ACGP-0000: Protocol Overview (START HERE)¶
Status: Draft
Last Updated: 2026-01-08
Spec ID: ACGP-0000
Normative Keywords: MUST, SHOULD, MAY (per RFC 2119)
READ THIS FIRST¶
This document is your entry point to the Agentic Cognitive Governance Protocol (ACGP). It provides a high-level overview and guides you to the right detailed specifications based on your role and needs.
TL;DR (30 Seconds)¶
ACGP provides runtime governance for AI agents, ensuring they operate safely and align with organizational policies through continuous cognitive quality monitoring.
How it works:
- Assess agent risk - Assign control level (ACL tier)
- Configure governance policies via Reflection Blueprints
- Monitor every agent action via Cognitive Traces
- Evaluate action quality (CTQ score)
- Intervene based on risk (OK, Nudge, Escalate, Block, Halt, Flag)
5-Minute Overview¶
What Problem Does ACGP Solve?¶
AI agents are becoming more autonomous and capable, but without governance they can:
- Make unsafe decisions
- Access unauthorized resources
- Generate harmful content
- Operate outside policy boundaries
- Lack accountability and auditability
ACGP solves this by providing real-time oversight without requiring changes to your agent's core logic.
Core Architecture¶
┌─────────────────────────────────────────────────────────────┐
│ Layer 1: RISK ASSESSMENT (Static/Periodic) │
│ ┌──────────────┐ ┌─────────────────┐ │
│ │ ARS │────────>│ ACL Tier │ │
│ │ (0-15) │ │ (ACL-0 to 5) │ │
│ └──────────────┘ └─────────────────┘ │
└─────────────────────────────────────────────────────────────┘
│
↓
┌─────────────────────────────────────────────────────────────┐
│ Layer 2: POLICY CONFIGURATION │
│ ┌──────────────────────┐ ┌─────────────────────────┐ │
│ │ Reflection │ │ Certified Source │ │
│ │ Blueprints │ │ Registry │ │
│ └──────────────────────┘ └─────────────────────────┘ │
└─────────────────────────────────────────────────────────────┘
│
↓
┌─────────────────────────────────────────────────────────────┐
│ Layer 3: RUNTIME EVALUATION (Continuous) │
│ │
│ Agent Action → Cognitive Trace → CTQ Evaluation │
│ ↓ │
│ Intervention Decision │
│ (OK/Nudge/Flag/etc) │
└─────────────────────────────────────────────────────────────┘
Key Concepts¶
ARS (Agent Risk Score): Numerical score (0-15) assessing agent risk across three dimensions
- Evaluates: Autonomy, Adaptability, Continuity (each 0-5)
- Total Score: Sum of all three dimensions (0-15)
- Determines: Which ACL tier the agent operates under
ACL (Access Control Level): Risk-based control tiers (ACL-0 to ACL-5)
- Higher risk = Stricter governance
- Defines: Decision thresholds and required safeguards
Cognitive Trace: Structured log of agent's reasoning and actions
- Contains: Inputs, reasoning, tool calls, outputs
- Purpose: Enable quality evaluation
CTQ (Cognitive Trace Quality): Runtime quality score (0-1)
- Five metrics: Reasoning Quality, Knowledge Grounding, Ethical Alignment, Tool Safety, Context Awareness
- Higher score = Better quality, lower risk
Intervention: Governance decision based on CTQ score
- Six types (five primary levels: OK, Nudge, Escalate, Block, Halt, plus orthogonal Flag)
- Proportionate response to detected risk
Who Should Read What?¶
I'm New to Agent Governance¶
Start here:
- Read this document (ACGP-0000) - You're here!
