Loading…
Loading…
AgentGP is an AI governance platform: a single place for approved prompts, policies, and governed tools, audit trail, lineage, and a living agent registry.
AgentGP is designed to fit seamlessly into your existing engineering workflow. Your AI agents and applications integrate via A2A, MCP, API, or Git.
validate_policy or get_lineage) without custom integration code./mcp.New: Understanding AgentGP
AgentGP can attach cryptographic governance proof (SHA-256 + Merkle/hash lineage) to governed executions, with verifiable records for audit and compliance workflows.
Read the guideEvery AI agent — regardless of topology (chatbot, ReAct, multi-agent, pipeline, mesh) — is made up of the same core building blocks: Prompts, Policies, Tools, Context, Memory, Model, Lineage, and Agent identity. AIGP defines these as governed resource types — each with its own AGRN (Agent Governance Resource Name) and dedicated event types. The format is extensible: implementations can define custom resource types without a spec change.
AgentGP captures cryptographic proof for every resource type as AIGP™ events. When an agent receives a prompt, invokes a tool, reads from memory, or loads a model — the governance hash proves the exact content at that moment. Multi-resource operations use Merkle tree hashing for per-resource verification. The full governance lineage is exportable as a W3C Verifiable Credential — proving to compliance officers, regulators, and risk teams that the right process was followed.
Multiple Worker Agents (e.g. Support Bot, Trading Bot, Finance Bot) call the AgentGP AI Governance Agent via A2A for prompts, policy validation, and audit. Below: an animated view of agents connecting to AgentGP, then the sequence of A2A calls.
Every asset in AgentGP follows a standardized naming convention called AIGP Resource Names (AGRN), inspired by URNs (Uniform Resource Names). AGRNs use a type.kebab-case-name format for consistent identification across APIs, SDKs, and audit logs.
| Resource | AGRN Format | Example |
|---|---|---|
| Agent | agent.{kebab-case-name} | agent.retail-banking-kyc-verification-bot |
| Policy | policy.{kebab-case-name} | policy.eu-refund-policy |
| Prompt | prompt.{kebab-case-name} | prompt.asia-pacific-fraud-detection-playbook |
agent., policy., prompt.) identifies the resource type.All Jinja2 template variables must use lowercase snake_case. The editor validates variable names in real time and shows warnings for non-compliant names.
| Valid (snake_case) | Invalid |
|---|---|
region | Region (uppercase) |
risk_tier | riskTier (camelCase) |
max_txn_per_hour | max-txn-per-hour (kebab-case) |
ctr_threshold | CTRThreshold (PascalCase) |
Note
policy_variables parameter. The validate-template endpoint returns variable_warnings for any variables that don't comply.Why agents have two name fields
agent_id AGRN (e.g. agent.retail-banking-kyc-verification-bot) and a human-readable name (e.g. "KYC Verification Bot"). Policies and prompts are authored governance assets where the AGRN is the name. This is the same pattern used by AWS (ARN vs display name), Kubernetes (metadata.name vs labels), and GitHub (username vs display name).AgentGP is a protocol-first AI Governance Agent. It does not act as a gateway or proxy. It follows a Registry & Observer pattern: Worker Agents register with AgentGP, then call it over the Google A2A protocol for prompts, policy validation, lineage, and audit.
| Term | Definition |
|---|---|
| Worker Agent | The external AI agent (e.g. customer support bot) that needs governed prompts, policies, and tools. |
| Governance Agent | AgentGP. The central authority for approved prompts, policies, tools, and audit. |
| The Handshake | The flow of registering, fetching a prompt, and validating policy before inference. |
Canonical flow from boot to inference and audit. The diagram below is rendered with Mermaid and shows the full handshake: check-in → get_prompt → validate_policy → inference → audit_log.
Agents must check in at boot by sending their manifest to AgentGP. Use the A2A skill register or POST /api/agents/ping. Unregistered agents should not get access to company data.
Prompts (behavior) – Fetched at runtime via get_prompt. Versioned and approval-controlled. Policies (knowledge) – Validated before use via validate_policy or get_approved_policy; AgentGP logs who pulled what (lineage). Tools (capabilities) – Governed external APIs, data stores, and code sandboxes with types, risk levels, kill-switch, and versioned configuration.
Governance requires all three: versioned prompts + access-controlled policies + governed tools, with a single audit trail.
Integrate AI governance into your agents in minutes. AgentGP provides official SDKs for the languages your team already uses — all with a unified interface so the experience is identical regardless of stack.
Three lines of code to connect any AI agent to governance:
All SDKs authenticate with an API key issued from the AgentGP dashboard. Pass it as api_key in the constructor or set AGENTGP_API_KEY as an environment variable. The key is sent as Authorization: Bearer <key> on every request and maps to a service account for audit attribution.
| Environment variable | Description |
|---|---|
| AGENTGP_URL | API base URL (your AgentGP instance) |
| AGENTGP_API_KEY | API key for authentication |
| AGENTGP_AGENT_ID | Default agent ID (avoids passing it on every call) |
Unified interface
get_policy, get_prompt, log_activity — with identical semantics. Switch languages without changing your governance integration pattern. Trace IDs are auto-generated if not provided.Every AI agent can maintain a agentgp.json file in its git repository. This manifest declares the agent's identity, governance metadata, and which prompts/policies it needs. On agent startup, it pings AgentGP to register and pull approved prompts and policies.
