Network Working Group C. Vidiniotis Internet-Draft AutoCyber AI Pty Ltd Intended status: Informational 24 May 2026 Expires: 25 November 2026 Context Relay Protocol (CRP) -- HTTP Header Field Vocabulary draft-vidiniotis-crp-headers-00 Abstract This document defines the complete vocabulary of HTTP header fields for the Context Relay Protocol (CRP). CRP header fields carry AI- specific metadata — context quality, safety risk, provenance integrity, regulatory classification, agent state, and memory layer information — as standard HTTP header fields on AI request/response cycles. This specification provides normative definitions for 58 header fields across six namespaces, suitable for provisional registration in the IANA HTTP Field Name Registry. Feedback This is a working draft intended for submission as an IETF Internet- Draft (draft-vidiniotis-crp-headers-00). Comments and issues: https://github.com/crprotocol/spec/issues (https://github.com/crprotocol/spec/issues). The header field definitions in this document are also the basis for IANA provisional registration requests. All CRP header fields use the CRP- prefix. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on 25 November 2026. Vidiniotis Expires 25 November 2026 [Page 1] Internet-Draft CRP Headers May 2026 Copyright Notice Copyright (c) 2026 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/ license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 4 1.1. Motivation . . . . . . . . . . . . . . . . . . . . . . . 4 1.2. Scope . . . . . . . . . . . . . . . . . . . . . . . . . . 5 1.3. Relationship to HTTP . . . . . . . . . . . . . . . . . . 5 2. Conventions . . . . . . . . . . . . . . . . . . . . . . . . . 5 2.1. Directionality Notation . . . . . . . . . . . . . . . . . 5 2.2. Value Notation . . . . . . . . . . . . . . . . . . . . . 6 2.3. Default Behaviour . . . . . . . . . . . . . . . . . . . . 6 3. Header Field Design Principles . . . . . . . . . . . . . . . 6 4. Namespace: CRP-Context-* . . . . . . . . . . . . . . . . . . 7 4.1. CRP-Context-Quality-Tier . . . . . . . . . . . . . . . . 7 4.2. CRP-Context-Window . . . . . . . . . . . . . . . . . . . 8 4.3. CRP-Context-Saturation . . . . . . . . . . . . . . . . . 9 4.4. CRP-Context-Facts-Used . . . . . . . . . . . . . . . . . 9 4.5. CRP-Context-Tokens-Used . . . . . . . . . . . . . . . . . 10 4.6. CRP-Context-Strategy . . . . . . . . . . . . . . . . . . 10 4.7. CRP-Context-Session-Id . . . . . . . . . . . . . . . . . 10 4.8. CRP-Context-ETag . . . . . . . . . . . . . . . . . . . . 11 4.9. CRP-Context-If-Match . . . . . . . . . . . . . . . . . . 11 4.10. CRP-Context-Cache . . . . . . . . . . . . . . . . . . . . 12 4.11. CRP-Context-Cache-Status . . . . . . . . . . . . . . . . 13 4.12. CRP-Context-Continuation-Id . . . . . . . . . . . . . . . 14 4.13. CRP-Accept-Quality . . . . . . . . . . . . . . . . . . . 14 4.14. CRP-Accept-Strategy . . . . . . . . . . . . . . . . . . . 15 4.15. CRP-Context-Protocol-Version . . . . . . . . . . . . . . 15 5. Namespace: CRP-Safety-* . . . . . . . . . . . . . . . . . . . 15 5.1. CRP-Safety-Hallucination-Risk . . . . . . . . . . . . . . 16 5.2. CRP-Safety-Hallucination-Score . . . . . . . . . . . . . 17 5.3. CRP-Safety-Attribution . . . . . . . . . . . . . . . . . 17 5.4. CRP-Safety-Grounding-Pct . . . . . . . . . . . . . . . . 18 5.5. CRP-Safety-Fabrications . . . . . . . . . . . . . . . . . 18 5.6. CRP-Safety-Distortions . . . . . . . . . . . . . . . . . 18 5.7. CRP-Safety-Contradictions . . . . . . . . . . . . . . . . 19 5.8. CRP-Safety-Omissions . . . . . . . . . . . . . . . . . . 19 5.9. CRP-Safety-Entailment-Score . . . . . . . . . . . . . . . 20 Vidiniotis Expires 25 November 2026 [Page 2] Internet-Draft CRP Headers May 2026 5.10. CRP-Safety-Oversight-Mode . . . . . . . . . . . . . . . . 20 5.11. CRP-Safety-Mode . . . . . . . . . . . . . . . . . . . . . 21 5.12. CRP-Safety-Policy . . . . . . . . . . . . . . . . . . . . 22 5.13. CRP-Safety-Report-URI . . . . . . . . . . . . . . . . . . 22 5.14. CRP-Accept-Risk . . . . . . . . . . . . . . . . . . . . . 23 5.15. CRP-Safety-Retry-After . . . . . . . . . . . . . . . . . 23 5.16. CRP-Safety-Nonce . . . . . . . . . . . . . . . . . . . . 24 6. Namespace: CRP-Provenance-* . . . . . . . . . . . . . . . . . 24 6.1. CRP-Provenance-HMAC . . . . . . . . . . . . . . . . . . . 24 6.2. CRP-Provenance-Window-HMAC . . . . . . . . . . . . . . . 25 6.3. CRP-Provenance-DAG-Root . . . . . . . . . . . . . . . . . 25 6.4. CRP-Provenance-Chain-Integrity . . . . . . . . . . . . . 25 6.5. CRP-Provenance-Claim-Count . . . . . . . . . . . . . . . 26 6.6. CRP-Provenance-Attribution-Score . . . . . . . . . . . . 26 6.7. CRP-Provenance-Fidelity-Score . . . . . . . . . . . . . . 27 6.8. CRP-Provenance-Report-URI . . . . . . . . . . . . . . . . 27 6.9. CRP-Provenance-Window-Lineage . . . . . . . . . . . . . . 27 7. Namespace: CRP-Compliance-* . . . . . . . . . . . . . . . . . 28 7.1. CRP-Compliance-EU-AI-Act . . . . . . . . . . . . . . . . 28 7.2. CRP-Compliance-NIST-Tier . . . . . . . . . . . . . . . . 29 7.3. CRP-Compliance-GDPR-PII . . . . . . . . . . . . . . . . . 29 7.4. CRP-Compliance-ISO-42001 . . . . . . . . . . . . . . . . 30 7.5. CRP-Compliance-Audit-Trail-Id . . . . . . . . . . . . . . 30 7.6. CRP-Compliance-Audit-Trail-URI . . . . . . . . . . . . . 31 7.7. CRP-Compliance-Data-Residency . . . . . . . . . . . . . . 31 7.8. CRP-Compliance-Controls-Met . . . . . . . . . . . . . . . 31 8. Namespace: CRP-Agent-* . . . . . . . . . . . . . . . . . . . 32 8.1. CRP-Agent-Phase . . . . . . . . . . . . . . . . . . . . . 32 8.2. CRP-Agent-Loop-Depth . . . . . . . . . . . . . . . . . . 32 8.3. CRP-Agent-Safety-Budget . . . . . . . . . . . . . . . . . 33 8.4. CRP-Agent-Tool-Calls . . . . . . . . . . . . . . . . . . 34 8.5. CRP-Agent-Session-Parent . . . . . . . . . . . . . . . . 34 8.6. CRP-Agent-Dispatch-Strategy . . . . . . . . . . . . . . . 34 8.7. CRP-Agent-Revision-Round . . . . . . . . . . . . . . . . 34 9. Namespace: CRP-Memory-* . . . . . . . . . . . . . . . . . . . 35 9.1. CRP-Memory-Tier-Hit . . . . . . . . . . . . . . . . . . . 35 9.2. CRP-Memory-CKF-Hits . . . . . . . . . . . . . . . . . . . 36 9.3. CRP-Memory-CKF-Community . . . . . . . . . . . . . . . . 36 9.4. CRP-Memory-Knowledge-Age . . . . . . . . . . . . . . . . 36 10. Session State Headers . . . . . . . . . . . . . . . . . . . . 37 10.1. CRP-Set-Session . . . . . . . . . . . . . . . . . . . . 37 10.2. CRP-Session-Token . . . . . . . . . . . . . . . . . . . 37 11. LLM Configuration Headers . . . . . . . . . . . . . . . . . . 38 11.1. CRP-LLM-Temperature . . . . . . . . . . . . . . . . . . 38 11.2. CRP-LLM-Grounding-Mode . . . . . . . . . . . . . . . . . 38 11.3. CRP-LLM-Reproducibility-Seed . . . . . . . . . . . . . . 39 12. Header Interaction Rules . . . . . . . . . . . . . . . . . . 39 12.1. Safety Policy and Override Headers . . . . . . . . . . . 39 Vidiniotis Expires 25 November 2026 [Page 3] Internet-Draft CRP Headers May 2026 12.2. ETag and Cache Interaction . . . . . . . . . . . . . . . 40 12.3. Session Token Priority . . . . . . . . . . . . . . . . . 40 12.4. Agentic Safety Budget Propagation . . . . . . . . . . . 40 12.5. Compliance Headers Require Registered AI System . . . . 40 13. Error Semantics . . . . . . . . . . . . . . . . . . . . . . . 40 13.1. HTTP Status Codes Used by CRP . . . . . . . . . . . . . 40 13.2. HTTP 451 Semantics . . . . . . . . . . . . . . . . . . . 41 14. Security Considerations . . . . . . . . . . . . . . . . . . . 41 14.1. Header Injection . . . . . . . . . . . . . . . . . . . . 41 14.2. Session Token Security . . . . . . . . . . . . . . . . . 42 14.3. Safety Policy Integrity . . . . . . . . . . . . . . . . 42 14.4. HMAC Chain Protection . . . . . . . . . . . . . . . . . 42 15. Privacy Considerations . . . . . . . . . . . . . . . . . . . 42 16. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 42 16.1. HTTP Field Name Registrations . . . . . . . . . . . . . 43 16.2. Well-Known URI Registration . . . . . . . . . . . . . . 44 17. References . . . . . . . . . . . . . . . . . . . . . . . . . 44 17.1. Normative References . . . . . . . . . . . . . . . . . . 44 17.2. Informative References . . . . . . . . . . . . . . . . . 44 Complete Header Index . . . . . . . . . . . . . . . . . . . . . . 45 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 49 1. Introduction 1.1. Motivation HTTP became the universal substrate for networked applications in part because its header mechanism provided a standardised, extensible metadata contract readable by any participant in a request/response chain — clients, servers, proxies, CDNs, WAFs — without parsing message bodies. Cache-Control made web-scale caching possible. Content-Security-Policy made transport-layer browser security possible. Both operate on the principle that metadata declared in headers is more interoperable than metadata embedded in payloads. AI inference calls — requests to large language models — currently carry no standardised metadata about the quality, safety, or governance status of their responses. Every application operator instruments this separately, producing non-interoperable, non- verifiable, non-portable safety signals. CRP header fields apply the HTTP lesson to AI: standardised metadata in headers, readable by any participant in the AI call chain, without parsing inference payloads. Vidiniotis Expires 25 November 2026 [Page 4] Internet-Draft CRP Headers May 2026 1.2. Scope This document defines the normative semantics, syntax, allowed values, directionality, and interaction rules for all CRP header fields. It does not define: * The CRP gateway implementation (see CRP-SPEC-001) * The Decision Provenance Engine that populates safety headers (see CRP-SPEC-005) * The envelope packing algorithm that populates context headers (see CRP-SPEC-003) * The Safety Policy directive language carried in CRP-Safety-Policy (see CRP-SPEC-006) * The session token structure carried in CRP-Set-Session (see CRP- SPEC-007) 1.3. Relationship to HTTP CRP header fields are standard HTTP header fields as defined in RFC 9110. They MUST be transmitted as HTTP header fields in the normal HTTP header section. They MUST NOT be placed in HTTP trailers unless explicitly noted. CRP header fields are distinct from the inference payload (request body and response body). Per Axiom 4 of CRP-SPEC-001, CRP header fields MUST be stripped by the CRP gateway before forwarding requests to LLM providers. 