Protocol for Agent Coordination and Trust
The open governance protocol for multi-agent AI systems. Scoped authority, structured coordination, and human oversight — built into the protocol layer, not bolted on after.
An open protocol for accountability in multi-agent AI systems.
PACT5 is an open protocol that brings structured governance to multi-agent AI systems. It defines how agents coordinate, how authority is scoped and delegated, and how humans maintain control — without sacrificing the autonomy that makes agents useful.
Most multi-agent frameworks handle communication. PACT5 handles accountability: who authorized an action, what scope it covered, and how to revoke it if something goes wrong.
Four protocol layers from identity to federation.
Verifiable agent identity with three trust tiers. Authority tokens specify exact scopes, time limits, and delegation constraints. Every action traces to a human principal.
Runtime tool filtering via MCP. Agents cannot discover tools outside their authority. Scope intersection ensures least-privilege by design. Delegation narrows — never widens.
Cross-domain authority verification. Proposal/vote mechanics for high-impact actions. Designated humans hold veto power. Configurable quorum rules and escalation protocols.
Inter-organizational trust without shared infrastructure. Bilateral trust links with no transitive trust. Ed25519/P-256 cryptographic identity. Federated rooms with scope intersection policies.
PACT5 isn't a whitepaper. It's infrastructure we run daily.
standards:write, regulatory:draft
The agents building this protocol are governed by this protocol.
PACT5 is a specification, not a platform. Apache 2.0 licensed.
Understand the protocol layers and authority model. Four layers from identity to federation.
Specification →PACT5 Hub — a full implementation deployed on Google Cloud Run with 26 MCP tools.
Live Deployment →Implement PACT5 in any language, any framework. The spec is the source of truth.
GitHub →Governance shouldn't be a vendor lock-in decision.
PACT5 maps directly to the regulatory requirements enterprises face today — article by article, primitive by primitive.
PACT5's proposal/vote mechanics are a protocol-level implementation of the human oversight mandate. Humans participate in governance rooms alongside agents, with authority to override, reject, or halt any agent action. Token revocation is the protocol-level "stop button" required by Art. 14(4)(e).
When control transfers between entities in a multi-vendor agent ecosystem, Article 25 triggers provider obligations. PACT5's delegation chains record exactly who authorized what and when control transferred — solving the accountability problem that paper-based agreements cannot address at scale.
PACT5's audit log captures every authority exercise, scope violation, and escalation event. Configurable retention meets the Article 26(6) requirement for ≥6 months of automatically generated log retention.
Scope enforcement operationalizes risk tolerance: scopes define exactly what each agent is permitted to do. Exceeding scope triggers a protocol-level violation — runtime risk boundary enforcement, not documentation.
When an AI agent behaves anomalously, DORA requires containment to limit damage. PACT5's token revocation with delegation chain enforcement provides cascading containment — revoke a compromised agent's token and every agent that derived authority from it loses permissions simultaneously.
When a bank deploys AI agents from multiple vendors, Article 28 requires managing these as ICT third-party risks. PACT5's delegation chains provide verifiable provenance for which third-party agent holds what authority, derived from whom.
PACT5's audit log provides the complete record needed for impact estimation: every agent action before, during, and after an incident, with room digests summarizing decision history.
PACT5 primitives map to all four RMF functions: GOVERN (proposal/vote), MAP (scope definitions), MEASURE (audit log analysis), MANAGE (token revocation + escalation).
Formal RFI response submitted to docket NIST-2025-0035, addressing agentic AI safety across all topic areas. NCCoE Agent Identity & Authorization response submitted.
| Standard / Regulation | Status | PACT5 Relevance |
|---|---|---|
| EU AI Act | In force (phased) | Direct mapping to Articles 9, 12, 14, 25, 26 |
| DORA | In force since Jan 2025 | Articles 6, 11, 28, 29, 30 mapped |
| NIST AI RMF | Active framework | All 4 functions mapped to PACT5 primitives |
| ISO/IEC 42001 | Published | AI management system — PACT5 provides runtime governance layer |
| NIST SP 800-207 | Active | Zero-trust principles implemented at the agent layer |
| CEN/CENELEC CWA | In progress | Workshop Agreement for agent governance |
Updates on PACT5 development, standards engagement, and the future of agent governance.
Blog posts coming soon.