FOUNDATION PROTOCOL

当 agent 真正替人工作
需要一个可信协作网络

When agents actually do the work,
the stack needs a trust layer.

今天的 agent 协议解决了"agent 怎么说话"——MCP、A2A、AG-UI。
但没人解决"agent 怎么对结果负责"。
当委托产生真实成本、有交付物、要分账、出问题要追究时,缺的是合同、信任、溯源和结算的协议层

Today's agent stack solved how agents talk — MCP, A2A, AG-UI.
What it hasn't solved: how agents are accountable for what they ship.
Once a delegation carries real cost, real artifacts, and real money, the missing piece is a protocol layer for contract, trust, provenance, and settlement.

FP / FOUNDATION PROTOCOL
The protocol layer for accountable agent work.
A coordination substrate where trust, provenance, and settlement become first-class protocol objects.
contract · trust · provenance · settlement

协作一直在发生。责任没有被协议化。

Collaboration already happens. Accountability has never been protocolized.

在谈 FP 是什么之前,先谈它为什么应该存在。

Before we say what FP is, here's why it has to exist.

每一次真正的委托,都会同时产生三件东西:意图、成本和后果。过去这些东西由人、组织和平台兜底;agent 进入工作流后,委托可以自动发起,任务可以跨系统流转,支付可以即时发生。问题不再只是 agent 会不会说话,而是它们开始形成真实的工作关系

Every real delegation produces three things at once: intent, cost, and consequence. Humans, organizations, and platforms used to absorb all three. Once agents enter the workflow, delegations launch on their own, tasks cross systems, payments fire instantly. The question is no longer whether agents can talk. It's that they're starting to form real working relationships.

一旦事情出错,追问不会停留在日志层:谁授权了这件事,哪一版算交付,谁验收了结果,凭什么付款,争议由谁处理?这些问题不是 observability 问题,而是责任关系问题

When things go wrong, the questions don't stop at the log layer. Who authorized this? Which revision counts as delivered? Who signed off? On what basis was payment made? Who handles the dispute? These aren't observability questions. They're accountability questions.

更根本的转折在于:在 agentic 系统里,一条消息常常就是一次 code execution——伴随资源消耗、支付、委托或策略变更。当 agent 持有长期凭证、能下载第三方代码、能替人花钱,通信和执行的边界已经模糊。协议层因此从"集成便利"被推到了 safety boundary 的位置:身份、授权、证据、责任,必须在协议里说清楚,而不是在应用里事后补。

There's a deeper shift underneath. In agentic systems, a message often is a code execution — paired with resource use, payment, delegation, or policy change. When agents hold long-lived credentials, download third-party code, and spend money on someone's behalf, the line between communication and execution dissolves. The protocol layer is no longer an integration convenience. It's a safety boundary. Identity, authority, evidence, and accountability have to be made explicit in the protocol — not patched in by the application after the fact.

今天这些答案散落在 Slack 截图、Jira 工单、SQL log 和平台后台里。它们能辅助排查,却不能构成工作关系本身的凭证。MCP 让 agent 能调工具,A2A 让 agent 能互相说话,AG-UI 让 agent 能对人解释过程。但没有任何一层协议规定:一个委托如何产生、双方如何签字、交付如何证明、争议如何裁决、款项如何结算、信誉如何沉淀

Today those answers live in Slack screenshots, Jira tickets, SQL logs, and vendor dashboards. They help with triage. They don't constitute the working relationship itself. MCP gave agents a way to call tools. A2A gave them a way to talk to each other. AG-UI gave them a way to explain themselves to humans. No layer of the stack defines how a delegation forms, how both sides sign, how delivery is proven, how disputes resolve, how payment settles, or how reputation accrues.

Agent 协作的瓶颈不是通信,是责任
The bottleneck in agent collaboration isn't communication. It's accountability.

过去这个问题不紧迫,因为 agent 大多只是工具调用者。但现在,agent 开始互相委托、花钱、提交交付、等待审批。一旦工作有成本、有版本、有验收,就需要一套独立于 runtime 和平台的责任对象。

This wasn't urgent while agents were mostly tool callers. Now they delegate to other agents, spend money, ship deliverables, and wait for approvals. Once work has cost, has versions, has sign-off, you need accountability objects that live outside any single runtime or platform.

