RFC-ATF-9 specifies the Public Governance Layer (PGL) of the Agent Trust Fabric — the ninth RFC in the ATF Open Standard series published by OMNIX QUANTUM LTD. RFC-ATF-9 answers three questions that no prior RFC in the series addresses — questions asked not from inside the governance chain but from outside it: The External Trust Gap: How does a regulator, partner, or court verify — without any account, API key, or access to OMNIX — that a specific AI decision was governed? The Proof of Governance Registry (PoGR) answers this with a globally accessible, append-only, post-quantum-sealed certificate registry: the world's first public infrastructure for AI governance attestation. The analogy is precise: PoGR is the CA-equivalent infrastructure for AI governance decisions — the 'SSL for AI decisions. ' The Consequence Boundary Gap: How does a downstream settlement system block execution unless a valid governance certificate exists? The OMNIX Settlement Gate (OSG) answers this with a commitment-time enforcement layer that is ledger-agnostic (XRPL, ETH, SWIFT, FIX), unconditionally fail-closed (OSG-INV-001), and produces an independently verifiable Validation Receipt (VR) at every gate decision. The Integration Complexity Gap: How does an AI developer integrate all eight prior ATF layers simultaneously without knowing the internal architecture? The OMNIX Governance Runtime (OGR) answers this with a session-oriented integration API that activates every ATF layer through a single start/turn/close lifecycle — three API calls that activate 142 invariants. PoGR architecture: The Proof of Governance Registry issues PoG Certificates (PoGC: POGC-HEX16) that are: PQC-signed with ML-DSA-65 (FIPS 204), backed by a sealed OGR session's CTCHC hash (PoGR-INV-001), append-only (PoGR-INV-002), zero-trust verifiable (PoGR-INV-003), explicit-TTL renewable (PoGR-INV-004), and protected by a Three-Channel Trust Anchor (API, DNS TXT, Zenodo quarterly — PoGR-INV-005). Revocation requires an issuer-signed ML-DSA-65 proof (PoGR-INV-006). OSG architecture: The Settlement Gate validates PoGCs at the consequence boundary through a five-step atomic protocol: existence check, status check, TTL coverage (PoGC must not expire before settlementdeadline — OSG-INV-004), signature verification, and Validation Receipt issuance. Every APPROVED VR carries the complete audit chain: pogcᵢd + sessionᵢd + ctchcₛealₕash (OSG-INV-006). OGR architecture: The Governance Runtime activates all eight prior ATF layers through three methods: startₛession (7 layer activations), recordₜurn (6 per-turn activations including BAR+CCS+CTCHC+AGVP+MIVP+CGE), closeₛession (5 close activations including CTCHC seal + PoGC issuance + PGT + SCR). OGR-INV-001 mandates simultaneous activation of all applicable layers without selective opt-out. 13 new invariants are introduced: PoGR-INV-001–006, OSG-INV-001–006, OGR-INV-001. Combined with the 129 invariants of RFC-ATF-1 through RFC-ATF-8, the ATF stack reaches 142 formally specified invariants across 25 protocol families. An implementation complying with RFC-ATF-1 through RFC-ATF-9 is designated ATF-POGR-Compliant — the ninth compliance tier in the ATF stack. Compliance hierarchy: ATF-ID-Compliant → … → ATF-SCGC-Compliant (119 inv. ) → ATF-OGC-Compliant (129 inv. ) → ATF-POGR-Compliant (142 inv. ) Regulatory alignment: EU AI Act Art. 9 (PoGC = cryptographic risk management record), Art. 12 (PoGR = tamper-evident external audit log), Art. 13 (public /v1/pogr/verify/id endpoint), Art. 17 (OGR = standardized governance process) ; GDPR Art. 22 (PoGC = subject-verifiable automated decision evidence) ; NIST AI RMF GOVERN 1. 1 + GOVERN 6. 2. Related ADRs: ADR-184 (OGR), ADR-186 (PoGR), ADR-187 (PoGR API), ADR-188 (OSG). First PoGC issued: POGC-GENESIS-E071CC96 (2026-05-26).
Harold Alberto Nunes Rodelo (Fri,) studied this question.