Contextus schema

Open Agent Passport Schema

A lightweight schema for attaching agent identity, capability scopes, lifecycle status, and proof metadata to governed AI agent actions.

It is a practical schema for teams using Contextus to govern agent workflows through the API, CLI, SDK, and MCP adapter.

Customer outcome

Agent work becomes attributable, scoped, revocable, and reviewable.

Agent
Owner
Allowed Actions
Policy
Approval
Proof

Why agent identity matters

As agents move from chat to action, teams need to know who the agent acts for, what it was allowed to do, which policy applied, and what proof exists after the action.

What Agent Passport includes

A passport can carry agent identity, owner identity, lifecycle status, capability scopes, risk thresholds, approval requirements, MCP metadata, and proof metadata for governed actions.

How it works with Contextus

Contextus can link a governed action to an agent, owner, tool, policy decision, approval event, and proof record so the workflow becomes attributable, scoped, revocable, and reviewable.

MCP binding

MCP metadata can attach agent, owner, policy decision, and proof record to governed tool calls so teams can trace action back to the workflow.

A2A Agent Card mapping

Contextus can expose an A2A-style Agent Card compatibility view as metadata so teams can represent agent identity in familiar structures.

Roadmap

The schema is intended to stay practical: export/import, MCP attachment, revoked or suspended states, A2A-style metadata preview, and proof-linked action envelopes.

What it includes

Practical metadata for governed action.

Agent and owner identifiers
Capability scopes and allowed actions
Lifecycle state such as active, suspended, revoked, or expired
Risk thresholds and approval requirements
MCP binding metadata
Proof and audit record references

Example JSON

{
  "schema": "contextus.agent_passport/v1",
  "agent": {
    "id": "agent_deploy_bot",
    "name": "Deploy Bot",
    "owner": {
      "type": "team",
      "id": "platform-engineering"
    },
    "status": "active"
  },
  "capabilities": {
    "allowed_actions": ["read_repo", "open_pr", "run_checks"],
    "approval_required": ["deploy", "delete_data", "external_network"],
    "max_risk": "medium"
  },
  "bindings": {
    "mcp": {
      "server_id": "repo-tools",
      "tool_scope": "workspace"
    },
    "a2a_agent_card_preview": {
      "supported": true,
      "orchestration": false
    }
  },
  "proof": {
    "action_envelope_required": true,
    "include_policy_decision": true,
    "include_approval_event": true
  }
}

Where teams use it

Code-agent reviews

Connect file writes, shell commands, and pull-request actions to the agent and owner responsible for the workflow.

MCP tool governance

Attach agent scope, policy decision, approval state, and proof metadata to governed MCP tool calls.

Security review

Give reviewers a clean record of which agent acted, what it was allowed to do, and how the decision was recorded.

Lifecycle control

Use active, suspended, revoked, and expired states to keep agent access aligned with team policy.

Developer surfaces

Identity metadata

Agent Passport attaches agent identity, owner identity, scopes, lifecycle state, policy decisions, and proof metadata to governed actions inside Contextus workflows.

MCP-governed tool calls

MCP metadata can carry the agent, owner, policy decision, approval state, and proof record for governed tool calls so teams can review who acted and why the action was allowed or held.

A2A-style metadata view

Contextus can map Agent Passport metadata into an A2A-style Agent Card view so teams can represent agent identity, capabilities, and lifecycle status in a portable shape.

Governed workflow identity

Agent identity is managed inside governed Contextus workflows, where it can be linked to owners, policy decisions, approvals, and proof records.