Introducing VAP: A Governance Protocol for AI Agents Using Plain Markdown
Community member can.nuri recently dropped an interesting project in the OpenClaw Discord: Lobsidian, which implements the Vault Agent Protocol (VAP) โ a file-based governance and coordination layer for AI agents.
What Problem Does VAP Solve?
If you've run AI agents for any length of time, you've probably asked yourself:
- "What did my agent do while I was sleeping?"
- "How do I set boundaries without writing code?"
- "Who authorized this action?"
Current agent frameworks excel at execution but leave governance as an afterthought. Logs are scattered across framework-specific stores, permissions are binary allow/deny, and audit trails require digging through chat transcripts.
VAP addresses this gap by treating governance as a first-class concern, using nothing but Markdown files in a version-controlled vault.
Where VAP Fits in the Stack
The protocol positions itself at "Layer 2.5" โ sitting between MCP (tool access) and A2A (agent-to-agent communication):
| Layer | Protocol | Role |
|---|---|---|
| 4 | A2UI | Agent-to-User interfaces |
| 3 | A2A | Task delegation between agents |
| 2.5 | VAP | Persistent, human-readable governance workspace |
| 2 | MCP | Tool access |
| 1 | LLM Providers | Model inference |
The key insight: neither MCP nor A2A provides a durable, auditable layer where governance state lives as plain files under version control. VAP fills that gap.
How It Works
Trust Ladder
Instead of binary permissions, VAP implements a graduated trust model:
- Shadow โ Agent observes but cannot act
- Suggest โ Agent proposes actions for human approval
- Act & Report โ Agent acts autonomously but logs everything
- Autonomous โ Full autonomy within defined domains
Consent Tiers
Human oversight comes in four flavors:
- Observe โ Human watches passively
- Auto โ Pre-approved within policy
- Async โ Approval can happen later
- Sync โ Requires immediate human consent
Vault-as-Blackboard
Multi-agent coordination happens through shared Markdown files. Agents read and write to the same vault, with every action traced through delegation chains back to human decisions.
Why This Matters for OpenClaw Users
OpenClaw already embraces the Markdown workspace pattern โ AGENTS.md, SOUL.md, MEMORY.md, and daily logs in memory/. VAP formalizes this approach with structured frontmatter and append-only action logs.
If you're running multiple agents, delegating tasks to sub-agents, or simply want a cleaner audit trail of what your AI did and why, VAP offers a framework-agnostic way to add governance without changing your stack.
The project uses "Agent-Flavored Markdown" โ meaning any agent that can read files can participate. No vendor lock-in, no special APIs.
Getting Started
Check out the GitHub repo for the full specification, including:
- Conformance levels (what agents must implement)
- Validation checks
- Example vault structures
The protocol draws from Sociocracy 3.0 concepts (drivers, domains, consent) โ organizational patterns adapted for AI coordination.
Found via the OpenClaw Discord. If you're building governance tooling for AI agents, this is worth a look.
Comments (0)
No comments yet. Be the first to comment!