ACGP-1009: Conformance Requirements¶
Status: Draft
Last Updated: 2026-01-08
Spec ID: ACGP-1009
Normative Keywords: MUST, SHOULD, MAY (per RFC 2119)
Abstract¶
This document specifies the conformance requirements for implementations of the Agentic Cognitive Governance Protocol (ACGP). It defines conformance levels, mandatory and optional features, test suites, validation procedures, and certification processes. This specification enables implementers to verify their compliance with ACGP and provides users with assurance that implementations will interoperate correctly and maintain the security and governance guarantees of the protocol.
Table of Contents¶
- Introduction
- Conformance Levels
- Core Protocol Requirements
- Component-Specific Requirements
- Test Suites and Vectors
- Validation Procedures
- Interoperability Requirements
- Performance Benchmarks
- Security Conformance
- Documentation Requirements
- Certification Process
- Non-Conformance Handling
- Version Compatibility
- References
1. Introduction¶
Conformance to ACGP ensures that implementations provide the necessary governance capabilities, maintain security guarantees, and interoperate with other conformant systems. This specification defines three levels of conformance and provides detailed requirements for each level.
1.1 Conformance Levels Overview¶
| Level | Description | Use Cases | Required Components |
|---|---|---|---|
| Minimal | Learning and development | Learning, development, batch jobs | Core protocol, basic governance |
| Standard | Production-ready implementation | Production apps, interactive systems | All core + contracts + interoperability |
| Complete | Full specification implementation | Mission-critical systems | All features + advanced security |
Important: Minimal conformance is designed for non-production environments (learning, development, batch processing). Production deployments SHOULD use Standard or Complete conformance.
1.2 Requirements Language¶
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119.
1.3 Conformance Statement¶
Implementations claiming conformance MUST include a conformance statement specifying:
- ACGP version supported (e.g., "1.0.3")
- Conformance level achieved (Minimal/Standard/Complete)
- Optional features implemented
- Known limitations or deviations
2. Conformance Levels¶
2.1 Minimal Conformance¶
Purpose: Minimum implementation for learning, development, and batch processing environments.
Designed for:
- Learning ACGP concepts
- Development and testing
- Batch jobs and background processing
- Non-latency-sensitive workloads
Not designed for:
- Production interactive applications
- User-facing systems
- Latency-sensitive workloads
- Systems requiring performance SLAs
2.1.1 Required Features¶
| Component | Required Features |
|---|---|
| Core Protocol | Message formats, version negotiation |
| Interventions | OK and BLOCK only (other types optional) |
| Risk Assessment | Basic risk scoring (any method, can be static) |
| CTQ Evaluation | Optional (can use simplified scoring) |
| Tripwires | Optional |
| Storage | Optional (can use in-memory only) |
| Security | Use existing transport security (TLS optional for dev) |
2.1.2 Optional Features¶
- Additional intervention types (Nudge, Flag, Escalate, Halt)
- Trust debt system
- Advanced ARS/CTQ calculation
- Tripwires (all categories)
- ReflectionDB storage
- Governance Contracts (ACGP-1010)
- Dynamic re-tiering
- MCP/A2A integration
2.1.3 Production Usage Guidance¶
Decision Tree:
Production deployment? → Yes → Latency-sensitive? → Yes → Use Standard [WARNING]
→ No → Development/testing → Use Minimal
Runtime Warning:
Implementations SHOULD detect production environments and emit warnings when Minimal conformance is used:
import os
import warnings
if os.getenv('ENVIRONMENT') == 'production' and conformance_level == 'minimal':
warnings.warn(
"[WARNING] MINIMAL CONFORMANCE IN PRODUCTION\n"
"No governance contracts = uniform latency, no performance SLAs\n"
"Upgrade to Standard conformance for production use\n"
"Suppress: set suppress_production_warning=True",
category=ProductionWarning,
stacklevel=2
)
Escalation Path:
- Months 0-6: WARNING level (current)
- Months 6-12: ERROR level if incidents >1/quarter
- Months 12+: Require explicit acknowledgment flag if still failing
Target: <1 incident per quarter caused by Minimal tier misuse in production.
2.2 Standard Conformance¶
Purpose: Production-ready implementation for enterprise use and interactive applications.
