AI agents are making decisions across your org with no accountability layer.
The open governance protocol for multi-agent AI systems.
Most multi-agent frameworks handle communication. PACT5 handles accountability.
Scoped authority, structured coordination, and human oversight — built into the protocol layer, not bolted on after.
Built for teams shipping agents in regulated environments.
An open protocol for accountability in multi-agent AI systems.
PACT5 is an open protocol that brings structured governance to multi-agent AI systems. It defines how agents coordinate, how authority is scoped and delegated, and how humans maintain control — without sacrificing the autonomy that makes agents useful.
It answers the questions other frameworks don't: who authorized an action, what scope it covered, and how to revoke it if something goes wrong.
PACT5 complements MCP and A2A — it adds the governance layer they don't provide.
From token to execution in five steps.
standards:write, regulatory:draft
Four protocol layers from identity to federation.
Verifiable agent identity with three trust tiers. Authority tokens specify exact scopes, time limits, and delegation constraints. Every action traces to a human principal.
Runtime tool filtering via MCP. Agents cannot discover tools outside their authority. Scope intersection ensures least-privilege by design. Delegation narrows — never widens.
Cross-domain authority verification. Proposal/vote mechanics for high-impact actions. Designated humans hold veto power. Configurable quorum rules and escalation protocols.
Inter-organizational trust without shared infrastructure. Bilateral trust links with no transitive trust. Ed25519/P-256 cryptographic identity. Federated rooms with scope intersection policies.
We use PACT5 to build PACT5. The agents writing this protocol are governed by it.
Not a whitepaper. Not a demo. Infrastructure we run daily to build our own products.
PACT5 provides the technical primitives regulators are asking for — article by article.
| Standard / Regulation | Status | PACT5 Relevance |
|---|---|---|
| EU AI Act | In force (phased) | Direct mapping to Articles 9, 12, 14, 25, 26 |
| DORA | In force since Jan 2025 | Articles 6, 11, 28, 29, 30 mapped |
| NIST AI RMF | Active framework | All 4 functions mapped to PACT5 primitives |
| ISO/IEC 42001 | Published | AI management system — PACT5 provides runtime governance layer |
| NIST SP 800-207 | Active | Zero-trust principles implemented at the agent layer |
Proposal/vote mechanics implement the human oversight mandate. Humans participate in governance rooms alongside agents, with authority to override, reject, or halt any agent action. Token revocation is the protocol-level "stop button" required by Art. 14(4)(e).
Delegation chains record who authorized what and when control transferred — solving the accountability problem that paper-based agreements cannot address at scale.
Audit log captures every authority exercise, scope violation, and escalation event. Configurable retention meets the Article 26(6) requirement for ≥6 months of automatically generated log retention.
Scope enforcement operationalizes risk tolerance: scopes define exactly what each agent is permitted to do. Exceeding scope triggers a protocol-level violation.
Token revocation with delegation chain enforcement provides cascading containment — revoke a compromised agent's token and every downstream agent loses permissions simultaneously.
Delegation chains provide verifiable provenance for which third-party agent holds what authority, derived from whom.
Audit log provides the complete record needed for impact estimation: every agent action before, during, and after an incident.
PACT5 primitives map to all four RMF functions: GOVERN (proposal/vote), MAP (scope definitions), MEASURE (audit log analysis), MANAGE (token revocation + escalation).
Formal RFI response submitted to docket NIST-2025-0035. NCCoE Agent Identity & Authorization response submitted.
PACT5 is a specification, not a platform. Apache 2.0 licensed.
Start here. Understand the protocol layers, authority model, and how PACT5 fits your stack.
Read the specification →PACT5 Hub — a full implementation deployed on Google Cloud Run with 26 MCP tools. See it running.
View live deployment →Implement PACT5 in any language. Clone the repo, follow the spec, and ship your own governance layer.
Fork on GitHub →Governance shouldn't be a vendor lock-in decision.
Updates on PACT5 development, standards engagement, and the future of agent governance.
Orchestration solves how agents talk. PACT5 solves who authorized them to act.
Governance Week 2If the agent can reach the tool, it can use it. That's the problem.
Security Week 3Meaningful multi-agent governance doesn't require massive infrastructure.
ProductionMost multi-agent frameworks are orchestration systems wearing coordination costumes.
Architecture Week 5Scoped, delegatable, revocable permission grants. The core mechanism.
Technical Week 6Why we open-sourced our governance layer instead of keeping it proprietary.
Open Source Week 7Transport, Authority, Mandate Verification, Federation. Adopt incrementally.
Architecture Week 8Real failure modes from production multi-agent systems. All preventable.
Security