From Internal Tool to Open Protocol
PACT5 started as an internal tool. We needed our agents to coordinate and we needed to control what they could do. So we built something that did both.
It was never supposed to be a product. It was scaffolding. The thing that held our multi-agent system together while we built the actual product.
Then we started talking to other teams building multi-agent systems. The conversations followed a pattern.
"How do you handle permissions?" We don't. Agents access whatever they can reach.
"How do you audit what agents did?" We read the logs. Sometimes.
"What happens when an agent goes off-script?" We restart the pipeline.
Every team had the same problems we'd already solved. Not the orchestration problems — those have plenty of solutions. The governance problems. The "who authorized this" problems. The "how do I revoke access quickly" problems.
We considered keeping PACT5 proprietary. For about a day. Then we thought about the alternative: every team building their own governance layer from scratch, each with its own bugs, its own gaps, its own interpretation of what "agent authority" means. A fragmented landscape where no two systems can interoperate because they don't share a common governance model.
Governance protocols need to be shared standards. Like HTTP, like OAuth, like TLS. Proprietary governance is a contradiction — you can't build trust on a system only one party controls.
So we're open-sourcing PACT5. The specification, the reference implementation, the SDK. Apache 2.0.
Our bet: agent governance becomes infrastructure, not a competitive moat. And the teams that adopt a shared standard early will build the systems that scale.