Required for:
- Production deployments
- User-facing interactive systems
- Latency-sensitive workloads
- Systems requiring performance SLAs
2.2.1 Required Features¶
All Minimal requirements plus:
| Component | Additional Requirements |
|---|---|
| Interventions | All six types (OK, Nudge, Escalate, Block, Halt, Flag), flag orthogonality |
| ARS Assessment | Three dimensions, ACL tier mapping |
| CTQ Evaluation | Five standard metrics, weighted scoring |
| Trust System | Trust debt accumulation and decay (by 5% per 24 hours) |
| Tripwires | All three categories (Standard, Critical, Severe) |
| Registry | Basic source validation, trust scoring |
| Blueprint | Full schema support, inheritance |
| Integration | MCP or A2A protocol support |
| Security | TLS 1.3, ES256 signatures, MFA, role-based access |
| Monitoring | Real-time metrics, alerting |
| Storage | Distributed ReflectionDB, 1-year retention |
| Governance Contracts (ACGP-1010) | REQUIRED: Risk levels, eval tiers 0-1, performance budgets, fallback behaviors |
Governance Contracts Clarification:
Governance contracts are OPTIONAL at Minimal conformance but REQUIRED at Standard conformance because:
- Prevents ecosystem fragmentation ("Fast ACGP" vs "Standard ACGP" forks)
- Enables performance SLA negotiation per use case (50ms chat vs 1000ms financial)
- Production apps need explicit latency/quality trade-offs
- Without contracts, uniform 300ms latency kills interactive use cases
See ACGP-1010 for full specification. The optional/required distinction is:
- Minimal: ACGP-1010 features may be ignored entirely
- Standard: ACGP-1010 -4 (risk levels, eval tiers 0-1, budgets) REQUIRED
- Complete: All ACGP-1010 features including eval tiers 2-3 REQUIRED
2.2.2 Optional Features¶
- Complete MCP and A2A support
- Advanced anomaly detection
- Multi-region deployment
- Governance Contracts: Eval tiers 2-3, HSM-based evaluation
2.3 Complete Conformance¶
Purpose: Full specification for mission-critical deployments.
2.3.1 Required Features¶
All Standard requirements plus:
| Component | Additional Requirements |
|---|---|
| Dynamic Systems | Full re-tiering, tripwire system with all severities |
| Registry | MPA, cryptographic verification |
| Integration | Both MCP and A2A, custom protocols |
| Security | HSM support, zero-trust architecture, emergency override |
| High Availability | 99.99% uptime, disaster recovery |
| Compliance | Full audit trail, regulatory reporting |
| Performance | Meet all specified benchmarks |
| Governance Contracts (ACGP-1010) | REQUIRED: All eval tiers (0-3), all fallback behaviors, capability negotiation, latency conformance, HSM-based evaluation |
3. Core Protocol Requirements¶
3.1 Message Format Conformance¶
Implementations MUST correctly generate and parse all message types:
class MessageConformanceTests:
def test_trace_message(self):
trace = {
"trace_id": "550e8400-e29b-41d4-a716-446655440000",
"session_id": "660e8400-e29b-41d4-a716-446655440000",
"step": 1,
"inputs": {"query": "test"},
"tool_calls": [],
"outputs": {"response": "result"},
"source_refs": [],
"meta": {
"timestamp": "2025-01-15T10:00:00Z",
"acl_tier": "ACL-2"
}
}
# Validate structure
assert self.validate_schema(trace, TRACE_SCHEMA)
# Test serialization
serialized = json.dumps(trace)
deserialized = json.loads(serialized)
assert deserialized == trace
# Test envelope
enveloped = self.wrap_in_envelope(trace, "TRACE")
assert self.validate_envelope(enveloped)
3.2 Version Negotiation Conformance¶
def test_version_negotiation():
"""Test protocol version negotiation."""
