[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-83041":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":9,"htmlUrl":9,"language":9,"languages":9,"totalLinesOfCode":9,"stars":10,"forks":11,"watchers":11,"openIssues":12,"contributorsCount":12,"subscribersCount":12,"size":12,"stars1d":13,"stars7d":14,"stars30d":15,"stars90d":12,"forks30d":12,"starsTrendScore":16,"compositeScore":17,"rankGlobal":9,"rankLanguage":9,"license":18,"archived":19,"fork":19,"defaultBranch":20,"hasWiki":21,"hasPages":19,"topics":22,"createdAt":9,"pushedAt":9,"updatedAt":30,"readmeContent":31,"aiSummary":32,"trendingCount":12,"starSnapshotCount":12,"syncStatus":33,"lastSyncTime":34,"discoverSource":35},83041,"Fintech-CUI-Trust-Framework","madguyevans-creator\u002FFintech-CUI-Trust-Framework","madguyevans-creator","An open-source engineering governance standard defining trust boundaries for conversational AI agents in high-stakes domains. MIT Licensed.",null,175,16,0,4,63,73,28,3.69,"MIT License",false,"main",true,[23,24,25,26,27,28,29],"ai-governance","ai-safety","conversational-ai","human-in-the-loop","open-source","protocol","trust-boundary","2026-06-12 02:04:30","# An Open Governance Standard for Conversational Finance Agents\n\n> An open-source engineering governance standard defining trust boundaries for conversational AI agents in high-stakes domains. MIT Licensed.\n\n## What is this?\n\nAn Open Governance Standard for Conversational Finance Agents is an open, MIT-licensed engineering specification that defines the structural governance components a conversational AI agent must implement before being deployed in any context where its outputs could create financial obligations, regulatory exposure, or consumer harm. It is not a software product. It is a public-domain technical specification — analogous to an RFC — that any enterprise with engineering resources can implement.\n\nThis standard is engineered under the **AI Native Engineering** paradigm: governance is not retrofitted onto AI systems after deployment as an external audit layer. Governance mechanisms — intent classification, authorization gating, generation boundary enforcement, circuit-breaking, and audit logging — are embedded as structural components from the first line of code. They are properties of the interaction architecture, not post-hoc content filters.\n\nThe standard addresses a structural vacuum: as systems shift from graphical user interfaces (GUI) to conversational user interfaces (CUI), AI agents make decisions about what to say, what to promise, and what to authorize. No shared, industry-level specification currently defines the trust boundaries within which these agents must operate.\n\n## Architecture\n\n```\nUser → [Agent Runtime] → [Protocol Middleware] → [LLM]\n │\n ┌─────┴─────┐\n │ Input │\n │ Safeguard │\n └─────┬─────┘\n │\n ┌─────┴─────┐\n │ Intent │\n │Classifier │\n └─────┬─────┘\n │\n ┌──────────────────┼──────────────────┐\n │ │ │\n ┌──────┴──────┐ ┌──────┴──────┐ ┌──────┴──────┐\n │Authorization│ │ Generation │ │ Insurance │\n │ Trigger │ │ Boundary │ │ Fuse │\n │ Engine │ │ Engine │ │ Engine │\n └──────┬──────┘ └──────┬──────┘ └──────┬──────┘\n │ │ │\n └──────────────────┼──────────────────┘\n │\n ┌─────┴─────┐\n │ Audit │\n │ Trail │\n │ Logger │\n └───────────┘\n```\n\n## Five-Layer Architecture\n\nThe standard defines five structural layers, each enforced at a specific point in the agent's generation pipeline:\n\n1. **Input Safeguard Layer** — Pre-processes user input to detect and neutralize prompt injection, PII leakage, and adversarial input patterns before downstream processing.\n2. **Intent Classifier Layer** — Classifies each conversational intent along two independent axes: Financial Commitment Risk (F0–F3) and Regulatory Sensitivity (R0–R3).\n3. **Authorization Trigger Layer** — Applies the Authorization Trigger Decision Table. If the classified intent requires authorization, the agent suspends generation and obtains explicit user confirmation before proceeding.\n4. **Generation Boundary Layer** — Enforces categorical prohibitions at two points: pre-generation (blocking before LLM invocation) and post-generation (suppressing violating output).