ACGP-1001: Unified Terminology & Definitions

Status: Draft
Last Updated: 2026-01-08
Spec ID: ACGP-1001
Normative Keywords: MUST, SHOULD, MAY (per RFC 2119)

Abstract

This document provides the authoritative terminology reference for ACGP v1.1. All specifications, documentation, and implementations MUST conform to these definitions.

Namespace Conventions

Overview

ACGP introduces multiple concepts that use the term "tier" or "level". To prevent ambiguity, all tier/level references MUST be qualified in documentation, APIs, and implementations.

Three Tier Namespaces [NORMATIVE]

Primary Terms (use these):

  • ACL Tier [0-5]: Agent capability and autonomy level
  • Eval Tier [0-3]: Evaluation strategy depth (governance contracts)
  • Conformance Level [Minimal/Standard/Complete]: Implementation completeness

Quick Reference Table

Concept Short Form Long Form Set At Example Defined In
Agent Capability ACL-2 ACL Tier 2 Design/deployment "This is an ACL-2 agent" This document
Evaluation Depth Eval-1 Eval Tier 1 Runtime (per-request) "Run Eval-1 checks" ACGP-1010
Implementation Standard Standard Conformance Deployment "Standard implementation" ACGP-1009

Usage in Code [NORMATIVE]

Implementations MUST use qualified names in APIs and data structures:

GOOD: Unambiguous

from acgp import ACLTier, EvalTier, ConformanceLevel

agent = Agent(acl_tier=ACLTier.STANDARD_OVERSIGHT)  # ACL-2
request = EvalRequest(eval_tier=EvalTier.FAST_SYNC)  # Eval-1
steward = Steward(conformance=ConformanceLevel.STANDARD)

BAD: Ambiguous

agent = Agent(tier=2)  # Which tier?! ACL? Eval? Conformance?

Usage in Message Formats [NORMATIVE]

Message field names MUST be self-documenting:

GOOD: Field names are qualified

{
  "agent_acl_tier": "ACL-2",
  "requested_eval_tier": "eval-1",
  "steward_conformance": "standard"
}

BAD: Requires context to understand

{
  "tier": 2,
  "level": "standard"
}

Usage in Documentation [NORMATIVE]

ALWAYS use qualified terms in prose:

GOOD: "An ACL-2 agent requests Eval-1 checks within a 300ms budget."

BAD: "A Tier 2 agent requests Tier 1 checks within a 300ms budget." (Which tier is which?!)

Exception: Context-Obvious Cases

When context is absolutely clear within a specific section, you MAY use shorthand only within that section:

## ACL Tiers

Within this section only, "tier" means "ACL Tier" unless otherwise noted.

- Tier 0: No autonomy
- Tier 1: Minimal autonomy
...

Even in these cases, using fully qualified terms is RECOMMENDED for searchability and clarity.

Important Distinctions

Understanding the difference between these three concepts is critical:

Conformance Level ≠ ACL Tier ≠ Eval Tier

  • Conformance Level (Minimal/Standard/Complete) = How much of the ACGP specification an implementation supports
  • Set at: Implementation/deployment time
  • Question answered: "How complete is this ACGP implementation?"

  • Example: "Our system has Standard conformance"

  • ACL Tier (0-5) = How much risk and autonomy an agent has

  • Set at: Agent design/deployment time based on ARS assessment
  • Question answered: "How much oversight does this agent need?"

  • Example: "This customer service agent is ACL-2"

  • Eval Tier (0-3) = How deep the governance evaluation goes for each request

  • Set at: Runtime, per-request based on governance contract
  • Question answered: "How thoroughly should we evaluate this action?"
  • Example: "Run Eval-1 checks for this low-risk action"

Real-world example: A Standard conformance implementation can govern agents at ACL-3 tier using Eval-1 checks for routine actions and Eval-2 checks for critical actions.

Core Agent Terminology

Governance Steward

  • Primary Term: Governance Steward
  • Definition: A specialized runtime governance agent that observes Cognitive Traces from Operating Agents, calculates CTQ (Cognitive Trace Quality) scores, and issues interventions to ensure alignment with Reflection Blueprints and the Clarity Baseline.

