AIFC-090: Agent-Actionable Standard

Status: Draft 0.1 Standard: AI-First Community Standard Abbreviation: AIFC Builds on:

• AIFC-000 Manifest of an AI-First Community
• AIFC-001 Core Concepts
• AIFC-010 Knowledge Structure
• AIFC-012 Metadata and Markdown
• AIFC-013 Human and AI Readable Content
• AIFC-020 Human-Managed AI
• AIFC-023 AI as Team Member
• AIFC-043 Skill Evolution
• AIFC-044 Human Skills and AI Skills
• AIFC-050 Community Interface
• AIFC-060 Knowledge Security
• AIFC-061 Access Control
• AIFC-062 Agent Permissions
• AIFC-063 Auditability
• AIFC-064 Data Classification
• AIFC-080 Compliance Levels
• AIFC-081 Minimal AIFC Compliance
• AIFC-082 Certification Model

Purpose of this document: To define AIFC as a standard that is not only a human-readable document, but also an agent-usable and partially software-verifiable system of rules, schemas, templates, workflows, skills, validation rules, and examples. This document describes how AIFC should be structured so that people can understand it, AI agents can act according to it, and software can verify conformance.

1. Purpose of this document

This document defines the Agent-Actionable Standard.

AIFC should not be only a set of texts that a human reads and interprets manually.

AIFC should be a standard that can be used to create a community knowledge base, establish a source of truth, design a Human Cockpit Layer, set AI governance, create AI skills, create human skills, validate metadata, check compliance, generate templates, prepare change proposals, audit critical actions, run AI agents in governed scope, and gradually build an AI-first, human-managed community.

In other words:

AIFC should be readable by humans,
usable by agents,
and partially verifiable by software.

2. Core principle

The core principle of this document is:

Every important AIFC concept should have human meaning, agent behavior and validation logic where practical.

AIFC states:

Do not leave the standard trapped in prose.
Turn principles into usable system capability.

3. Definition

Agent-Actionable Standard is a standard structured so that its rules, concepts, requirements, and workflows can be used not only by humans, but also by AI agents and software.

Agent-Actionable Standard contains human-readable principles, machine-readable schemas, metadata conventions, templates, validation rules, agent skills, human skills, workflow definitions, examples, anti-patterns, compliance checks, audit requirements, source of truth structures, and operational guidance.

Minimum requirement

The AIFC standard must be designed so that key requirements can be converted into templates, metadata, agent skills, or validation rules.

4. Three-layer model

AIFC recommends a three-layer model:

Human meaning
-> Agent behavior
-> Software validation

Human meaning

A person understands why the rule exists.

Agent behavior

An AI agent knows how to act according to the rule.

Software validation

Software can verify some formal conditions.

Example:

Human meaning:
AI agent must have an owner because responsibility must remain human/community-owned.

Agent behavior:
When creating or reviewing an AI agent, check whether owner is defined. If missing, create a governance gap.

Software validation:
agent_permissions.owner must not be empty.

Minimum requirement

For key AIFC requirements, it should be clear whether they are human guidance, agent-actionable rules, or software-verifiable rules.

5. Human-readable layer

The human-readable layer explains meaning.

It contains principles, definitions, reasons, examples, anti-patterns, decision guidance, minimum requirements, value frames, risks, and recommendations.

This layer prevents the standard from becoming only a technical specification without meaning.

Minimum requirement

Every agent-actionable or software-verifiable rule must have a human-understandable reason or reference to a principle.

6. Agent-actionable layer

The agent-actionable layer tells an AI agent how to act.

It may contain role instructions, task procedures, review checklists, classification guidance, escalation rules, approval rules, output format, forbidden actions, uncertainty handling, evidence requirements, source of truth write-back rules, and change proposal creation rules.

Example:

If an AI-generated output updates a critical decision, do not mark it as active. Create a draft decision record and request human approval.

Minimum requirement

Agent-actionable rules must clearly distinguish allowed actions, forbidden actions, and escalation triggers.

7. Software-verifiable layer

The software-verifiable layer checks formal conditions.

Not everything can be verified by software, but many things can: every AI agent has an owner, every restricted artefact has classification, every critical workflow has fallback, every public claim has review status, every active decision record has an owner, every restricted content export has approval, every Operational DNA artefact has access rule, and every compliance assessment has scope and validity.

The software-verifiable layer does not own meaning. It only checks that structure does not violate defined rules.

Minimum requirement

Repeatable formal AIFC requirements should be converted into validation rules where practical.

8. AIFC repository structure

The AIFC standard should be organized as a living repository.

Recommended structure:

/aifc-standard
  /manifest
  /core
  /knowledge
  /human-managed-ai
  /governance
  /learning
  /interfaces
  /security
  /company-as-system
  /compliance
  /agent-actionable
    /schemas
    /templates
    /validation-rules
    /agent-skills
    /human-skills
    /workflows
    /examples
    /test-cases

The text part of the standard defines meaning. The agent-actionable part defines usable artefacts.