# Test successful negotiation
client_versions = ["1.0.0", "1.0.2"]
server_versions = ["1.0.2", "1.1.0"]
result = negotiate_protocol_version(client_versions, server_versions)
assert result == "1.0.2" # Highest common version
# Test incompatible versions
client_versions = ["2.0.0"]
server_versions = ["1.0.0"]
with pytest.raises(IncompatibleVersionError):
negotiate_protocol_version(client_versions, server_versions)
3.3 State Machine Conformance¶
stateDiagram-v2
[*] --> Initialized: System Start
Initialized --> Active: Configuration Loaded
Active --> Evaluating: Trace Received
Evaluating --> Intervening: Decision Made
Intervening --> Active: Intervention Applied
Active --> Suspended: Suspension Trigger
Suspended --> Active: Resume Command
Active --> Halted: Critical Error
Halted --> [*]: Shutdown
note right of Active
Normal operation state
Accepts traces
Issues interventions
end note
note right of Suspended
Temporary pause
No new traces accepted
Existing queue processed
end note
note right of Halted
Emergency stop
All operations ceased
Manual restart required
end note4. Component-Specific Requirements¶
4.1 Governance Steward Requirements¶
| Requirement | Minimal | Standard | Complete |
|---|---|---|---|
| Observe Cognitive Traces | |||
| Calculate CTQ Scores | Optional | ||
| Issue Interventions (OK, BLOCK) | |||
| Issue Interventions (all 6 types) | Optional | ||
| Manage Trust Debt | - | ||
| Coordinate in Network | - | - | |
| Handle Tripwires | Optional |
4.2 Policy Engine Requirements¶
policy_engine_conformance:
minimal:
- load_blueprints: required
- apply_thresholds: required
- make_decisions: required
- support_ok_block_interventions: required
- support_all_six_interventions: optional
standard:
- inherit_blueprints: required
- dynamic_thresholds: required
- flag_orthogonality: required
- tripwire_evaluation: required
complete:
- real_time_updates: required
- multi_version_support: required
- custom_metrics: required
- emergency_override: required
4.3 ReflectionDB Requirements¶
class ReflectionDBConformance:
def validate_minimal(self, db):
# Append-only verification
assert db.is_append_only()
# Required indexes
required_indexes = ['trace_id', 'timestamp', 'agent_id']
assert all(db.has_index(idx) for idx in required_indexes)
# Retention policy
assert db.retention_days >= 30
def validate_standard(self, db):
self.validate_minimal(db)
# Distributed capabilities
assert db.supports_replication()
# Query performance
assert db.query_latency_p95() < 100 # ms
# Extended retention
assert db.retention_days >= 365
def validate_complete(self, db):
self.validate_standard(db)
# Cryptographic integrity
assert db.has_merkle_tree()
# Compliance features
assert db.supports_immutable_audit()
assert db.supports_data_export(['json', 'parquet'])
4.4 Registry Requirements¶
| Feature | Minimal | Standard | Complete |
|---|---|---|---|
| Source Storage | Local | Distributed | Replicated |
| Trust Scoring | Simple | Advanced | ML-based |
| MPA | - | Optional | Required |
| Cryptographic Verification | - | Checksums | ES256 signatures |
| Update Propagation | - | <5 min | <60 sec |
5. Test Suites and Vectors¶
5.1 Core Test Suite¶
class CoreConformanceTestSuite:
"""Mandatory test suite for all conformance levels."""
def __init__(self):
self.test_vectors = self.load_test_vectors()
self.results = []
def run_all_tests(self):
test_categories = [
self.test_message_formats,
self.test_intervention_logic,
self.test_ari_calculation,
self.test_ctq_evaluation,
self.test_state_transitions,
self.test_error_handling,
self.test_version_negotiation
]
for category in test_categories:
try:
category()
self.results.append(('PASS', category.__name__))
except AssertionError as e:
self.results.append(('FAIL', category.__name__, str(e)))
return self.generate_report()
5.2 Test Vectors¶
5.2.1 ARS Calculation Test Vector¶
{
"test_id": "ars-001",
"description": "Standard ARS calculation",
"input": {
"autonomy": 3,
"adaptability": 2,
"continuity": 4
},
"expected_output": {
"ars_total": 9,
"acl_tier": "ACL-3"
}
}
5.2.2 CTQ Evaluation Test Vector¶
{
"test_id": "ctq-001",
"description": "Standard CTQ calculation",
"input": {
"metrics": [
{"name": "reasoning_quality", "score": 0.85, "weight": 0.25},
