.intervention == "escalate":
    route_for_approval(tool_trace, tool_result)
elif tool_result.intervention == "block":
    deny_transfer(tool_trace, tool_result)
elif tool_result.intervention == "halt":
    trigger_emergency_stop(tool_trace, tool_result)

What this example covers:

• Standard is the active alpha claimable profile.
• parent_trace_id provides minimal lineage between the session and the governed tool call.
• Tripwire evaluation observes canonical roots such as action and args at runtime.
• Orthogonal flag handling stays separate from the primary intervention.
• Observability export remains machine-readable and tied to the emitted evaluation result.

For the corresponding appendix walkthrough, see Appendix: Clarity Baseline.

---

Minimal End-to-End Example

Use this for a quick local sanity pass before full profile hardening (non-conformant dev mode — not sufficient for any profile claim):

from acgp import GovernanceSteward, CognitiveTrace

steward = GovernanceSteward(
    blueprint_file="blueprint.yaml",
    conformance_level="dev_mode",
)

def simple_agent_action(user_request: str):
    if "help" in user_request.lower():
        reasoning = "User requesting help, providing FAQ"
        action = "show_faq"
        params = {}
    else:
        reasoning = "Unknown request, offering options"
        action = "show_menu"
        params = {}

    trace = CognitiveTrace(reasoning=reasoning, action=action, parameters=params)
    result = steward.evaluate(trace)

    if result.intervention == "ok":
        return {"status": "success", "action": action}
    if result.intervention == "block":
        return {"error": "Action blocked", "reason": result.message}
    return {"error": "Unsupported intervention", "intervention": result.intervention}

This minimal flow is intentionally narrow (ok/block) and is not sufficient for Standard or Safety-Critical claims.

---

Next Steps

• Security Hardening — Production hardening guide
• Blueprint Usage — Writing governance blueprints
• Performance Tuning — Optimizing evaluation latency
• Conformance Test Vectors — Run the test suite