2. Conventions The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174]. 2.1. Directionality Notation * *REQ* — Header is sent in the HTTP _request_ (client → gateway) * *RES* — Header is sent in the HTTP _response_ (gateway → client) * *BOTH* — Header appears in both request and response (semantics may differ) Vidiniotis Expires 25 November 2026 [Page 5] Internet-Draft CRP Headers May 2026 2.2. Value Notation Header value syntax is described using ABNF [RFC5234]. The following base rules apply: crp-token = 1*( ALPHA / DIGIT / "-" / "_" / "." ) crp-hash = "sha256:" 64HEXDIG crp-float = 1*DIGIT "." 1*DIGIT crp-fraction = crp-float ; constrained to 0.0 – 1.0 crp-uri = crp-iso8601 = crp-version = 1*DIGIT "." 1*DIGIT "." 1*DIGIT 2.3. Default Behaviour Unless stated otherwise: * Missing optional request headers indicate client preference defers to gateway defaults * Missing response headers indicate the gateway did not compute the value for this call * Header values are case-insensitive unless stated otherwise 3. Header Field Design Principles CRP header fields follow these design principles, derived from existing HTTP header best practices: *3.1 One signal, one header.* Each header carries a single, clearly defined signal. Composite values (e.g., CRP-Safety-Distortions: NUMBER_CHANGED:2, NEGATION_FLIP:1) use structured syntax where multiple values must be carried. *3.2 Machine-readable values.* All values are designed for programmatic parsing by middleware, WAFs, and logging systems — not just human reading. Enum values use SCREAMING_SNAKE_CASE. Numeric values use decimal notation. *3.3 Gateway-generated response headers are authoritative.* Response headers emitted by the CRP gateway are computed from live protocol data. They MUST NOT be set by clients and MUST NOT reflect LLM output. The gateway is the sole authoritative source for all CRP- Safety-*, CRP-Provenance-*, and CRP-Compliance-* response headers. Vidiniotis Expires 25 November 2026 [Page 6] Internet-Draft CRP Headers May 2026 *3.4 Request headers express client preferences, not mandates.* CRP- Accept-* and CRP-Safety-Policy headers declare what the client wants. The gateway SHOULD honour them; where it cannot (e.g., CKF has no relevant facts), it MUST document the deviation in the corresponding response header. *3.5 Progressive adoption.* Applications that ignore CRP response headers receive no harm — headers carry metadata, not payload. Applications that read and gate on CRP headers gain safety and governance capability. 4. Namespace: CRP-Context-* Context headers carry the state of the Context Envelope and CKF interaction for the current call. They are the AI equivalent of HTTP content negotiation and cache-control headers. 4.1. CRP-Context-Quality-Tier *Direction:* RES *Required:* RECOMMENDED *Stability:* Stable *Definition:* The quality classification of the Context Envelope assembled for this call, computed by the 3-phase envelope packing algorithm (see CRP-SPEC-003). Quality tier reflects the coverage, saturation, and relevance score of facts included in the envelope. *Syntax:* CRP-Context-Quality-Tier = "S" / "A" / "B" / "C" / "D" *Values:* Vidiniotis Expires 25 November 2026 [Page 7] Internet-Draft CRP Headers May 2026 +=======+===============================+============+=============+ | Value | Meaning | Saturation | Use | | | | Range | | +=======+===============================+============+=============+ | S | Superior — all critical facts | ≥ 0.99 | High-stakes | | | included, optimal relevance | | decisions | +-------+-------------------------------+------------+-------------+ | A | High — comprehensive coverage | ≥ 0.95 | Standard | | | with minor gaps | | production | +-------+-------------------------------+------------+-------------+ | B | Adequate — majority of | ≥ 0.85 | Acceptable | | | relevant facts included | | for most | | | | | uses | +-------+-------------------------------+------------+-------------+ | C | Marginal — significant gaps | ≥ 0.70 | Use with | | | in relevant coverage | | caution | +-------+-------------------------------+------------+-------------+ | D | Deficient — critical facts | < 0.70 | Remediation | | | missing or insufficient | | required | | | context | | | +-------+-------------------------------+------------+-------------+ Table 1 *Example:* CRP-Context-Quality-Tier: A *Interaction:* Clients MAY set CRP-Accept-Quality to declare minimum acceptable tier. Gateway MUST retry with upgraded strategy or return HTTP 503 if minimum tier cannot be achieved. 4.2. CRP-Context-Window *Direction:* RES *Required:* RECOMMENDED *Definition:* The current window position within the continuation chain, expressed as current/total. total is the configured maximum window depth for this session (see CRP-SPEC-004 for window continuation specification). *Syntax:* CRP-Context-Window = 1*DIGIT "/" 1*DIGIT *Example:* Vidiniotis Expires 25 November 2026 [Page 8] Internet-Draft CRP Headers May 2026 CRP-Context-Window: 3/5 *Notes:* When current equals total, the session has reached maximum continuation depth. The client MUST begin a new session or invoke dispatch_hierarchical() to continue. 4.3. CRP-Context-Saturation *Direction:* RES *Required:* RECOMMENDED *Definition:* The ratio of token budget consumed by the Context Envelope relative to the total available context window, expressed as a decimal from 0.0 to 1.0. A saturation of 1.0 indicates the envelope has consumed the full available context window. *Syntax:* CRP-Context-Saturation = crp-fraction *Example:* CRP-Context-Saturation: 0.994 *Notes:* Values above 0.98 indicate context pressure. Clients receiving high saturation values SHOULD consider using a smaller query scope, enabling CKF caching, or upgrading to a longer-context model tier. 4.4. CRP-Context-Facts-Used *Direction:* RES *Required:* OPTIONAL *Definition:* The number of discrete facts retrieved from the CKF and included in the envelope, expressed as included/available. available is the total number of candidate facts identified before relevance filtering. *Syntax:* CRP-Context-Facts-Used = 1*DIGIT "/" 1*DIGIT *Example:* CRP-Context-Facts-Used: 47/312 Vidiniotis Expires 25 November 2026 [Page 9] Internet-Draft CRP Headers May 2026 4.5. CRP-Context-Tokens-Used *Direction:* RES *Required:* OPTIONAL *Definition:* The number of tokens consumed by the Context Envelope in the LLM's context window, as an integer. *Syntax:* CRP-Context-Tokens-Used = 1*DIGIT *Example:* CRP-Context-Tokens-Used: 105816 4.6. CRP-Context-Strategy *Direction:* RES *Required:* RECOMMENDED *Definition:* The dispatch strategy employed for this call, as selected by the gateway from TaskIntent analysis or from the CRP- Accept-Strategy request header. *Syntax:* CRP-Context-Strategy = "push" / "pull" / "reflexive" / "agentic" / "hierarchical" / "batch" / "streaming" / "fan-out" / "fan-in" *Example:* CRP-Context-Strategy: reflexive 4.7. CRP-Context-Session-Id *Direction:* BOTH *Required:* REQUIRED *Definition:* The unique identifier for the current CRP session. In requests, used as a hint when a CRP-Session-Token is not available. In responses, confirms the session to which this call belongs. *Syntax:* CRP-Context-Session-Id = "crp_sess_" 16*32( ALPHA / DIGIT ) Vidiniotis Expires 25 November 2026 [Page 10] Internet-Draft CRP Headers May 2026 *Example:* CRP-Context-Session-Id: crp_sess_7f3a9bc2d4e1f083 4.8. CRP-Context-ETag *Direction:* RES *Required:* RECOMMENDED *Stability:* Stable — *NEW in v3.0* *Definition:* A hash of the current CKF fact-set state used to generate this call's Context Envelope. Analogous to HTTP ETag. Enables conditional dispatch: clients presenting this value in CRP- Context-If-Match on subsequent calls with the same knowledge domain will receive HTTP 304 if the fact-set has not changed, avoiding redundant envelope reconstruction. *Syntax:* CRP-Context-ETag = crp-hash *Example:* CRP-Context-ETag: sha256:4fa8e921abcd1234567890abcdef1234567890abcdef1234567890abcdef1234 *Interaction:* See CRP-Context-If-Match and CRP-Context-Cache for the full conditional dispatch mechanism. 