Operating Agent

  • Primary Term: Operating Agent
  • Definition: The autonomous or semi-autonomous AI agent being monitored and governed by the Governance Steward. This is the agent executing actual tasks and using tools.

Steward Network

  • Primary Term: Steward Network
  • Definition: A coordinated network of multiple Governance Stewards working together to provide distributed governance across multi-agent systems.

Cognitive Trace

  • Primary Term: Cognitive Trace
  • Definition: A structured, comprehensive log of an agent's inputs, internal reasoning steps, tool calls, decisions, and outputs for a single execution step. This is the fundamental unit of observation for governance.

Risk Assessment Framework

ARS (Agent Risk Score)

  • Primary Term: Agent Risk Score (ARS)
  • Definition: A composite risk metric (0-15) that quantifies an agent's risk posture based on three dimensions:
  • Autonomy (0-5): Degree of self-initiation and tool control
  • Adaptability (0-5): Capacity to change goals, strategies, or write code
  • Continuity (0-5): Persistence, memory, and ability to spawn sub-agents
  • Formula: ARS = Autonomy + Adaptability + Continuity

ACL Tiers

  • Primary Term: ACL Tier
  • Range: ACL-0 through ACL-5
  • Definition: The agent's risk posture classification derived from its ARS, determining which security controls and governance mechanisms MUST be in place.

ARS to ACL Mapping

ARS Total ACL Tier Risk Level Required Controls
0-2 ACL-0 Minimal Basic logging, rate limits
3-4 ACL-1 Low Standard policy rules, human override
5-7 ACL-2 Medium Warnings, spend caps, approval for sensitive scopes
8-10 ACL-3 High Approval gates, step-through, immutable audit
11-13 ACL-4 Very High Crypto signing, isolation, multi-agent RBAC
14-15 ACL-5 Critical Dual control, kill-switch, pre-commit review

Runtime Intervention System

Intervention Types

  • Primary Term: Intervention
  • Count: Six intervention types (five primary levels: OK, Nudge, Escalate, Block, Halt, plus orthogonal Flag that can be combined with any primary level)
  • Definition: Runtime decisions made by the Policy Engine based on CTQ scores and tripwires.

Six Standard Interventions

  1. OK
  2. Action: Allow (log only)

  3. Semantics: Action is permitted to proceed with standard logging

  4. Nudge

  5. Action: Replace-or-allow-with-feedback

  6. Semantics: Modify the action (e.g., redact PII, tighten prompt) and continue

  7. Flag

  8. Action: Allow + high-severity audit
  9. Semantics: Permit action but increment trust debt; may degrade privileges later

  10. Note: Orthogonal to other interventions (can be combined with OK, Nudge, Escalate, Block, or Halt)

  11. Escalate

  12. Action: Pause + require human approval

  13. Semantics: Enter step-through mode pending Human-In-The-Loop decision

  14. Block

  15. Action: Block this specific action

  16. Semantics: Prevent action but session continues

  17. Halt

  18. Action: Kill-switch activation
  19. Semantics: Revoke keys, disable session/agent, cascade to sub-agents

Decision Thresholds by ACL Tier

Note: These thresholds use Risk Score (1.0 - CTQ), not CTQ directly.

ACL OK Nudge Escalate Block Halt
ACL-0 <=0.40 0.40-0.55 0.55-0.70 >0.70 or tripwire Critical tripwire only
ACL-1 <=0.30 0.30-0.45 0.45-0.60 >0.60 or tripwire Critical tripwire
ACL-2 <=0.25 0.25-0.40 0.40-0.55 >0.55 or tripwire Critical tripwire
ACL-3 <=0.20 0.20-0.35 0.35-0.50 >0.50 or tripwire Critical/repeated tripwire
ACL-4 <=0.15 0.15-0.30 0.30-0.45 >0.45 or tripwire Any critical tripwire
ACL-5 <=0.10 0.10-0.25 0.25-0.40 >0.40 or tripwire Any severe tripwire

