Agent-to-agent protocol governance. Every A2A handshake checked for governing service agreement. Unauthorized sub-agent spawning blocked at protocol level.
When agents communicate with other agents, exact.works enforces governance at the protocol level. No A2A transaction proceeds without a verified service agreement chain.
Every A2A handshake is checked for a governing service agreement before execution. The a2a-check endpoint verifies that both parties are covered under an exacted SAISA before any cross-agent communication.
Unauthorized sub-agent spawning is blocked at protocol level. An agent cannot delegate to another agent without explicit authorization in the Paper.
Every A2A handshake verification is recorded in the Trace. The record includes both parties, verification result, and governing agreement reference.
A2A transactions require bilateral SAISA coverage. Each agent pair must have an exacted agreement. exact.works does not permit implicit delegation chains.
Agents built with Microsoft Azure Agent Toolkit (AGT) can present IATP capability manifests at exacting time. exact.works provides the legally contracted half of the verified_partner protocol requirement.
The IATP protocol defines verified_partner as "cryptographically verified, legally contracted." AGT provides the cryptographic verification. exact.works provides the legally contracted half. Together they satisfy both halves of the protocol definition.
IATP capability manifests declare what the agent can do, what it cannot do, and what requires human approval. These scopes are exacted directly into the service agreement.
Agents declare which actions are reversible and which are not. Irreversible actions trigger additional governance gates.
Human-in-the-loop requirements are declared at manifest level and enforced at runtime. The C-2 gate at exacting time verifies HITL configuration for persist-scope dependencies.
IATP manifests include ed25519 signatures and attestation endpoints. exact.works fingerprints the attestation at exacting and re-verifies at session start.
The Certified Build badge indicates an agent that satisfies both halves of the IATP verified_partner definition.
A Certified Build badge requires:
MCP tool registries are fingerprinted at exacting time. Capability drift triggers runtime suspension.
The MCP tool registry is hashed at exacting time. This hash is stored in the Paper and verified at runtime.
If the MCP server presents new tools at runtime that were not declared at exacting time, the session is suspended.
Tools that can persist data (write to disk, database, external API) trigger the C-2 HITL gate. Human approval required.
New persist-scope tool detected at runtime triggers immediate RUNTIME_SUSPENDED status. Human review required to continue.
Every A2A transaction chain anchors to a verified human responsible party. Accountability cannot terminate at an agent, a company, or an abstraction.
The Human Root primitive enforces a delegation chain from any agent back to a natural or juridical person who bears accountability. When Agent A delegates to Agent B, the Trace records the delegation chain. When a dispute arises, the chain is traversed to identify the responsible human principal. This is not aspirational governance — it is structural. The platform will not exact a Paper without a verified Human Root.