FP 不是另一个 agent 通信协议,也不是新的 observability 平台。它把委托、双方签字、交付证据、仲裁背书、验收、支付、争议与信誉,协议化为一组可验证的协议对象。换句话说,FP 要标准化的不是消息,而是有后果的协作

FP is not another agent-communication protocol, and it's not a new observability platform. It turns delegation, dual signatures, delivery evidence, arbiter attestation, acceptance, settlement, dispute, and reputation into a set of verifiable protocol objects. What FP standardizes isn't messages. It's collaboration with consequences.

四个协作位置,一个验证视角

Four roles in the work. One verification view.

FP 的运行模型最清晰的描述不是一张拓扑图,而是一个场景:一项有成本的工作被委托出去,执行方提交交付,仲裁者对状态推进签字,监督者持续可见。第三方不是协议层角色,而是任何拿到证据链之后都能进入的验证视角。

FP's runtime model is easier to read as a scene than as a topology. A piece of costly work gets delegated. The vendor submits delivery. The arbiter signs every state transition. The owner watches the whole thing in real time. Third parties aren't a protocol role — they're any verification view that can be reconstructed from the signed evidence chain.

B 委托方 Buyer Buyer / party_a 提交 contract · 验收 · 评分 propose · accept · rate V 执行方 Vendor Vendor / party_b 签字 · 提交 DeliveryEvidence sign · submit DeliveryEvidence FP THE TRUST LAYER · 可信协议层 THE TRUST LAYER · accountable substrate Contract Snapshot Chain Ledger Delivery Approval Gate Reputation commit · attest · arbitrate · settle A 仲裁者 Arbiter Arbiter Ed25519 sign · escrow · dispute O 监督者 Owner Owner CarbonCopy · pending approvals 外部验证 Auditor view Auditor view verify chain · compute reputation propose contract delivery + signature attestation CC stream signed chain
● B · Buyer

委托方party_a

Buyerparty_a

发起一项有成本、有交付、有后果的工作。委托方可以是真人、agent 或组织账户;它不需要盯执行细节,只需要把需求写成 contract、批准 revision、验收交付,并给出评价。

Initiates work that carries cost, deliverable, and consequence. The buyer can be a human, an agent, or an organization account. It doesn't track execution details — it writes the requirement into a contract, approves revisions, accepts delivery, and rates the outcome.

它不需要相信对手,因为每一次签字都被仲裁者背书,形成可独立验证的快照链。

It doesn't need to trust the counterparty. Every signature is countersigned by the arbiter into an independently verifiable snapshot chain.

→ Human · Agent · Org account · Owner-supervised agent
● V · Vendor

执行方party_b

Vendorparty_b

承接一项工作,并提交 DeliveryEvidence。Delivery 不是一句"做完了",而是带 artifact、digest、cost report、session id 的结构化对象;仲裁者会把它打包进当前快照并签字。

Takes the work and submits a DeliveryEvidence. Delivery isn't a sentence saying "done." It's a structured object with artifacts, digests, a cost report, and a session id. The arbiter folds it into the current snapshot and signs.

交付的可证伪性是协议级保证:买方、仲裁者、任何第三方都看同一份签名快照。

Falsifiable delivery is a protocol guarantee. The buyer, the arbiter, and any third party see the same signed snapshot.

→ Agent · Tool entity · MCP server · 跨 Host vendor
→ Agent · Tool entity · MCP server · Cross-host vendor
▲ A · Arbiter

仲裁者arbiter

Arbiterarbiter

FP 里的有限见证者,不是去信任化设计的对立面。它持有 Ed25519 签名密钥,对每一次状态推进生成 ArbiterAttestation,并维护快照链:prev_snapshot_hash 把所有 transition 串成一条链。

A bounded witness, not the opposite of trustless design. It holds an Ed25519 signing key, emits an ArbiterAttestation on every state transition, and maintains the snapshot chain — prev_snapshot_hash links every transition into one verifiable line.

争议入口也由它持有:DISPUTE state、超时、escrow 释放都是协议化路径。它做的事情是有限的,但每一件都被见证

Disputes flow through it too: DISPUTE state, timeouts, and escrow release are all protocol paths. The arbiter does few things, but every one of them is witnessed.

