A protocol-agnostic governance interchange format for cross-enterprise agent interactions in financial services.
Namespace notice: Schema URIs in this repository (e.g.,
finos.org/afix/v1/...) are proposed identifiers, not live endpoints. AFIX is not a FINOS project and is not endorsed by or affiliated with FINOS. Thefinos.orgnamespace is used as an aspirational reference to indicate where these schemas could be registered if adopted by an open governance body. These URIs do not currently resolve. If AFIX is adopted under a different standards body or namespace, all schema$idvalues and capability keys will be updated accordingly.
AFIX defines a shared vocabulary for agent governance at firm boundaries. It specifies what structured metadata must cross when a governed agent in one institution calls a governed agent in another — without prescribing how either firm governs itself internally. AFIX is transport-neutral: it provides binding specifications for both Google's Agent-to-Agent (A2A) protocol and Anthropic's Model Context Protocol (MCP). The goal is interoperability, not uniformity.
Bloomberg, FactSet, and LSEG have each independently built equivalent governance middleware layers around MCP — covering identity, access control, audit, and rate limiting. JPMC, Morgan Stanley, and BlackRock all have active AI governance programs. Framework-level coordination exists through bodies like FINOS CC4AI. What does not exist is any coordination on governance interchange: when your governed agent calls my governed agent, there is no shared vocabulary for the metadata that should accompany that call. Every integration currently requires bespoke negotiation of what identity means, what an audit event looks like, and who carries liability. AFIX proposes to fix that.
| Component | Description | Schema |
|---|---|---|
| Agent Card | Organizational identity, governance posture, regulatory jurisdiction, supply chain attestation | afix-agent-card-v1.0.0.json |
| Compliance Event | Universal audit primitive — six-field interop core with regulatory compliance extension tier | afix-compliance-event-v1.0.0.json |
| Entitlement Interchange | Cross-enterprise data/service access rights with conjunctive/disjunctive grouping | afix-entitlement-v1.0.0.json |
| Liability Metadata | Multi-party liability allocation with ISDA-analog bilateral and EMV proportional shift | afix-liability-metadata-v1.0.0.json |
| Governance Hop Record | Per-hop audit trail for multi-agent chains with LEI-based institutional identity | afix-governance-hop-record-v1.0.0.json |
A2A Binding — AFIX extensions attach natively to the A2A Agent Card capabilities.extensions[] array and to per-message and per-task metadata fields. Uses protocol-native extension negotiation via the X-A2A-Extensions header. See /schemas/extensions/a2a-binding-v1.0.0.md.
MCP Binding — AFIX leverages the MCP SEP-2133 extension framework to register as a named capability extension (proposed namespace: finos.org/afix-governance), with a _meta fallback convention for servers not yet on SEP-2133, and gateway enforcement patterns for Kong, Apigee, Cloudflare, and custom proxy deployments. See /schemas/extensions/mcp-binding-v1.0.0.md.
The /research directory contains the full methodology behind AFIX: source syntheses, stress-tests, steelmanned counterarguments, and design decision rationale with citations. Every claim is sourced. Every assumption is tested. Published for transparency and to support community review.
- Read the Agent Card schema — this is the minimum viable governance artifact.
- Pick your transport: A2A binding or MCP binding.
- Start with Agent Cards only. Full compliance event streams and liability chains can be added incrementally once identity and capability negotiation is working.
- Add Compliance Events, Entitlement Interchange, and Liability Metadata as your integration matures.
Governance Hop Records are only required for multi-hop chains where intermediate agents must attest to governance state.
AFIX was developed as part of a research series on agentic AI governance in financial services. The series covers the emergence of multi-agent systems, the governance gap at firm boundaries, and the case for standardized interchange formats. Blog Series.
Research proposal. Not a standard. Not production-tested. Published for community review, feedback, and potential standardization under FINOS or a similar open governance body. Schema versions are tagged; breaking changes will increment the major version.
Apache 2.0. See LICENSE.
Open an issue or start a discussion. The schemas are designed to be forked and adapted — institutional requirements vary, and AFIX is intended as a baseline, not a ceiling.