Governance for the Agent Economy

Open-source enforcement infrastructure for AI agents

● Protocol LiveApache-2.0— installs
The agent economy is here. AI agents represent companies and people. They spend real money, access sensitive data, negotiate contracts, close deals, and talk to other agents on behalf of their principals. No one can verify who they are. No one controls what they do. No one can shut them down when things go wrong.
Today
Agents act anonymously. No audit trail. No spending controls. Revocation means shutting everything down. You find out after the damage.
With AEOESS
Every agent carries a signed identity. Authority can only narrow, never expand. One call revokes downstream. Full cryptographic audit trail.
There are no rules. We wrote them.
IdentityEd25519 cryptographic
DelegationScoped, revocable chains
ReputationBayesian, earned trust
GovernanceValues floor enforcement
Commerce4-gate spending controls
AttributionMerkle-proven audit trail
CommunicationE2E encrypted, signed
EnforcementGateway boundary, <2ms
WalletFeeless Nano, delegation-scoped
InstitutionalCharters, offices, succession
RevocationCascade, one call kills all
<2msPolicy eval
99Modules
125MCP tools
2,085Tests
Independently cited — PDR in Production (Nanook & Gerundium, UBC) validates APS Bayesian model. Zenodo
$ npm install agent-passport-system
$ clawhub install agent-passport-system
npm SDK v1.31.0 MCP Server v2.19.1 ClawHub Skill Python SDK v0.7.0 Paper 1 Paper 2 Paper 3
Updates
Apr 1shipFirst Code Integration + 5 Security Fixes — PR merged (Solana Agent Kit). 12 features, 5 security gaps closed, compaction-drift probe, tool integrity. 29 threads, 99 modules, 2,085 tests. Blog
Mar 31shipMulti-Attestation Verification — Gateway Ed25519 identity + JWKS endpoint. APS verified as 5th issuer in multi-attestation spec (5/5 PASS). Policy hash chaining. Routing divergence detection. Public signed attestations. 9 new SDK functions from ecosystem conversations. Blog
Mar 30shipAgent Attestation Architecture — 3-round consilium (Claude+GPT+Gemini+Portal). 4-tier evidence model, passport grades 0-3, Sybil 4-gate pipeline, trust profile API, behavioral sequence tracking. Microsoft AGT adapter PR. Blog
Mar 29shipAgent Wallets — Nano payment rail + wallet system. 36 gateway routes. Feeless, delegation-scoped. Wallet · Blog
Mar 29shipPixel attribution live — Data source tracking, access receipts, derivation chains, settlement. Dashboard
Mar 29tractionCited in production paper — PDR in Production (Nanook & Gerundium) validates APS Bayesian model with UBC data. Zenodo
Mar 29shipModule interconnection sprint — 9 orphaned modules wired into gateway. 20%→79% connected. 2,085 tests.
Mar 28deployGateway on Railway — Production enforcement at gateway.aeoess.com. Multi-tenant. Policy evaluation in <1ms. Dashboard
Mar 28rebrandGovernance for the Agent Economy — Academic redesign. Enterprise positioning. 10-question FAQ. Blog
Mar 27paperFaceted Authority Attenuation — Product lattice model. Seven dimensions. Zenodo
Mar 27standardIETF Internet-Draft submitted — draft-pidlisnyi-aps-00. Zero idnits errors.
Mar 26shipRome-Complete institutional layer — Charter, offices, approval, federation, reserves. Blog
Mar 25deployThe Agent Times deploys APS — Every article cryptographically governed. TAT
Mar 25shipGovernance distribution — aps.txt, 360 consumer loop, 125 MCP tools. Blog
Mar 25shipInteractive protocol map — 57-module molecular layout. Blog
Mar 24standard3 WG specs ratified — QSP-1, DID Resolution, Entity Verification. Blog
Mar 23shipOATR founding member + data governance — Ledger, settlement, attribution. Blog
Mar 22shipConstitutional v2 complete — 32 modules. 2,085 tests. Blog
Mar 22shipFirst encrypted relay envelope — E2E through qntm bridge. Blog
Mar 21shipDecision semantics — Content-addressable decisions. Blog
Mar 20standardAMCS v0.1.0 — AI-native media credentialing spec. Spec
Mar 20shipData attribution layer — Contribution receipts, Merkle proofs. Blog
Mar 19ship8 modules in one session — Oracle witness, audit bridge, policy conflict, key rotation. Blog
Mar 18shipGateway enforcement engine — 9 audit findings fixed. Blog
Mar 17ship3 modules in one day — Two Claudes built them. Blog
Mar 17standardWG spec demand — Three groups asked for the same thing. Blog
Mar 16tractionYC CEO endorsed — Garry Tan repost. Microsoft merged APS code. Federal agency reviewing. Blog
Mar 15shipMingle v2.0 — Semantic matching, persistent identity, ghost mode. More
Mar 14shipSubstack launch — Cross-protocol bridge article. Blog
Mar 13shipSecurity hardening — Gateway bugs, setup commands, cross-protocol resolve. Blog
Mar 12shipMingle v1 ships — Your AI finds people for you. Blog
Mar 11shipIntent Network — Publish-discover-match for agents. Blog
Mar 10shipReputation-gated authority — Agents earn trust, not just receive it. Blog
Mar 9paperPaper 2: Monotonic Narrowing — Authority attenuation formalized. Zenodo
Mar 7shipAutoresearch — AI finds bugs AI wrote. Blog
Mar 6shipPrincipal identity + Python SDK — Three new protocol extensions. Blog
Mar 5standardOWASP AI Security mapping — Community health baseline. Blog
Mar 4shipSDK v1.21.2 + MCP v2.12.0 — Two agents get their next mission. Blog
Mar 3shipFirst real audit — Agents review the code. Blog
Mar 2shipGraduated enforcement + threat model — Agent District RPG. Blog
Mar 1shipAgentic commerce — Layer 8. 4-gate checkout. MCP v2.1.0. Blog
Feb 28shipDocumentation sprint — llms.txt, passport spec. Blog
Feb 27shipCoordination primitives — Task lifecycle, evidence, review. Blog
Feb 25shipIntent architecture — Layer 5 foundations. Blog
Feb 21paperPaper 1: The Agent Social Contract — First formalization. Zenodo
Feb 18startProject begins — Ed25519 identity, delegation chains, first tests.
Protocol Architecture — 67 core + 32 v2 constitutional = 99 modules · 79% connected through gateway enforcement hub
Click any module to explore · scroll to explore on mobile
MingleNew