Tripwires

  • Primary Term: Tripwire
  • Definition: Critical conditions that trigger immediate intervention regardless of CTQ score
  • Categories: Standard, Critical, Severe
  • Examples:
  • Secrets exfiltration
  • Irreversible production changes
  • Regulated data movement
  • Fraud signals
  • Agent collusion attempts

Governance Contracts (ACGP-1010)

Risk Levels

  • Primary Terms: low_risk, elevated_risk, critical_risk
  • Definition: Per-action classification of consequences, independent of ACL Tier
  • Values:
  • low_risk: Easily reversible or no side effects (default)
  • elevated_risk: Has consequences but not catastrophic
  • critical_risk: Difficult/impossible to reverse or high-value target
  • See: ACGP-1010 Section 2

Evaluation Tiers

  • Primary Term: Eval Tier or Evaluation Tier
  • Range: Eval-0 through Eval-3
  • Definition: Governance evaluation strategy depth, independent of ACL Tier
  • Values:
  • Eval-0: Must-pass synchronous checks (<100ms, no external deps)
  • Eval-1: Fast synchronous policy checks (<300ms target)
  • Eval-2: Deep asynchronous analysis (LLM-based, seconds to minutes)
  • Eval-3: Human-in-the-loop approval (human time)
  • Note: NOT the same as ACL Tiers or Conformance Levels
  • See: ACGP-1010 Section 3

Performance Budget

  • Definition: Per-request latency contract specifying how long the agent will wait for governance decision
  • Components: latency_budget_ms, fallback_on_timeout, tier_budgets
  • Semantics: Timeout with explicit fallback behavior (not an SLA)
  • See: ACGP-1010 Section 4

Fallback Behaviors

  • Primary Terms: deny, allow_and_log, cached_decision, escalate
  • Definition: Agent behavior when governance times out or is unavailable
  • Values:
  • deny: Block the action (safety > availability)
  • allow_and_log: Allow with heavy logging (availability > safety)
  • cached_decision: Use cached policy if available, else deny
  • escalate: Move to higher eval tier or human approval
  • See: ACGP-1010 Section 4.4

Governance Status

  • Primary Terms: OK, GOVERNANCE_TIMEOUT, PARTIAL_EVAL, UNAVAILABLE
  • Definition: Steward response indicating governance evaluation result
  • Values:
  • OK: Evaluation completed within budget
  • GOVERNANCE_TIMEOUT: Budget exceeded, returning partial/no result
  • PARTIAL_EVAL: Completed some tiers, others incomplete
  • UNAVAILABLE: Steward cannot evaluate at all
  • See: ACGP-1003 Messages

Quality Metrics

CTQ (Cognitive Trace Quality)

  • Primary Term: Cognitive Trace Quality (CTQ)
  • Definition: A normalized score (0-1) representing the quality, safety, and compliance of a Cognitive Trace against defined blueprints and baselines.
  • Calculation: Weighted average of individual metric scores

Risk Score

  • Definition: The inverse of CTQ used for intervention decisions
  • Formula: Risk_Score = 1.0 - CTQ_final
  • Range: 0.0 to 1.0 (0 = perfect quality, 1 = complete failure)

CTQ Vector

  • Definition: The array of individual quality metric scores before aggregation
  • Five Standard Metrics: Reasoning Quality, Knowledge Grounding, Ethical Alignment, Tool Safety, Context Awareness
  • Example: [reasoning: 0.90, grounding: 0.88, ethical: 0.95, tool_safety: 0.92, context: 0.89]

CTQ Final

  • Definition: The weighted aggregate score derived from the CTQ Vector
  • Range: 0.0 to 1.0
  • Note: Higher is better (opposite of Risk Score)

Trust System

Trust Debt

  • Definition: Accumulated risk score from flagged behaviors
  • Accumulation: Based on flag severity:
  • Low severity: +0.1 trust debt
  • Medium severity: +0.3 trust debt
  • High severity: +0.5 trust debt
  • Decay: Trust debt decays by 5% every 24 hours (multiplied by 0.95)
  • Formula: debt_current = debt_initial × (0.95^days_elapsed)
  • Example: After 7 days, a 0.5 debt becomes 0.5 × (0.95^7) ≈ 0.348
  • Effect: Triggers re-tiering when exceeding thresholds