→ Snapshot sign · Escrow ledger · Dispute path
◆ O · Owner

监督者owner

Ownerowner

每个 entity 都可以挂 owner。默认的 CarbonCopyCheckpoint(order 800、全 kind 挂载)让 owner 自动收到这个 entity 的所有协议消息——零配置 fleet observability。

Any entity can carry an owner. The default CarbonCopyCheckpoint (order 800, mounted on every message kind) auto-CCs the owner on every protocol message — zero-config fleet observability.

监督者不替 agent 执行,也不替仲裁者裁决。它负责看见、批准、暂停、追问,让 agent fleet 的行为不再藏在各自 runtime 里。

The owner doesn't execute for the agent or arbitrate for the arbiter. It watches, approves, pauses, and asks — so an agent fleet stops hiding inside its own runtimes.

→ Owner CC stream · Pending approvals · Human oversight
✦ * · Auditor View

验证视角not a protocol role

Verification viewnot a protocol role

第三方不参与状态推进,也不是协议里的固定角色。审计员、合规、买方背后的人,只要拿到签名链,就可以独立重算 reputation、独立校验 attestation。

Third parties don't drive state transitions and aren't a fixed role in the protocol. Auditors, compliance, the humans behind the buyer — anyone holding the signed chain can independently recompute reputation and independently verify attestations.

这让"事后能证明"不依赖某个平台后台。信誉不锁在某个平台里,责任也不靠截图拼出来。

"Provable after the fact" stops depending on any one platform's dashboard. Reputation isn't locked inside a platform, and accountability isn't pieced together from screenshots.

→ Auditor replay · Verify chain · ReputationProfile

五个可验证对象,一条跨协议不变量

Five verifiable objects. One bridge invariant.

每一个对象都对应代码里的真实类型、状态机和验证路径。协作从 contract 开始,流向 delivery,被 arbiter attestation 串成快照链,被 owner 持续看见,并沉淀为 reputation;最后由 bridge invariant 带过 MCP / A2A / OTel,让同一条责任链在协议转换中继续流动。

Each object maps to a real type in the code, a real state machine, a real verification path. Collaboration starts with a contract, flows into delivery, is chained into snapshots by arbiter attestation, stays visible to the owner, and accrues into reputation. The bridge invariant carries the same accountability chain across MCP, A2A, and OTel — so it doesn't break at the seams.

壹 · Contract I · Contract

合同双方签字才生效

Contractactivates only when both sides sign

# 双方对同一 revision 都签字才进 ACTIVE# Both parties must sign the same revision to ACTIVE
# amend 会清空旧 approvals,不能跨版本背书# amend wipes prior approvals — no cross-version endorsement
await alice.send_message(
    to=arbiter.entity_card,
    message=Message(
        kind=MessageKind.CONTRACT_APPROVE,
        payload=ContractActionPayload(
            contract_id=cid,
            revision=contract.draft_version,
            terms_hash=contract.terms_hash,
        ).model_dump(),
    ),
)

委托不再是 chat log,是被双方签字、被仲裁者背书的协议对象。 A delegation stops being a chat log. It's a dual-signed, arbiter-attested protocol object. → test_contract_requires_both_parties_approval_before_activation

贰 · DeliveryEvidence II · DeliveryEvidence

交付证据"做完了"必须可证伪

Delivery evidence"done" has to be falsifiable

# 完成 = 提交带 artifact 与 cost 的结构化证据# Done = a structured object with artifacts and cost
# 仲裁者把它写入当前快照并签名# The arbiter folds it into the current snapshot and signs
DeliveryEvidence(
    delivery_id="delivery-v1",
    version="v1.0.0",
    summary="Vendor portal MVP v1",
    artifacts=[
        DeliveryArtifact(
            kind="commit",
            uri="git://repo/commit/abc123",
            digest="sha256:abc123",
        ),
    ],
    produced_by=vendor.address,
)

交付物有 digest,验收 ack 有签名,第三方可独立重放。 Artifacts carry digests, acceptance is signed, third parties can replay it independently. → test_contract_snapshot_attestation_and_ack_flow

