The open governance framework for autonomous AI agents.
Classify decisions. Enforce policies. Prove compliance.
Quick Start β’ Why This Exists β’ Documentation β’ Contributing β’ gouvernance.ai
AI agents are making decisions autonomously β selecting vendors, sending communications, accessing personal data, even modifying their own behavior. But no one can answer these questions:
- Which agents are authorized to make which decisions?
- When is human approval required?
- How do you trace the chain of responsibility when something goes wrong?
- How do you prove regulatory compliance to an auditor?
- How do you detect unauthorized self-modification?
Existing observability tools (Langfuse, LangSmith, OpenTelemetry) tell you what happened technically. ADP tells you whether it should have happened at all.
ADP is not an observability tool. It's the governance layer that sits on top of observability to answer: Are my agents acting within policy? Am I compliant?
The Agent Decision Protocol is an open standard that defines how to document, classify, and govern decisions made by autonomous AI agents.
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β gouvernance.ai β
β ββββββββββββββββ βββββββββββββββββ ββββββββββββββββββ β
β β Agent β β Policy β β Compliance β β
β β Registry β β Engine β β Dashboard β β
β ββββββββ¬ββββββββ ββββββββ¬βββββββββ βββββββββ¬βββββββββ β
β β β β β
β ββββββββ΄βββββββββββββββββ΄ββββββββββββββββββββ΄βββββββββ β
β β ADP Core (this specification) β β
β β β β
β β β’ Autonomy Taxonomy β’ Decision Classification β β
β β β’ Trace Format β’ Authorization Matrix β β
β β β’ Policy Schema β’ Regulatory Mapping β β
β β β’ Agent Registry β β
β ββββββββββββββββββββββββββ¬βββββββββββββββββββββββββββββ β
βββββββββββββββββββββββββββββΌββββββββββββββββββββββββββββββββ
β Connectors
βββββββββββββββββΌββββββββββββββββ
β β β
βββββββ΄ββββββ βββββββ΄βββββββ βββββββ΄ββββββ
β Langfuse β βOpenTelemetryβ β LangSmith β
βββββββββββββ ββββββββββββββ βββββββββββββ
β β β
βββββββ΄ββββββββββββββββ΄ββββββββββββββββ΄βββββββ
β AI Agent Infrastructure β
β CrewAI Β· LangGraph Β· AutoGen Β· Custom β
βββββββββββββββββββββββββββββββββββββββββββββββ
Interactive architecture diagram (click to expand)
graph TD
subgraph Platform["gouvernance.ai"]
L["Agent Registry UI"]
M["Policy Engine"]
N["Compliance Dashboard"]
end
subgraph ADP["ADP Core β this specification"]
E["Autonomy Taxonomy<br/>A1βA5"]
F["Decision Classification<br/>4 types Γ 4 risks"]
G["Trace Format<br/>SHA-256 hash-chained"]
H["Authorization Matrix"]
I["Policy Schema<br/>6 templates"]
J["Regulatory Mapping<br/>6 frameworks"]
K["Agent Registry"]
end
subgraph Connectors["Observability Connectors"]
B["Langfuse"]
C["OpenTelemetry"]
D["LangSmith"]
end
subgraph Infra["AI Agent Infrastructure"]
A["CrewAI Β· LangGraph Β· AutoGen Β· Custom"]
end
A --> B & C & D
B & C & D --> ADP
ADP --> Platform
style Platform fill:#1a56db,stroke:#3b82f6,color:#fff
style ADP fill:#7c3aed,stroke:#8b5cf6,color:#fff
style Connectors fill:#374151,stroke:#6b7280,color:#fff
style Infra fill:#1f2937,stroke:#4b5563,color:#fff
| Component | Description | Spec |
