Governance
This project exists to produce a neutral, openly governed record layer for agent actions — and to give it away. This page states how it's run today, the principles it holds to, and the concrete path to a neutral home.
Why governed this way
Verifiable records of what AI agents do are infrastructure the whole ecosystem depends on. We think AI safety and open standards matter far too much for that layer to be controlled by any single company — so the design goal from day one is to donate it. The maintainers have stewarded openly and neutrally governed software before (the Presto Foundation, under the Linux Foundation), and this project is modeled on that practice.
Principles
| Open | Apache-2.0 tooling; the specification under the IETF Trust's terms (BCP 78/79, code components under the Revised BSD License). Developed in public. |
|---|---|
| Vendor-neutral | No required product; the specification favors no vendor. Any party can implement, run, and anchor — including in their own environment. |
| Verifiable | Decisions, like capsules, happen in the open: public issues, public PRs, public discussion. |
| Donate by design | The profile, the trademark, and the reference services are intended to transfer to a neutral foundation as the ecosystem matures. |
Where it stands today
The project is stewarded by Action State Group, which also operates the reference services (the public transparency log and the hosted verifier) for now. This is the honest current state: a single steward, structured to become neutral — not yet a multi-party foundation. We say so plainly rather than imply neutrality the structure doesn't yet have.
Roles
| Contributors | Anyone who opens an issue or PR. Contributions are made under the DCO (sign-off); no CLA. |
|---|---|
| Maintainers | Review and merge changes, cut releases, and steward each repo. Co-maintainers from other organizations are explicitly welcome — earning merge rights through sustained, quality contribution. |
| Technical Steering (planned) | As independent maintainers join, a lightweight Technical Steering Committee will take over cross-repo decisions — the standard Linux-Foundation-style model. |
How decisions are made
Changes happen by pull request and public discussion, with lazy consensus among maintainers; significant changes get an issue first. The specification evolves through the IETF process — it's an individual Internet-Draft (draft-mih-scitt-agent-action-capsule), and the goal is to bring it to the SCITT working group, where the WG — not this project — decides its standing.
Conformance to the final standard
SCITT and COSE are still being finalized at the IETF. This profile is built to track them: as those drafts advance and are published as RFCs, the profile and its reference implementations will be updated to conform to the final versions, and any breaking changes will be versioned and documented. Building on it today should not strand you when the standard lands.
The path to a neutral foundation
Donation is a commitment, not just a hope. The intended sequence:
| Trigger | What transfers |
|---|---|
| Independent implementers + a stable profile | governance moves to a Technical Steering Committee with multi-org maintainers |
| Foundation home selected | the agentactioncapsule.org domain, the “Agent Action Capsule” trademark, and the reference services transfer to the neutral home |
| Spec adoption | change control of the profile follows the IETF process on WG adoption / RFC publication |
Candidate homes are neutral, foundation-style bodies in the open-source / standards world; the specific home will be chosen with the community rather than announced unilaterally.
Scope & boundaries
The open project is the record layer: the profile, the producer (with example constraint manifests), the verifier, and the anchor. Acting on declared constraints at runtime — enforcement — is a separate concern that composes with a policy gateway. The capsule records what happened; it does not gate. We call that boundary out so the open/commercial line is transparent, not implied.