RFC-0001 • DRAFT

Exogram Action
Admissibility Protocol

A deterministic control plane between AI inference and real-world execution. EAAP ensures no autonomous agent action reaches production without verified admissibility.

0
Architectural Layers
0
Protocol Invariants
0
Framework Integrations
0
Error Semantics

ABSTRACT

As AI agents transition from advisory to executive roles in production systems, the gap between probabilistic inference and deterministic execution creates a critical governance void. EAAP proposes a four-layer control plane that evaluates every proposed agent action through ledger governance, semantic retrieval, policy evaluation, and cryptographic execution gating — ensuring that no autonomous action modifies production state without verified admissibility.

Architecture Overview

EAAP Four-Layer Architecture — Ledger Governance, Meaning Engine, Judgment Engine, Action Admissibility

The Four Layers

🔒
LAYER 1
Ledger Governance

Purpose: Enforce ledger integrity

PII scrubbing via deterministic pattern detection, encryption at rest, semantic indexing, conflict detection, confidence scoring, fact locking, and audit event logging.

⚠️ No silent overwrites. Contradictions require explicit resolution.
🧠
LAYER 2
Meaning Engine

Purpose: Assemble bounded, deterministic context

Namespace isolation, deterministic relevance scoring, temporal decay weighting, conflict surfacing, context health classification, snapshot generation, and HMAC snapshot signing.

⚠️ Context assembly is mathematical, not generative.
⚖️
LAYER 3
Judgment Engine

Purpose: Deterministic admissibility evaluation

Authority validation, fact consistency enforcement, constraint evaluation, confidence threshold enforcement, and escalation classification.

⚠️ Zero LLM inference. Judgment is deterministic Python logic.
🛡️
LAYER 4
Action Admissibility

Purpose: Guarantee execution integrity

Claim extraction from payload, pre-flight conflict detection, SHA-256 state hashing, evaluation record creation, commit validation, and immutable action ledger.

⚠️ Layer 4 is the final execution gate. No action bypasses it.

“Inference is probabilistic. Execution must be deterministic.”

— EAAP Core Principle

Evaluation Protocol

1
Extract claims from payload
2
Scrub PII (deterministic)
3
Detect ledger conflicts
4
Assemble context snapshot
5
Execute Layer 3 logic gates
6
Compute SHA-256 state hash
7
Persist evaluation record
8
Return ALLOW / BLOCK decision
STATE HASH FORMULA
state_hash = SHA-256(
    sorted(relevant_objects) ||
    policy_version ||
    namespace_id ||
    floor(timestamp, window)
)

Protocol Invariants

Mandatory and non-configurable. These cannot be weakened without a major version change.

PII Air Gap
No detected PII enters persistent storage or vector embeddings
Encryption at Rest
All content encrypted with per-user Fernet keys before persistence
No Silent Overwrite
Conflicting facts require explicit resolution — never silently replaced
Namespace Isolation
Retrieval and evaluation scoped strictly to user namespace
Immutable Audit Chain
Cryptographically chained audit events — tamper-detectable
Deterministic Judgment
Execution gates use code, not LLM inference
Confidence Decay
Facts degrade in authority over time unless reinforced
State Hash Integrity
Execution requires identical state between evaluation and commit
Evaluation Expiry
Approvals expire after a defined TTL — no stale tokens
Hard Deletion (GDPR)
Full deletion removes vectors, ciphertext, and all associated records

Specification Details

Full Specification

Read the complete EAAP specification with threat model, evaluation protocol, commit guarantees, and security invariants.

Read RFC-0001 →View Pricing