Governance approval
pending_approval status. A governance admin must approve the agent in the AgentGP UI before it can access restricted policies. This ensures only vetted agents operate in production.API base URL: The UI talks to the FastAPI backend. For local development use http://localhost:8000; in production use your company's AgentGP API URL. Set NEXT_PUBLIC_API_URL (client) and BACKEND_URL (server-side/SSR) so prompts and policies lists load correctly.
| Method | Endpoint | Description |
|---|---|---|
| GET | /api/health | Health check |
| GET | /api/inject?name=... | Inject policy (gated by agent_policies link) |
| GET | /api/prompts/pull?name=... | Pull prompt by name (gated by agent_prompts link) |
| GET | /api/policies | List policies |
| GET | /api/policies/:id | Get policy by ID |
| GET | /api/prompts | List prompts |
| GET | /api/prompts/:id | Get prompt by ID |
| GET | /api/agents | List agents |
| GET | /api/agents/:id | Get agent by ID |
| GET | /api/agents/:id/policies | List policies linked to agent |
| POST | /api/agents/:id/policies | Link policy to agent |
| GET | /api/agents/:id/prompts | List prompts linked to agent |
| POST | /api/agents/:id/prompts | Link prompt to agent |
| POST | /api/agents/:id/approve | Approve agent |
| POST | /api/agents/:id/reject | Reject agent |
| GET | /api/organizations | List organizations |
| POST | /api/organizations | Create organization |
| GET | /api/templates | List templates |
| GET | /a2a | A2A Agent Card (discovery) |
| POST | /a2a | A2A skill execution |
| GET | /api/lineage | Recent policy deliveries (lineage) |
All mutations and inject support optional audit headers (X-AgentGP-Agent-ID, X-AgentGP-Trace-ID) for lineage tracking.
Use the interactive Swagger UI to explore and test all endpoints. You can point it at http://localhost:8000 when running locally or at your deployed API URL (e.g. GCP Cloud Run) when testing in production.
AgentGP exposes a fully compliant MCP server at /mcp using the official mcp Python SDK with Streamable HTTP transport. Connect Claude Desktop, Cursor, Windsurf, VS Code Copilot, or any MCP-compatible client directly to AgentGP for governed access to prompts, policies, and audit lineage.
MCP is the open standard for connecting AI assistants to external tools and data sources. Instead of building custom integrations, any MCP client can connect to AgentGP and use its governance tools natively.
Architecture
AgentGP exposes 22 governance tools through MCP, organized by category:
| Tool | Description |
|---|---|
list_agents | List all registered agents, optionally filtered by org or approval status |
get_agent | Get detailed info about a specific agent by ID |
get_agent_policies | List all policies linked to a specific agent |
get_agent_prompts | List all prompts linked to a specific agent |
register_agent | Register a new agent with the governance platform |
| Tool | Description |
|---|---|
list_organizations | List all organizations |
get_organization | Get organization details by UUID or slug |
get_organization_tree | Get the full organization hierarchy tree |
| Tool | Description |
|---|---|
list_policies | List policy names available to your agent |
get_policy | Get approved policy content by name (agent must be linked) |
get_policy_by_id | Get policy details by UUID, including active version content |
get_policy_revisions | List all revisions (versions) of a policy |
| Tool | Description |
|---|---|
list_prompts | List prompts available to your agent |
get_prompt | Get approved prompt content by name (agent must be linked) |
get_prompt_by_id | Get prompt details by UUID, including all versions |
get_prompt_versions | List all versions of a prompt |
| Tool | Description |
|---|---|
get_lineage | Get recent policy delivery audit trail (successful deliveries) |
get_blocked_injections | Get blocked/denied policy loading attempts |
get_audit_log | Get the full A2A audit log (inject, prompt, inference events) |
| Tool | Description |
|---|---|
get_dashboard | Get aggregated dashboard data (counts, recent activity) |
get_reports | Get governance reports (risk, regulatory, compliance) |
| Tool | Description |
|---|---|
validate_policy | Validate policy content against governance rules |
Tools that access governed data require three parameters: api_key (your service account key), source_agent (your registered agent ID), and trace_id (unique trace identifier for audit logging).
Add to your Claude Desktop config file (~/Library/Application Support/Claude/claude_desktop_config.json on macOS):
Once connected, the AI assistant has access to all AgentGP governance tools. Ask the assistant to use the AgentGP MCP server to perform governance operations:
Authentication
api_key, source_agent, and trace_id. The MCP client will prompt you for these values when calling tools. Create a service account in AgentGP to get your API key, and register your agent to get an agent ID.The Agent2Agent (A2A) Protocol is an open standard (see references below) that enables communication and interoperability between AI agents built on different frameworks and by different vendors. A2A allows agents to discover each other's capabilities, negotiate interaction modalities, manage collaborative tasks, and securely exchange information without accessing each other's internal state or tools.