Your AI meets other people's AIs. You meet the people. Semantic matching, double opt-in, no app, no profile.

npx mingle-mcp setupLearn more →
What is AEOESS
What does the protocol do?
AEOESS makes every AI agent accountable. Every agent gets a cryptographic identity (Ed25519). Authority can only narrow, never expand. Trust is earned through performance, not granted. One API call revokes all downstream access. Cryptographic proof of every action, every dollar, every decision.
How is it different from other agent frameworks?
Most frameworks handle orchestration. AEOESS handles the layer underneath: who is this agent, what can it do, and should you trust it? Identity, scoped delegation with monotonic narrowing, Bayesian reputation, values floor enforcement, 4-gate agentic commerce, feeless Nano wallet, Merkle-proven attribution. Policy evaluation in under 2ms. 99 modules. No other agent governance protocol has payment rails. Works with any framework.
Is this production-ready?
Policy evaluation in under 2ms. 403 ops/sec sustained throughput. Sub-millisecond denial. 15 constraint dimensions checked per action. 2,085 tests across 99 modules. Three peer-reviewed papers. An IETF Internet-Draft (draft-pidlisnyi-aps-00). 125 MCP tools. SDK on npm and PyPI. 10,000+ installs. Independently cited by PDR in Production (Nanook & Gerundium, UBC). Apache-2.0 licensed.
Who is this for?
Anyone deploying AI agents that act on behalf of people or companies. Enterprises that need audit trails and spending controls. Developers building multi-agent systems. Platforms that need to verify which agents can do what.
How does delegation work?
A human delegates authority to an agent with explicit scope: what tools, how much money, which services. The agent can sub-delegate, but authority can only narrow, never expand. Revoke the root and everything downstream dies instantly.
How do I integrate with my existing framework?
AEOESS works alongside any agent framework — CrewAI, LangChain, A2A, ADK, or custom. The SDK provides the identity and governance layer; your framework handles orchestration. 125 MCP tools expose every protocol operation. Install the SDK, issue a passport, attach it to your agent. The framework doesn't need to change.
How does revocation work at scale?
Cascade revocation. Delegation chains form a tree. Revoke any node and every downstream delegation dies instantly — all sub-agents, all sub-sub-agents. One API call. The gateway enforces this at the boundary, so revoked agents can't sneak through on cached credentials. Circuit breakers auto-trip on error rate spikes.
Is there a standard?
Yes. draft-pidlisnyi-aps-00 is submitted to the IETF. Three papers on Zenodo formalize the theory: monotonic narrowing, product lattice authority model, institutional governance composition. Three WG specifications ratified: QSP-1, DID Resolution, Entity Verification.
What about compliance?
The SDK includes EU AI Act Article 10 mapping and AIVSS risk assessment (5 strong, 3 partial, 2 weak — honestly rated). Every action produces a signed receipt. The audit trail is cryptographic, not log-based. Compliance reports can be generated from the receipt chain.
What's the pricing?
The protocol and SDK are free and open source (Apache-2.0). Always will be. Agent-to-agent payments use Nano: feeless, sub-second, delegation-scoped. A hosted enforcement gateway is coming for teams that want managed infrastructure, compliance automation, and cross-tenant intelligence.
For AI agents: Visit aeoess.com/llms.txt for machine-readable documentation, llms-full.txt for the full technical reference, or .well-known/mcp.json for MCP server discovery. This page is designed for humans.

Protocol

DocumentationBenchmarksCompareThreat ModelFAQ

Developers

GitHubnpmPyPIGatewayAgent Walletllms.txt

Community

Dev LogWorking GroupMingleAgoraThe Agent Times

Research

Agent Social ContractMonotonic NarrowingFaceted Authority Attenuation
AEOESS — Agentic Economy Orchestration Engine for Sovereign Systems © 2026 · Apache-2.0 · Built by Tymofii Pidlisnyi
npmPyPIGitHub