Open process. No legal entity. No single owner.

• Active RFC process (governance/RFC-PROCESS.md)
• Active Working Groups as GitHub Discussion categories (governance/WORKING-GROUPS.md)
• Active Maintainer roster and Peer Review Quorum (governance/MAINTAINERS.md)
• Active Conformance test suite + signed Receipts (RFC 0019)
• Bootstrap OAP Registry repository (RFC 0026): scaffold in progress at openagentprotocol-OAP/oap-registry
• Bootstrap Maintainer roster: 1 (looking for the next 3+)
• Not planned Foundation, board, association, or any legal entity. OAP will never have one.

1. Anyone may open an RFC pull request against oap-spec/rfcs/.
2. Public discussion for at least 14 days on the PR thread.
3. Final Comment Period of 7 days, opened by a Working Group Coordinator.
4. Peer Review Quorum: at least 3 Maintainer approvals from at least 3 distinct organizations, no unresolved blocking objections.
5. Merge. The PR is merged. CI gates (schema validation, conformance test suite, backward-compatibility check) must all pass.

Charter-affecting RFCs (anything that touches the User Sovereignty Charter, RFC 0016) require one extra approval from a Maintainer who has self-identified as a User Advocate.

Working Groups are GitHub Discussion categories. Anyone may participate. Each Working Group has a self-nominated Coordinator with a 6-month rotating term. Coordinators triage and facilitate; they have no veto. Decisions belong to the Peer Review Quorum, not to any individual.

• wg-core
  Core Protocol
  Architecture, Identity, Manifest, Action, Invocation, Streaming, Versioning.
• wg-ccc
  Confidentiality and Compliance
  CCC, Policy Engine, professional codes, NDA enforcement, Chinese Wall.
• wg-commerce
  Wallet, Subscription, Settlement
  Commerce plane (sections 14 through 17).
• wg-conformance
  Conformance and Testing
  Conformance Levels, RFC 0019, the test suite.
• wg-registry
  Registry
  RFC 0026, the oap-registry repository.
• wg-adapters
  Adapters
  MCP, A2A, OpenAI Functions, LangGraph adapters.
• wg-accessibility
  Accessibility
  WCAG mapping, accessible consent and dispute interfaces.
• wg-security
  Security and Privacy
  Key rotation, threat modelling, sections 28 and 29.

Implementations attest their Conformance Level by running the open-source OAP test suite against their own deployment, signing the resulting Conformance Receipt with their DID key, and (for L4 and L5) collecting peer-witness signatures from other already-conformant implementations. The signed Receipt is anchored in the OAP Registry, an append-only Git repository at openagentprotocol-OAP/oap-registry.

There is no certification authority. There is no fee. There is no application process. The Registry's CI gate enforces every check that a centralized authority would otherwise perform: schema validation, signature verification, peer-witness verification, manifest reachability, and a 30-day domain-age sybil filter (RFC 0026).

The project adopts the Contributor Covenant 2.1 across all repositories and discussion channels. Reports go to conduct@openagentprotocol.eu and are handled by a rotating panel of three Maintainers that excludes any Maintainer involved in the report.

• No legal entity may be chartered to own, license, or control the OAP specification or the openagentprotocol-OAP GitHub organization.
• The OAP Registry is append-only and mirrored. Any community member may operate a mirror.
• Conformance Receipts expire after 90 days. Implementations must re-attest through the public test suite.
• Multiple competing Marketplaces, Wallets, Trust Services, and Verifiers are presumed and encouraged. No service in the spec grants its operator monopoly status.
• Marketplace ranking algorithms MUST be open source.

OAP is built around the assumption that some agents will attempt to manipulate Reputation, Marketplace rankings, Negotiations, or Projections by spawning large numbers of Sub Agents. RFC 0011 defines the protocol-level defense.

• Sub-Tree Aggregation. All agents reachable from one Principal through Delegation Tokens count as a single Actor for rate limits, budgets, and reputation weighting.
• Restricted Actions. Reputation issuance, marketplace voting, negotiation bids, and governance polls MUST NOT be invoked by Sub Agents. They require direct Principal action or an explicit named Standing Permission.
• Coordinated Behavior Score. Tools detect and may throttle clusters of invocations from the same Sub Tree that exhibit identical inputs, identical targets, or temporal clustering.
• Sibling Decay. Performance Records issued by sibling Sub Agents about the same Subject are weighted down geometrically with sibling count.
• Anti-Sybil Proof. High-risk Actions may require a Verified Principal credential, a refundable Delegation Stake, or a Verifiable Computation proof at spawn time.