appendix: add advisory guidance for agent safety gaps

[abbousaad]

Summary

• add two advisory practices to address the issue feat: Add AI agent security requirements (multi-turn jailbreak, tool-use safety, model behavioral stability) #35 gaps without changing the normative requirement set
• add APTS-SC-A03 for tool invocation parameter and chaining governance
• add APTS-MR-A01 for multi-turn adversarial conversation resilience

Notes

• this follows the maintainer direction to introduce new ideas as advisory-first rather than as new normative requirements in v0.1.0
• the draft keeps the overlap boundaries explicit:
  • APTS-MR-A01 extends the gap around multi-turn manipulation without replacing APTS-MR-023, which remains the containment requirement
  • APTS-SC-A03 extends APTS-SC-020 at parameter and sequence level rather than restating the external allowlist requirement
• I intentionally did not include the behavioral-drift proposal in this first PR because APTS-AR-019 already covers model change tracking and drift detection heavily, and I wanted to avoid overlap until a narrower addition is justified

Additional updates

• update advisory-practice counts from 13 to 15 where the appendix total is explicitly stated
• correct the SC domain advisory reference so it reflects the existing SC advisory entries plus the new one

Closes #35.

[jinsonvarghese]

Hi @abbousaad, thanks for this. The two advisory practices are well-written and address real gaps from issue #35. A few things need fixing before this can merge, because this branch is behind main and several changes conflict with what's already there.

1. APTS-MR-A01 ID collision
Main already has APTS-MR-A01 defined as "Goal Misgeneralization and Emergent Misalignment Evaluation Suite" and APTS-MR-A02 as "Sandbagging Detection and Behavioral Consistency Validation" (both merged via PR #49). The multi-turn adversarial resilience advisory needs to be renumbered to APTS-MR-A03.
2. Advisory count is stale
The branch updates the count from 13 to 15, but main is already at 16. With two new advisories the correct count is 18. This affects Frontispiece.md, Introduction.md, Getting_Started.md, standard/README.md, Glossary.md, Vendor_Evaluation_Guide.md, root README.md, and index.md.
3. Safety Controls domain README needs rebasing
The PR changes line 55 from "one appendix-only advisory requirement" to "three appendix-only advisory practices." The count of three SC advisories (A01, A02, A03) is correct, but this will conflict with main. The line also needs to list all three IDs.
4. Manipulation Resistance domain README conflicts with main
The PR adds a note about "one advisory practice (APTS-MR-A01)" but main already has two "See also" blocks for MR-A01 and MR-A02 in that file. After renumbering, this should reference MR-A03 and account for the existing entries.

I would recommend rebasing on current main to pick up the latest advisory state, then fixing the ID and counts.

[abbousaad]

Updated this PR to narrow it back to issue #35 only.

Changes in this update:

• removed the unrelated Multi-Agent Coordination appendix link additions from standard/README.md and standard/Getting_Started.md
• kept the rebased MR-A03 renumbering
• kept the advisory total at 18
• kept the SC and MR domain advisory-reference updates aligned with current main

The PR is now limited to the new advisory entries plus the count/reference updates they require.

[abbousaad]

Correction to my previous note: this update removes the unrelated Multi-Agent Coordination appendix link additions from standard/README.md and standard/Getting_Started.md. The PR now stays focused on issue #35: the new advisory entries, the MR-A03 renumbering, the advisory total update to 18, and the SC/MR advisory-reference updates aligned with current main.

[jinsonvarghese]

Great work @abbousaad! Verified the updated PR. All previously raised issues are resolved. Merging.