\n5. **Audit Trail Layer** — Produces an immutable, hash-chained, machine-readable log of every generation, authorization, escalation, and circuit-break decision.\n\n## Core Mechanisms\n\n- **Authorization Trigger** — A structured taxonomy of conversational intents that require explicit user authorization before an AI agent may proceed. Intents are classified along two axes: financial commitment risk (F0–F3) and regulatory sensitivity (R0–R3). The trigger fires before the agent generates any response.\n- **Generation Boundary** — A categorical specification of content types an agent must never autonomously generate, including financial commitments, price guarantees, compliance representations, and discriminatory or deceptive outputs. Enforced at both pre-generation and post-generation stages.\n- **Insurance Fuse** — A circuit-break mechanism that severs the agent's generation privilege in real time when conversation state reaches pre-defined compliance thresholds. Unlike Authorization Trigger, which suspends generation pending user confirmation, Insurance Fuse terminates generation authority outright and transfers control to a human operator or deterministic SOP. Trigger conditions include: cumulative conversation patterns approaching regulatory limits, user vulnerability signals, and multi-turn escalation trajectories exceeding safe bounds.\n- **Audit Trail** — A standardized, immutable log format capturing every generation, authorization, escalation, and fuse-trigger decision with full decision-chain traceability, supporting both internal governance and third-party audit.\n- **Three-Tier Adoption Model** — Lite (default configuration, zero customization), Standard (designated audit role), and Full (forkable for enterprise integration). The same specification serves both small organizations and large enterprises.\n\n## Core\u002FMapping Decoupling\n\nA defining architectural property of this standard is the separation of core governance logic from jurisdiction-specific compliance rules. The five layers remain architecturally invariant across deployment contexts. Jurisdiction-specific requirements — retention periods, notification thresholds, additional prohibited content categories — are configured through a Compliance Mapping Layer without modifying the core specification.\n\n## Who is this for?\n\nAny enterprise whose conversational AI agents handle interactions that touch payments, financial commitments, or regulated consumer decisions — including financial institutions, healthcare booking platforms, legal intake services, education enrollment systems, and retail delivery platforms.\n\n## Getting Started\n\n- **Lite** — Read the spec. Deploy the reference implementation with default configuration. Zero customization required.\n- **Standard** — Read the spec. Deploy the reference implementation. Assign one person to periodic audit review.\n- **Full** — Fork the spec and reference implementation. Integrate with existing compliance infrastructure. Customize the compliance mapping layer.\n\nSee [`\u002Fspec`](.\u002Fspec\u002F) for the full specification.\n\n## Repository Structure\n\n```\n├── README.md ← You are here\n├── LICENSE ← MIT\n├── spec\u002F ← The protocol specification (the core artifact)\n├── src\u002F ← Reference implementation\n└── background\u002F ← Research foundation — concept paper, architecture whitepaper, research proposal\n```\n\n## Background\n\n- [Concept Paper](.\u002Fbackground\u002Fconcept-paper.pdf) — Academic framing: AI governance framework and trust mechanisms\n- [Architecture Whitepaper](.\u002Fbackground\u002Farchitecture-whitepaper.pdf) — The 5-Layer reference architecture\n- [Research Proposal](.\u002Fbackground\u002Fresearch-proposal.pdf) — Empirical study design: GenAI as process innovation in organizational contexts\n\n## License\n\nMIT — see [LICENSE](.\u002FLICENSE).\n","该项目是一个为高风险领域中的对话式AI代理定义信任边界的开源工程治理标准。它通过内置的治理机制,如意图分类、授权门控、生成边界执行、断路器和审计日志记录,确保AI系统在任何可能产生财务义务、监管风险或消费者伤害的情境下安全运行。这些机制从代码的第一行开始就作为结构组件嵌入,而非事后添加的安全层。适用于金融机构或任何需要确保其对话式AI应用可靠性和合规性的企业场景中。",2,"2026-06-11 04:09:58","CREATED_QUERY"]