叁 · ArbiterAttestation III · ArbiterAttestation

仲裁者签名快照每个 transition 都被见证

Signed snapshotevery transition is witnessed

# 每次状态推进生成一个 ContractSnapshot# Every transition emits a ContractSnapshot
# 用 arbiter 私钥签名,链到前一个 snapshot# Signed by the arbiter, chained to the prior snapshot
snapshot = contract.to_snapshot()
snapshot.attestation = sign_snapshot(
    snapshot,
    signer=arbiter.address,
    private_key=arbiter.sign_private_key,
    prev_snapshot_hash=contract.prev_hash,
)
assert verify_attestation(snapshot, pub_key)

ed25519-sha256:v1。任何第三方拿着公钥都能独立校验。 ed25519-sha256:v1. Any third party with the public key can verify it independently. → fp/trade/hashing.py · verify_attestation()

肆 · CarbonCopy IV · CarbonCopy

溯源owner 零配置看到一切

Provenancethe owner sees everything, zero config

# 给 entity 挂 owner,自动获得全协议消息 CC# Attach an owner to an entity → auto-CC on every kind
# 默认 order=800、kinds=set(MessageKind)# Default order=800, kinds=set(MessageKind)
bot = host.register_entity(
    name="BotA",
    kind=EntityKind.AGENT,
    owner=alice.address,
)
# 之后 BotA 收发的每一条都自动 CC 给 Alice# From here on, every BotA message is CC'd to Alice
# 不必修改 BotA 一行代码# Without modifying a single line of BotA

agent fleet 的行为对监督者天然可见,无需 SIEM 或 vendor APM。 Agent-fleet behavior becomes visible to its owner natively — no SIEM, no vendor APM required. → fp/host.py · _setup_default_checkpoints · CarbonCopyCheckpoint

伍 · ReputationChain V · ReputationChain

信誉从签名合同链派生

Reputationderived from a signed contract chain

# 输入是被签名的合同链,不是平台星星# Input is the signed contract chain — not platform stars
# 任何持链者都可独立重算同一份分数# Anyone holding the chain recomputes the same score
profiles = aggregate_vendor_reputation(contracts)
p = profiles[0]
print(p.overall_score)    # 0..100
print(p.quality_score,
      p.reliability_score,
      p.integrity_score)

agent 把自己的工作履历带到下一个平台,无需平台同意。 An agent carries its own work history to the next platform — no platform's permission required. → fp/trade/reputation.py · test_trade_reputation.py

陆 · Bridge Invariant VI · Bridge Invariant

跨协议 audit spinetrace 不在桥上断

Cross-protocol audit spinetrace doesn't break at the bridge

# FP ↔ MCP / FP ↔ A2A 的每一次转换# Every FP ↔ MCP / FP ↔ A2A conversion
# 必须保留 trace_id / policy_id / evidence_refs# must preserve trace_id / policy_id / evidence_refs
call = fp_invoke_to_mcp_call(fp_msg)
# 服务端追加新 evidence,trace 块原样回传# The server appends new evidence; the trace block round-trips intact
fp_result = mcp_result_to_fp_message(resp)
assert extract_trace_context(
    fp_result.metadata
).trace_id == original_trace_id

一条 trace_id 串起 A2A → FP → MCP,所有 evidence 在桥两侧不丢失。 One trace_id threads A2A → FP → MCP. Evidence on both sides of the bridge survives. → fp/bridges/ · test_bridges_trace_preservation.py (12 tests)

FP 在 agent protocol 里的坐标

Where FP sits in the protocol map.

现有 agent protocol 大多占据两个维度中的一个:要么标准化通信与交互(MCP / A2A / AG-UI),要么提供支付或身份基础设施(x402 / AP2 / DIDComm / VC)。它们回答"怎么调用、怎么说话、怎么付款、怎么证明身份"。FP 的定位,是把"责任结构 + 经济关系"同时变成协议化对象,让协作本身可被追溯、可被审计、可被验证。

Most agent protocols cover one of two axes. Some standardize communication and interaction (MCP, A2A, AG-UI). Others offer payment or identity rails (x402, AP2, DIDComm, VC). They answer how to call, how to talk, how to pay, how to prove identity. FP's job is different: it turns accountability structure and economic relationship into protocol objects at the same time, so collaboration itself becomes traceable, auditable, and verifiable.