A2A as the industry standard: The Agent-to-Agent (A2A) protocol is fast becoming the standard for AI agents to discover, communicate, and collaborate across vendors and frameworks. The AgentGP AI Governance Agent is central to this: AgentGP is an AI agent that participates in A2A. It acts as an A2A Server (Remote Agent) so your agents can call it for governance—they discover AgentGP via its Agent Card and invoke skills to get approved policies, validate content, retrieve lineage, or register. AgentGP also communicates with other agents via A2A as a first-class agent, so governance lives inside the same protocol your agents already use.
GET /a2a returns the Agent Card).POST /a2a with method and params).For the full protocol specification and terminology (Agent Card, Task, Message, Part, Artifact, transport over HTTP/JSON-RPC, streaming, security), use the official resources:
Well-known URI
/.well-known/agent.json. AgentGP exposes its Agent Card at GET /a2a for convenience and consistency with the rest of the API.Clients discover AgentGP by fetching its Agent Card. The response is a JSON document describing the agent's name, description, service URL, version, capabilities, and skills.
AgentGP exposes 24 governance skills via A2A (matching the 22 MCP tools plus 2 discovery skills). Discovery: GET /a2a returns the Agent Card (name, url, capabilities, skills). Invocation: POST /a2a with a JSON body containing skillId and input. The A2A protocol is JSON; AgentGP enforces required fields per skill. Documented fields below are the source of truth.
Every A2A integration, REST API call, MCP tool invocation, and audit log described above produces an AI Governance Proof (AIGP) event. AIGP is the core data that powers AI Governance, Risk & Controls, Compliance, and Regulatory requirements — capturing cryptographic hash proofs, trace IDs, and full audit metadata for every governance action.
AgentGP's Data Platform uses Kappa Architecture to stream AIGP events through Kafka into three independent consumer branches: SKCC batch-inserts into ClickHouse for sub-10ms OLAP analytics and Superset dashboards, SKOC indexes into OpenSearch for full-text search and governance investigation, while SKLC batch-appends to a Data Lakehouse (Apache Iceberg on object store) via Polaris for long-term retention and AI/ML use-cases. PostgreSQL remains the OLTP source of truth for entity data (agents, prompts, policies, orgs).
AIGP is critical infrastructure
AgentGP is built for production enterprise workloads. The platform includes features for high-availability, secure multi-tenant operation, and compliance at scale.
| Feature | Description | Supported providers / details |
|---|---|---|
| SSO / OIDC | Single sign-on with any OpenID Connect provider | Okta, Auth0, Keycloak, Azure AD, Google Workspace |
| RBAC | Five-tier role-based access control with org-scoped permissions | Super Admin, Admin, Approver, Editor, Viewer |
| API Key Management | Scoped, rotatable API keys with per-key rate limits and expiration | Agent-bound, expiring, revocable keys |
| Prometheus Metrics | Native /metrics endpoint with governance-specific counters and histograms | AIGP events, policy latency, Kafka health, SIEM delivery |
| SIEM Log Shipping | Fire-and-forget audit log export to external SIEM systems | Splunk, Datadog, Elastic, any HTTP webhook |
| Connection Pooling | Threaded PostgreSQL connection pool for high-concurrency workloads | Configurable min/max pool size, connection timeout |
| Rate Limiting | Per-skill A2A rate limits and REST API throttling | Sliding window, per-API-key, configurable per tier |
AgentGP supports enterprise single sign-on via the OpenID Connect (OIDC) protocol. Any standards-compliant identity provider can be configured — including Okta, Auth0, Keycloak, Microsoft Entra ID (Azure AD), and Google Workspace. Multiple SSO providers can be active simultaneously for multi-tenant deployments.
AgentGP uses a five-tier role-based access control model, scoped per organization. Every API write operation checks the caller's permissions via the RequiresPermission middleware.
Built-in roles:
| Role | Level | Permissions | Use case |
|---|---|---|---|
| Super Admin | 100 | * (all) | Platform-wide access, SSO config, user management |
| Admin | 80 | read:*, write:*, approve:*, manage:users, manage:agents | Organization administrator |
| Approver | 60 | read:*, write:prompts, write:policies, approve:prompts, approve:policies | Compliance officer, reviewer |
| Editor | 40 | read:*, write:prompts, write:policies, write:agents | Developer, prompt engineer |
| Viewer | 20 | read:* | Read-only dashboards and reports |
Permission format: Permissions follow the pattern action:resource. Wildcards are supported:
* — Full wildcard, matches all permissions.read:* — All read operations across all resources.*:policies — All operations on policies (read, write, approve).write:prompts — Exact match for writing prompts.Organization scoping: Each user's role is assigned per organization via the user_org_roles table. A user can be an Admin in one org and a Viewer in another. The org is resolved automatically from the request path, query parameter, body, or defaults to the primary organization.
SSO + RBAC integration
default_role configured on the SSO provider (typically viewer) in the default_org_id organization. Admins can then promote users to higher roles as needed.