Persona Explainers

Liability Insurance for the AI Age

For CROs, General Counsel, and compliance leads evaluating AI governance posture and regulatory exposure. Frames AGP as operational risk infrastructure — not a developer tool.

Focus areas: Liability Reduction · Regulatory Whistleblowing Defense · Accountability Chain · EU AI Act · Audit-Ready Evidence

Hook

Right now, somewhere in your organisation, an AI agent is taking a consequential action. And if it goes wrong, your first call will be from Legal — asking for an audit trail that doesn't exist.

The Liability Problem

AI agents don't come with liability insurance. They execute instructions. Approve payments. Send communications. Modify records. And when a regulator, auditor, or plaintiff asks "who authorised this?" — today's answer is a log file and a guess. That is not a defensible position under the EU AI Act, FCA guidance, or SEC enforcement.

AGP as Risk Infrastructure

AGP is the governance protocol that makes every agent action auditable by design. Before an agent executes anything consequential, it must register intent, present a signed authority token, and pass a deterministic policy check. Every step — approval, denial, escalation — is logged immutably and cryptographically linked. You don't reconstruct what happened. You replay it.

Regulatory Whistleblowing Defense

When the whistleblower claim arrives — and in a regulated industry, it will — your position is not "we had controls." Your position is "here is the signed, timestamped, policy-evaluated record of every agent action, including the ones we blocked." AGP produces that record automatically. Your legal team will thank you.

Close

AGP. The Purple Line between your AI estate and your next regulatory examination. Open protocol. Production-ready today.

Key Points

• Every agent action — approved or denied — is logged immutably to a cryptographically chained audit ledger
• Accountability chain: every action maps to a named human principal via signed Capability Tokens, not just agent IDs
• Regulatory evidence bundle: task, capability, policy decision, and human approval are co-located artifacts — not reconstructed from logs
• Token revocation is instant — a compromised or over-delegated agent's authority is terminated in a single API call
• EU AI Act alignment: OPA/Rego policy engine, impact assessment, and escalation pathway map directly to Article 9 risk management requirements
• Fail-closed by design — AGP does not default to permit; agents cannot execute without satisfying every prerequisite

Separation of Concerns & The Fail-Closed Gate

For solution architects, security engineers, and platform leads evaluating the trust model, domain boundaries, and integration surface area.

Focus areas: Separation of Concerns · Fail-Closed Gate · Three Trust Domains · OPA / Rego Policies · MCP Interoperability · Zero Implicit Trust

Hook

Every AI agent architecture problem you face comes down to this: there is no protocol-layer enforcement boundary between an agent's intent and its side effects. You're duct-taping guardrails onto a system that has no structural concept of "no."

Separation of Concerns

AGP enforces a clean three-domain separation. Registry owns identity and authority — tasks, capability tokens, liability bindings, skill registrations, revocations. Decision owns risk and policy — OPA evaluation, evidence bundles, impact assessment, human approvals, escalation routing. Execution is the gate — it validates all prerequisite artifacts before permitting any consequential action. Each domain has its own API surface, authorization scope, and durability contract. None has visibility into the others' internals.

The Fail-Closed Gate

The execution layer has no default-permit path. If a capability token is revoked, policy returns deny, or an approval artifact is missing — the action envelope is rejected with a 403 and a structured error payload. This is encoded in the protocol. It is not a configuration flag. It cannot drift. Your security posture is a structural invariant, not an operational assumption.

Interoperability

AGP is protocol-neutral. The MCP binding maps tool calls to capability scopes automatically. The A2A binding supports sub-token delegation across orchestrator-worker graphs. JSON Schema 2020-12 for all objects. OpenAPI 3.1 for all three domain APIs. Plug into your existing stack — gateway, sidecar, or direct integration.

Close

Three domains. One protocol. Zero implicit trust. Open specification, reference implementation included.

Key Points

• Registry, Decision, Execution: three independently deployable domains with their own API surfaces and scope sets
• Fail-closed execution gate — no permit-by-default, no side-channel bypass path from outside the server
• OPA/Rego policy engine — bring your own policies or deploy the included EU AI Act suite
• MCP binding: tool calls mapped to capability scopes, zero refactoring of existing MCP server definitions
• A2A: sub-token delegation with scoped inheritance and cascade revocation across agent graphs
• JSON Schema 2020-12 + OpenAPI 3.1 across all objects and APIs — deterministic validation, no runtime ambiguity
• FastAPI reference server + 200+ conformance tests — verify any implementation against the full spec

The Action Envelope & SDK Simplicity

For backend engineers, ML engineers, and AI agent developers who want governance integrated without rebuilding their agent architecture.

Focus areas: Action Envelope · Python SDK · TypeScript SDK · Four API Calls · MCP Integration · Fail-Closed by Default

Hook

You're building agents. You're calling APIs. Someone just told you to "add governance." Here's how you actually do it — in ten lines of Python.

Install

Two commands: pip install agp-sdk or npm install @agp-protocol/sdk. Both SDKs handle OAuth 2.0 client credentials automatically — pass a client ID and secret, the SDK manages token refresh. Zero auth boilerplate.

The Action Envelope

The core primitive is the Action Envelope. Before any consequential action executes, your agent assembles an envelope: task ID, capability token, policy decision, and — if required by policy — a human approval artifact. Submit it to the execution layer. If all artifacts are present and valid, you get a 201 with a signed receipt and an immutable ledger entry. If anything is missing or revoked, you get a 403 with a structured error. No silent failures. No ambiguity.

Four Calls. Done.

The full governance lifecycle is four calls: create a task, attach a capability, run a policy evaluation, submit the envelope. The SDK wraps all of this. The entire flow — including the $125k payment scenario from the homepage — is ten lines.

MCP

Already using MCP tools? The AGP MCP server binding intercepts tool calls and wraps them in the full governance pipeline automatically. Zero refactoring of your existing tool definitions. Every tool call becomes a governed, auditable action envelope.

Close

Install. Declare. Prove. Execute. Governance that works the way your code already does.

Key Points

• pip install agp-sdk / npm install @agp-protocol/sdk — OAuth 2.0 client credentials handled automatically
• Four API calls for the full governance lifecycle: task → capability → policy evaluation → action envelope
• 201 on success: signed receipt + immutable ledger entry returned in the response body
• 403 on failure: structured error payload indicating exactly which artifact is missing or revoked
• MCP binding: intercepts tool calls and wraps them in the governance pipeline — no refactoring required
• Idempotency keys on every envelope — safe to retry without duplicate execution
• FastAPI reference server available for local development — docker compose up and you're running