|---|---|---|
| Autonomy Taxonomy | 5 standardized levels of agent autonomy (A1βA5) | View β |
| Decision Classification | 4 decision types Γ 4 risk levels Γ 3 reversibility classes | View β |
| Trace Format | Hash-chained event schema for immutable decision logging | View β |
| Authorization Matrix | Rules determining when human approval is required | View β |
| Policy Schema | Pre-built governance rules mapped to regulations | View β |
| Regulatory Mapping | How ADP maps to EU AI Act, Loi 25, NIST, ISO, Singapore MGF | View β |
| Agent Registry | Structured inventory of all AI agents in an organization | View β |
npm install # requires Node.js 20+import { AgentRegistryBuilder } from '@adp/core';
const agent = new AgentRegistryBuilder()
.agentId('agent-billing-001')
.name('Billing Reconciliation Agent')
.description('Reconciles monthly billing discrepancies')
.autonomy('A3', ['D1', 'D2'], 'R2')
.owner({ name: 'Finance Team', email: 'finance@company.com' })
.build();import { classify, authorize } from '@adp/core';
const code = classify('D2', 'R2', 'partial');
// β "D2-R2-partial"
const result = authorize('A3', 'D2');
// β { result: "authorized", overrideApplied: false, reasons: [] }import { TraceEventBuilder } from '@adp/core';
const trace = new TraceEventBuilder()
.agentId('agent-billing-001')
.eventType('decision')
.decision({
type: 'D2', risk_level: 'R2', reversibility: 'partial',
classification_code: 'D2-R2-partial',
description: 'Selected vendor B over vendor A',
reasoning: 'Vendor B offers 15% lower fees with equivalent SLA',
})
.authorization({ required: false, matrix_result: 'A3 Γ D2 = AUTHORIZED' })
.withIntegrity()
.build();
// β Complete trace event with auto-generated trace_id, timestamp, and SHA-256 hash D1 D2 D3 D4
Operational Tactical Strategic Self-Modification
ββββββββββββ¬βββββββββββββββ¬ββββββββββββββ¬βββββββββββββββ¬βββββββββββββββββββ
β A1βA2 β β
Authorized β β οΈ Approval β π Prohibited β π Prohibited β
β A3 β β
Authorized β β
Authorized β β οΈ Approval β π Prohibited β
β A4 β β
Authorized β β
Authorized β β
+ Review β β οΈ Approval β
β A5 β β
Authorized β β
Authorized β β
+ Monitor β β οΈ Approval β
ββββββββββββ΄βββββββββββββββ΄ββββββββββββββ΄βββββββββββββββ΄βββββββββββββββββββ
β‘ Immutable override: D4 (self-modification) ALWAYS requires human approval.
β‘ Risk R3βR4 ALWAYS triggers escalation, regardless of matrix.
import { PolicyBuilder } from '@adp/core';
const policy = new PolicyBuilder()
.policyId('POL-COM-001')
.name('External Communication Control')
.category('communication')
.severity('high')
.rule({
condition: { action_type: 'external_communication', autonomy_levels: ['A1','A2','A3','A4','A5'] },
requirement: 'human_approval',
max_response_time: 'PT1H',
})
.regulatoryMapping(['loi25_art12', 'eu_ai_act_art14'])
.build();import { validateTrace, validatePolicy, validateAgentRegistry } from '@adp/core';
const result = validateTrace(traceData);
if (!result.valid) console.error(result.errors);ADP includes an MCP (Model Context Protocol) server that lets Claude and other AI assistants use governance tools directly.
