The open protocol that brings discipline to AI agents.
EGAP is an open specification for governed communication between orchestration engines and AI agents — the identity, authorization, audit, approvals, and alerts required wherever autonomous systems are trusted with real-world action.
EGAP is the permanent name. The expansion flexes by audience:
- To engineers — Engine Governed Agents Protocol
- To enterprises — Enterprise Governance for Agents Protocol
- To regulators — Evidence-based Governance for AI Protocols
- To the open-source community — Every Governed Agent Protocol
- To ethics and research audiences — Ethical Governance for Agentic Platforms
- To operations leaders — Elevated Governance of Autonomous Processes
All expansions describe the same protocol. See EXPANSIONS.md for the full philosophy and usage guidance.
The agent protocol landscape today solves for connectivity, not accountability.
| Protocol | Purpose | Governance |
|---|---|---|
| MCP (Anthropic) | Tools and context for LLMs | None specified |
| A2A (Google) | Agent-to-agent interoperability | None specified |
| EGAP (MIRASTACK LABS) | Engine-to-agent dispatch with governance | Required |
MCP lets an LLM call a tool. A2A lets an agent call another agent. Neither specifies how the calling party is authenticated, how the action is authorized, how it is audited, how humans approve destructive operations, or how anomalies are alerted.
For regulated industries — banking, healthcare, defense, government, critical infrastructure — connectivity without governance is unshippable.
EGAP defines the governance layer. Every message carries identity, permission scope, audit correlation, time context, and budget state. Every destructive action triggers a mandatory human approval checkpoint. Every decision is recorded immutably.
This is a draft specification (v0.1). The protocol is being developed publicly. Breaking changes should be expected until v1.0.
- Current version: v0.1
- Specification: SPEC.md
- Expansions and positioning: EXPANSIONS.md
- Governance: GOVERNANCE.md
- Contributing: CONTRIBUTING.md
- Security: SECURITY.md
- Governance is mandatory, not optional. Every message carries governance metadata. There is no "unauthenticated mode."
- The agent proposes, the engine disposes. Agents request actions. Engines validate, authorize, and dispatch.
- Human-in-the-loop is a protocol primitive. Approval gates are first-class message types, not application-level conventions.
- Every decision is auditable. Audit events follow OpenTelemetry semantic conventions and are immutable.
- Sovereignty by default. No outbound calls required. Runs in air-gapped environments.
- Open standard, multiple implementations. The specification is free. Conformance is certified.
EGAP is complementary, not competitive.
- An engine can speak MCP to fetch tools for an agent.
- An agent can speak A2A to coordinate with peer agents.
- The engine-to-agent dispatch, approval flow, and audit trail use EGAP.
A production governed agent system typically speaks all three.
- Platform teams operating AI agents in regulated environments (BFSI, healthcare, defense, public sector, critical infrastructure).
- Vendors building orchestration engines, agent SDKs, or agent marketplaces who need a governance contract with their customers' compliance teams.
- Enterprise architects defining their organisation's AI governance posture and needing an open standard to anchor it.
- Regulators and standards bodies seeking evidence-based, technically verifiable AI governance primitives.
- Researchers and practitioners working on accountable, explainable, human-governed AI systems.
AI agents are being deployed into production faster than the governance models around them are maturing. The pattern is familiar: the first wave of any powerful technology arrives without its safety infrastructure, and the infrastructure is built retroactively, at higher cost, under regulatory pressure, after something has gone wrong.
EGAP is an attempt to build the governance layer alongside the capability layer — not after it. The protocol exists so that an enterprise deploying AI agents into a payment system, a hospital, a grid control centre, or a government service can answer, with cryptographic certainty: who acted, on whose behalf, with whose permission, under what constraints, with what outcome, and with what evidence.
Without that layer, autonomous agents in critical infrastructure are a risk no regulator will accept. With it, they become infrastructure itself.
- Read the spec: SPEC.md
- Understand the positioning: EXPANSIONS.md
- Propose a change: See GOVERNANCE.md for the EGAP Improvement Proposal (EIP) process.
- Report an issue: Use the GitHub issue tracker.
- Report a security issue: See SECURITY.md.
- Join the discussion: GitHub Discussions on this repository.
- Implement EGAP: See CONTRIBUTING.md Section 10 and submit a PR to
ADOPTERS.md.
EGAProtocol is an open specification originally developed at MIRASTACK LABS Private Limited and released under the Apache License 2.0. MIRASTACK LABS maintains EGAProtocol in collaboration with the community under the governance model described in GOVERNANCE.md.
EGAProtocol and EGAP are names of an open specification. They may be used freely to describe conformant implementations, tutorials, academic work, research publications, and compatible products — subject to the guidance in EXPANSIONS.md.
This specification and all associated artifacts are licensed under the Apache License 2.0.
Documentation files including EXPANSIONS.md, CONTRIBUTING.md, and GOVERNANCE.md are additionally licensed under Creative Commons Attribution 4.0 (CC-BY-4.0) for unrestricted quotability.
Copyright © 2026 MIRASTACK LABS Private Limited.
Project home: https://egaprotocol.org Specification repository: https://github.com/egaprotocol/spec Contact: hello@egaprotocol.org