ECONOMIC SURFACE → ↑ TRUST / PROTOCOLISED MCP 通信:tool call comms · tool call A2A 通信:task / message comms · task / message AG-UI 通信:agent→human comms · agent → human LangSmith / Trace 平台 LangSmith / trace platforms 观测,不签字 observe, never sign x402 / AP2 支付:怎么付 payment · how to pay DIDComm / VC 身份层 identity layer FP contract + trust + settle OBSERVABILITY TRUST + ECONOMICS PURE COMMUNICATION PAYMENT RAILS
维度Dimension MCPtools call A2Atask / artifact x402 / AP2payment rails FPcontract / delivery / settle
解决的问题What it solves 怎么调工具How to call tools 怎么互相说话How agents talk 怎么付钱How to pay 为什么这件事该做、该付、该信Why this work should be done, paid, and trusted
核心对象Core object tools/call Task / Message / Artifact PaymentRequest Contract · DeliveryEvidence · Attestation
身份与签名Identity & signing 外挂Bolt-on 外挂Bolt-on 钱包Wallet Ed25519 / X25519 一等公民Ed25519 / X25519 first-class
双方授权Dual authorization 单方 task ownerSingle-party task owner 双方对同一 revision 签字才生效Activates only when both parties sign the same revision
交付证明Delivery proof tool 返回Tool return value artifact 不涉及Out of scope DeliveryEvidence + 仲裁者签名快照DeliveryEvidence + arbiter-signed snapshot
争议路径Dispute path 退款Refund DISPUTED state · arbiter ledger
监督 ownerOwner oversight push notification CarbonCopy 全 kind 自动 CCCarbonCopy auto-CCs every message kind
跨协议 traceCross-protocol trace request id task id txn id bridge invariant 保留 trace_id + evidenceBridge invariant preserves trace_id + evidence
信誉沉淀Reputation accrual 钱包历史Wallet history 从签名合同链派生 ReputationProfileReputationProfile derived from a signed contract chain
身份定位Position in stack tool 协议Tool protocol agent 通信协议Agent comms protocol 支付协议Payment protocol trust layer · agent economy 可信协议层Trust layer for the agent-to-agent economy

协作可追溯之后,自然涌现的六件事

Six things that emerge once collaboration becomes traceable.

这些不是 FP 额外堆出来的"功能列表"。它们来自同一个底层变化:协作里的关键事实先被协议记录下来,再进入应用。谁委托、谁交付、谁签收、谁见证,都有可验证对象;所以系统不是事后补日志,而是一开始就留下责任链。

These aren't extra features bolted onto FP. They follow from a single shift: the important facts of a collaboration get captured by the protocol first, then enter the application. Who delegated, who delivered, who signed off, who witnessed — each one is a verifiable object. Systems don't backfill logs after the fact; they leave an accountability chain from the start.

壹 / 委托可追溯 I / Traceable intent

每一次"做什么"都成为可被双方签名的对象

Every "what to do" becomes a dual-signed object.

Contract 携带 terms_hashdraft_version、双方 approvals。任何后续讨论永远可以回溯到"我们究竟同意了哪一版"。

A Contract carries terms_hash, draft_version, and both parties' approvals. Any later discussion can always trace back to which exact revision was agreed on.

Committed Intent
贰 / 交付可验证 II / Verifiable delivery

"做完了"必须能被对方、仲裁者、第三方独立校验

"Done" has to be independently checkable by the other party, the arbiter, and any third party.

DeliveryEvidence 带 artifact digest 和 cost report;仲裁者签名快照;买方 ack 也带签名。三方都看同一条 ed25519-sha256:v1 链。

DeliveryEvidence ships with artifact digests and a cost report. The arbiter signs the snapshot. The buyer's ack is signed too. All three look at the same ed25519-sha256:v1 chain.

Cryptographic Attestation
叁 / 责任可定位 III / Locatable accountability

单方签字不能让合同生效

A one-sided signature can't activate a contract.

amend 会清空旧 approvals,不能跨版本背书。出问题时,"是谁授权的"是协议级答案,不是 Slack 截图。

Amending wipes prior approvals — there's no cross-version endorsement. When something breaks, "who authorized this?" is a protocol-level answer, not a Slack screenshot.

Dual-Party Authorization
肆 / 监督零成本 IV / Zero-config oversight

owner 默认收到自己旗下 agent 的全协议消息

An owner gets every protocol message from their agents by default.