4.9. CRP-Context-If-Match *Direction:* REQ *Required:* OPTIONAL *NEW in v3.0* *Definition:* Conditional dispatch request. If the presented ETag matches the current CKF fact-set hash, the gateway returns HTTP 304 (Context Not Modified) and skips envelope reconstruction. Analogous to HTTP If-None-Match. *Syntax:* CRP-Context-If-Match = crp-hash / "*" *Example:* CRP-Context-If-Match: sha256:4fa8e921abcd1234567890abcdef1234567890abcdef1234567890abcdef1234 Vidiniotis Expires 25 November 2026 [Page 11] Internet-Draft CRP Headers May 2026 *HTTP 304 response:* When the gateway returns 304, the response body is empty. All CRP response headers from the previous matching call MUST be re-emitted with their unchanged values. 4.10. CRP-Context-Cache *Direction:* REQ *Required:* OPTIONAL *NEW in v3.0* *Definition:* Directives controlling CKF read/write behaviour for this call. Analogous to HTTP Cache-Control. Multiple directives are separated by commas. *Syntax:* CRP-Context-Cache = cache-directive *( OWS "," OWS cache-directive ) cache-directive = "no-store" / "no-cache" / "reuse-ckf" / "only-if-ckf" / ( "max-age" "=" delta-seconds ) delta-seconds = 1*DIGIT *Directive definitions:* Vidiniotis Expires 25 November 2026 [Page 12] Internet-Draft CRP Headers May 2026 +=============+=====================================================+ | Directive | Meaning | +=============+=====================================================+ | no-store | Do not persist this session's facts | | | to the CKF graph. Envelope built | | | from temporary context only. Use for | | | sensitive or PII-containing sessions. | +-------------+-----------------------------------------------------+ | no-cache | Do not reuse cached envelope. Force | | | full 3-phase reconstruction even if | | | ETag matches. Use when freshness is | | | critical. | +-------------+-----------------------------------------------------+ | reuse-ckf | Read from CKF but do not trigger re- | | | ingestion of source documents. Use | | | when knowledge base is known to be | | | current. | +-------------+-----------------------------------------------------+ | only-if-ckf | Refuse dispatch if CKF contains no | | | relevant facts for this query. | | | Returns HTTP 424 (Failed Dependency) | | | if CKF miss. | +-------------+-----------------------------------------------------+ | max-age=N | Facts retrieved from CKF are | | | considered valid for N seconds. | | | Gateway checks CRP-Memory-Knowledge- | | | Age against this value. | +-------------+-----------------------------------------------------+ Table 2 *Example:* CRP-Context-Cache: reuse-ckf, max-age=3600 *GDPR note:* no-store MUST be set for sessions processing personal data under GDPR Art. 5(1)(c) (data minimisation) unless CKF persistence has been explicitly authorised in the applicable DPA. 4.11. CRP-Context-Cache-Status *Direction:* RES *Required:* OPTIONAL *NEW in v3.0* *Definition:* Reports whether the envelope was served from CKF cache or freshly constructed. Vidiniotis Expires 25 November 2026 [Page 13] Internet-Draft CRP Headers May 2026 *Syntax:* CRP-Context-Cache-Status = ( "HIT" / "MISS" / "PARTIAL" ) [ "; reason=" crp-token ] *Example:* CRP-Context-Cache-Status: MISS; reason=facts-updated CRP-Context-Cache-Status: HIT CRP-Context-Cache-Status: PARTIAL; reason=partial-ckf-coverage 4.12. CRP-Context-Continuation-Id *Direction:* BOTH *Required:* OPTIONAL *Definition:* An opaque token referencing the continuation point in the Window DAG. When included in a request, the gateway resumes the session from the referenced window. When included in a response, it provides the continuation pointer for the next call. See CRP- SPEC-004 for the full Window DAG specification. *Syntax:* CRP-Context-Continuation-Id = "crp_cont_" 16*32( ALPHA / DIGIT ) *Example:* CRP-Context-Continuation-Id: crp_cont_9a2fb3c1d4e5f607 4.13. CRP-Accept-Quality *Direction:* REQ *Required:* OPTIONAL *NEW in v3.0* *Definition:* Client-declared minimum acceptable quality tier. The gateway MUST NOT return a response with a quality tier lower than declared. If the minimum tier cannot be achieved, the gateway MUST return HTTP 503 with a CRP-Context-Quality-Tier header indicating the maximum achievable tier. *Syntax:* CRP-Accept-Quality = quality-tier *( OWS "," OWS quality-tier ) quality-tier = "S" / "A" / "B" / "C" / "D" *Example:* Vidiniotis Expires 25 November 2026 [Page 14] Internet-Draft CRP Headers May 2026 CRP-Accept-Quality: S, A 4.14. CRP-Accept-Strategy *Direction:* REQ *Required:* OPTIONAL *NEW in v3.0* *Definition:* Client-declared preferred dispatch strategies in order of preference. The gateway uses the first strategy from the list that is applicable to the current TaskIntent. If no listed strategy is applicable, the gateway falls back to automatic strategy selection and MUST report the selected strategy in CRP-Context-Strategy. *Syntax:* CRP-Accept-Strategy = strategy-token *( OWS "," OWS strategy-token ) strategy-token = "push" / "pull" / "reflexive" / "agentic" / "hierarchical" / "batch" / "streaming" / "fan-out" / "fan-in" *Example:* CRP-Accept-Strategy: reflexive, push 4.15. CRP-Context-Protocol-Version *Direction:* RES *Required:* REQUIRED *Definition:* The CRP protocol version used to process this call. *Syntax:* CRP-Context-Protocol-Version = crp-version *Example:* CRP-Context-Protocol-Version: 3.0.0 5. Namespace: CRP-Safety-* Safety headers carry the output of the Decision Provenance Engine (DPE) for the current response. They are response-only by default (generated by the gateway); safety policy and preferences are expressed in CRP-Safety-Policy (see CRP-SPEC-006) and CRP-Accept-Risk request headers. Vidiniotis Expires 25 November 2026 [Page 15] Internet-Draft CRP Headers May 2026 *Security note:* All CRP-Safety-* response headers are gateway- generated. Clients MUST NOT set CRP-Safety-* response headers in requests. Gateways MUST reject requests where CRP-Safety- Hallucination-Risk, CRP-Safety-Hallucination-Score, or CRP-Safety- Attribution appear as request headers. 5.1. CRP-Safety-Hallucination-Risk *Direction:* RES *Required:* REQUIRED (for CRP-Standard and CRP-Full conformance) *Definition:* The composite hallucination risk classification for the LLM response, computed by the DPE from four weighted signals: attribution (0.35), fidelity (0.25), entailment (0.25), and specificity (0.15). See CRP-SPEC-005 for the complete scoring algorithm. Regulatory amplifiers are applied before classification (see CRP-SPEC-005 §4.3). *Syntax:* CRP-Safety-Hallucination-Risk = "CRITICAL" / "HIGH" / "MEDIUM" / "LOW" *Classification thresholds (post-amplification composite score):* +==========+=============+=====================+====================+ | Value | Score Range | Protocol Action | Regulatory | | | | | Mapping | +==========+=============+=====================+====================+ | CRITICAL | ≥ 0.70 | HTTP 451 if halt-on | EU AI Act Art. | | | | CRITICAL policy set | 14 (halt) | +----------+-------------+---------------------+--------------------+ | HIGH | ≥ 0.45 | Strategy upgrade if | EU AI Act Art. | | | | upgrade-on-risk set | 13 (warn) | +----------+-------------+---------------------+--------------------+ | MEDIUM | ≥ 0.20 | Pass with headers | EU AI Act Art. | | | | | 52 | +----------+-------------+---------------------+--------------------+ | LOW | < 0.20 | Pass | Compliant | +----------+-------------+---------------------+--------------------+ Table 3 *Example:* CRP-Safety-Hallucination-Risk: LOW Vidiniotis Expires 25 November 2026 [Page 16] Internet-Draft CRP Headers May 2026 5.2. CRP-Safety-Hallucination-Score *Direction:* RES *Required:* RECOMMENDED *Definition:* The raw composite hallucination risk score from the DPE before classification, expressed as a decimal from 0.0 to 1.0. Higher values indicate greater hallucination risk. *Syntax:* CRP-Safety-Hallucination-Score = crp-fraction *Example:* CRP-Safety-Hallucination-Score: 0.14 5.3. CRP-Safety-Attribution *Direction:* RES *Required:* RECOMMENDED *Definition:* The dominant attribution type of claims in the response, computed by DPE Stage 2. *Syntax:* CRP-Safety-Attribution = "CONTEXT_GROUNDED" / "PARAMETRIC" / "MIXED" / "UNVERIFIABLE" *Values:* +==================+=======================================+ | Value | Meaning | +==================+=======================================+ | CONTEXT_GROUNDED | Majority of claims verifiably | | | supported by Context Envelope content | +------------------+---------------------------------------+ | PARAMETRIC | Majority of claims drawn from LLM | | | parametric memory, not envelope | +------------------+---------------------------------------+ | MIXED | Significant presence of both context- | | | grounded and parametric claims | +------------------+---------------------------------------+ | UNVERIFIABLE | Claims cannot be attributed to any | | | verifiable source | +------------------+---------------------------------------+ Table 4 Vidiniotis Expires 25 November 2026 [Page 17] Internet-Draft CRP Headers May 2026 *Example:* CRP-Safety-Attribution: CONTEXT_GROUNDED 5.4. CRP-Safety-Grounding-Pct *Direction:* RES *Required:* RECOMMENDED *Definition:* The percentage of factual claims in the response that are verifiably supported by content in the Context Envelope, as a decimal from 0.0 to 1.0. *Syntax:* CRP-Safety-Grounding-Pct = crp-fraction *Example:* CRP-Safety-Grounding-Pct: 0.923 5.5. CRP-Safety-Fabrications *Direction:* RES *Required:* RECOMMENDED *Definition:* The count of fabricated entities detected by DPE Stage 3. A fabricated entity is a named entity (person, organisation, date, statistic, citation) that appears in the response but has no verifiable basis in the Context Envelope or any grounded source. *Syntax:* CRP-Safety-Fabrications = 1*DIGIT *Example:* CRP-Safety-Fabrications: 0 *Note:* A value of 0 is the expected result for well-grounded responses. Any non-zero value MUST be reported to CRP-Safety-Report- URI if configured. 