- Read ACGP-1001: Terminology - Understand key terms
- Read ACGP-1000: Core Protocol - Understand the basics
- Try: Quick Start Tutorial (coming soon)
I'm Implementing ACGP¶
Read in this order:
- ACGP-1000: Core Protocol - Foundation
- ACGP-1002: Architecture - System design
- ACGP-1003: Message Formats - Wire protocol
- ACGP-1005: ARS-CTQ-ACL Integration Framework - Evaluation logic
- ACGP-1009: Conformance - Testing requirements
I'm Integrating with Existing Agents¶
Focus on:
- ACGP-1008: Interoperability - MCP/A2A integration
- ACGP-1004: Blueprints - Policy configuration
- SDK Documentation (coming soon)
I'm Focused on Security¶
Start with:
- ACGP-1007: Security Considerations - Threat model
- ACGP-1006: Certified Source Registry - Trust anchors
- ACGP-1005: Section 6 - Tripwires
I'm Evaluating Compliance¶
Read:
- ACGP-1009: Conformance Requirements
- ACGP-1005: ARS-CTQ-ACL Framework
- Conformance Checklist (Appendix A of ACGP-1009)
Document Map¶
ACGP-0000 (Overview) <-- YOU ARE HERE
|
+-- ACGP-1000 (Core Protocol) <-- Start here for basics
| |
| +-- ACGP-1001 (Terminology)
| +-- ACGP-1002 (Architecture)
| +-- ACGP-1003 (Message Formats)
| +-- ACGP-1004 (Blueprints)
| +-- ACGP-1005 (ARS-CTQ-ACL Framework)
|
+-- ACGP-1006 (Certified Source Registry)
+-- ACGP-1007 (Security Considerations)
+-- ACGP-1008 (Interoperability)
+-- ACGP-1009 (Conformance Requirements)
Quick Reference: Key Numbers¶
| Concept | Range | Meaning |
|---|---|---|
| ARS (Agent Risk Score) | 0-15 | Agent risk level (higher = more risk) |
| ACL Tier | 0-5 | Control strictness (higher = stricter) |
| CTQ Score | 0-1 | Quality score (higher = better) |
| Risk Score | 0-1 | Inverse of CTQ (higher = worse) |
ARS to ACL Mapping¶
| ARS (Agent Risk Score) | ACL Tier | Risk Level |
|---|---|---|
| 0-2 | ACL-0 | Minimal |
| 3-4 | ACL-1 | Low |
| 5-7 | ACL-2 | Medium |
| 8-10 | ACL-3 | High |
| 11-13 | ACL-4 | Very High |
| 14-15 | ACL-5 | Critical |
Intervention Types¶
| Intervention | Action | When Used |
|---|---|---|
| OK | Allow and log | CTQ is good, no issues detected |
| Nudge | Modify and proceed | Minor issues, auto-correctable |
| Flag | Allow but audit | Concerning but not blocking |
| Escalate | Pause for human review | Uncertain, needs judgment |
| Block | Prevent this action | Clear policy violation |
| Halt | Kill switch | Critical safety issue |
Implementation Levels¶
ACGP defines three conformance levels:
Minimal Conformance¶
Purpose: Development and testing
Requirements: Core protocol, basic governance, local storage
Use Cases: Development environments, proof of concept
Standard Conformance¶
Purpose: Production deployment
Requirements: All Minimal + interoperability, distributed storage, security
Use Cases: Enterprise production systems
Complete Conformance¶
Purpose: Mission-critical systems
Requirements: All Standard + advanced security, high availability
Use Cases: High-stakes, regulated environments
See ACGP-1009 for detailed requirements.
Common Questions¶
Q: How does ACGP differ from traditional access control?¶
A: Traditional access control is binary (allow/deny) and static. ACGP provides continuous evaluation with graduated interventions and adaptive policies based on runtime behavior.
Q: Does ACGP require changes to my agent code?¶
A: Minimal. You add a wrapper that emits Cognitive Traces. The governance logic runs separately in the Governance Steward.
Q: Can different vendors implement ACGP?¶
A: Yes! The protocol is open. Vendors can compete on implementation quality while maintaining interoperability through standardized message formats.
Q: What if my agent doesn't fit the ARS rubric?¶
A: The ARS assessment is extensible. You can add custom dimensions or use the manual override process.
Q: How much latency does ACGP add?¶
A: Target: <100ms for ACL-0/1, <200ms for ACL-⅔, <500ms for ACL-⅘. See ACGP-1002: Section 9 for details.
Getting Started Checklist¶
- Read this overview document (you're almost done!)
- Review the Terminology
- Understand the Core Protocol
- Choose your implementation level
- Read relevant specifications for your role
- Review conformance requirements
- Check out reference implementation (coming soon)
- Join the community (links coming soon)
Contributing¶
ACGP is an open protocol. We welcome:
- Implementation feedback
- Specification improvements
- Use case documentation
- Reference implementations
- Integration adapters
Repository: [Coming soon]
Discussion: [Coming soon]
Issues: [Coming soon]
License¶
[To be determined - recommend permissive open source license]
Next Steps¶
Ready to dive deeper?
- New to agent governance? Read ACGP-1001: Terminology
- Ready to implement? Read ACGP-1000: Core Protocol
- Want to integrate? Read ACGP-1008: Interoperability
For questions, feedback, or contributions, please [contact us / open an issue / join our community]