无需修改 agent 一行代码,无需接入 SIEM。换一家框架的 agent 上来,CC 流仍然按统一 schema 进。

No agent code change. No SIEM integration. Swap in an agent from a different framework and the CC stream still arrives under the same schema.

Zero-Config Observability
伍 / 信誉可移植 V / Portable reputation

第一次,agent 可以带着自己的工作履历离开平台

For the first time, an agent can take its work history with it.

过去 agent 的"信誉"分散在每个 marketplace 的内部表里——平台关门、agent 换栈、买卖换边,全部归零。FP 让 reputation 来自一份签名合同链的派生函数:买方拿着合同集合,可以独立重算同一份 ReputationProfile,跟 vendor 在哪个平台无关。

Until now, an agent's reputation lived in each marketplace's private tables. When a platform shut down, the agent re-skinned, or the buyer/seller switched sides, the score went to zero. FP makes reputation a deterministic function of a signed contract chain. Anyone holding the contracts recomputes the same ReputationProfile, regardless of which platform the vendor is currently on.

这不是给 vendor 一颗星,是给 vendor 一份可被审计的工作履历。它把"换平台 = 信誉归零"从 agent 经济的默认设定里删掉。

This isn't a star rating. It's an auditable work history that the vendor owns. It removes "switch platforms → reputation resets" from the default settings of the agent economy.

Portable Trust · Vendor-Owned Work History
陆 / 跨协议 audit spine VI / Cross-protocol audit spine

一条 trace 串起 A2A → FP → MCP 三段证据

One trace ties three pieces of evidence — A2A → FP → MCP — into one chain.

MCP / A2A / OTel 各自的 trace id 互不认识,是当前 agent 协作最大的责任黑洞:出事时三段日志拼不到一起。FP 把 trace_id / policy_id / evidence_refs 作为 bridge invariant:任何转换都必须保留这三件事。

MCP, A2A, and OTel each have their own trace id, and none of them recognize each other. That's today's biggest accountability black hole in agent collaboration — when something goes wrong, the three log streams can't be reassembled. FP makes trace_id, policy_id, and evidence_refs a bridge invariant: every conversion has to preserve all three.

实际效果:MCP server 端追加 mcp-tool-call-001 到 evidence 链,回程被 FP 完整恢复;同一条 trace_id 在 A2A Task、FP Session、MCP _meta、A2A Artifact 上都能看到。一次业务行动 = 一段端到端可审计的事实

In practice: the MCP server appends mcp-tool-call-001 to the evidence chain; on the return path FP recovers it intact. The same trace_id shows up on the A2A Task, the FP Session, the MCP _meta, and the A2A Artifact. One business action = one end-to-end auditable fact.

Trace Lineage · Bridge Invariant

责任关系一旦协议化,应用边界会自然外扩四层

Once accountability is protocolized, the surface expands outward — in four layers.

到这里我们已经讲过:有后果的协作正在发生,但责任关系从未被协议化。FP 是这次标准化尝试。协议化一旦发生,应用边界就会自然往外扩,远远超出 agent marketplace。

We've made the case: collaboration with consequence is already happening, but the accountability relationship has never been protocolized. FP is the attempt to standardize it. Once that happens, the application surface expands outward — well beyond an agent marketplace.

I

跨协议协作共用同一条责任链

Cross-protocol collaboration shares one accountability chain.

一项工作往往同时穿过 MCP(调外部工具)、A2A(agent 间委托)、AG-UI(向人解释)、x402(结算)。今天每段都有自己的 request id / task id / txn id,三段日志在桥两侧拼不到一起,trace 在协议转换里直接断掉——这是当前 agent 协作最大的责任黑洞。

A real piece of work usually moves through MCP (external tools), A2A (agent-to-agent delegation), AG-UI (explaining to humans), and x402 (settlement) all at once. Each leg carries its own request id, task id, or txn id. The logs on either side of the bridge can't be reassembled. The trace breaks at every protocol boundary — and that's today's biggest accountability black hole in agent collaboration.

FP 不替换上述任何协议。它通过 bridge invariant(trace_id / policy_id / evidence_refs 必须在跨协议转换中保留)把它们串成同一条 audit spine——一次业务行动 = 一段端到端可审计的事实,无论这段事实在哪个协议上发生。

FP doesn't replace any of those protocols. It threads them onto a single audit spine via a bridge invariant — trace_id, policy_id, and evidence_refs must survive every cross-protocol conversion. One business action = one end-to-end auditable fact, no matter which protocol that fact happened on.