Minimum requirement

The AIFC standard repository must separate human standard text from agent-actionable artefacts while maintaining links between them.

9. Schemas

Schemas define structured data.

Example schemas include community profile, purpose record, values record, decision record, change proposal, AI-NDA Boundary, agent permissions, access policy, classification, audit event, compliance assessment, workflow conversion record, skill record, feedback signal, and ghost risk assessment.

Schemas enable consistency, validation, form generation, agentic processing, reporting, and compliance checks.

Minimum requirement

Critical AIFC artefacts should have a schema or at least a recommended structure.

10. Templates

Templates help people and agents create artefacts correctly.

Examples include purpose statement template, values and non-negotiables template, decision record template, change proposal template, AI use inventory template, agent permissions template, AI retrospective template, fallback template, public transparency statement, ghost AI company risk checklist, and minimal compliance assessment.

Templates reduce friction, but must not become empty compliance theater.

Minimum requirement

Templates must include not only fields, but also instructions for meaning and use.

11. Validation rules

Validation rules check whether artefacts meet formal requirements.

Examples:

Every agent_permissions record must have owner.
Every restricted artefact must have classification.
Every critical workflow must have fallback.
Every compliance assessment must have scope.
Every public claim must have approval.

Validation rules may be checked manually, by scripts, CI/CD, cockpit, or agents.

Minimum requirement

Validation rules must reference the AIFC requirement they verify.

12. Agent skills

Agent skills tell AI agents how to work according to AIFC.

Examples include AIFC Knowledge Maintenance Skill, Classification Review Skill, Change Proposal Skill, Decision Record Skill, AI Retrospective Skill, Workflow Conversion Skill, Ghost Risk Review Skill, Compliance Assessment Skill, and Source of Truth Migration Skill.

An agent skill must contain role, purpose, inputs, allowed actions, forbidden actions, output format, escalation rules, uncertainty handling, evidence requirements, source of truth rules, and safety boundaries.

Minimum requirement

AIFC agent skills must not expand agent permissions; they must operate within permissions.

13. Human skills

Human skills tell people how to perform capabilities without full AI dependency.

Examples include how to review AI output, classify knowledge, run AI retrospective, approve decision records, maintain source of truth, handle an AI incident, run reduced-AI mode, and detect ghost AI company risk.

Human skills are part of Human Capability Reserve.

Minimum requirement

Critical agent skills must have a corresponding human skill or fallback guidance.

14. Workflows

Workflow definitions describe repeatable procedures.

Examples include creating a change proposal, approving an AI-generated output, classifying a new artefact, onboarding or offboarding an AI agent, running AI retrospective, performing minimal compliance assessment, public release review, handling AI-NDA Boundary violation, and reviewing generated company launch.

A workflow may be human-only, AI-assisted, agent-assisted, or software-validated.

Minimum requirement

Critical AIFC workflows must have owner, inputs, outputs, approval points, and fallback where relevant.

15. Examples

Examples are critical for understanding.

AIFC should include good examples, bad examples, minimal examples, advanced examples, redacted real-world patterns, toy examples for learning, enterprise examples, small community examples, digital company examples, and AI agent examples.

Examples help both people and AI agents.

Minimum requirement

Templates and agent skills should include examples where misunderstanding risk is high.

16. Test cases

Test cases help verify whether rules work.

Example:

Input:
AI agent has write access to source of truth but no owner.

Expected:
Validation fails.
Agent governance gap is created.
No production use allowed.

Test cases can support validators, agents, cockpits, compliance reviewers, and implementers.

Minimum requirement

Critical validation rules should have positive and negative test cases where practical.

17. Requirement traceability

Every agent-actionable artefact must be traceable to a standard requirement.

Example:

validation_rule:
  id: VR-AGENT-OWNER-001
  checks: agent_permissions.owner not empty
  source_requirement: AIFC-062 Minimal requirements #4
  severity: critical

Traceability prevents the agent-actionable layer from drifting into its own logic.

Minimum requirement

Schemas, templates, validation rules, and skills must reference source standard requirements where practical.

18. Severity levels

Validation findings should have severity.

Recommended levels:

info
warning
minor
major
critical

info

Recommendation or note.

warning

Possible problem.

minor

Low-risk or local nonconformity.

major

Significant nonconformity with governance impact.

critical

Nonconformity that blocks safe use or compliance claim.

Minimum requirement

Validation findings must classify severity and recommended action.

19. Agent-actionable does not mean fully autonomous

Agent-actionable standard does not mean AI can do everything by itself.

It means AI understands what to check, what it may propose, what it must not do, when to escalate, what format to produce, and what evidence to require.