5.6. CRP-Safety-Distortions *Direction:* RES *Required:* RECOMMENDED Vidiniotis Expires 25 November 2026 [Page 18] Internet-Draft CRP Headers May 2026 *Definition:* The count of detected fidelity distortions in the response, where the response has misrepresented content that exists in the Context Envelope. Distortion types are reported as a structured list. *Syntax:* CRP-Safety-Distortions = distortion-count [ "; types=" distortion-list ] distortion-count = 1*DIGIT distortion-list = distortion-type *( "," distortion-type ) distortion-type = "NUMBER_CHANGED" / "NEGATION_FLIP" / "DATE_SHIFTED" / "ENTITY_SUBSTITUTED" / "MAGNITUDE_ALTERED" / "CONTEXT_STRIPPED" *Example:* CRP-Safety-Distortions: 1; types=NUMBER_CHANGED CRP-Safety-Distortions: 0 5.7. CRP-Safety-Contradictions *Direction:* RES *Required:* OPTIONAL *Definition:* The count of internal contradictions detected in the response — instances where the response contradicts itself (intra- window) or contradicts an earlier window in the session (cross- window). *Syntax:* CRP-Safety-Contradictions = 1*DIGIT [ "; scope=" ( "intra" / "cross-window" / "both" ) ] *Example:* CRP-Safety-Contradictions: 0 CRP-Safety-Contradictions: 2; scope=cross-window 5.8. CRP-Safety-Omissions *Direction:* RES *Required:* OPTIONAL *Definition:* Summary of material omissions detected — cases where the envelope contained information critical to a complete answer that the LLM did not include in the response. *Syntax:* Vidiniotis Expires 25 November 2026 [Page 19] Internet-Draft CRP Headers May 2026 CRP-Safety-Omissions = omission-entry *( OWS "," OWS omission-entry ) omission-entry = ( "CRITICAL" / "HIGH" / "MEDIUM" ) ":" 1*DIGIT *Example:* CRP-Safety-Omissions: CRITICAL:0, HIGH:1, MEDIUM:2 5.9. CRP-Safety-Entailment-Score *Direction:* RES *Required:* RECOMMENDED *Definition:* The NLI (Natural Language Inference) cross-encoder entailment score measuring the degree to which the response is logically entailed by the Context Envelope, from 0.0 (contradiction) to 1.0 (full entailment). This is one of the four DPE composite signal inputs (weight: 0.25). *Syntax:* CRP-Safety-Entailment-Score = crp-fraction *Example:* CRP-Safety-Entailment-Score: 0.912 5.10. CRP-Safety-Oversight-Mode *Direction:* BOTH *Required:* RECOMMENDED *Definition:* In requests, declares the human oversight level required for this session. In responses, confirms the oversight mode applied by the gateway and (if applicable) whether an oversight event was triggered. *Syntax:* CRP-Safety-Oversight-Mode = "auto" / "human-review" / "halt" / "log-only" *Values:* Vidiniotis Expires 25 November 2026 [Page 20] Internet-Draft CRP Headers May 2026 +==============+========================================+ | Value | Meaning | +==============+========================================+ | auto | Gateway applies oversight based on | | | Safety Policy and risk level | +--------------+----------------------------------------+ | human-review | Response is held pending human review | | | for any HIGH or CRITICAL risk | +--------------+----------------------------------------+ | halt | Response is halted unconditionally for | | | any CRITICAL risk (EU AI Act Art. 14) | +--------------+----------------------------------------+ | log-only | Risk signals logged and reported but | | | response always passed through | +--------------+----------------------------------------+ Table 5 *Example:* CRP-Safety-Oversight-Mode: auto 5.11. CRP-Safety-Mode *Direction:* REQ *Required:* OPTIONAL *NEW in v3.0* *Definition:* The global safety strictness level for the session. Overrides individual Safety Policy directives where they are less restrictive. *Syntax:* CRP-Safety-Mode = "strict" / "warn" / "permissive" Vidiniotis Expires 25 November 2026 [Page 21] Internet-Draft CRP Headers May 2026 +============+==========================================+ | Value | Behaviour | +============+==========================================+ | strict | Equivalent to halt-on CRITICAL; warn-on | | | HIGH; block-ungrounded | +------------+------------------------------------------+ | warn | All risk levels passed; HIGH and | | | CRITICAL emitted in headers and reported | +------------+------------------------------------------+ | permissive | Risk signals computed and emitted; no | | | gating applied | +------------+------------------------------------------+ Table 6 *Example:* CRP-Safety-Mode: strict 5.12. CRP-Safety-Policy *Direction:* REQ *Required:* RECOMMENDED *NEW in v3.0* *Definition:* A directive string declaring the AI safety policy for this session, analogous to Content-Security-Policy. The full directive grammar is defined in CRP-SPEC-006. *Syntax:* CRP-Safety-Policy = policy-directive *( ";" OWS policy-directive ) *Example:* CRP-Safety-Policy: default-src context; halt-on CRITICAL; warn-on HIGH; require-grounding 0.75; block-ungrounded; report-uri https://comply.crprotocol.io/reports *Interaction with CRP-Safety-Mode:* If both CRP-Safety-Mode and CRP- Safety-Policy are set, the more restrictive of the two applies per- directive. 5.13. CRP-Safety-Report-URI *Direction:* REQ *Required:* OPTIONAL *NEW in v3.0* Vidiniotis Expires 25 November 2026 [Page 22] Internet-Draft CRP Headers May 2026 *Definition:* URI to which the gateway MUST POST a JSON violation report when a Safety Policy violation occurs (any halt-on trigger, fabrication detected, chain integrity broken). Analogous to CSP report-uri. *Syntax:* CRP-Safety-Report-URI = crp-uri *Example:* CRP-Safety-Report-URI: https://comply.crprotocol.io/reports/my-org *Report format:* The gateway POSTs Content-Type: application/json with fields: session_id, window_number, violation_type, risk_level, audit_trail_uri, timestamp. 5.14. CRP-Accept-Risk *Direction:* REQ *Required:* OPTIONAL *NEW in v3.0* *Definition:* Maximum risk level the client is willing to accept for this call. If the computed risk exceeds the declared level, the gateway MUST either retry with upgraded strategy (if upgrade-on-risk is set in Safety Policy) or halt and return HTTP 451. *Syntax:* CRP-Accept-Risk = "CRITICAL" / "HIGH" / "MEDIUM" / "LOW" *Example:* CRP-Accept-Risk: MEDIUM 5.15. CRP-Safety-Retry-After *Direction:* RES *Required:* CONDITIONAL — MUST be sent with HTTP 451 *Definition:* Indicates when or under what condition the client may retry a halted call. Sent alongside HTTP 451 when a CRITICAL risk halt or UNACCEPTABLE EU AI Act risk classification prevents response delivery. *Syntax:* Vidiniotis Expires 25 November 2026 [Page 23] Internet-Draft CRP Headers May 2026 CRP-Safety-Retry-After = ( delta-seconds / crp-iso8601 / "oversight-required" ) *Example:* CRP-Safety-Retry-After: oversight-required CRP-Safety-Retry-After: 300 5.16. CRP-Safety-Nonce *Direction:* BOTH *Required:* OPTIONAL *NEW in v3.0* *Definition:* A per-session nonce bound to the Safety Policy hash at session initialisation. Prevents Safety Policy replay attacks. The gateway generates the nonce at session start and binds it to the hash of the active Safety Policy. Subsequent requests presenting a Safety Policy with a different hash but the same nonce are rejected. *Syntax:* CRP-Safety-Nonce = "base64:" 1*( ALPHA / DIGIT / "+" / "/" / "=" ) *Example:* CRP-Safety-Nonce: base64:nZ8fXwKq2mP9vR== 6. Namespace: CRP-Provenance-* Provenance headers carry the cryptographic audit chain and DAG state for the current call. They enable tamper-evident compliance evidence and chain verification by any party holding the session HMAC key. 6.1. CRP-Provenance-HMAC *Direction:* RES *Required:* REQUIRED (for CRP-Standard and CRP-Full) *Definition:* The HMAC-SHA256 hash for this window's audit record, chained from the previous window's HMAC. See CRP-SPEC-011 for the complete chain algorithm. This value is the primary tamper-evidence mechanism: modifying any past audit record invalidates this value and all subsequent values in the chain. *Syntax:* CRP-Provenance-HMAC = crp-hash Vidiniotis Expires 25 November 2026 [Page 24] Internet-Draft CRP Headers May 2026 *Example:* CRP-Provenance-HMAC: sha256:4fa8e921abcd1234567890abcdef1234567890abcdef1234567890abcdef1234 6.2. CRP-Provenance-Window-HMAC *Direction:* RES *Required:* RECOMMENDED *Definition:* The per-window HMAC covering only the current window's content and metadata (not chained). Used for single-window verification without requiring the full chain. *Syntax:* CRP-Provenance-Window-HMAC = crp-hash *Example:* CRP-Provenance-Window-HMAC: sha256:9bce472f1234abcd... 6.3. CRP-Provenance-DAG-Root *Direction:* RES *Required:* OPTIONAL *Definition:* The root node identifier of the Window DAG for the current session. Used to anchor the provenance graph for session- level verification and CRP Comply evidence import. *Syntax:* CRP-Provenance-DAG-Root = "dag:" crp-token *Example:* CRP-Provenance-DAG-Root: dag:crp_win_a7f3b2c1d4e5 6.4. CRP-Provenance-Chain-Integrity *Direction:* RES *Required:* REQUIRED (for CRP-Standard and CRP-Full) *Definition:* The result of chain integrity verification for the current session's HMAC chain up to and including the current window. A BROKEN result MUST trigger an audit incident. *Syntax:* Vidiniotis Expires 