open-eago
Health Pass
- License — License: Apache-2.0
- Description — Repository has a description
- Active repo — Last push 0 days ago
- Community trust — 15 GitHub stars
Code Pass
- Code scan — Scanned 12 files during light audit, no dangerous patterns found
Permissions Pass
- Permissions — No dangerous permissions requested
This tool is an open specification and protocol for governing, securing, and orchestrating communication between multiple AI agents in enterprise environments. It acts as a framework-agnostic bridge to ensure regulatory compliance and secure workflow execution.
Security Assessment
Based on the automated code scan and repository details, the overall risk is rated as Low. The project was scanned for dangerous patterns, hardcoded secrets, and risky permissions, with none detected. While the tool's core purpose involves handling highly sensitive enterprise concepts like OAuth2 authentication, mTLS, and regulatory compliance (GDPR, HIPAA), the repository currently appears to be a specification document rather than an executable software package. Consequently, it does not directly execute shell commands, access local files, or make live network requests at this stage.
Quality Assessment
The project is backed by the FINOS (Fintech Open Source) foundation and authored by corporate developers, lending it strong institutional credibility. It is actively maintained, with repository activity as recent as today. The repository includes a clear description, uses the permissive Apache-2.0 license, and has garnered 15 GitHub stars, indicating early but positive community interest.
Verdict
Safe to use.
Open Enterprise Agent Governance and Orchestration Protocol
OpenEAGO - Enterprise Agent Governance and Orchestration
Enterprise Agent Governance & Orchestration (OpenEAGO) is an open specification for secure, scalable, and compliant communication and orchestration among AI agents in enterprise environments.
- Authors: Jan Rock ([email protected]), Denis Urusov ([email protected]), Paul Groves ([email protected])
- Date: 05/03/2026 - Version: 0.1
Overview
OpenEAGO addresses the critical gap in enterprise AI infrastructure by providing a universal standard for AI agent interoperability that operates within regulatory boundaries and enterprise security requirements.
The specification enables:
- Framework-Agnostic Integration - Support for LangChain, LangGraph, custom agents, and legacy system wrappers
- Enterprise-Grade Security - Built-in authentication (OAuth2, SAML, mTLS), authorization (RBAC/ABAC), and encryption
- Regulatory Compliance - Native support for GDPR, HIPAA, PCI-DSS, CCPA, and financial services regulations
- Resilient Orchestration - Multi-agent workflow coordination with circuit breakers, fallback routing, and compensating transactions
- AI Governance - Human-in-the-loop controls, explainability, and bias monitoring aligned with EU AI Act and NIST AI RMF
- Arbitrary Complex Orchestration - Support for complex workflows involving multiple agents, tasks, and dependencies
- Cross-Border Data Governance - Automated compliance with data sovereignty and localization requirements
- Agent Farms - Dynamic agent discovery, registration (with mTLS), bi-directional communication, and reliability scoring
Architecture
OpenEAGO orchestrates multi-agent workflows through a comprehensive architecture:
Client Interface:
- Request - Client applications (API, CLI, SDK) submit business requests to work contracts
Specification:
- Contract Management - Validates inputs, establishes terms, and manages agent capabilities.
- Planning & Negotiation - Discovers optimal agents, determines the execution pattern, and performs negotiation (authorization, SLA/SLO feasibility, cross-border data clearance, KYC, AML, policy constraints, credit risk).
- Validation & Compliance - Validates the execution plan against policy, risk, and regulatory requirements, including Human-in-the-Loop approval where required.
- Execution & Resilience - Runs tasks according to the plan with resilience controls, managing dependencies, fallbacks, and compensating actions.
- Context & State Management - Captures and maintains hierarchical state across session, conversation, agent, and task layers.
- Communication & Delivery - Delivers messages using standardized formats with routing integrity, security, and audit anchoring.
Prerequisites
In the OpenEAGO framework, Agent Identity serves as a core building block for ensuring secure and reliable communication between AI agents. The identity management system, in conjunction with the Agent Registry, establishes a robust foundation for trust and security. By leveraging advanced mechanisms such as mutual TLS (mTLS), certificate-based authentication, and continuous monitoring, the framework ensures that only verified agents can participate in the ecosystem.
The Agent Registry acts as a centralized service discovery and capability management hub, enabling seamless integration and orchestration of AI agents. Together, the identity and registry components form a secure and scalable infrastructure that prevents unauthorized access, ensures compliance with regulatory requirements, and fosters trust in multi-agent interactions.
Documentation
Getting Started
- Documentation Index - Specification introduction and navigation
- Overview - Comprehensive specification overview
- Architecture - High-level architecture overview
- Security Considerations - Security architecture and requirements
Core Specification
- Contract Capability - Contract negotiation and management
- Planning Capability - Execution planning and optimization
- Validation Capability - Validation and compliance checking
- Execution Capability - Task execution and orchestration
- Context Capability - Context management and sharing
- Communication Capability - Agent communication standards
Advanced Topics
- OpenEAGO Proposal - Detailed proposal with distinctive features
- Identity Management - Agent identity and trust establishment
Why OpenEAGO
OpenEAGO addresses the critical gap in enterprise AI infrastructure by providing a universal communication standard that preserves framework choice while enabling seamless integration across regulatory boundaries. As organizations scale their AI deployments beyond single agents to complex multi-agent systems, OpenEAGO provides the foundation for secure, observable, and compliant agent ecosystems that operate within the constraints of global data protection and privacy regulations.
The specification's design prioritizes real-world enterprise requirements—regulatory compliance, data sovereignty, cross-border governance, security, and operational resilience—while maintaining the flexibility needed to support diverse implementation approaches and evolving AI technologies. By incorporating data localization, consent management, and automated compliance validation into its core architecture, OpenEAGO enables organizations to deploy AI agents globally while meeting local regulatory requirements.
By adopting OpenEAGO, organizations can build agent networks that transcend departmental, vendor, and jurisdictional boundaries while maintaining strict compliance with data protection regulations.
Philosophy
OpenEAGO is built on the principles of transparency, collaboration, and user empowerment. We believe in creating an open ecosystem where AI agents can interact seamlessly while respecting user privacy and data sovereignty. Our approach emphasizes the importance of regulatory compliance and ethical considerations in AI development and deployment.
Our goal is to create an enterprise-grade specification for AI agent interoperability that fosters innovation while ensuring security and regulatory compliance, building upon existing open source projects and industry standards.
Linked Projects
|
|
|
Roadmap
See ROADMAP.md for the detailed development roadmap.
Contributing
All commits must be signed with a DCO signature to avoid being flagged by the DCO Bot. This means that your commit log message must contain a line that looks like the following one, with your actual name and email address:
Signed-off-by: John Doe <[email protected]>
See CONTRIBUTING.md for detailed contribution guidelines.
Community Resources:
License & Legal
- Copyright 2026 FINOS
- License Apache License, Version 2.0
- SPDX-License-Identifier Apache-2.0
Contact
- Project Team - [email protected] / [email protected]
- FINOS - finos.org
- GitHub - github.com/finos-labs/open-eago
Reviews (0)
Sign in to leave a review.
Leave a reviewNo results found