Add to your claude_desktop_config.json:
{
"mcpServers": {
"adp-governance": {
"command": "npx",
"args": ["tsx", "src/mcp/index.ts"],
"cwd": "/path/to/agent-decision-protocol"
}
}
}| Tool | Description |
|---|---|
adp_classify |
Classify a decision (D1-D4 type, R1-R4 risk, reversibility) |
adp_authorize |
Check authorization via 5x4 matrix with risk overrides |
adp_evaluate_policy |
Evaluate governance policies against an action context |
adp_log_trace |
Log a decision with automatic hash chain integrity |
adp_validate |
Validate JSON against ADP schemas |
adp_register_agent |
Register an agent in the session registry |
adp_add_policy |
Add a governance policy |
adp_verify_chain |
Verify trace chain SHA-256 integrity |
| Resource | URI | Content |
|---|---|---|
| Agent Registry | adp://registry |
All registered agents |
| Policies | adp://policies |
Active governance policies |
| Traces | adp://traces |
Recent decision trace events |
| Matrix | adp://matrix |
Authorization matrix configuration |
| Specs | adp://specs/{name} |
ADP specification documents |
| Level | Name | Description | Human Role |
|---|---|---|---|
| A1 | Operator | Executes specific step-by-step commands | Full direction |
| A2 | Collaborator | Assists human decisions with recommendations | Approval per action |
| A3 | Consultant | Provides analysis and recommendations, human decides | Decision-maker with agent input |
| A4 | Delegate | Acts autonomously, human reviews after the fact | Post-action review |
| A5 | Autonomous | Fully autonomous operation, human monitors | Monitoring & kill switch |
Every agent decision is classified on 3 axes:
Type β What kind of decision?
- D1 Operational: Task execution within defined scope (API call, DB query)
- D2 Tactical: Choice between approaches (vendor selection, prioritization)
- D3 Strategic: Significant organizational impact (client communication, financial commitment)
- D4 Self-Modification: Agent modifying its own behavior or parameters
Risk β What's the potential impact?
- R1 Negligible: Reversible, no sensitive data, limited scope
- R2 Moderate: Potential operational impact, partially reversible
- R3 Elevated: Direct impact on people or critical operations
- R4 Critical: Irreversible, fundamental rights, critical infrastructure
Reversibility β Can it be undone?
- Total: Fully reversible with no consequences
- Partial: Partially reversible with reasonable effort
- Irreversible: Cannot be undone once executed
ADP is designed to satisfy multiple regulatory frameworks simultaneously:
| Regulation | Jurisdiction | Status | ADP Coverage |
|---|---|---|---|
| Quebec Law 25 | π¨π¦ Canada/QC | Enacted | Decision traceability, right to explanation, notification |
| EU AI Act | πͺπΊ Europe | Enacted (phased) | Risk management, documentation, human oversight, registry |
| NIST AI RMF | πΊπΈ USA | Published | All 4 functions: GOVERN, MAP, MEASURE, MANAGE |
| ISO 42001 | π International | Published | Management system, risk, documentation, improvement |
| Singapore MGF | πΈπ¬ Singapore | Published (Jan 2026) | Autonomy levels, accountability, technical controls |
| IEEE 7001 | π International | Published | Transparency levels, measurable standards |
| ADP Component | Loi 25 | EU AI Act | NIST RMF | ISO 42001 |
|---|---|---|---|---|
| Agent Registry | β | Art. 49 | GOVERN | A.6 |
| Risk Classification | β | Art. 6-7 | MAP | A.5 |
| Decision Traceability | Art. 12.1 | Art. 12 | MEASURE | A.7 |
| Right to Explanation | Art. 12.1 | Art. 13 | GOVERN | A.8 |
| Human Oversight | Implicit | Art. 14 | MANAGE | A.9 |
| Risk Management | β | Art. 9 | MAP+MANAGE | A.5 |
| Post-deployment Monitoring | β | Art. 72 | MEASURE | A.10 |
ADP uniquely addresses self-modification governance β no existing regulation explicitly covers an agent's ability to modify its own behavior. ADP classifies all self-modification as D4 with mandatory human approval.
