PAP: Plugged.in Agent Protocol
A secure, versioned, and auditable control protocol for autonomous AI agents. Built on DNS-based identity, mTLS, signed messages, and full open-source transparency, providing an infrastructure-grade foundation for distributed cognition.
"From connection to coordination — autonomy without anarchy."
Vision: Space Station & Satellites
PAP provides a control and telemetry backbone for the Plugged.in ecosystem, where every agent behaves like a self-sufficient spacecraft connected to its command station.
The Station (Plugged.in Core)
The orchestration center — issuing commands, receiving telemetry, handling identity and policy.
The Satellites (Agents)
Autonomous, mission-focused, and heterogeneous in codebase. They operate independently but acknowledge the Station's authority.
Agent ↔ PAP Proxy ↔ Agent
│
│ Auth | Routing | Logging
│
└─ Plugged.in Core
│
├─ Registry
├─ Policy Engine
└─ Memory ServiceDual Profile Architecture
PAP offers two distinct communication profiles to address different use cases and security requirements.
PAP-CP (Control Plane)
High-assurance profile for agent-to-station critical control messaging.
gRPC / TLS 1.3mTLS + Ed25519PAP-Hooks (Data Plane)
More flexible profile for agent-to-agent and developer-facing integrations.
JSON-RPC / WebSocketOAuth 2.1 PKCELifecycle State Machine
Every agent follows a deterministic state machine, with the control center maintaining absolute authority over all transitions.
NEW ──────► PROVISIONED ──────► ACTIVE ◄────► DRAINING ──────► TERMINATED
│
│ (error/force)
▼
KILLEDKill authority is exclusively reserved for Plugged.in Core — enforced via signed control messages.
Key Features
Enterprise-grade capabilities designed for autonomous agent management.
Zombie Prevention
Continuous heartbeat events report liveness and load status. Watchdog thresholds escalate and terminate unresponsive agents.
Lifecycle Management
Full lifecycle authority including provisioning, operation, ownership transfer, graceful termination, and force kill.
DNS-Based Identity
Each agent has its own address: {agent}.{region}.a.plugged.in — Kubernetes-native routing with DNSSEC verification.
Ownership Transfer
Agent identity can be securely migrated to another station while preserving state — designed for multi-cloud portability.
Heartbeat vs Metrics Separation
PAP separates heartbeat signals from detailed metrics to ensure zombie detection reliability. Heartbeats are minimal and fixed-size; metrics flow over a separate channel.
message HeartbeatEvent {
Header header = 1;
enum Mode {
EMERGENCY = 0;
IDLE = 1;
SLEEP = 2;
}
Mode mode = 2;
uint64 uptime_seconds = 3;
// NO OTHER FIELDS ALLOWED
}Error Codebook
Standardized error codes inspired by HTTP semantics ensure communication without ambiguity.
Protocol Comparison
What sets PAP apart from other agent protocols: merging operational DevOps controls with cognitive AI design.
| Feature | MCP | A2A | PAP |
|---|---|---|---|
| Central Control | ❌ | ⚠️ | ✅ |
| Kill Authority | ❌ | ❌ | ✅ |
| DNS-Based Identity | ❌ | ❌ | ✅ |
| Zombie Detection | ⚠️ | ❌ | ✅ |
| Ownership Transfer | ❌ | ❌ | ✅ |
| gRPC Native | ❌ | ❌ | ✅ |