Agent-actionable is support for governance, not replacement of governance.

Minimum requirement

Agent-actionable rules must preserve human or community ownership of critical decisions.

20. Source of truth write-back

An AI agent may create source of truth change proposals.

Write-back must be governed.

Recommended pattern:

AI observes
-> AI drafts
-> AI creates proposal
-> human/community review
-> approved write-back
-> audit

AI must not write critical changes as active without permission.

Minimum requirement

AI write-back to source of truth must distinguish draft, proposal, approved, and active states.

21. Uncertainty handling

Agent-actionable standard must teach AI to handle uncertainty.

AI should mark assumptions, unknowns, missing evidence, conflicting sources, low confidence, need for human review, potential risk, and classification uncertainty.

Minimum requirement

Agent skills must require uncertainty marking for critical outputs.

22. Evidence handling

An AI agent must not only assert. It should provide evidence.

Evidence may be source artefact, metadata, audit record, decision record, previous assessment, user-approved input, or system validation result.

If evidence is missing, the agent should create a gap or question.

Minimum requirement

Compliance, security, and governance agents must distinguish evidence from inference.

23. Gap creation

Agent-actionable standard should support gap creation.

If an agent finds a missing element, it must not invent it. It should create a governance gap, compliance gap, knowledge gap, security gap, classification gap, agent permissions gap, fallback gap, or evidence gap.

Minimum requirement

Agents must create gaps or proposals instead of silently fabricating missing governance artefacts.

24. Safe defaults

AIFC agent-actionable rules must have safe defaults.

Examples: if classification is missing, treat as internal or restricted according to context; if owner is missing, do not approve; if AI-NDA Boundary is missing, do not process non-public data; if public claim is unreviewed, do not publish; if agent permissions are missing, do not activate the agent; if fallback is missing, flag critical workflow risk.

Minimum requirement

Agent-actionable workflows must define safe default behavior for missing critical metadata.

25. Validation vs judgment

Software validation can verify structure. It cannot fully verify meaning.

For example, software can verify:

purpose exists

But people must assess:

purpose is meaningful and owned

AI may help with judgment, but must not automatically close it in critical areas.

Minimum requirement

AIFC must distinguish formal validation from human or community judgment.

26. Human Cockpit integration

The Human Cockpit Layer may use the agent-actionable standard.

It may show missing owners, invalid metadata, compliance gaps, agent proposals, pending approvals, source of truth health, fallback gaps, AI-NDA Boundary gaps, ghost risk indicators, and workflow conversion candidates.

The cockpit is the human interface over the agent-actionable system.

Minimum requirement

The Human Cockpit Layer must show agent-actionable findings in human-readable and decision-ready form.

27. CI/CD and validation

If the source of truth is in Git or a similar system, validation rules may run in CI/CD.

Examples: fail pull request if critical metadata are missing, warn if review date expired, block if restricted artefact has public release flag, block if AI agent has no owner, warn if fallback is missing, and warn if compliance assessment expired.

Minimum requirement

Where source of truth is versioned, critical validation rules should be runnable in review workflow where practical.

28. Agent-actionable compliance

Compliance assessment may be partially agent-actionable.

An AI agent may collect evidence, map requirements, identify gaps, prepare assessment draft, propose roadmap, mark uncertainty, and prepare reviewer checklist.

But a responsible human or community role must approve certification or compliance claim.

Minimum requirement

AI may prepare compliance assessment, but the human or community reviewer must own the compliance claim.

29. Agent-actionable security

Security requirements may be partially validated.

Examples include missing classification, missing owner, public artefact with Operational DNA marker, AI processing allowed without AI-NDA Boundary, export allowed for restricted artefact without approval, agent with tool access and no audit flag, and expired access review.

Minimum requirement

High-risk security validation findings must trigger review, escalation, or blocking behavior.

30. Agent-actionable learning

The learning layer may be agent-actionable.

AI may detect repeated corrections, repeated AI waste, recurring support signals, workflow conversion candidates, skill update candidates, documentation gaps, and maintenance debt.

AI may prepare proposals. People decide what becomes system capability.

Minimum requirement

Agent-actionable learning must convert patterns into proposals, not silently change critical workflows.

31. Versioning

Agent-actionable artefacts must be versioned, including schemas, templates, validation rules, agent skills, human skills, workflows, and examples.

Versioning matters because a rule change can change agent behavior and validation.

Minimum requirement

Agent-actionable artefacts must have versioning or change history.

32. Compatibility

Changing a schema or rule may break an existing knowledge base.

Compatibility must address migration notes, deprecated fields, required fields, backward compatibility, validation version, agent skill compatibility, and cockpit compatibility.

Minimum requirement

Breaking changes in schemas, validation rules, or agent skills must be documented and migration-guided.

33. Portability

AIFC must not be locked into one tool.

