AGP for Every Audience

Your AI agents are making decisions right now. High-stakes decisions. And there is nothing structurally preventing them from acting on a dangerous instruction.

Every AI agent that can take action is a liability — not because the AI is malicious, but because there is no protocol-layer enforcement preventing it from acting outside its mandate. When something goes wrong, you have no audit trail, no proof of authority, and no clear accountability chain. That is a regulatory and legal exposure you cannot afford.

AGP is the governance protocol that puts a verifiable, deterministic boundary between every agent action and the real world. Before an agent can execute anything consequential — a payment, a communication, a data change — it must declare intent, prove authority, and pass a policy check. Every step is logged immutably. Every denial is evidence. Every approval is a signed artifact.

Regulators are watching. The EU AI Act, emerging US federal frameworks, and your auditors will demand demonstrable AI governance. AGP lets you demonstrate governance — not just assert it. It is the difference between "we have AI policies" and "here is the signed, timestamped, cryptographically verifiable record of every agent action we have ever taken."

AGP. The Purple Line between your agents and liability. Open specification. Production-ready today.

Every architecture problem you have with AI agents comes down to one thing: there's no protocol-layer enforcement boundary between an agent's intent and its side effects.

AGP enforces a clean separation across three independent trust domains. Registry handles identity and authority — tasks, capability tokens, liability bindings, delegations, revocations. Decision handles risk and policy — OPA-based evaluation, evidence bundles, impact assessment, human approvals, escalations. Execution is the gate — it validates all prerequisite artifacts before permitting any consequential action. No domain has visibility into the others' internals. Each has its own API surface and authorization scope.

The execution layer is fail-closed by design. There is no default-permit path. If a capability token is revoked, if policy returns deny, if the approval artifact is missing — the action envelope is rejected with a 403. This is a structural guarantee encoded in the protocol, not a configuration choice that can drift.

AGP is protocol-neutral. The first-class MCP binding maps Model Context Protocol tool calls directly to AGP capability scopes. Every tool call becomes an auditable action envelope. Your existing MCP servers get governance without re-architecture.

Three domains. One protocol. Zero implicit trust. Open specification, open source.

You're building agents. You're calling APIs. You need governance. Here's how fast you can add it.

Two commands: pip install agp-sdk or npm install @agp-protocol/sdk. Both SDKs handle OAuth 2.0 client credentials automatically — pass a client ID and secret, the SDK manages token refresh. No auth boilerplate.

The core primitive is the Action Envelope. Before any consequential action executes, your agent assembles an envelope: task ID, capability token, policy decision, and — if required — a human approval artifact. Submit it to the execution layer. If all artifacts are valid, you get a 201 with a signed receipt and an immutable ledger entry. If anything is missing or revoked, you get a 403 and a clear, structured error.

The full governance flow is four API calls: create a task, attach a capability, run a policy evaluation, submit the envelope. The SDK wraps all of this. The whole flow is ten lines of Python.

Using MCP tools? The AGP MCP server binding intercepts tool calls and wraps them in the governance pipeline automatically. Zero refactoring of your existing tool definitions required.

Governance that works the way your code already does. Install. Declare. Prove. Execute.