Enterprise Agent Governance & Orchestration (OpenEAGO) is an open specification for secure, scalable, and compliant communication and orchestration among AI agents in enterprise environments.
- Authors: Jan Rock (jan.rock@citi.com), Denis Urusov (denis.urusov@citi.com), Paul Groves (paul.groves@citi.com)
- Date: 05/03/2026 - Version: 0.1
OpenEAGO addresses the critical gap in enterprise AI infrastructure by providing a universal standard for AI agent interoperability that operates within regulatory boundaries and enterprise security requirements.
The specification enables:
- Framework-Agnostic Integration - Support for LangChain, LangGraph, custom agents, and legacy system wrappers
- Enterprise-Grade Security - Built-in authentication (OAuth2, SAML, mTLS), authorization (RBAC/ABAC), and encryption
- Regulatory Compliance - Native support for GDPR, HIPAA, PCI-DSS, CCPA, and financial services regulations
- Resilient Orchestration - Multi-agent workflow coordination with circuit breakers, fallback routing, and compensating transactions
- AI Governance - Human-in-the-loop controls, explainability, and bias monitoring aligned with EU AI Act and NIST AI RMF
- Arbitrary Complex Orchestration - Support for complex workflows involving multiple agents, tasks, and dependencies
- Cross-Border Data Governance - Automated compliance with data sovereignty and localization requirements
- Agent Farms - Dynamic agent discovery, registration (with mTLS), bi-directional communication, and reliability scoring
OpenEAGO orchestrates multi-agent workflows through a comprehensive architecture:
Client Interface:
- Request - Client applications (API, CLI, SDK) submit business requests to work contracts
Specification:
- Contract - The contract validates inputs, establishes terms, and manages agent capabilities.
- Planning - The system discovers optimal agents, determines the execution pattern, and creates a comprehensive execution plan.
- Negotiation - Plan validation with required Authorization, SLA/SLO, Cross-border Data Clearance, KYC Check, AML Check, Policy Compliance, Credit Risk etc.
- Execution - The orchestrator runs tasks according to the plan, managing dependencies and context propagation.
- Context - Agents' progress and states are captured and maintained across session, conversation, and agent layers.
- Communication - Agents communicate using standardized formats, ensuring interoperability and context sharing.
In the OpenEAGO framework, Agent Identity serves as a core building block for ensuring secure and reliable communication between AI agents. The identity management system, in conjunction with the Agent Registry, establishes a robust foundation for trust and security. By leveraging advanced mechanisms such as mutual TLS (mTLS), certificate-based authentication, and continuous monitoring, the framework ensures that only verified agents can participate in the ecosystem.
The Agent Registry acts as a centralized service discovery and capability management hub, enabling seamless integration and orchestration of AI agents. Together, the identity and registry components form a secure and scalable infrastructure that prevents unauthorized access, ensures compliance with regulatory requirements, and fosters trust in multi-agent interactions.
- Documentation Index - Specification introduction and navigation
- Overview - Comprehensive specification overview
- Architecture - High-level architecture overview
- Security Considerations - Security architecture and requirements
- Contract Capability - Contract negotiation and management
- Planning Capability - Execution planning and optimization
- Validation Capability - Validation and compliance checking
- Execution Capability - Task execution and orchestration
- Context Capability - Context management and sharing
- Communication Capability - Agent communication standards
- OpenEAGO Proposal - Detailed proposal with distinctive features
- Identity Management - Agent identity and trust establishment
OpenEAGO addresses the critical gap in enterprise AI infrastructure by providing a universal communication standard that preserves framework choice while enabling seamless integration across regulatory boundaries. As organizations scale their AI deployments beyond single agents to complex multi-agent systems, OpenEAGO provides the foundation for secure, observable, and compliant agent ecosystems that operate within the constraints of global data protection and privacy regulations.
The specification's design prioritizes real-world enterprise requirements—regulatory compliance, data sovereignty, cross-border governance, security, and operational resilience—while maintaining the flexibility needed to support diverse implementation approaches and evolving AI technologies. By incorporating data localization, consent management, and automated compliance validation into its core architecture, OpenEAGO enables organizations to deploy AI agents globally while meeting local regulatory requirements.
By adopting OpenEAGO, organizations can build agent networks that transcend departmental, vendor, and jurisdictional boundaries while maintaining strict compliance with data protection regulations.
OpenEAGO is built on the principles of transparency, collaboration, and user empowerment. We believe in creating an open ecosystem where AI agents can interact seamlessly while respecting user privacy and data sovereignty. Our approach emphasizes the importance of regulatory compliance and ethical considerations in AI development and deployment.
Our goal is to create an enterprise-grade specification for AI agent interoperability that fosters innovation while ensuring security and regulatory compliance, building upon existing open source projects and industry standards.
|
|
|
See ROADMAP.md for the detailed development roadmap.
All commits must be signed with a DCO signature to avoid being flagged by the DCO Bot. This means that your commit log message must contain a line that looks like the following one, with your actual name and email address:
Signed-off-by: John Doe <john.doe@example.com>See CONTRIBUTING.md for detailed contribution guidelines.
Community Resources:
- Copyright 2025 FINOS
- License Apache License, Version 2.0
- SPDX-License-Identifier Apache-2.0
- Project Team - jan.rock@citi.com / rock@linux.com
- FINOS - finos.org
- GitHub - github.com/finos-labs/open-eago