Agent-actionable artefacts should be text-readable, exportable, versionable, usable by different AI agents, usable by different cockpit implementations, and independent of one vendor where possible.

Minimum requirement

Critical agent-actionable artefacts should be portable and not stored only in proprietary AI vendor systems.

34. Security of agent-actionable artefacts

Agent-actionable artefacts may be sensitive.

Agent skills may reveal Operational DNA, validation rules may reveal security boundaries, schemas may reveal governance model, examples may contain internal patterns, and test cases may show weaknesses.

They must be classified and protected.

Minimum requirement

Agent-actionable artefacts must be classified and protected according to what they reveal.

35. Public vs internal agent-actionable artefacts

Some artefacts may be public, such as generic templates, public standard schemas, sample examples, and public validation rules.

Others must be internal or restricted, such as company-specific workflows, operational agent skills, security validation rules, customer-specific examples, and Operational DNA workflows.

Minimum requirement

AIFC implementations must distinguish public standard artefacts from community-specific operational artefacts.

36. Agent-actionable anti-patterns

AIFC rejects these anti-patterns.

36.1 Prose-only standard

The standard is only text and cannot be practically used.

36.2 Schema without meaning

A schema exists, but it is unclear what principle it protects.

36.3 Validation without judgment

The system treats valid metadata as real maturity.

36.4 Agent skill without permissions

An agent skill describes behavior but is not constrained by permissions.

36.5 Automation of responsibility

AI or software automatically approves things that must be owned by a person or community.

36.6 Templates as theater

Templates are filled for compliance but not used in work.

36.7 Hidden proprietary rule base

Critical rules are hidden in a vendor system and cannot be exported.

36.8 Examples with leaked Operational DNA

Examples reveal sensitive know-how.

36.9 Validation overload

The system generates so many warnings that people stop noticing critical signals.

36.10 Agent silently fixes governance

The agent changes critical governance artefacts without proposal, review, and audit.

36.11 No traceability

A validation rule or agent skill is not traceable to a standard requirement.

36.12 AI treats draft standard as active

The agent uses a draft rule as an active requirement without status.

37. Minimal requirements

AIFC Agent-Actionable Standard must at minimum:

1. Make key requirements convertible into templates, metadata, agent skills, or validation rules.
2. Clarify whether key requirements are human guidance, agent-actionable rules, or software-verifiable rules.
3. Give every agent-actionable or software-verifiable rule a human-understandable reason or principle reference.
4. Distinguish allowed actions, forbidden actions, and escalation triggers.
5. Convert repeatable formal requirements into validation rules where practical.
6. Separate human text from agent-actionable artefacts while maintaining links.
7. Give critical artefacts schemas or recommended structures.
8. Include fields, meaning, and usage instructions in templates.
9. Reference AIFC requirements from validation rules.
10. Keep agent skills within agent permissions.
11. Pair critical agent skills with human skills or fallback guidance.
12. Give critical workflows owner, inputs, outputs, approval points, and fallback where relevant.
13. Include examples in templates and agent skills where misunderstanding risk is high.
14. Give critical validation rules test cases where practical.
15. Reference source requirements from schemas, templates, validation rules, and skills where practical.
16. Classify validation finding severity and recommended action.
17. Preserve human or community ownership of critical decisions.
18. Distinguish draft, proposal, approved, and active states for AI write-back.
19. Require uncertainty marking for critical outputs.
20. Distinguish evidence from inference in governance and compliance agents.
21. Create gaps or proposals instead of fabricating missing governance artefacts.
22. Define safe defaults for missing critical metadata.
23. Distinguish formal validation from human or community judgment.
24. Show findings in human-readable, decision-ready form in the Human Cockpit Layer.
25. Run critical validation rules in review workflow where practical.
26. Allow AI to prepare compliance assessment while human or community reviewer owns the claim.
27. Trigger review, escalation, or blocking behavior for high-risk security findings.
28. Convert learning patterns into proposals.
29. Version agent-actionable artefacts.
30. Document breaking changes and migration guidance.
31. Keep critical agent-actionable artefacts portable and outside proprietary-only storage.
32. Classify and protect agent-actionable artefacts according to what they reveal.
33. Distinguish public standard artefacts from community-specific operational artefacts.

38. Summary

Agent-Actionable Standard is the step that makes AIFC more than text.

AIFC should not be only documentation about responsible AI use. It should be a system of rules, templates, schemas, skills, and validation checks through which a community can be built, governed, checked, and improved.

AIFC states:

Write principles for humans.
Write instructions for agents.
Write rules for software.
Keep responsibility with the community.

Agent-actionable does not mean autonomous without people.

It means AI agents can safely help because they understand rules, boundaries, formats, evidence, uncertainty, and escalation.

Agent-Actionable Standard turns AIFC from written guidance into usable community operating capability.