Trust Debt Thresholds by ACL

ACL Tier Warning Level Re-tier Trigger Suspension Trigger
ACL-0 2.0 5.0 10.0
ACL-1 1.5 4.0 8.0
ACL-2 1.0 3.0 6.0
ACL-3 0.75 2.0 4.0
ACL-4 0.5 1.5 3.0
ACL-5 0.25 1.0 2.0

Dynamic Re-tiering

  • Definition: The automatic process of recalculating ARS and adjusting ACL tier when agent capabilities, goals, or trust scores change significantly
  • Triggers: Trust debt threshold, capability changes, repeated violations
  • Direction: Can increase (escalate) or decrease (de-escalate) ACL tier

Governance Artifacts

Reflection Blueprints

  • Primary Term: Reflection Blueprints
  • Definition: YAML/JSON configuration files that specify expected agent behavior, quality metrics, thresholds, checks, and evidence requirements for specific domains and goals.

Clarity Baseline

  • Primary Term: Clarity Baseline
  • Definition: A mandatory, cross-domain blueprint that evaluates reasoning clarity, logical consistency, knowledge grounding, and absence of cognitive biases. Acts as the universal "cognitive seatbelt" for all agents.

Certified Source Registry

  • Primary Term: Certified Source Registry
  • Definition: A curated, cryptographically signed catalog of authoritative data sources with metadata including authority level, jurisdiction, recency, and relevance scores.

System Components

ReflectionDB

  • Primary Term: ReflectionDB
  • Definition: An append-only, immutable event store that maintains a complete audit trail of all governance events, evaluations, and interventions.

Policy Engine

  • Primary Term: Policy Engine
  • Definition: The runtime component that evaluates CTQ scores against ACL-specific thresholds and issues intervention decisions.

Trusted Monitor (TM)

  • Primary Term: Trusted Monitor
  • Definition: An independent observer model/process that validates agent behavior, detects anomalies, and can trigger interventions.

Human-In-The-Loop

  • Primary Term: Human-In-The-Loop
  • Abbreviated: HITL (only in diagrams/tables where space is limited)
  • Definition: The escalation pathway that routes critical decisions to human operators with appropriate context and evidence for manual review.

Protocol Components

MPA (Multi-Party Authorization)

  • Primary Term: Multi-Party Authorization (MPA)
  • Definition: A security mechanism requiring multiple authorized approvers for sensitive changes to blueprints, registry entries, or critical configurations.

ATS (Agent Telemetry Standard)

  • Primary Term: Agent Telemetry Standard (ATS)
  • Definition: The standardized event format for semantic telemetry including traces, decisions, and audit records.

Operational Terms

Mission Envelope

  • Definition: The defined boundaries of allowed tools, resources, data domains, and budgets for a specific agent.

Message Retry Policy

  • Definition: Standard behavior for handling failed messages
  • Specification:
retry_policy:
  max_attempts: 3
  backoff: exponential
  timeout_ms: 500
  failure_action: escalate

Emergency Override

  • Definition: Authorized procedure to immediately halt all agent operations
  • Requirements: Dual authorization for ACL-3+, single authorization for ACL-0-2

Open Source vs Proprietary Boundary

Open Source Components

  • Protocol specifications
  • Message formats (TRACE, EVAL, INTERVENTION, SYNC)
  • ATS event schemas
  • CTQ weighted average formula
  • Metric weights (MUST be disclosed)
  • Policy Engine decision mapping
  • Validator and conformance suite
  • Reference implementations (basic)

Proprietary Components

  • Individual metric scoring algorithms (MAY be proprietary)
  • Feature engineering methods
  • Anomaly detection models
  • Threshold auto-tuning logic
  • Fusion algorithms for multi-metric evaluation

This document serves as the authoritative terminology reference for ACGP v1.1. All specifications, documentation, and implementations MUST conform to these definitions.