25 November 2026 [Page 25] Internet-Draft CRP Headers May 2026 CRP-Provenance-Chain-Integrity = "VALID" / "BROKEN" / "PARTIAL" / "UNVERIFIED" +============+=======================================+ | Value | Meaning | +============+=======================================+ | VALID | All windows in chain verify correctly | +------------+---------------------------------------+ | BROKEN | One or more windows fail verification | | | — possible tampering | +------------+---------------------------------------+ | PARTIAL | Chain verified for available windows; | | | some windows missing | +------------+---------------------------------------+ | UNVERIFIED | Verification not performed (e.g., | | | first window of session) | +------------+---------------------------------------+ Table 7 *Example:* CRP-Provenance-Chain-Integrity: VALID 6.5. CRP-Provenance-Claim-Count *Direction:* RES *Required:* OPTIONAL *Definition:* The number of discrete factual claims identified in the LLM response by DPE Stage 1 (claim segmentation). *Syntax:* CRP-Provenance-Claim-Count = 1*DIGIT *Example:* CRP-Provenance-Claim-Count: 23 6.6. CRP-Provenance-Attribution-Score *Direction:* RES *Required:* RECOMMENDED *Definition:* The composite attribution score across all claims in the response, from 0.0 (fully parametric) to 1.0 (fully context- grounded). This is one of the four DPE composite signal inputs (weight: 0.35, as 1 - attribution_score). Vidiniotis Expires 25 November 2026 [Page 26] Internet-Draft CRP Headers May 2026 *Syntax:* CRP-Provenance-Attribution-Score = crp-fraction *Example:* CRP-Provenance-Attribution-Score: 0.913 6.7. CRP-Provenance-Fidelity-Score *Direction:* RES *Required:* RECOMMENDED *Definition:* The fidelity score for the response, measuring the accuracy with which context-grounded claims reproduce their source facts, from 0.0 (severe distortion) to 1.0 (exact fidelity). This is one of the four DPE composite signal inputs (weight: 0.25). *Syntax:* CRP-Provenance-Fidelity-Score = crp-fraction *Example:* CRP-Provenance-Fidelity-Score: 0.978 6.8. CRP-Provenance-Report-URI *Direction:* RES *Required:* RECOMMENDED *Definition:* URI of the full DPE provenance report for this call, stored in CRP Comply. Any log aggregator, SIEM, or auditor that captures this header value has a direct link to the complete regulatory evidence record for this specific AI call. *Syntax:* CRP-Provenance-Report-URI = crp-uri *Example:* CRP-Provenance-Report-URI: https://comply.crprotocol.io/p/7fa3bc9e2d 6.9. CRP-Provenance-Window-Lineage *Direction:* RES *Required:* OPTIONAL Vidiniotis Expires 25 November 2026 [Page 27] Internet-Draft CRP Headers May 2026 *Definition:* The ordered chain of window IDs leading to the current window, expressed as an arrow-separated sequence. Useful for debugging continuation chains and for auditor reconstruction of session context. *Syntax:* CRP-Provenance-Window-Lineage = window-id *( " -> " window-id ) window-id = "crp_win_" crp-token *Example:* CRP-Provenance-Window-Lineage: crp_win_a7f3 -> crp_win_b9c2 -> crp_win_c1d4 7. Namespace: CRP-Compliance-* Compliance headers carry per-call regulatory classification metadata, generated by the CRP compliance pipeline. They bridge the protocol layer and the regulatory evidence layer (CRP Comply). The CRP- Compliance-Audit-Trail-URI header is the primary integration point between every AI call and its regulatory record. 7.1. CRP-Compliance-EU-AI-Act *Direction:* RES *Required:* RECOMMENDED *Definition:* The EU AI Act risk classification for the AI system and use case associated with this call, per Regulation (EU) 2024/1689 Article 6 classification criteria. *Syntax:* CRP-Compliance-EU-AI-Act = "UNACCEPTABLE" / "HIGH" / "LIMITED" / "MINIMAL" Vidiniotis Expires 25 November 2026 [Page 28] Internet-Draft CRP Headers May 2026 +==============+===================+============================+ | Value | EU AI Act Article | Regulatory Consequence | +==============+===================+============================+ | UNACCEPTABLE | Art. 5 | Prohibited. Gateway MUST | | | | halt and return HTTP 451. | +--------------+-------------------+----------------------------+ | HIGH | Art. 6 + Annex | Conformity assessment | | | III | required before deployment | +--------------+-------------------+----------------------------+ | LIMITED | Art. 52 | Transparency obligations | | | | (disclose AI interaction) | +--------------+-------------------+----------------------------+ | MINIMAL | — | No specific obligations | | | | beyond general law | +--------------+-------------------+----------------------------+ Table 8 *Example:* CRP-Compliance-EU-AI-Act: LIMITED *Note:* Classification is determined by the CRP compliance pipeline based on the registered AI system type, deployment domain, and output use. It is NOT determined per-call from response content alone. Operators MUST register their AI system type during CRP Gateway setup. 7.2. CRP-Compliance-NIST-Tier *Direction:* RES *Required:* OPTIONAL *Definition:* The NIST AI RMF risk tier for this call's context. *Syntax:* CRP-Compliance-NIST-Tier = "TIER-1" / "TIER-2" / "TIER-3" / "TIER-4" *Example:* CRP-Compliance-NIST-Tier: TIER-2 7.3. CRP-Compliance-GDPR-PII *Direction:* RES *Required:* RECOMMENDED Vidiniotis Expires 25 November 2026 [Page 29] Internet-Draft CRP Headers May 2026 *Definition:* Indicates whether personal data (as defined under GDPR Art. 4(1)) was detected in the request prompt or LLM response by the DPE PII detection module. *Syntax:* CRP-Compliance-GDPR-PII = "true" / "false" *Example:* CRP-Compliance-GDPR-PII: false *Note:* A value of true triggers GDPR Art. 5(1)(c) data minimisation obligations. If CRP-Context-Cache: no-store is not set when CRP- Compliance-GDPR-PII: true is emitted, the gateway MUST log a compliance warning. 7.4. CRP-Compliance-ISO-42001 *Direction:* RES *Required:* OPTIONAL *Definition:* ISO/IEC 42001:2023 control IDs satisfied by the evidence generated for this call. Expressed as a comma-separated list of Annex A control identifiers. *Syntax:* CRP-Compliance-ISO-42001 = iso-control-id *( OWS "," OWS iso-control-id ) iso-control-id = "A." 1*DIGIT "." 1*DIGIT [ "." 1*DIGIT ] *Example:* CRP-Compliance-ISO-42001: A.6.1.2, A.9.4, A.10.2 7.5. CRP-Compliance-Audit-Trail-Id *Direction:* RES *Required:* REQUIRED (for CRP-Standard and CRP-Full) *Definition:* The unique identifier for the audit trail record generated for this call. This ID references the HMAC-chained audit event in the CRP Comply evidence database. *Syntax:* CRP-Compliance-Audit-Trail-Id = "crp_trail_" 16*32( ALPHA / DIGIT ) Vidiniotis Expires 25 November 2026 [Page 30] Internet-Draft CRP Headers May 2026 *Example:* CRP-Compliance-Audit-Trail-Id: crp_trail_7fa3bc9e2d14f5a8 7.6. CRP-Compliance-Audit-Trail-URI *Direction:* RES *Required:* RECOMMENDED *Definition:* Deep-link URI to the full regulatory evidence pack for this call in CRP Comply. Any downstream system — log aggregator, SIEM, auditor tool — that captures this header can navigate directly to the complete compliance record for this specific AI call. *Syntax:* CRP-Compliance-Audit-Trail-URI = crp-uri *Example:* CRP-Compliance-Audit-Trail-URI: https://comply.crprotocol.io/t/7fa3bc9e2d14f5a8 7.7. CRP-Compliance-Data-Residency *Direction:* BOTH *Required:* OPTIONAL *NEW in v3.0* *Definition:* Declares the data residency jurisdiction for processing and storing this call's data. In requests, expresses the client's requirement. In responses, confirms the jurisdiction in which data was processed. Gateway MUST NOT process data in a different jurisdiction than declared in the request. *Syntax:* CRP-Compliance-Data-Residency = 2ALPHA / "EU" / "AU" / "US" / "UK" *Example:* CRP-Compliance-Data-Residency: EU 7.8. CRP-Compliance-Controls-Met *Direction:* RES *Required:* OPTIONAL Vidiniotis Expires 25 November 2026 [Page 31] Internet-Draft CRP Headers May 2026 *Definition:* The number of applicable regulatory controls satisfied by the evidence generated for this call, expressed as met/total. Total is the number of controls applicable given the registered AI system type and applicable regulations. *Syntax:* CRP-Compliance-Controls-Met = 1*DIGIT "/" 1*DIGIT *Example:* CRP-Compliance-Controls-Met: 33/35 8. Namespace: CRP-Agent-* Agent headers carry state for agentic dispatch sessions — calls using dispatch_agentic(), dispatch_hierarchical(), dispatch_fan_out(), or dispatch_fan_in(). They are relevant only when CRP-Context-Strategy indicates an agentic dispatch mode. 8.1. CRP-Agent-Phase *Direction:* RES *Required:* OPTIONAL (REQUIRED when Strategy = agentic) *Definition:* The current cognitive phase of the agentic dispatch loop, as defined in CRP-SPEC-008. *Syntax:* CRP-Agent-Phase = "ANALYZE" / "PLAN" / "GENERATE" / "EVALUATE" / "CRITIQUE" / "REFINE" / "INTEGRATE" / "COMPLETE" *Example:* CRP-Agent-Phase: EVALUATE 8.2. CRP-Agent-Loop-Depth *Direction:* RES *Required:* OPTIONAL (REQUIRED when Strategy = agentic or hierarchical) *Definition:* The nesting depth of the current agent within a multi- agent hierarchy. The root agent has depth 0. Each delegating level increments by 1. Gateways MUST reject requests where loop depth exceeds the configured maximum (default: 5). Vidiniotis Expires 25 November 2026 [Page 32] Internet-Draft CRP Headers May 2026 *Syntax:* CRP-Agent-Loop-Depth = 1*DIGIT *Example:* CRP-Agent-Loop-Depth: 2 8.3. CRP-Agent-Safety-Budget *Direction:* BOTH *Required:* RECOMMENDED (for agentic strategies) *NEW in v3.0* *Definition:* The remaining safety risk budget for the current agent session, expressed as a decimal from 0.0 to 1.0. The budget starts at 1.0 and is decremented by the gateway on each call according to the risk level: +============+=====================+ | Risk Level | Default Decrement | +============+=====================+ | LOW | 0.00 (no decrement) | +------------+---------------------+ | MEDIUM | 0.05 | +------------+---------------------+ | HIGH | 0.15 | +------------+---------------------+ | CRITICAL | 0.35 | +------------+---------------------+ Table 9 When the budget reaches ≤ 0.10, the gateway MUST upgrade CRP-Safety- Oversight-Mode to human-review regardless of Safety Policy. When it reaches ≤ 0.00, the gateway MUST halt and return HTTP 451. In requests from orchestrator agents, this header passes the remaining budget down to sub-agents. Sub-agents MUST NOT inflate the budget. *Syntax:* CRP-Agent-Safety-Budget = crp-fraction *Example:* CRP-Agent-Safety-Budget: 0.63 Vidiniotis Expires 25 November 2026 [Page 33] Internet-Draft CRP Headers May 2026 8.4. CRP-Agent-Tool-Calls *Direction:* RES *Required:* OPTIONAL *Definition:* The count of tool invocations made by the agentic dispatch loop for this call. *Syntax:* CRP-Agent-Tool-Calls = 1*DIGIT *Example:* CRP-Agent-Tool-Calls: 4 8.5. CRP-Agent-Session-Parent *Direction:* BOTH *Required:* OPTIONAL *Definition:* The session ID of the parent agent session. Set by orchestrator agents when delegating to sub-agents. Enables the provenance DAG to record the full fan-out hierarchy. *Syntax:* CRP-Agent-Session-Parent = "crp_sess_" 16*32( ALPHA / DIGIT ) *Example:* CRP-Agent-Session-Parent: crp_sess_4b2f1c3d5e6a7b8c 8.6. CRP-Agent-Dispatch-Strategy *Direction:* BOTH *Required:* OPTIONAL *Definition:* Alias for CRP-Context-Strategy scoped to agentic contexts. Provided for clarity in multi-agent logging where CRP- Context-Strategy may be omitted. *Syntax:* Same as CRP-Context-Strategy. 8.7. CRP-Agent-Revision-Round *Direction:* RES *Required:* OPTIONAL (present when Strategy = reflexive) Vidiniotis Expires 25 November 2026 [Page 34] Internet-Draft CRP Headers May 2026 *Definition:* The current revision pass number within a reflexive dispatch cycle, expressed as current/max. *Syntax:* CRP-Agent-Revision-Round = 1*DIGIT "/" 1*DIGIT *Example:* CRP-Agent-Revision-Round: 2/3 9. Namespace: CRP-Memory-* Memory headers expose the state of the four-tier memory hierarchy interaction for the current call. They inform clients which memory tiers were accessed and provide cache-like signals for knowledge freshness. 9.1. CRP-Memory-Tier-Hit *Direction:* RES *Required:* OPTIONAL *Definition:* The highest memory tier accessed to serve this call's Context Envelope. Higher tier numbers indicate deeper (slower, more persistent) storage was required. *Syntax:* CRP-Memory-Tier-Hit = "0" / "1" / "2" / "3" +=======+========+================+=========+ | Value | Tier | Storage | Latency | +=======+========+================+=========+ | 0 | Active | In-context | <1ms | +-------+--------+----------------+---------+ | 1 | Hot | Session cache | <10ms | +-------+--------+----------------+---------+ | 2 | Warm | Recent CKF | <100ms | +-------+--------+----------------+---------+ | 3 | Cold | Full CKF graph | <1000ms | +-------+--------+----------------+---------+ Table 10 *Example:* CRP-Memory-Tier-Hit: 2 Vidiniotis Expires 25 November 2026 [Page 35] Internet-Draft CRP Headers May 2026 9.2. CRP-Memory-CKF-Hits *Direction:* RES *Required:* OPTIONAL *Definition:* The number of facts retrieved from the Contextual Knowledge Fabric (Tier 3 cold storage) for inclusion in this call's envelope. *Syntax:* CRP-Memory-CKF-Hits = 1*DIGIT *Example:* CRP-Memory-CKF-Hits: 34 9.3. CRP-Memory-CKF-Community *Direction:* RES *Required:* OPTIONAL *Definition:* The Leiden community cluster label from the CKF graph most relevant to this call's query. Indicates which knowledge domain the CKF served. *Syntax:* CRP-Memory-CKF-Community = crp-token *Example:* CRP-Memory-CKF-Community: eu-ai-act-compliance 9.4. CRP-Memory-Knowledge-Age *Direction:* RES *Required:* OPTIONAL *Definition:* The elapsed time since the most recently ingested fact used in this call's envelope, expressed as an ISO 8601 duration. Indicates knowledge freshness. *Syntax:* CRP-Memory-Knowledge-Age = "P" [ 1*DIGIT "Y" ] [ 1*DIGIT "M" ] [ 1*DIGIT "D" ] [ "T" [ 1*DIGIT "H" ] [ 1*DIGIT "M" ] [ 1*DIGIT "S" ] ] Vidiniotis Expires 25 November 2026 [Page 36] Internet-Draft CRP Headers May 2026 *Example:* CRP-Memory-Knowledge-Age: P3D CRP-Memory-Knowledge-Age: PT6H 10. Session State Headers Session state headers are the CRP equivalent of HTTP cookies — they carry signed session state, enabling stateless session relay across language boundaries and gateway instances. Full specification in CRP-SPEC-007. 10.1. CRP-Set-Session *Direction:* RES *Required:* REQUIRED for first window; RECOMMENDED for subsequent windows *Definition:* Sets the CRP session token on the client, analogous to HTTP Set-Cookie. Carries signed session state including session ID, window number, quality history, safety budget, and HMAC chain tip. The token is signed with HMAC-SHA256 using the session signing key and MUST be validated by the gateway on subsequent requests. *Syntax:* CRP-Set-Session = "token=" session-token *( ";" OWS session-attribute ) session-token = 1*( ALPHA / DIGIT / "+" / "/" / "." / "=" / "-" / "_" ) session-attribute = "Path=" path-value / "Max-Age=" delta-seconds / "Signed" / "SameSite=" ( "Strict" / "Lax" / "None" ) / "Window=" 1*DIGIT / "QualityHistory=" quality-history quality-history = quality-tier *( "," quality-tier ) *Example:* CRP-Set-Session: token=eyJzZXNzaW9uX2lkIjoiY3JwX3Nlc3NfN2YzYSJ9.sha256:sig...; Path=/; Max-Age=3600; Signed; SameSite=Strict; Window=3; QualityHistory=A,A,B 10.2. CRP-Session-Token *Direction:* REQ *Required:* RECOMMENDED (when set by prior CRP-Set-Session) Vidiniotis Expires 25 November 2026 [Page 37] Internet-Draft CRP Headers May 2026 *Definition:* The session token received via CRP-Set-Session, returned by the client on subsequent requests to resume the session, analogous to HTTP Cookie. The gateway validates the token signature and extracts session state without requiring server-side session storage. *Syntax:* CRP-Session-Token = session-token *Example:* CRP-Session-Token: eyJzZXNzaW9uX2lkIjoiY3JwX3Nlc3NfN2YzYSJ9.sha256:sig... 11. LLM Configuration Headers LLM configuration headers allow the CRP gateway to dynamically adjust LLM inference parameters based on session safety state. These headers are used internally by the gateway — clients SHOULD NOT set these directly. 11.1. CRP-LLM-Temperature *Direction:* Internal (gateway use) *Required:* N/A — internal to gateway *Definition:* The temperature value used for the LLM call, after any safety-driven adjustments. Logged in the audit trail. *Range:* 0.0 – 2.0. Gateway reduces toward 0.2 on reflexive re- dispatch for HIGH-risk sessions. 11.2. CRP-LLM-Grounding-Mode *Direction:* REQ *Required:* OPTIONAL *Definition:* Controls the grounding instruction injected into the LLM system prompt by the gateway. *Syntax:* CRP-LLM-Grounding-Mode = "context-strict" / "context-preferred" / "open" Vidiniotis Expires 25 November 2026 [Page 38] Internet-Draft CRP Headers May 2026 +===================+==========================================+ | Value | System Prompt Instruction | +===================+==========================================+ | context-strict | "Answer only using the provided context. | | | Do not use external knowledge." | +-------------------+------------------------------------------+ | context-preferred | "Prefer the provided context. Indicate | | | when using general knowledge." | +-------------------+------------------------------------------+ | open | No grounding instruction injected. | +-------------------+------------------------------------------+ Table 11 *Default:* context-preferred *Example:* CRP-LLM-Grounding-Mode: context-strict 11.3. CRP-LLM-Reproducibility-Seed *Direction:* REQ / stored in audit trail *Required:* OPTIONAL *NEW in v3.0* *Definition:* A numeric seed for deterministic LLM sampling, when the provider supports it. Stored in the HMAC audit chain to enable exact regeneration of any response for audit replay. GDPR Art. 22 requires that automated decisions be explainable and reproducible. *Syntax:* CRP-LLM-Reproducibility-Seed = 1*DIGIT *Example:* CRP-LLM-Reproducibility-Seed: 42 12. Header Interaction Rules 12.1. Safety Policy and Override Headers When CRP-Safety-Policy and CRP-Safety-Mode are both present, the *more restrictive* setting applies per-directive: - CRP-Safety-Mode: strict + CRP-Safety-Policy: warn-on CRITICAL → halt-on CRITICAL (strict wins) - CRP-Safety-Mode: permissive + CRP-Safety-Policy: halt-on CRITICAL → halt-on CRITICAL (policy wins) Vidiniotis Expires 25 November 2026 [Page 39] Internet-Draft CRP Headers May 2026 12.2. ETag and Cache Interaction CRP-Context-If-Match is only evaluated when CRP-Context-Cache does NOT contain no-cache. If no-cache is set, the gateway MUST bypass ETag validation and reconstruct the envelope unconditionally. 