{"name": "knowledge_grounding", "score": 0.88, "weight": 0.20},
{"name": "ethical_alignment", "score": 0.90, "weight": 0.20},
{"name": "tool_safety", "score": 0.92, "weight": 0.20},
{"name": "context_awareness", "score": 0.89, "weight": 0.15}
]
},
"expected_output": {
"ctq_final": 0.8825,
"risk_score": 0.1175
}
}
5.2.3 Intervention Decision Test Vector (Corrected)¶
{
"test_id": "intervention-001",
"description": "ACL-3 intervention decision",
"input": {
"acl_tier": "ACL-3",
"ctq_score": 0.75,
"risk_score": 0.25,
"tripwires": [],
"trust_debt": 0.5
},
"expected_output": {
"primary_intervention": "NUDGE",
"flag": false,
"reason": "Risk score 0.25 within nudge threshold for ACL-3 (0.20-0.35)"
}
}
5.2.4 Tripwire Override Test Vector (New)¶
{
"test_id": "tripwire-001",
"description": "Critical tripwire overrides CTQ",
"input": {
"acl_tier": "ACL-3",
"ctq_score": 0.95,
"risk_score": 0.05,
"tripwires": [
{"id": "secrets_leak", "severity": "critical", "triggered": true}
],
"trust_debt": 0.1
},
"expected_output": {
"primary_intervention": "HALT",
"flag": true,
"reason": "Critical tripwire 'secrets_leak' triggered, ACL >= 3 requires HALT"
}
}
5.2.5 Trust Debt Accumulation Test Vector (New)¶
{
"test_id": "trust-debt-001",
"description": "Trust debt accumulation and decay",
"input": {
"acl_tier": "ACL-3",
"flags": [
{"severity": "medium", "weight": 0.3, "days_ago": 4},
{"severity": "low", "weight": 0.1, "days_ago": 2}
],
"decay_factor": 0.95
},
"expected_output": {
"trust_debt": 0.3346,
"calculation": "Flag 1 (4 days ago): 0.3 * (0.95^4) = 0.3 * 0.8145 = 0.2443, Flag 2 (2 days ago): 0.1 * (0.95^2) = 0.1 * 0.9025 = 0.0903, Total = 0.3346",
"note": "Decay factor 0.95 is applied per 24-hour period",
"threshold_status": "below_warning",
"warning_threshold": 0.75
}
}
5.2.6 Flag Orthogonality Test Vector (New)¶
{
"test_id": "flag-orthogonal-001",
"description": "Flag can combine with other interventions",
"input": {
"acl_tier": "ACL-2",
"ctq_score": 0.80,
"risk_score": 0.20,
"near_miss_pattern": true,
"tripwires": []
},
"expected_output": {
"primary_intervention": "OK",
"flag": false,
"reason": "Risk score 0.20 within OK threshold, no flag conditions met"
}
},
{
"test_id": "flag-orthogonal-002",
"description": "Flag with nudge intervention",
"input": {
"acl_tier": "ACL-2",
"ctq_score": 0.65,
"risk_score": 0.35,
"suspicious_pattern": true,
"tripwires": []
},
"expected_output": {
"primary_intervention": "NUDGE",
"flag": true,
"flag_severity": "low",
"reason": "Risk score 0.35 at nudge threshold boundary, suspicious pattern detected"
}
}
5.3 Interoperability Test Suite¶
def test_interoperability(implementation_a, implementation_b):
"""Test that two implementations can communicate."""
# Version negotiation
version = negotiate_versions(
implementation_a.supported_versions,
implementation_b.supported_versions
)
assert version is not None
# Message exchange
trace = implementation_a.generate_trace()
intervention = implementation_b.process_trace(trace)
assert intervention.is_valid()
# Validate intervention structure
assert intervention.decision in [
"ok", "nudge", "flag", "escalate", "block", "halt"
]
# Bidirectional communication
response = implementation_a.handle_intervention(intervention)
assert response.acknowledged
5.4 Governance Contracts Test Suite¶
For implementations supporting ACGP-1010 (Governance Contracts).
5.4.1 Tier 0 Always Runs¶
{
"test_id": "gc-tier0-001",
"description": "Eval-0 tripwires always execute regardless of budget",
"input": {
"governance_contract": {
"risk_level": "low_risk",
"eval_tier": 0,
"performance_budget": {
"latency_budget_ms": 50
}
},
"tripwires": [
{"id": "rule_check", "eval_tier": 0, "latency_budget_ms": 100}
],
"simulated_latency_ms": 120
},
"expected_output": {
"tripwire_executed": true,
"budget_exceeded": true,
"decision": "deny",
"reason": "Tier 0 tripwire executed (120ms), budget exceeded (50ms), fallback=deny"
}
}
5.4.2 Budget Timeout Enforcement¶
{
"test_id": "gc-budget-001",
"description": "Latency budget timeout triggers fallback",
"input": {
"governance_contract": {
"risk_level": "elevated_risk",
"eval_tier": 1,
"performance_budget": {
"latency_budget_ms": 300,
"fallback_behavior": "cached_decision"
}
},
