pic-standard 0.1.1

PIC Standard: Provenance & Intent Contracts for agentic side-effect governance

PIC Standard: Provenance & Intent Contracts

The Open Protocol for Causal Governance in Agentic AI.

---

Quickstart (60 seconds)

Option A — Install from PyPI (recommended)

Use this once pic-standard is published on PyPI.

pip install pic-standard

Verify an example proposal:

pic-cli verify examples/financial_irreversible.json

Expected output:

✅ Schema valid
✅ Verifier passed

Validate schema only:

pic-cli schema examples/financial_irreversible.json

Expected output:

✅ Schema valid

Option B — Install from source (dev / contributors)

git clone https://github.com/madeinplutofabio/pic-standard.git
cd pic-standard
pip install -e .
pip install -r sdk-python/requirements-dev.txt

Run tests:

pytest -q

Run the CLI:

pic-cli verify examples/financial_irreversible.json

Expected output:

✅ Schema valid
✅ Verifier passed

---

Stability & Versioning

• PIC/1.0 refers to the proposal schema protocol version.
• The Python package follows Semantic Versioning. Breaking changes will bump the major version.

---

1. The Core Thesis: Closing the "Causal Gap"

Traditional AI safety focuses on Dialogue Guardrails. However, enterprise agents operate via Side Effects (API calls, financial transfers).

The Causal Gap occurs when an agent performs a high-impact action based on instructions from an untrusted source (e.g., Indirect Prompt Injection). PIC bridges this gap by enforcing a machine-verifiable contract between Input Provenance and Action Impact.

🔍 Comparative Landscape

Feature	CaMeL	RTBAS	PIC Standard
Primary Focus	Multi-Agent Dialogue	Physical/Robotic Safety	Business Logic & Side Effects
Enforcement	Cognitive/Reasoning	Sensor-based	Causal Contract (JSON Schema)
Target Domain	Research/Chat	Robotics	SaaS / FinTech / Enterprise

---

2. Technical Glossary

• Action Proposal: A JSON contract generated by the agent before tool execution.
• Causal Taint: When an untrusted input influences a high-impact output without trusted evidence.
• Impact Class: A taxonomy of risk (e.g., money, privacy, compute).
• Provenance Triplet: The classification of data sources into Trusted, Semi-Trusted, or Untrusted.

---

3. How It Works (The Flow)

graph TD
    A[Untrusted Input] --> B{AI Agent / Planner}
    C[Trusted Data/DB] --> B
    B --> D[Action Proposal JSON]
    D --> E[PIC Verifier Middleware]
    E --> F{Valid Contract?}
    F -- Yes --> G[Tool Executor]
    F -- No --> H[Blocked / Alert Log]

---

4. v1.0 Roadmap

• Phase 1 (MVP): Standardize money and privacy Impact Classes.
• Phase 2 (SDK): Reference Python/Pydantic implementation.
• Phase 3 (Integrations): Native middleware for LangGraph and CrewAI.
• Phase 4 (Advanced): Cryptographic signing for trusted provenance.

---

🤝 Community & Governance

The PIC Standard is an open-source movement. We are actively seeking:

• Security Researchers to stress-test causal logic.
• Framework Authors to build native PIC integrations.
• Enterprise Architects to define domain-specific Impact Classes.

Maintained by @fmsalvadori   MadeInPluto