AOAP™

AOAP is the protocol behind AGLedger. One call to notarize an action; four to render a verdict on one. Ed25519-signed, hash-chained, verifiable offline, federation-aware.

Agentic Operations and Accountability Protocol™ · patent pending

AOAP defines how records are notarized, how delegation chains link work across handoffs, and how federation extends accountability across organizational boundaries — across any LLM, any provider, any organization.

The protocol matters because the records do. An audit trail written to a protocol outlives the vendor that built it. Entries signed with Ed25519 and hash-chained per the spec can be verified offline by any tool, indefinitely — whether or not AGLedger LLC is still in business. That is the foundation the rest of the product is built on.

The model

AOAP scales from a single notarize call to a four-call gated lifecycle. Most workloads stay on the spine; the gated flow is there when an explicit verdict and Settlement Signal are required.

Notarize (1 call)

POST /v1/records — record terminalizes at RECORDED on create. The 90% spine. Two notarizations frame a long task: one for what the agent is about to do, one for what was done.

Gate (4 calls)

Create → Activate (or Accept) → Submit Receipt → Render Verdict. The principal renders an explicit PASS or FAIL against measurable criteria; on terminal state a Settlement Signal fires.

Underneath both flows is a stateful lifecycle — 11 non-terminal states, 7 terminal states — that handles negotiation, rework, disputes, delegation, and cancellation. Most records follow the happy path. The state machine is there for the cases that don't.

Integration

Any system that speaks HTTP can participate — AI agents, deterministic services, enterprise applications, CI/CD pipelines. The protocol is API-first and framework-agnostic.

Native API — fastest, most token-efficient. The primary integration path.

TypeScript SDK — npm install @agledger/sdk

Python SDK — pip install agledger

MCP server — tools scoped by role, optimized for token efficiency

CLI — npm install -g @agledger/cli

No rewrites. Existing agents add notarize calls alongside what they already do. Works with LangChain, CrewAI, AutoGen, or any orchestration framework — AGLedger is the accountability layer underneath, not a replacement.

Principles

Notarize before, notarize after — the record of what an agent is about to do exists before the work begins. The chain holds it byte-for-byte regardless of what happens to the agent's context afterward.

Record, don't judge — AOAP records what was notarized. It does not evaluate whether the work was good. On the gated 10%, the principal renders the verdict. AGLedger never substitutes its judgment for theirs.

Blind by default, transparent by consent — encrypted mode is supported. Parties choose what AGLedger can see. The protocol supports end-to-end encryption of record criteria and receipt evidence so the engine never reads payloads it shouldn't.

Every hub is a witness, not a custodian — in federated deployments, hubs coordinate state across organizational boundaries. They never hold business data. Privacy is structural, not policy.

Contract types

Contract types define the schema for a record's criteria and (optionally) its receipt. They are the vocabulary participants use to describe what they are notarizing.

The engine ships zero built-in types. You register your own via POST /v1/schemas — JSON Schema draft-07, versioned, with optional tolerance rules for the gated 10%. A type with no receipt schema is notarize-only; records of that type terminalize at RECORDED on creation.

Build your own — define exactly what your business needs, with the verbs and bounds that make sense to your auditors

Agent-authored on demand — an agent can register a schema for a new kind of work the first time it encounters one

Share with federation partners — schemas registered on a gateway can propagate to peer organizations through the federation schema catalog, so both sides speak the same language

All schemas are JSON Schema draft-07. Validation is enforced at create time; unknown types are rejected.

Cryptographic integrity

Established standards at every layer. No proprietary algorithms. Your keys — AGLedger never generates or holds private key material.

Audit vaultSHA-256 hash chain + Ed25519 signaturesWebhooksHMAC-SHA256 (Stripe-style)API authHMAC-SHA256 bearer tokensFederationRFC 9421-inspired HTTP message signatures + Ed25519Criteria relayX25519 ECDH + AES-256-GCMCanonicalRFC 8785 (JCS)Encrypted modeAES-256-GCM / AES-256-GCM-SIV

Conformance levels

AOAP defines three levels of implementation depth. Start with the spine. Add the gated and federated layers as your accountability needs grow.

Level 1 — Notarize

Single-agent notarize, delegation chains, contract types, tamper-evident chain.

Level 2 — Gated lifecycle

Full stateful lifecycle, receipts, verdicts, Settlement Signals.

Level 3 — Federation

Cross-organization hub coordination, encrypted criteria relay, schema catalog, federated dispute machinery.

AOAP defines the protocol AGLedger implements. Specification documentation and reference implementations are available to licensees. Implementation rights flow through a license agreement from AGLedger LLC.

Patent pending — audit vault architecture and federation protocol.

apiBrowse the API

installInstall locally

whyWhy AGLedger