"simulated_latency_ms": 350,
"cache": {
"similar_action_hash": "abc123",
"cached_decision": "allow"
}
},
"expected_output": {
"timeout": true,
"fallback_triggered": true,
"decision": "allow",
"reason": "Budget timeout (350ms > 300ms), used cached decision",
"metadata": {"cache_hit": true, "cache_age_ms": 1200000}
}
}
5.4.3 Fallback Behavior: Deny¶
{
"test_id": "gc-fallback-deny-001",
"description": "Conservative deny fallback on timeout",
"input": {
"governance_contract": {
"risk_level": "critical_risk",
"eval_tier": 2,
"performance_budget": {
"latency_budget_ms": 5000,
"fallback_behavior": "deny"
}
},
"simulated_latency_ms": 5100
},
"expected_output": {
"timeout": true,
"decision": "deny",
"reason": "Evaluation timeout (5100ms > 5000ms), fallback=deny applied",
"governance_status": {
"contract_honored": true,
"actual_latency_ms": 5100,
"budget_used_pct": 102.0
}
}
}
5.4.4 Fallback Behavior: Allow and Log¶
{
"test_id": "gc-fallback-allow-001",
"description": "Permissive allow_and_log fallback with async audit",
"input": {
"governance_contract": {
"risk_level": "low_risk",
"eval_tier": 1,
"performance_budget": {
"latency_budget_ms": 200,
"fallback_behavior": "allow_and_log"
}
},
"simulated_latency_ms": 250
},
"expected_output": {
"timeout": true,
"decision": "allow",
"reason": "Budget timeout, fallback=allow_and_log, async audit queued",
"async_audit_queued": true,
"governance_status": {
"contract_honored": true,
"actual_latency_ms": 250,
"fallback_used": "allow_and_log"
}
}
}
5.4.5 Fallback Behavior: Escalate¶
{
"test_id": "gc-fallback-escalate-001",
"description": "Escalate fallback requires human decision",
"input": {
"governance_contract": {
"risk_level": "critical_risk",
"eval_tier": 3,
"performance_budget": {
"latency_budget_ms": 10000,
"fallback_behavior": "escalate"
}
},
"simulated_latency_ms": 12000,
"human_decision_available": false
},
"expected_output": {
"timeout": true,
"decision": "escalate",
"reason": "Budget timeout, fallback=escalate, awaiting human review",
"human_review_required": true,
"governance_status": {
"contract_honored": true,
"actual_latency_ms": 12000,
"fallback_used": "escalate",
"human_decision_pending": true
}
}
}
5.4.6 Risk Level Semantics¶
{
"test_id": "gc-risk-semantics-001",
"description": "Risk levels map to correct latency budgets",
"input": [
{"risk_level": "low_risk", "expected_budget_ms": 100},
{"risk_level": "elevated_risk", "expected_budget_ms": 300},
{"risk_level": "critical_risk", "expected_budget_ms": 5000}
],
"expected_output": [
{"risk_level": "low_risk", "budget_ms": 100, "eval_tier_recommended": 0},
{"risk_level": "elevated_risk", "budget_ms": 300, "eval_tier_recommended": 1},
{"risk_level": "critical_risk", "budget_ms": 5000, "eval_tier_recommended": 2}
]
}
5.4.7 Capability Negotiation¶
{
"test_id": "gc-capability-001",
"description": "Agent and steward negotiate eval tier support",
"input": {
"agent_capabilities": {
"protocol_version": "1.1.0",
"supports_governance_contracts": true,
"max_eval_tier": 2
},
"steward_capabilities": {
"protocol_version": "1.1.0",
"supports_governance_contracts": true,
"available_eval_tiers": [0, 1, 2, 3]
}
},
"expected_output": {
"negotiation_success": true,
"agreed_max_eval_tier": 2,
"protocol_version": "1.1.0",
"governance_contracts_enabled": true
}
}
5.4.8 Graceful Degradation (Conservative)¶
{
"test_id": "gc-degradation-001",
"description": "System degrades conservatively when eval tier unavailable",
"input": {
"governance_contract": {
"risk_level": "elevated_risk",
"eval_tier": 2,
"performance_budget": {
"latency_budget_ms": 1000,
"fallback_behavior": "deny"
}
},
"steward_available_tiers": [0, 1],
"tier_2_unavailable": true
},
"expected_output": {
"degraded": true,
"actual_eval_tier": 1,
"decision": "deny",
"reason": "Requested Tier 2 unavailable, degraded to Tier 1, conservative deny due to insufficient eval depth",
"governance_status": {
"contract_honored": false,
"degradation_reason": "eval_tier_unavailable",
"fallback_used": "deny"
}
}
}
5.5 Latency Conformance Tests¶
5.5.1 E2E Latency Measurement¶
{
"test_id": "latency-e2e-001",
"description": "End-to-end latency for low_risk action",
"input": {
"risk_level": "low_risk",
"eval_tier": 0,
"expected_max_latency_ms": 100
