codokey / docs /protocol.mdREFERENCE MODEL v1.0
+6 layers−0 ambiguity
The Codokey Protocol
Six layers.
Zero ambiguity.
When AI can write, modify, and deploy code — the most valuable layer is no longer the code alone. It is the key that governs what the code can access, expose, change, and release.
The Codokey Protocol is a vendor-agnostic reference model for AI Code Access Governance. It applies today to Copilot, Cursor, Claude Code, and any agent that will exist tomorrow. Grounded in the Codokey Charter.
The Codokey Protocol is a vendor-agnostic reference model for AI Code Access Governance. It applies today to Copilot, Cursor, Claude Code, and any agent that will exist tomorrow. Grounded in the Codokey Charter.
01
Code Origin
Provenance LayerWho authored this code? Human, AI, or hybrid authorship each carries a different governance weight. The answer determines the review obligation before merge.
→Was this written by a human, an AI agent, or a hybrid workflow?
→Is AI authorship documented in the commit or PR metadata?
→Does policy require human review for AI-generated code?
02
Key Exposure
Secrets LayerDoes this code touch secrets, tokens, credentials, or signing keys? Every path to a secret is a governance decision. See the secrets boundary reference for eight secret classes.
→Does the code read or reference environment variables?
→Are API keys, access tokens, or SSH keys in scope?
→Could the AI agent see secrets during its session?
03
Agent Authority
Permission LayerWhat is the AI agent permitted to read, change, or execute? Undefined authority is a security gap. See agent permissions for five agent classes and forbidden zones.
→What repository scope does the agent have?
→Can the agent push to branches or create PRs?
→Is the agent connected to external systems via MCP?
04
Review Boundary
Human Gate LayerWhere must a human intervene before code proceeds? Without explicit gates, AI agents create invisible paths from generation to merge. The review boundary is the minimum accountability structure.
→Is human review required before merging AI-generated PRs?
→Is there a mandatory review step for code touching secrets?
→Are review requirements documented in governance policy?
05
Deployment Control
Authority LayerCan this code reach production? Who holds the deployment key, and under what conditions? Automation and autonomy are different things. No agent deploys to production without a human authorization gate.
→Is automated deployment gated by secret scanning?
→Can an AI-generated change deploy without human approval?
→Are production credentials separated from development environments?
06
Audit Memory
Accountability LayerCan you reconstruct what happened, who authorized it, and what was exposed? Audit trails are governance proof. A breach without audit memory is a non-traceable breach — the worst outcome for organizational accountability.
→Are AI agent actions logged with timestamps and scope?
→Can you trace which agent accessed which repository and when?
→Is there a record of what secrets were in scope during agent sessions?