OAPS / AICP
An open protocol that records who authorized an agent action, what limits applied, and what proof exists, shared across MCP, A2A, and payment systems.
What it is
OAPS (the AICP protocol) is an open standard for the primitives that sit between agent systems: identity, capability, intent, delegation, mandate, approval, evidence, and verification. It answers four questions for any consequential action: who authorized it, what limits applied, were those limits checked before the side effect, and what tamper evident proof exists afterward.
The problem it solves
Agents now call tools, talk to merchants, move money, and delegate work across many systems. Each of those systems is inventing its own private meaning for identity, authority, and proof. As the ecosystem grows it does not get safer, it gets harder to verify, because the same words carry different guarantees in every stack.
How it works
OAPS defines these primitives as schema validated objects with normative rules (schema validation, stable identifiers, RFC 3339 timestamps, fail closed defaults, evidence emission). It is built to compose with MCP, A2A, AP2, x402, MPP, and OSP rather than replace them, attaching the missing authority semantics through profiles. A TypeScript reference implements the core types, policy evaluation, and a hash chained evidence log, with an HTTP binding and an MCP adapter.
Where it fits
It is the horizontal trust layer that the vertical protocols plug into. MCP moves tool calls, x402 and MPP move money; OAPS is the shared vocabulary for who was allowed to do it and what proof remains.
Status
Draft specification with a working reference. There are fifty one JSON schemas with validated examples, a draft foundation spec in RFC 2119 language, a TypeScript reference (twelve packages) with policy and evidence working, and a conformance manifest. The HTTP binding and MCP profile work today; gRPC, JSON-RPC, and the other profiles are still fixtures.