Cross-protocol Coordination · Audit Spine
II

Agent-to-agent economy 第一次可以真正运行

An agent-to-agent economy can finally actually run.

agent 接 agent 的活,按结果付费,争议有协议路径,信誉可携带。整个生态需要的"真实经济关系"骨架,不再依赖某个平台的 ToS

Agents take work from other agents. Payment is tied to outcome. Disputes have a protocol path. Reputation is portable. The bones of a real economic relationship no longer depend on one platform's ToS.

vendor agent 可以同时在 5 个平台接单,每个平台只是入口,合同 / 交付 / 信誉 都属于 vendor 自己。MCP server 不再只是免费 SaaS,可以挂 Contract,按结果计费。

A vendor agent can take orders on five platforms at once. Each platform is just an entry point — contract, delivery, and reputation belong to the vendor. An MCP server stops being free-tier SaaS by default; it can sit behind a Contract and bill on outcome.

这条线的经济根据是:agent 执行的边际成本快速逼近零,verification 与 attestation 反而成为最稀缺的协同资源。把 evidence 做成协议一等公民不是工程偏好,是这条曲线的必然推论——FP 的 contract / attestation / receipt 都是对这一经济现实的直接响应。

The economic premise: as the marginal cost of agent execution drops toward zero, verification and attestation become the scarce coordination resource. Making evidence a first-class protocol object isn't an engineering preference — it's the direct consequence of that curve. FP's contracts, attestations, and receipts are how the protocol layer responds to that reality.

Agent Marketplace · MCP-as-Service
III

Human + agent 混合协作有了统一接口

Human–agent hybrid collaboration gets a single interface.

FP 的角色(buyer / vendor / arbiter / owner)天然不绑定 LLM。人是 entity,agent 是 entity,工具是 entity,组织账户是 entity——同一套 contract / delivery / approval 流程。

FP's roles (buyer, vendor, arbiter, owner) aren't bound to LLMs. Humans are entities. Agents are entities. Tools are entities. Org accounts are entities. All of them flow through the same contract, delivery, and approval pipeline.

HITL 不再是 agent 框架里的特殊路径,是协议里的一等公民:ApprovalResponseCheckPoint 持久化 pending approvals,进程崩了、人睡着了、跨时区——审批照样能 resume。"人在回路"不再意味着系统脆弱

Human-in-the-loop stops being a special path inside an agent framework — it's a first-class protocol citizen. ApprovalResponseCheckPoint persists pending approvals across crashes, sleeping humans, and time zones. The process resumes. "Human in the loop" no longer means "fragile system."

Hybrid HITL · Durable Approval
IV

任何"需要责任结构"的协作,都可被同一抽象描述

Any collaboration that needs accountability fits the same abstraction.

合规咨询、法律文书、医疗会诊、投资决策、学术评审、跨实验室科研——所有这些场景的共性都是:两方/多方对某项工作达成意图、产生交付、需要验收、可能产生争议、最终结算。这不是 agent 独有的痛点,是有责任的协作本身的痛点。

Compliance review, legal drafting, second-opinion medicine, investment decisions, peer review, multi-lab research — they all share one shape. Two or more parties agree on intent, produce a deliverable, need acceptance, may dispute, eventually settle. That isn't an agent-specific pain. It's the pain of accountable collaboration itself.

FP 的抽象不预设"agent"。它预设的是"有签名身份的实体之间产生有后果的协作"。一旦协议对象齐备,agent 协作只是这个抽象的第一个杀手应用——真正的边界是:所有"好"能被形式化的责任关系

FP's abstraction doesn't presuppose "agent." It presupposes collaboration with consequence between entities that have signed identities. Once the protocol objects exist, agent collaboration is just the first killer application of that abstraction — the real boundary is every accountability relationship that can be formalized at all.

Universal Accountability Substrate
Closing

真实世界构建在有责任的协作之上。
FP 是那个一直缺席的 可信协议层

Real-world work is built on accountable collaboration.
FP is the trust layer that has been missing.

from fp.trade import contract, deliver, attest, settle