Why two protocols
Off-surface execution — anything that leaves the runtime through a tool call or a model relay — is the most permissive boundary in the system and therefore the most strictly governed. The two protocols partition the surface:
- ATL-001 (Agent Tools & Logic Protocol) governs executable tool logic that a runtime agent invokes.
- MRP-001 (Model Relay & MCP Protocol) governs the message-class interface between models, relays, and MCP handlers.
Both are Tier 2 — Statutory. Both have status ACTIVE. Neither grants execution authority on its own; authority remains artifact-derived per the governance framework.
Plane boundary
The two protocols overlap at runtime/scripts/agent_tools/relay/mcp/. ATL-001 owns tool logic; MRP-001 owns relay/MCP framing. A handler that lives at the overlap is bound by both.
| Protocol | Scope path | Subsystem |
|---|---|---|
| ATL-001 | runtime/scripts/agent_tools/ | runtime_agent_tools |
| ATL-001 | runtime/scripts/agent_tools/relay/mcp/ | runtime_agent_tools |
| MRP-001 | runtime/scripts/model_relay/ | model_relay_mcp |
| MRP-001 | runtime/agents/mcp/ | model_relay_mcp |
| MRP-001 | runtime/scripts/agent_tools/relay/mcp/ | model_relay_mcp |
ATL-001 · agent tools
Header (verbatim)
Governance Tier: Tier 2 — Statutory Authority ID: ATL-001 Subsystem: runtime_agent_tools Status: ACTIVE
Scope
This protocol governs executable logic under runtime/scripts/agent_tools/ and runtime/scripts/agent_tools/relay/mcp/. It does not grant execution authority. Authority remains artifact-derived per governance documents.
Structural requirements (verbatim)
- Tools MUST run through governed orchestration surfaces for Gate-Exec claims.
- MCP-facing tools MUST enforce
active_envelope_hashgating before mutation-capable operations. - Tool outputs intended for governance/audit surfaces MUST be deterministic and machine-parseable.
- Drift or heartbeat outputs are evidentiary/diagnostic and MUST NOT be treated as permission artifacts.
MRP-001 · model relay
Header (verbatim)
Governance Tier: Tier 2 — Statutory Authority ID: MRP-001 Subsystem: model_relay_mcp Status: ACTIVE
Scope
This protocol governs runtime/scripts/model_relay/, runtime/agents/mcp/, and runtime/scripts/agent_tools/relay/mcp/.
Interface compliance (verbatim)
- MCP handlers/messages MUST remain schema-compatible with canonical message classes in MCP message modules.
- Relay and observer outputs (for example
dist/rael_observe_report.json) are diagnostic/evidentiary only. - Any mutation-capable MCP path MUST enforce
active_envelope_hashand fail closed when invalid.
Envelope-hash gate
Both protocols name the same gate: active_envelope_hash. This is the load-bearing connector control. Every mutation-capable path through ATL-001 or MRP-001 must:
- Read the active envelope hash from the runtime state.
- Verify the envelope is current and the path is admitted under it.
- Fail closed when the envelope hash is missing, expired, or does not admit the path.
An expired or missing envelope is not a soft warning. The mutation path must abort. Read-only and observer paths are exempt because they cannot affect governed state.
runtime/airlock/envelopes/, derived through Phase-6 admission, as described in meetLab Operations.
Diagnostic vs authority
Both protocols draw a hard line between evidentiary outputs and permission artifacts. Diagnostic outputs are useful for audit, replay, and operator triage. They do not grant authority and may not be substituted for an envelope.
| Class | Examples | Authority? |
|---|---|---|
| Permission artifact | ACK envelope, active envelope hash, NTA seal | Yes — required to mutate |
| Evidentiary / diagnostic | Drift outputs, heartbeat outputs, dist/rael_observe_report.json, relay observer logs | No — never substitute for an envelope |
| Audit-grade tool output | Deterministic, machine-parseable governance output from ATL-compliant tools | No — read-only evidence for adjudication |
Adjudication
Violations are governance boundary breaches. Both protocols escalate identically:
- ATL-001 §3: violations are treated as governance boundary breaches and must be escalated through Phase 6/6.5 controls.
- MRP-001 §3: contract violations, envelope-gate bypass, or failed relay integrity checks trigger Phase 6/6.5 compliance escalation.
Phase 6/6.5 admission is documented in meetLab Operations · IX. Both protocols are authorized under the meetLab Governance Framework v4.1.0.
Readiness checklist
Before promoting a tool, relay, or MCP handler to a governed surface, walk this list. Every item must be satisfied; none may be deferred.
- Path placement. The connector lives under one of the scoped paths in §II. Cross-path components are bound by both protocols.
- Orchestration surface. Tool execution routes through a governed orchestration surface for any Gate-Exec claim.
- Envelope gate wired. Every mutation-capable code path reads
active_envelope_hash, verifies admission, and fails closed on miss/expiry. - Schema compliance. MCP messages and handlers match canonical message classes in the MCP message modules. Schema drift is rejected at handler entry.
- Determinism. Audit-bound outputs are deterministic and machine-parseable. No timestamps, PRNG, or environment dependencies in the hashed surface.
- Diagnostic isolation. Drift, heartbeat, and observer outputs (e.g.
dist/rael_observe_report.json) are emitted as evidentiary and never treated as permission artifacts. - Fail-closed default. Absence of an envelope, schema mismatch, or relay integrity failure halts the path. There is no degraded-mode permit.
- Adjudication path known. The on-failure escalation route is Phase 6/6.5 controls; the operator knows where the violation surfaces.
- Authority sourced elsewhere. The connector consumes authority — it does not mint it. Authority comes from a persisted ACK envelope.