About AGF
We defined the standard.
Now we run it.
Autonomous AI agents are calling APIs, delegating authority, and making decisions without human approval — yet no governance model was built for them. AGF is building that model, openly, and running it in production.
4
Open frameworks
30+
Terms defined
v0.5
Auth runtime
CC BY 4.0
License
Our story
The gap we're closing
Agents are already in production. They're reading and writing files, calling APIs, sending emails, managing cloud infrastructure — most of them running with whatever API key was in the environment at startup, logging nothing useful, with no revocation mechanism beyond "kill the process."
This is how the web looked before session management was standardized. Every team improvising, every implementation slightly different, every system insecure in its own way. IAM solved this for human identities. DevOps solved it for machine identities. Nobody solved it for autonomous agents — until now.
The window to establish shared standards is right now, while the ecosystem is still forming. Once every agent framework has built its own identity model and delegation mechanism, interoperability becomes a much harder problem. We want to do for agent governance what OAuth did for delegated authorization: a common substrate that everyone builds on, so the hard security work gets done once and done well.
What we build
Two tracks. One standard.
Open standard
- Agent Identity Framework
- Agent Trust Framework
- Agent Lifecycle Framework
- Governance Glossary (30+ terms)
- DID-based Agent ID spec
- Delegation chain protocol
Managed runtime
- AGF Authorization Service
- Policy Decision Point (PDP)
- Branch-cut revocation (<500 ms)
- Agent Passport issuance
- Real-time trust scoring
- Signed audit artifacts
Design constraints
Our principles
These aren't values-statement placeholders. They're the design constraints that drive every architectural decision in the specs.
01
Resource owner decides
The entity that owns or operates a resource has final say over what agents may access it, regardless of what any agent claims about its own authority. Governance cannot be delegated away from the owner.
02
Trust is evaluated separately from policy
Whether a request is policy-compliant and whether the agent making it is trustworthy are two different questions. Conflating them leads to systems where a technically-authorized-but-compromised agent can't be caught.
03
Decisions must be auditable
Every authorization decision should be signed, structured, and replayable. Not for compliance theater — but because you cannot debug, improve, or contest a system whose decisions leave no trace.
04
Expiration by default
Permissions should decay unless explicitly renewed. Long-lived credentials are a liability, not a feature. Short-lived grants with renewal obligations create natural checkpoints for re-evaluation.
Leadership
Founded by
Ramesh Kalimuthu
Founder & Lead ArchitectChennai, Tamil Nadu, India · Founded 2026
Senior Software Engineer and Systems Architect with 9+ years building cloud-native platforms, AI-integrated applications, identity systems, and large-scale distributed architectures across AWS, enterprise software, and LLM orchestration.
His work in IAM — delegation, trust, credential lifecycle, and access control — is directly what agent governance requires. AGF is the application of that decade of infrastructure experience to a problem the industry hasn't solved yet.
Ready to govern your agents?
Whether you're evaluating governance infrastructure, integrating the runtime, or contributing to the open standard — we'd like to hear from you.