agent-decision-protocol/
βββ README.md β You are here
βββ package.json β @adp/core v0.3.0 (ESM)
βββ tsconfig.json β TypeScript strict config
βββ vitest.config.ts β Test runner config
βββ LICENSE β Apache 2.0
βββ CHANGELOG.md β Version history
βββ docs/
β βββ README.md β Documentation index
β βββ specs/
β βββ 01-autonomy-taxonomy.md
β βββ 02-decision-classification.md
β βββ 03-trace-format.md
β βββ 04-authorization-matrix.md
β βββ 05-policy-schema.md
β βββ 06-regulatory-mapping.md
β βββ 07-agent-registry.md
β βββ schemas/ β JSON Schema validation (v0.2)
β βββ common.schema.json
β βββ trace-format.schema.json
β βββ policy-schema.schema.json
β βββ agent-registry.schema.json
β βββ authorization-matrix.schema.json
βββ examples/ β Schema-validated integration examples
β βββ register-agent.json
β βββ log-decision.json
β βββ define-policy.json
β βββ trace-self-modification.json
βββ src/ β TypeScript reference implementation
β βββ index.ts β Public API exports
β βββ types/ β TypeScript interfaces & enums
β βββ core/ β classify, authorize, evaluatePolicy, hash
β βββ validators/ β AJV-based schema validators
β βββ builders/ β Fluent API builders
β βββ mcp/ β MCP server (v0.3)
β β βββ index.ts β Entry point (STDIO transport)
β β βββ server.ts β Tool & resource registration
β β βββ store.ts β In-memory session store
β β βββ types.ts β Zod input schemas
β β βββ tools/ β 8 tool handlers
β β βββ resources/ β 5 resource handlers
β βββ __tests__/ β 90 tests (vitest)
β βββ scripts/ β CI validation script
βββ assets/ β Logo, diagrams
βββ .github/ β CI, issue templates, funding
βββ workflows/
βββ validate-schemas.yml β tsc + vitest + schema validation
- v0.1 β Core specification (7 technical documents)
- v0.2 β JSON Schema validation + TypeScript reference implementation (60 tests)
- v0.3 β MCP server reference implementation (8 tools, 5 resources, 90 tests)
- v0.4 β Langfuse / OpenTelemetry connectors
- v1.0 β Stable specification + governance platform beta
See the CHANGELOG for detailed version history.
Building with ADP? Open a PR to add your organization here.
Be the first to adopt ADP and get featured in this section.
| ADP | Langfuse | LangSmith | Datadog LLM | Credo AI | |
|---|---|---|---|---|---|
| Focus | Governance & compliance | Observability | Observability | Monitoring | Model governance |
| Agent autonomy levels | β A1βA5 taxonomy | β | β | β | Partial |
| Decision classification | β 4 types Γ 4 risks | β | β | β | β |
| Authorization matrix | β With escalation | β | β | β | β |
| Policy engine | β 6 templates | β | β | β | Partial |
| Self-modification detection | β D4 category | β | β | β | β |
| Regulatory mapping | β 6 frameworks | β | β | β | Partial |
| Vendor-independent | β Open standard | β | β LangChain | β Datadog | β |
| Open source | β Apache 2.0 | β | β | β | β |
ADP complements observability tools β it doesn't replace them. Use Langfuse/LangSmith for technical tracing. Use ADP for governance, compliance, and policy enforcement.
We welcome contributions! ADP is an open standard and benefits from community input.
- π Report a bug
- π‘ Request a feature
- π Discuss the spec
- π§ Read the contribution guide
Issues labeled good first issue are great starting points for new contributors.
- π gouvernance.ai β Commercial governance platform
- π White Paper (FR/EN) β Founding document
- π¬ Discussions β Questions and ideas
GitHub provides a "Cite this repository" button in the sidebar (powered by CITATION.cff).
@misc{adp2026,
title = {Agent Decision Protocol: An Open Governance Framework for Autonomous AI Agents},
author = {Bromberger, Florian},
year = {2026},
url = {https://github.com/OpenAgentGovernance/agent-decision-protocol},
note = {Version 0.3.0}
}Apache 2.0 β Free for commercial and non-commercial use.
Built by gouvernance.ai β The compliance platform for autonomous AI agents.
ADP is vendor-independent and framework-agnostic by design.