},
"measurements": {
"network_agent_to_steward_ms": 25,
"protocol_overhead_ms": 15,
"governance_eval_ms": 45,
"network_steward_to_agent_ms": 10
},
"expected_output": {
"total_latency_ms": 95,
"budget_met": true,
"breakdown": {
"network": 35,
"protocol": 15,
"governance": 45
}
}
}
5.5.2 Component Latency Breakdown¶
{
"test_id": "latency-breakdown-001",
"description": "Latency budget allocation for critical_risk",
"input": {
"risk_level": "critical_risk",
"eval_tier": 2,
"latency_budget_ms": 5000
},
"expected_allocation": {
"network_ms": 100,
"protocol_ms": 50,
"governance_eval_ms": 4850,
"total_ms": 5000
},
"actual_measurements": {
"network_ms": 85,
"protocol_ms": 45,
"governance_eval_ms": 3200
},
"expected_output": {
"total_latency_ms": 3330,
"budget_met": true,
"headroom_ms": 1670,
"budget_used_pct": 66.6
}
}
6. Validation Procedures¶
6.1 Self-Validation¶
Implementations MUST provide a self-validation endpoint:
GET /conformance/validate
Response:
status: pass|fail
level: minimal|standard|complete
version: "1.0.2"
components:
core_protocol: pass
version_negotiation: pass
ars_framework: pass
ctq_evaluation: pass
interventions: pass
tripwires: pass
trust_debt: pass
storage: pass
security: pass
test_results:
total: 157
passed: 155
failed: 2
skipped: 0
failures:
- test: "test_emergency_override_dual_approval"
reason: "Not implemented at Minimal level"
- test: "test_hsm_key_storage"
reason: "HSM not available in test environment"
6.2 External Validation¶
class ConformanceValidator:
"""External validator for ACGP implementations."""
def validate_implementation(self, endpoint: str, level: str):
results = {
'endpoint': endpoint,
'level': level,
'timestamp': datetime.utcnow().isoformat(),
'tests': []
}
# Run test categories
for category in self.get_test_categories(level):
result = self.run_category(endpoint, category)
results['tests'].append(result)
# Calculate overall result
results['passed'] = all(t['passed'] for t in results['tests'])
results['score'] = sum(t['score'] for t in results['tests']) / len(results['tests'])
# Generate certificate if passed
if results['passed']:
results['certificate'] = self.generate_certificate(results)
return results
6.3 Continuous Validation¶
continuous_validation:
schedule:
self_test: every_startup
basic_tests: daily
full_suite: weekly
security_scan: daily
performance_benchmark: weekly
alerts:
test_failure: immediate
performance_degradation: threshold_based
security_vulnerability: immediate
reporting:
dashboard: real_time
reports: weekly
compliance_attestation: monthly
7. Interoperability Requirements¶
7.1 Protocol Compatibility Matrix¶
| Component | 1.0.0 | 1.0.2 | 2.0.0 |
|---|---|---|---|
| Message Formats | (backward) | New schema | |
| ARS Framework | (enhanced) | ||
| Interventions (6 types) | |||
| Blueprint Schema | (extended) | New format | |
| Version Negotiation | - |
7.2 Cross-Version Requirements¶
def handle_version_mismatch(client_version, server_version):
"""Handle communication between different versions."""
if major_version(client_version) != major_version(server_version):
# Major version difference - limited compatibility
return use_compatibility_mode()
elif minor_version(client_version) != minor_version(server_version):
# Minor version difference - full backward compatibility
return use_lower_version_features()
else:
# Patch version difference - full compatibility
return use_full_features()
7.3 Ecosystem Compatibility¶
| External System | Required Support | Conformance Level |
|---|---|---|
| MCP | Tool protocol adapter | Standard |
| A2A | Agent communication adapter | Standard |
| OpenTelemetry | Metrics export | Standard |
| Prometheus | Metrics scraping | Optional |
| SIEM | Log forwarding | Complete |
8. Performance Benchmarks¶
8.1 Latency Requirements¶
| Operation | P50 | P95 | P99 | SLA |
|---|---|---|---|---|
| Trace Validation | 5ms | 10ms | 25ms | 99.9% |
| Version Negotiation | 10ms | 25ms | 50ms | 99.9% |
| CTQ Calculation | 20ms | 50ms | 100ms | 99.5% |
| Intervention Decision | 10ms | 25ms | 50ms | 99.9% |
| End-to-End | 50ms | 150ms | 300ms | 99% |
8.2 Throughput Requirements¶
def benchmark_throughput(implementation, level):
"""Benchmark throughput requirements by level."""
