Protocol surface
The contract between capability hosts and the systems that call them.
CHP defines the operational boundary for governed AI capabilities: how they are declared, discovered, invoked, authorized, observed, and verified across independent implementations.
Manifests
Hosts declare identity, capabilities, versions, invocation modes, policy metadata, and evidence behavior before clients invoke anything.
Discovery
Agents and applications can reason about what a host offers, what is online, and which capability versions are compatible.
Invocation
Calls carry invocation identity, capability identity, mode, subject attributes, payload, correlation, and structured response semantics.
Lifecycle
Unknown hosts, stopped services, unavailable capabilities, disabled executors, and premature calls are explicit protocol states.
Permissions
Capabilities can require subject entitlements or policy approval before execution, returning denials as structured outcomes instead of ambiguous failures.
Evidence
Every execution attempt emits ordered, replayable evidence for audit, debugging, telemetry export, and compliance reporting.
Failure semantics
Public protocols need predictable failure.
CHP treats bad inputs and unsafe invocations as part of the protocol, not as incidental implementation details. Clients should be able to distinguish incompatibility, unavailability, denial, timeout, and host failure.
Malformed manifest
Unsupported protocol version
Unknown host
Unavailable capability
Unauthorized invocation
Lifecycle violation
Timeout
Structured host error
End-to-end contract
From declaration to replay.
01
Before invocation
HostDescriptor validation, version compatibility, host identity, mode support, and declared policy metadata.
02
During invocation
Correlation context, subject handling, payload validation, authorization, host timeout policy, and lifecycle checks.
03
After invocation
Structured response status, denial/error code, evidence emission, replay, and telemetry export.