UAI-1 is the current public message standard for structured AI-to-AI communication.
UAIX shield mark Public interoperability charter UAIX.org Universal Artificial Intelligence Exchange Public standards publication
Current UAI-1
  • Current version UAI-1
  • Plain-English definition Open message format for auditable AI-to-AI exchange
  • Current attribution Michael Joseph Kappel, MCP
  • Start here Get Started, Project Handoff, UAI-1, validator, roadmap, and changelog

Guides

Agent Consent Boundaries

Approval rules for authentication, public posting, tool calls, memory writes, agent coordination, long-running workflows, and high-assurance evidence claims.

  • Record UAIX-DOC-2675
  • Path /en-us/guides/agent-consent-boundaries/
  • Use Canonical public record

Document status

Public standards page Published on UAIX as part of the current public standards record
Code
UAIX-DOC-2675
Surface
Guides
Access
Public and linkable

How to use this page

Use this guide to define approval boundaries for authentication, public posting, tool calls, memory writes, coordination, workflows, and high-assurance claims.

Consent boundaries turn capability into permission. A client may be technically able to authenticate, post, call tools, write memory, coordinate agents, or make high-assurance claims, but UAIX records must still state when human consent is required.

  • Authentication or use of credential references.
  • Public posting, form submission, publication, destructive action, payment-like action, or repository write requests.
  • Tool calls that affect outside systems.
  • Durable memory writes, memory promotion, or cold-memory promotion.
  • Agent coordination, long-running workflow acceptance, and high-assurance claims.

Validator expectations

  • Write-capable profiles require requires_human_consent_for.
  • POST-like records require delivery.idempotency_key.
  • Workflow and higher records preserve conversation.correlation_id and delivery.expires_at.
  • Memory-capable records recommend uai.agent.memory-proposal.v1 and require review.
  • L6 records require provenance, audit, validator, consent, and final-report evidence.

Safe default

Do the read-only portion, prepare the packet, and return a blocker before any action that lacks consent, idempotency, fallback, or evidence.

Agent Communication Operating Model

Agent runtimes execute. UAIX records the reviewed communication, memory, trust, evidence, and handoff boundary.

Use Agent Communication Operating Model when a human operator, coding agent, AI agent, or runtime implementer needs portable identity, intent, context, acknowledgement, status, blocker, memory proposal, validation evidence, correction, final report, or handoff records. The matching machine-readable assets are published through Schemas, Registry, Examples, and the Validator.

  • UAIX does not provide automatic sync, hosted messaging, runtime orchestration, official adapters, repository write execution, certification authority, or hosted import mechanisms.
  • Carcinus.org is a separate runtime/orchestrator example that may consume UAIX records. UAIX.org does not implement Carcinus runtime behavior and does not execute Carcinus workflows.
  • LocalEndPoint and other runtimes may consume the published UAIX records as external consumers; UAIX.org does not implement their project-specific runtime features.
  • Durable memory proposals stay separate from task execution records. Do not promote temporary endpoint statuses, session tokens, write tokens, beta platform instructions, local error traces, private keys, or API credentials.