Project Charter
Project Charter
A standard outlives the people who start it only if its rules are written down. This charter sets out what ATR is, what it is not, how decisions are made, and how the Technical Steering Committee is seated — the commitments that hold regardless of who maintains the project.
Mission
ATR exists to give the AI-agent security community a single shared format for declaring, exchanging, and evaluating detection rules — so that a defender in one organization can build on a rule written by a defender in another, in another country, without anyone re-inventing the rule format. A shared format is infrastructure, not a product: it belongs to no vendor and answers to the community that maintains it.
Scope
In scope
In scope: the rule format, the reference engine, the rule schema, conformance levels, and the cross-framework mappings (OWASP, MITRE ATLAS, NIST AI RMF, SAFE-MCP).
Out of scope
Out of scope: vendor-specific tooling, commercial integrations, runtime enforcement policy, and incident response coordination. These are the work of downstream implementers, and the standard stays deliberately narrow so that any of them can build on it without inheriting someone else's product decisions.
Governance
ATR is governed today by a single lead maintainer (BDFL), with a Technical Steering Committee being stood up to take that role. Concentrating authority in one maintainer is a phase, not the design: the transition criteria and the TSC seating process are written down in advance — in GOVERNANCE.md and docs/BDFL-charter.md — precisely so the move to shared governance happens by rule, not by accident.
The full governance charter, maintainer role definitions, decision-escalation flow, and the BDFL → TSC transition timeline are normatively defined in GOVERNANCE.md ↗.
Intellectual Property
ATR is released under the MIT License — permanently, with no path to relicensing the published standard. All contributions are MIT-licensed by submission; there is no CLA to sign and no rights to assign. Anyone may adopt, extend, or fork the rules, including vendors who compete with one another. The DOI for citation is 10.5281/zenodo.19178002.
Decision-Making
The TSC is being seated. The procedures below are defined ahead of that and take effect once the transition criteria in GOVERNANCE.md are met; until then the lead maintainer (BDFL) acts in this role — the procedures are written first precisely so that no single maintainer's judgment is the standard's only safeguard.
Spec-level changes go through the RFC process: anyone may open an RFC issue or PR describing the proposal, the maintainer labels it as RFC, and a public discussion window opens — typically fourteen days, extended to thirty for complex proposals. After discussion closes, decisions are reached by consensus where possible and by maintainer call where not. Engine-level fixes, documentation edits, and new rule submissions do not require the RFC process and follow the standard PR flow.
The threshold for adoption is rough consensus from active contributors — no sustained, unresolved objections from substantive contributors (definition in GOVERNANCE.md) within the public discussion window. Until the TSC is seated, the BDFL retains final call on every RFC and commits to publicly recording the rationale for each call inline on the RFC thread.
Full procedure: GOVERNANCE.md ↗.
TSC Seating Criteria
The TSC is being seated. The criteria below are defined ahead of that and take effect once the transition criteria in GOVERNANCE.md are met; until then the lead maintainer (BDFL) acts in this role. Writing the criteria before the committee exists means that, once seated, it inherits a defined process rather than improvising one.
All four criteria below MUST be satisfied to be eligible for nomination to the ATR Technical Steering Committee. Nominations are made via pull request to GOVERNANCE.md and are subject to public review under the RFC process.
- Criterion 1. Demonstrated technical contribution to ATR — rules merged, engine work, benchmark work, or schema work — within the past twelve months.
- Criterion 2. Public maintainer of an ATR implementer organization or a downstream library that ships ATR in production.
- Criterion 3. Endorsement from the current maintainer plus one external implementer (the implementer MUST come from a different organization than the candidate).
- Criterion 4. Commitment to attend bi-monthly TSC calls and to respond to charter-level decisions within seven days.
TSC seating does not require the candidate's organization to be an implementer. Academic affiliates, independent researchers, and government researchers are eligible if the four criteria are met.