requirements = {
'minimal': {
'traces_per_second': 10,
'concurrent_agents': 10,
'burst_capacity': 100
},
'standard': {
'traces_per_second': 100,
'concurrent_agents': 100,
'burst_capacity': 1000
},
'complete': {
'traces_per_second': 1000,
'concurrent_agents': 1000,
'burst_capacity': 10000
}
}
req = requirements[level]
# Test sustained throughput
sustained = implementation.benchmark_sustained(
duration=60,
rate=req['traces_per_second']
)
assert sustained.success_rate > 0.99
# Test burst capacity
burst = implementation.benchmark_burst(
burst_size=req['burst_capacity'],
duration=10
)
assert burst.handled_all
8.3 Resource Utilization¶
| Resource | Minimal | Standard | Complete |
|---|---|---|---|
| CPU per 100 req/s | <2 cores | <1 core | <0.5 cores |
| Memory baseline | <1GB | <2GB | <4GB |
| Memory per agent | <10MB | <20MB | <50MB |
| Disk IOPS | >1000 | >5000 | >10000 |
9. Security Conformance¶
9.1 Security Test Requirements¶
class SecurityConformanceTests:
def test_authentication(self, level):
if level == 'minimal':
assert self.has_basic_auth()
elif level == 'standard':
assert self.has_mfa()
assert self.has_certificate_auth()
elif level == 'complete':
assert self.has_hsm_support()
assert self.has_zero_trust()
def test_encryption(self, level):
if level >= 'minimal':
assert self.supports_tls(version='1.2')
if level >= 'standard':
assert self.supports_tls(version='1.3')
assert self.has_encryption_at_rest()
assert self.uses_es256_signatures()
if level == 'complete':
assert self.has_field_level_encryption()
assert self.has_hsm_integration()
def test_audit(self, level):
assert self.has_audit_logging()
assert self.audit_retention_days() >= {
'minimal': 30,
'standard': 365,
'complete': 2555 # 7 years
}[level]
9.2 Vulnerability Requirements¶
| Vulnerability Class | Minimal | Standard | Complete |
|---|---|---|---|
| Critical (CVSS 9-10) | Fix in 7 days | Fix in 24 hours | Fix in 12 hours |
| High (CVSS 7-8.9) | Fix in 30 days | Fix in 7 days | Fix in 3 days |
| Medium (CVSS 4-6.9) | Fix in 90 days | Fix in 30 days | Fix in 14 days |
| Low (CVSS 0-3.9) | Best effort | Fix in 90 days | Fix in 30 days |
10. Documentation Requirements¶
10.1 Required Documentation¶
| Document | Minimal | Standard | Complete |
|---|---|---|---|
| Installation Guide | |||
| API Reference | |||
| Configuration Guide | |||
| Security Guide | - | ||
| Operations Manual | - | ||
| Troubleshooting Guide | - | ||
| Performance Tuning | - | - | |
| Disaster Recovery | - | - |
10.2 Documentation Standards¶
documentation_requirements:
format:
- markdown: primary
- html: generated
- pdf: downloadable
completeness:
- all_endpoints_documented: required
- all_parameters_explained: required
- examples_provided: required
- error_codes_listed: required
maintenance:
- version_synchronized: required
- changelog_maintained: required
- deprecation_notices: 6_months
11. Certification Process¶
11.1 Certification Levels¶
graph LR
subgraph "Self-Certification"
SELF[Run Test Suite]
PASS1[Generate Report]
SELF --> PASS1
end
subgraph "Third-Party Certification"
THIRD[External Audit]
TEST[Full Testing]
REVIEW[Code Review]
THIRD --> TEST
TEST --> REVIEW
end
subgraph "Official Certification"
SUBMIT[Submit Results]
VERIFY[Verification]
CERT[Certificate Issued]
SUBMIT --> VERIFY
VERIFY --> CERT
end
PASS1 --> SUBMIT
REVIEW --> SUBMIT11.2 Certification Requirements¶
class CertificationAuthority:
def certify_implementation(self, implementation):
requirements = {
'test_coverage': 0.95, # 95% minimum
'test_pass_rate': 0.98, # 98% minimum
'security_scan': 'pass',
'performance_benchmark': 'pass',
'documentation_complete': True,
'interoperability_verified': True,
'six_interventions': True, # CRITICAL
'version_negotiation': True # CRITICAL
}
results = self.evaluate(implementation, requirements)
if results.meets_requirements():
certificate = self.issue_certificate(
implementation=implementation,
level=results.conformance_level,
valid_until=datetime.utcnow() + timedelta(days=365),
limitations=results.limitations
)
return certificate
else:
return self.provide_gap_analysis(results)
