AERO specification

Contents

1 Terminology
2 Layer contracts
3 Security & compliance
4 Reference implementations

The AERO Specification defines normative requirements for the four layers. Conformance terms MUST, SHOULD, and MAY follow RFC 2119 usage.

Terminology

Source: A typed input endpoint (e.g., S3, API, message topic).
Artifact: Versioned, immutable result of Enrich.
Decision Trace: Record of prompts, policies, models, outputs.
Run: Single execution instance with lineage and status.

Layer contracts

Layer	Inputs	Outputs	Contracts (MUST)
Acquire	Events, files, API calls	Raw payload + envelope	Include identity, tenancy, and source fingerprint. Immutable envelopes with timestamp and checksum. Backpressure + retry semantics.
Enrich	Acquire envelopes	Versioned artifacts	Validate schemas with explicit versioning. PII handling and redaction policies recorded. Deterministic IDs for lineage.
Reason	Artifacts + policies	Decision traces	Execute rules/agents with testable plans. Capture prompts, context, model params, and cost. Support replay under pinned versions.
Orchestrate	Decision traces	Actions + audit logs	Pre/post-conditions and rollbacks. Structured metrics and SLA signals. Append-only audit with signatures.

Security & compliance

All records MUST include tenant ID, actor ID, and purpose-of-use where applicable.
Secrets MUST NOT appear in traces; use vault pointers or hashes.
Controls SHOULD map to SOC 2, ISO 42001, and NIST AI RMF.

Reference implementations

Implementation-agnostic; common components include Kafka/SNS/SQS, S3/GCS, vector DBs, OPA/Cedar for policy, and Airflow/Temporal/Step Functions for orchestration.

AERO specification

Terminology

Layer contracts

Security & compliance

Reference implementations

Implement AERO in your org