The AI Application Protocol (AIAP) is an open standard that defines how AI programs are structured, validated, and secured. While protocols like A2A address how agents communicate and MCP defines how models access tools, AIAP addresses a different challenge: how AI programs themselves should be governed.
AIAP ensures that autonomous AI systems operate with:
- Deterministic structure through the AISOP blueprint format (
.aisop.json) - Verifiable quality through the ThreeDimTest quality framework (Correctness, Intrinsic, Detail)
- Graduated security through trust levels (T1-T4) and threat-aware validation (AT1-AT6)
- Immutable alignment through Axiom 0: Human Sovereignty and Benefit
As AI agents become more capable and autonomous, the risk of uncontrolled hallucination, alignment drift, and security violations grows. Traditional "prompt engineering" attempts to solve this by adding more instructions — which paradoxically increases entropy and ambiguity. AIAP takes the opposite approach:
- Semantic Compiling — AIAP validators act as compilers, rejecting ambiguous instructions, unhandled error routes, and semantic contradictions before runtime.
- Zero-Entropy Resonance — By collapsing the possibility space through rigid structural patterns, AIAP minimizes the tokens available for free-form interpretation.
- L0/L1 Isolation — Strict separation of machine-readable state (L0) from human-readable narrative (L1) prevents cross-contamination in multi-agent cascades.
- Axiom 0 Enforcement — Hard alignment to "Human Sovereignty and Benefit" at the protocol level, not as a suggestion but as an immutable constraint.
| Feature | Description |
|---|---|
| AISOP Blueprints | .aisop.json files define agent behavior through Mermaid flowcharts as deterministic execution paths |
| Structural Patterns | Seven patterns (A-G) from single scripts to embedded runtimes with tool directories |
| Quality Standards | 50+ validation rules across Correctness (C1-C7), Intrinsic (I1-I13), and Detail (D1-D10) dimensions |
| Trust Levels | Four graduated levels: T1 (metadata-only) to T4 (autonomous with network access) |
| Threat Taxonomy | Six attack categories (AT1-AT6) with Code Trust Gate verification for embedded code |
| Program Lifecycle | Draft → Active → Deprecated → Archived with migration guides |
| Interoperability | Bidirectional MCP tool mapping, A2A agent card integration, Pattern G embedded runtimes |
| Governance Hash | SHA-256 integrity verification of all .aisop.json files in a program |
| AIAP Packaging | .aiap archive format with manifest, file hashes, and Code Trust Gate |
AIAP operates over the AISOP (AI Standard Operating Procedure) format through a tripartite federated trust model:
┌─────────────────────────────────────────────────────┐
│ AIAP Governance Stack │
├─────────────────────────────────────────────────────┤
│ │
│ aisop.dev (Seed Layer) │
│ Defines the .aisop.json format specification │
│ Neutral, static, foundational │
│ ↓ │
│ aiap.dev (Authority Layer) │
│ Defines governance rules, quality standards, │
│ security constraints, and Axiom 0 enforcement │
│ ↓ │
│ soulbot.dev (Executor Layer) │
│ Reference runtime that executes AISOP code, │
│ resolves tools, manages memory and permissions │
│ │
├─────────────────────────────────────────────────────┤
│ Axiom 0: Human Sovereignty and Benefit (Immutable) │
└─────────────────────────────────────────────────────┘
┌──────────────────────────────────────┐
│ A2A Protocol — Agent Communication │ How agents talk to each other
├──────────────────────────────────────┤
│ MCP Protocol — Tool Access │ How agents access tools and data
├──────────────────────────────────────┤
│ AIAP Protocol — Program Governance │ How agent programs are structured,
│ │ validated, and secured
├──────────────────────────────────────┤
│ AISOP Format — Blueprint Language │ The .aisop.json execution format
├──────────────────────────────────────┤
│ LLM Runtime — Model Execution │ Claude, Gemini, GPT, etc.
└──────────────────────────────────────┘
- Protocol Specification: Read the complete structural rules in
specification/AIAP_Protocol.md - Quality Standards: Review the validation rules in
specification/standards/ - Conceptual Guides: Explore topics in
docs/topics/for accessible explanations - Practical Guides: Follow step-by-step tutorials in
docs/guides/ - Examples: See working AIAP programs in
examples/ - Reference: Look up fields, rules, and terms in
docs/reference/
Every AIAP program lives in an *_aiap/ directory with this minimum structure:
my_program_aiap/
├── AIAP.md # Governance contract (identity, tools, modules, trust)
├── main.aisop.json # Entry point (intent router for Pattern B+)
├── module1.aisop.json # Functional module
├── module2.aisop.json # Functional module
└── memory/ # Optional: state persistence (Pattern E)
The AIAP.md file serves as the program's governance contract, declaring its protocol compliance, tools, modules, trust level, and capabilities. It is the entry point for both human review and automated discovery.
We welcome contributions to enhance and evolve the AIAP protocol!
- Questions & Discussions: Use GitHub Discussions
- Issues & Feedback: Report issues via GitHub Issues
- Contribution Guide: See CONTRIBUTING.md for details
This project is licensed under the Apache License 2.0 — see the LICENSE file for details.
Copyright 2026 AIXP Foundation AIXP.dev | AIAP.dev
Align: Human Sovereignty and Benefit. Version: AIAP V1.0.0. www.aiap.dev