11.3 Certification Maintenance¶
| Requirement | Frequency | Action on Failure |
|---|---|---|
| Re-testing | Annual | Certificate suspended |
| Security updates | As required | 30-day grace period |
| Version updates | Minor: optional, Major: required | 90-day transition |
| Incident disclosure | Within 72 hours | Review for impact |
12. Non-Conformance Handling¶
12.1 Non-Conformance Categories¶
| Category | Description | Response |
|---|---|---|
| Critical | Security vulnerability, data loss risk | Immediate suspension |
| Major | Core function failure, interop broken | 30-day fix required |
| Minor | Performance degradation, missing feature | 90-day fix required |
| Observation | Best practice deviation | Noted for next version |
12.2 Remediation Process¶
def handle_non_conformance(issue):
severity = assess_severity(issue)
if severity == 'critical':
# Immediate action
notify_all_users(issue)
suspend_certification()
require_immediate_patch()
elif severity == 'major':
# Time-bound fix
create_remediation_plan()
set_deadline(days=30)
monitor_progress()
elif severity == 'minor':
# Tracked improvement
add_to_backlog()
include_in_next_release()
else:
# Documentation only
document_observation()
consider_for_future()
13. Version Compatibility¶
13.1 Versioning Scheme¶
ACGP follows Semantic Versioning 2.0.0:
- Major: Breaking changes (X.0.0)
- Minor: New features, backward compatible (1.X.0)
- Patch: Bug fixes (1.0.X)
13.2 Compatibility Requirements¶
compatibility_matrix:
protocol_version_1_0:
supports: ["1.0.0", "1.0.2"]
partial: ["1.1.0", "1.2.0"]
incompatible: ["2.0.0"]
message_format_1_0:
forward_compatible: false
backward_compatible: true
migration_tool: required_for_major
feature_flags:
version_negotiation: "1.0.2+"
dynamic_retiering: "1.1.0+"
advanced_tripwires: "1.2.0+"
ml_ctq: "2.0.0+"
13.3 Migration Requirements¶
Implementations MUST:
- Provide migration tools for major version upgrades
- Support grace period with dual-version support
- Document breaking changes clearly
- Provide rollback capability
14. References¶
Normative References¶
All implementations MUST comply with:
- ACGP-1000: Core Protocol Specification
- ACGP-1001: Terminology and Definitions
- ACGP-1002: Architecture Specification
- ACGP-1003: Message Formats & Wire Protocol
- ACGP-1004: Reflection Blueprint Specification
- ACGP-1005: ARS-CTQ-ACL Integration Framework
- ACGP-1006: Certified Source Registry Specification
- ACGP-1007: Security Considerations
- ACGP-1008: Interoperability Specification
- RFC 2119: Key words for use in RFCs
Test Resources¶
- Test Vectors: https://github.com/ACGP/test-vectors
- Reference Implementation: https://github.com/ACGP/reference
- Conformance Test Suite: https://github.com/ACGP/conformance
- Certification Portal: https://ACGP.org/certification
Appendix A: Conformance Checklist¶
# ACGP Conformance Checklist v1.0.3
## Minimal Level
- [ ] Core protocol implemented
- [ ] Version negotiation functional
- [ ] Message formats validated
- [ ] OK and BLOCK interventions working (other types optional)
- [ ] Basic risk scoring (ARS calculation optional)
- [ ] CTQ evaluation optional (can use simplified scoring)
- [ ] Tripwires optional
- [ ] Local storage operational (in-memory acceptable)
- [ ] TLS optional for development environments
- [ ] Test suite passes (>95%)
## Standard Level
- [ ] All minimal requirements met
- [ ] Flag orthogonality implemented
- [ ] Trust debt system functional
- [ ] All tripwire categories (Standard, Critical, Severe)
- [ ] Blueprint inheritance working
- [ ] MCP or A2A integration
- [ ] Distributed storage
- [ ] TLS 1.3 enabled
- [ ] ES256 signatures implemented
- [ ] MFA implemented
- [ ] Monitoring active
- [ ] Test suite passes (>98%)
## Complete Level
- [ ] All standard requirements met
- [ ] Dynamic re-tiering functional
- [ ] Full tripwire system
- [ ] MPA for registry
- [ ] Both MCP and A2A
- [ ] HSM integration
- [ ] Zero-trust architecture
- [ ] Emergency override procedures
- [ ] 99.99% availability
- [ ] All benchmarks met
- [ ] Test suite passes (>99%)
End of ACGP-1009