AGP for Your Audience

Right now, somewhere in your organisation, an AI agent is taking a consequential action. And if it goes wrong, your first call will be from Legal — asking for an audit trail that doesn't exist.

AI agents don't come with liability insurance. They execute instructions. Approve payments. Send communications. Modify records. And when a regulator, auditor, or plaintiff asks "who authorised this?" — today's answer is a log file and a guess. That is not a defensible position under the EU AI Act, FCA guidance, or SEC enforcement.

AGP is the governance protocol that makes every agent action auditable by design. Before an agent executes anything consequential, it must register intent, present a signed authority token, and pass a deterministic policy check. Every step — approval, denial, escalation — is logged immutably and cryptographically linked. You don't reconstruct what happened. You replay it.

When the whistleblower claim arrives — and in a regulated industry, it will — your position is not "we had controls." Your position is "here is the signed, timestamped, policy-evaluated record of every agent action, including the ones we blocked." AGP produces that record automatically. Your legal team will thank you.

AGP. The Purple Line between your AI estate and your next regulatory examination. Open protocol. Production-ready today.

Every AI agent architecture problem you face comes down to this: there is no protocol-layer enforcement boundary between an agent's intent and its side effects. You're duct-taping guardrails onto a system that has no structural concept of "no."

AGP enforces a clean three-domain separation. Registry owns identity and authority — tasks, capability tokens, liability bindings, skill registrations, revocations. Decision owns risk and policy — OPA evaluation, evidence bundles, impact assessment, human approvals, escalation routing. Execution is the gate — it validates all prerequisite artifacts before permitting any consequential action. Each domain has its own API surface, authorization scope, and durability contract. None has visibility into the others' internals.

The execution layer has no default-permit path. If a capability token is revoked, policy returns deny, or an approval artifact is missing — the action envelope is rejected with a 403 and a structured error payload. This is encoded in the protocol. It is not a configuration flag. It cannot drift. Your security posture is a structural invariant, not an operational assumption.

AGP is protocol-neutral. The MCP binding maps tool calls to capability scopes automatically. The A2A binding supports sub-token delegation across orchestrator–worker graphs. JSON Schema 2020-12 for all objects. OpenAPI 3.1 for all three domain APIs. Plug into your existing stack — gateway, sidecar, or direct integration.

Three domains. One protocol. Zero implicit trust. Open specification, reference implementation included.

You're building agents. You're calling APIs. Someone just told you to "add governance." Here's how you actually do it — in ten lines of Python.

Two commands: pip install agp-sdk or npm install @agp-protocol/sdk. Both SDKs handle OAuth 2.0 client credentials automatically — pass a client ID and secret, the SDK manages token refresh. Zero auth boilerplate.

The core primitive is the Action Envelope. Before any consequential action executes, your agent assembles an envelope: task ID, capability token, policy decision, and — if required by policy — a human approval artifact. Submit it to the execution layer. If all artifacts are present and valid, you get a 201 with a signed receipt and an immutable ledger entry. If anything is missing or revoked, you get a 403 with a structured error. No silent failures. No ambiguity.

The full governance lifecycle is four calls: create a task, attach a capability, run a policy evaluation, submit the envelope. The SDK wraps all of this. The entire flow — including the $125k payment scenario from the homepage — is ten lines.

Already using MCP tools? The AGP MCP server binding intercepts tool calls and wraps them in the full governance pipeline automatically. Zero refactoring of your existing tool definitions. Every tool call becomes a governed, auditable action envelope.

Install. Declare. Prove. Execute. Governance that works the way your code already does.