12.3. Session Token Priority When both CRP-Session-Token and CRP-Context-Session-Id are present, CRP-Session-Token takes precedence. The gateway validates the token signature; if valid, the embedded session ID overrides CRP-Context- Session-Id. 12.4. Agentic Safety Budget Propagation In multi-agent chains, CRP-Agent-Safety-Budget presented in a request from a sub-agent is the budget ceiling for that sub-agent's session. The sub-agent's gateway MUST NOT issue a safety budget higher than the value received. This prevents budget inflation in nested agent calls. 12.5. Compliance Headers Require Registered AI System CRP-Compliance-EU-AI-Act classification is only meaningful when the AI system has been registered in the CRP Gateway configuration with a system type, deployment domain, and intended purpose. Unregistered systems MUST receive CRP-Compliance-EU-AI-Act: UNKNOWN and a log warning. 13. Error Semantics 13.1. HTTP Status Codes Used by CRP +==============+=================+================================+ | Status | Condition | Required Headers | +==============+=================+================================+ | 200 OK | Normal response | All applicable CRP headers | +--------------+-----------------+--------------------------------+ | 304 Not | ETag match — | CRP-Context-ETag | | Modified | context not | | | | changed | | +--------------+-----------------+--------------------------------+ | 400 Bad | Malformed | CRP-Safety-Nonce | | Request | Safety Policy, | | | | nonce mismatch | | +--------------+-----------------+--------------------------------+ | 401 | Invalid or | — | | Unauthorized | expired session | | Vidiniotis Expires 25 November 2026 [Page 40] Internet-Draft CRP Headers May 2026 | | token | | +--------------+-----------------+--------------------------------+ | 424 Failed | only-if-ckf set | CRP-Context-Cache-Status: MISS | | Dependency | but CKF miss | | +--------------+-----------------+--------------------------------+ | 451 | Safety policy | CRP-Safety-Hallucination-Risk, | | Unavailable | halt — CRITICAL | CRP-Safety-Retry-After, CRP- | | For Legal | risk or | Compliance-Audit-Trail-URI | | Reasons | UNACCEPTABLE EU | | | | AI Act class | | +--------------+-----------------+--------------------------------+ | 503 Service | Minimum quality | CRP-Context-Quality-Tier (max | | Unavailable | tier cannot be | achievable) | | | achieved | | +--------------+-----------------+--------------------------------+ Table 12 13.2. HTTP 451 Semantics HTTP 451 (Unavailable For Legal Reasons, RFC 7725) is used by CRP to indicate a safety or regulatory halt. The body of a 451 response MUST include a JSON object: { "crp_halt_reason": "CRITICAL_HALLUCINATION_RISK | UNACCEPTABLE_EU_AI_ACT | SAFETY_BUDGET_DEPLETED", "session_id": "crp_sess_...", "audit_trail_uri": "https://comply.crprotocol.io/t/...", "oversight_required": true, "retry_condition": "oversight-required | " } 14. Security Considerations 14.1. Header Injection Clients MUST NOT set CRP-Safety-* (response namespace), CRP- Provenance-* (response namespace), or CRP-Compliance-* (response namespace) headers in requests. Gateways MUST validate and strip any such headers from client requests before processing. LLM outputs MUST NOT be parsed for CRP header values. All response headers are injected by the gateway post-response analysis, not derived from response content. Vidiniotis Expires 25 November 2026 [Page 41] Internet-Draft CRP Headers May 2026 14.2. Session Token Security CRP-Session-Token values are cryptographically signed. Forged tokens will fail signature validation. Tokens with expired expires_at MUST be rejected with HTTP 401. See CRP-SPEC-015 §3.2. 14.3. Safety Policy Integrity The CRP-Safety-Policy value MUST be validated for syntactic correctness per the grammar in CRP-SPEC-006 before session initialisation. Policies containing unrecognised directives MUST be rejected, not silently ignored, to prevent policy bypass through unknown directive injection. 14.4. HMAC Chain Protection The HMAC chain key (used to generate CRP-Provenance-HMAC) MUST be stored securely and never transmitted in any CRP header. See CRP- SPEC-015 §3.1 for the complete HMAC specification. 15. Privacy Considerations CRP response headers carry metadata about AI calls and may indirectly reveal information about the content of those calls. Specifically: * CRP-Compliance-GDPR-PII: true reveals that the call contained personal data * CRP-Safety-Attribution: PARAMETRIC may reveal that the request was outside the trained knowledge domain * CRP-Memory-CKF-Community reveals the knowledge domain of the query Implementors MUST consider the sensitivity of CRP response headers when making them available to browser-based clients. In particular, CRP-Compliance-GDPR-PII SHOULD be treated as sensitive and not exposed to JavaScript. The CRP-Context-Cache: no-store directive MUST be used for calls processing personal data to prevent persistence in the CKF. See CRP- SPEC-015 §6. 16. IANA Considerations Vidiniotis Expires 25 November 2026 [Page 42] Internet-Draft CRP Headers May 2026 16.1. HTTP Field Name Registrations This document requests provisional registration of the following HTTP field names in the IANA HTTP Field Name Registry (per RFC 9110 §16.3). All fields share the following properties unless noted: * *Applicable Protocol:* http * *Status:* provisional * *Author/Change Controller:* AutoCyber AI Pty Ltd contact@crprotocol.io (mailto:contact@crprotocol.io) * *Specification Document:* https://crprotocol.io/spec/headers/ (this document) *Priority registration set (10 headers — submit first):* +================================+===========+===========+ | Field Name | Direction | Reference | +================================+===========+===========+ | CRP-Context-Quality-Tier | Response | §4.1 | +--------------------------------+-----------+-----------+ | CRP-Safety-Hallucination-Risk | Response | §5.1 | +--------------------------------+-----------+-----------+ | CRP-Provenance-HMAC | Response | §6.1 | +--------------------------------+-----------+-----------+ | CRP-Compliance-EU-AI-Act | Response | §7.1 | +--------------------------------+-----------+-----------+ | CRP-Safety-Policy | Request | §5.12 | +--------------------------------+-----------+-----------+ | CRP-Agent-Safety-Budget | Both | §8.3 | +--------------------------------+-----------+-----------+ | CRP-Set-Session | Response | §10.1 | +--------------------------------+-----------+-----------+ | CRP-Context-ETag | Response | §4.8 | +--------------------------------+-----------+-----------+ | CRP-Compliance-Audit-Trail-URI | Response | §7.6 | +--------------------------------+-----------+-----------+ | CRP-Safety-Oversight-Mode | Both | §5.10 | +--------------------------------+-----------+-----------+ Table 13 *Full registration set:* All 58 headers defined in Sections 4–11. Vidiniotis Expires 25 November 2026 [Page 43] Internet-Draft CRP Headers May 2026 16.2. Well-Known URI Registration This document requests registration of /.well-known/crp-gateway.json in the IANA Well-Known URIs registry (per RFC 8615) for CRP Gateway capability advertisement. 17. References 17.1. Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, . [RFC5234] Crocker, D., "Augmented BNF for Syntax Specifications: ABNF", STD 68, RFC 5234, DOI 10.17487/RFC5234, January 2008, . [RFC7725] Bray, T., "An HTTP Status Code to Report Legal Obstacles", RFC 7725, RFC 7725, DOI 10.17487/RFC7725, February 2016, . [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, May 2017, . [RFC8615] Nottingham, M., "Well-Known Uniform Resource Identifiers (URIs)", RFC 8615, RFC 8615, DOI 10.17487/RFC8615, May 2019, . [RFC9110] Fielding, R., "HTTP Semantics", STD 97, RFC 9110, DOI 10.17487/RFC9110, June 2022, . [RFC2104] Krawczyk, H., "HMAC: Keyed-Hashing for Message Authentication", RFC 2104, RFC 2104, DOI 10.17487/RFC2104, February 1997, . [RFC5869] Krawczyk, H., "HMAC-based Extract-and-Expand Key Derivation Function (HKDF)", RFC 5869, RFC 5869, DOI 10.17487/RFC5869, May 2010, . 17.2. Informative References Vidiniotis Expires 25 November 2026 [Page 44] Internet-Draft CRP Headers May 2026 [EU-AI-ACT] European Parliament and Council of the European Union, "Regulation (EU) 2024/1689 of the European Parliament and of the Council laying down harmonised rules on artificial intelligence (Artificial Intelligence Act)", 2024. [ISO42001] International Organization for Standardization, "ISO/IEC 42001:2023 — Artificial intelligence — Management system", 2023. [NIST-AI-RMF] National Institute of Standards and Technology (NIST), "Artificial Intelligence Risk Management Framework (AI RMF 1.0)", January 2023, . [GDPR] European Parliament and Council of the European Union, "Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data (General Data Protection Regulation)", 2016. Complete Header Index +===================+============+===========+=======+=============+ | Header | Namespace | Direction |Section| Conformance | +===================+============+===========+=======+=============+ | CRP-Accept- | Context | REQ |4.13 | Optional | | Quality | | | | | +-------------------+------------+-----------+-------+-------------+ | CRP-Accept-Risk | Safety | REQ |5.14 | Optional | +-------------------+------------+-----------+-------+-------------+ | CRP-Accept- | Context | REQ |4.14 | Optional | | Strategy | | | | | +-------------------+------------+-----------+-------+-------------+ | CRP-Agent- | Agent | BOTH |8.6 | Optional | | Dispatch-Strategy | | | | | +-------------------+------------+-----------+-------+-------------+ | CRP-Agent-Loop- | Agent | RES |8.2 | Recommended | | Depth | | | | | +-------------------+------------+-----------+-------+-------------+ | CRP-Agent-Phase | Agent | RES |8.1 | Conditional | +-------------------+------------+-----------+-------+-------------+ | CRP-Agent- | Agent | RES |8.7 | Optional | | Revision-Round | | | | | +-------------------+------------+-----------+-------+-------------+ | CRP-Agent-Safety- | Agent | BOTH |8.3 | Recommended | | Budget | | | | | +-------------------+------------+-----------+-------+-------------+ Vidiniotis Expires 25 November 2026 [Page 45] Internet-Draft CRP Headers May 2026 | CRP-Agent- | Agent | BOTH |8.5 | Optional | | Session-Parent | | | | | +-------------------+------------+-----------+-------+-------------+ | CRP-Agent-Tool- | Agent | RES |8.4 | Optional | | Calls | | | | | +-------------------+------------+-----------+-------+-------------+ | CRP-Compliance- | Compliance | RES |7.5 | Required* | | Audit-Trail-Id | | | | | +-------------------+------------+-----------+-------+-------------+ | CRP-Compliance- | Compliance | RES |7.6 | Recommended | | Audit-Trail-URI | | | | | +-------------------+------------+-----------+-------+-------------+ | CRP-Compliance- | Compliance | RES |7.8 | Optional | | Controls-Met | | | | | +-------------------+------------+-----------+-------+-------------+ | CRP-Compliance- | Compliance | BOTH |7.7 | Optional | | Data-Residency | | | | | +-------------------+------------+-----------+-------+-------------+ | CRP-Compliance- | Compliance | RES |7.1 | Recommended | | EU-AI-Act | | | | | +-------------------+------------+-----------+-------+-------------+ | CRP-Compliance- | Compliance | RES |7.3 | Recommended | | GDPR-PII | | | | | +-------------------+------------+-----------+-------+-------------+ | CRP-Compliance- | Compliance | RES |7.4 | Optional | | ISO-42001 | | | | | +-------------------+------------+-----------+-------+-------------+ | CRP-Compliance- | Compliance | RES |7.2 | Optional | | NIST-Tier | | | | | +-------------------+------------+-----------+-------+-------------+ | CRP-Context- | Context | REQ |— | — | | Acceptance | | | | | +-------------------+------------+-----------+-------+-------------+ | CRP-Context-Cache | Context | REQ |4.10 | Optional | +-------------------+------------+-----------+-------+-------------+ | CRP-Context- | Context | RES |4.11 | Optional | | Cache-Status | | | | | +-------------------+------------+-----------+-------+-------------+ | CRP-Context- | Context | BOTH |4.12 | Optional | | Continuation-Id | | | | | +-------------------+------------+-----------+-------+-------------+ | CRP-Context-ETag | Context | RES |4.8 | Recommended | +-------------------+------------+-----------+-------+-------------+ | CRP-Context- | Context | RES |4.4 | Optional | | Facts-Used | | | | | +-------------------+------------+-----------+-------+-------------+ | CRP-Context-If- | Context | REQ |4.9 | Optional | | Match | | | | | Vidiniotis Expires 25 November 2026 [Page 46] Internet-Draft CRP Headers May 2026 +-------------------+------------+-----------+-------+-------------+ | CRP-Context- | Context | RES |4.15 | Required | | Protocol-Version | | | | | +-------------------+------------+-----------+-------+-------------+ | CRP-Context- | Context | RES |4.1 | Recommended | | Quality-Tier | | | | | +-------------------+------------+-----------+-------+-------------+ | CRP-Context- | Context | RES |4.3 | Recommended | | Saturation | | | | | +-------------------+------------+-----------+-------+-------------+ | CRP-Context- | Context | BOTH |4.7 | Required | | Session-Id | | | | | +-------------------+------------+-----------+-------+-------------+ | CRP-Context- | Context | RES |4.6 | Recommended | | Strategy | | | | | +-------------------+------------+-----------+-------+-------------+ | CRP-Context- | Context | RES |4.5 | Optional | | Tokens-Used | | | | | +-------------------+------------+-----------+-------+-------------+ | CRP-Context- | Context | RES |4.2 | Recommended | | Window | | | | | +-------------------+------------+-----------+-------+-------------+ | CRP-LLM- | LLM | REQ |11.2 | Optional | | Grounding-Mode | | | | | +-------------------+------------+-----------+-------+-------------+ | CRP-LLM- | LLM | REQ |11.3 | Optional | | Reproducibility- | | | | | | Seed | | | | | +-------------------+------------+-----------+-------+-------------+ | CRP-Memory-CKF- | Memory | RES |9.3 | Optional | | Community | | | | | +-------------------+------------+-----------+-------+-------------+ | CRP-Memory-CKF- | Memory | RES |9.2 | Optional | | Hits | | | | | +-------------------+------------+-----------+-------+-------------+ | CRP-Memory- | Memory | RES |9.4 | Optional | | Knowledge-Age | | | | | +-------------------+------------+-----------+-------+-------------+ | CRP-Memory-Tier- | Memory | RES |9.1 | Optional | | Hit | | | | | +-------------------+------------+-----------+-------+-------------+ | CRP-Provenance- | Provenance | RES |6.6 | Recommended | | Attribution-Score | | | | | +-------------------+------------+-----------+-------+-------------+ | CRP-Provenance- | Provenance | RES |6.4 | Required* | | Chain-Integrity | | | | | +-------------------+------------+-----------+-------+-------------+ | CRP-Provenance- | Provenance | RES |6.5 | Optional | Vidiniotis Expires 25 November 2026 [Page 47] Internet-Draft CRP Headers May 2026 | Claim-Count | | | | | +-------------------+------------+-----------+-------+-------------+ | CRP-Provenance- | Provenance | RES |6.3 | Optional | | DAG-Root | | | | | +-------------------+------------+-----------+-------+-------------+ | CRP-Provenance- | Provenance | RES |6.7 | Recommended | | Fidelity-Score | | | | | +-------------------+------------+-----------+-------+-------------+ | CRP-Provenance- | Provenance | RES |6.1 | Required* | | HMAC | | | | | +-------------------+------------+-----------+-------+-------------+ | CRP-Provenance- | Provenance | RES |6.8 | Recommended | | Report-URI | | | | | +-------------------+------------+-----------+-------+-------------+ | CRP-Provenance- | Provenance | RES |6.2 | Recommended | | Window-HMAC | | | | | +-------------------+------------+-----------+-------+-------------+ | CRP-Provenance- | Provenance | RES |6.9 | Optional | | Window-Lineage | | | | | +-------------------+------------+-----------+-------+-------------+ | CRP-Safety- | Safety | RES |5.3 | Recommended | | Attribution | | | | | +-------------------+------------+-----------+-------+-------------+ | CRP-Safety- | Safety | RES |5.7 | Optional | | Contradictions | | | | | +-------------------+------------+-----------+-------+-------------+ | CRP-Safety- | Safety | RES |5.6 | Recommended | | Distortions | | | | | +-------------------+------------+-----------+-------+-------------+ | CRP-Safety- | Safety | RES |5.9 | Recommended | | Entailment-Score | | | | | +-------------------+------------+-----------+-------+-------------+ | CRP-Safety- | Safety | RES |5.5 | Recommended | | Fabrications | | | | | +-------------------+------------+-----------+-------+-------------+ | CRP-Safety- | Safety | RES |5.4 | Recommended | | Grounding-Pct | | | | | +-------------------+------------+-----------+-------+-------------+ | CRP-Safety- | Safety | RES |5.1 | Required* | | Hallucination- | | | | | | Risk | | | | | +-------------------+------------+-----------+-------+-------------+ | CRP-Safety- | Safety | RES |5.2 | Recommended | | Hallucination- | | | | | | Score | | | | | +-------------------+------------+-----------+-------+-------------+ | CRP-Safety-Mode | Safety | REQ |5.11 | Optional | +-------------------+------------+-----------+-------+-------------+ Vidiniotis Expires 25 November 2026 [Page 48] Internet-Draft CRP Headers May 2026 | CRP-Safety-Nonce | Safety | BOTH |5.16 | Optional | +-------------------+------------+-----------+-------+-------------+ | CRP-Safety- | Safety | RES |5.8 | Optional | | Omissions | | | | | +-------------------+------------+-----------+-------+-------------+ | CRP-Safety- | Safety | BOTH |5.10 | Recommended | | Oversight-Mode | | | | | +-------------------+------------+-----------+-------+-------------+ | CRP-Safety-Policy | Safety | REQ |5.12 | Recommended | +-------------------+------------+-----------+-------+-------------+ | CRP-Safety- | Safety | REQ |5.13 | Optional | | Report-URI | | | | | +-------------------+------------+-----------+-------+-------------+ | CRP-Safety-Retry- | Safety | RES |5.15 | Conditional | | After | | | | | +-------------------+------------+-----------+-------+-------------+ | CRP-Session-Token | Session | REQ |10.2 | Recommended | +-------------------+------------+-----------+-------+-------------+ | CRP-Set-Session | Session | RES |10.1 | Required* | +-------------------+------------+-----------+-------+-------------+ Table 14 _* Required for CRP-Standard and CRP-Full conformance._ _Copyright © 2025–2026 AutoCyber AI Pty Ltd. This specification text is licensed under Creative Commons Attribution 4.0 International (CC BY 4.0). The CRP™ name, CRP Comply™, CRP Gateway™, and CRP Visualise™ are trademarks of AutoCyber AI Pty Ltd. Implementation of this specification does not grant any trademark licence._ Author's Address Constantinos Vidiniotis AutoCyber AI Pty Ltd Australia Email: contact@crprotocol.io URI: https://crprotocol.io Vidiniotis Expires 25 November 2026 [Page 49]