AGX — Agent Graph eXchange

The portable, reproducible, shareable standard for AI agents.
"What containers did for applications, AGX does for agents."

Problem • What is AGX • The .agx File • CLI • Architecture • Roadmap

---

The Problem

Today, an AI agent is scattered across multiple disconnected systems:

prompt              → in a text file or hardcoded string
tools               → in MCP server configs or API wrappers
memory              → in a vector database (or nowhere)
skills              → informal, embedded in prompts
policies            → undocumented tribal knowledge
runtime config      → env vars spread across services
model binding       → hardcoded to one provider
state               → lost on restart

Consequences:

• Can't reproduce an agent exactly
• Can't share a working agent with a colleague
• Can't audit what an agent knew and did
• Can't migrate an agent to a different LLM
• Can't version or rollback an agent's knowledge

What is AGX

AGX (Agent Graph eXchange) is an open standard for packaging, running, sharing, and reproducing AI agents as portable artifacts.

A single .agx file contains everything needed to reproduce an agent exactly — its memory, skills, tools, model config, policies, and state.

Concept	Docker Analogy
ACP (Protocol)	OCI Specification
.agx Format	Container Image
AGX Runtime (agxd)	containerd
AGX CLI (agx)	docker CLI
AGX Registry	Docker Hub

AGX is the reference implementation of ACP (Agent Context Protocol) — the open protocol for agent memory and context.

The .agx File

An .agx file is a compressed archive (tar + zstd) containing:

agent.agx
├── manifest.yaml           # Agent metadata, model config, policies
├── identity.json           # Unique ID, public key, lineage
├── memory/
│   ├── episodic/           # What happened (conversation history)
│   ├── semantic/           # What I know (facts, patterns, embeddings)
│   └── procedural/         # How I do things (skills, routines)
├── graph/
│   └── context.json        # How things relate (causal graph)
├── tools/                  # MCP tool definitions
├── policies/               # Security, guardrails, retention
└── signatures/             # Cryptographic verification

Key properties:

• Portable — runs on any AGX-compatible runtime
• Reproducible — same file = same agent, every time
• Versioned — git-like snapshots of cognitive state
• Model-agnostic — not locked to any LLM provider
• Auditable — full trace of decisions and knowledge

CLI

AGX provides a Docker-like CLI experience:

# Create a new agent
agx init my-agent

# Package it
agx build my-agent/ -o my-agent.agx

# Run it
agx run my-agent.agx --task "Refactor the auth module"

# Share it
agx push my-agent.agx registry.agx.dev/user/my-agent:v1.0

# Download it
agx pull registry.agx.dev/user/coding-assistant:latest

# Inspect it
agx inspect my-agent.agx

# Compare versions
agx diff agent-v1.agx agent-v2.agx

Architecture

┌────────────────────────────────────────────┐
│                 agx CLI                     │
└─────────────────┬──────────────────────────┘
                  │
    ┌─────────────┼─────────────┐
    │             │             │
    ▼             ▼             ▼
┌────────┐  ┌─────────┐  ┌──────────┐
│ agxd   │  │  .agx   │  │ Registry │
│(daemon)│  │ (format)│  │ (OCI)    │
└───┬────┘  └─────────┘  └──────────┘
    │
    ├── Agent Runtime (sandboxed execution)
    ├── Model Router (multi-LLM, fallback/cost/capability)
    ├── Memory Manager (ACP implementation)
    └── Skill Engine (procedural knowledge)

Model Router

AGX is model-agnostic. The Model Router abstracts LLM providers with intelligent routing:

model:
  strategy: fallback
  bindings:
    - provider: anthropic
      model: claude-sonnet-4-6
      priority: 1
    - provider: openai
      model: gpt-4o
      priority: 2
    - provider: local
      model: llama-3.1-70b
      priority: 3

Strategies: fallback, cost-optimized, round-robin, capability-based.

Integration with Coding Agents

AGX integrates with any MCP-compatible agent through the ACP-MCP bridge:

Claude Code, Codex, Cursor, Windsurf
         │
         ▼
   ACP Server (exposed as MCP server)
         │
         ▼
    AGX Memory & Skills

The agent gets persistent memory across sessions — conventions learned, bugs debugged, patterns discovered — all accumulated and reusable.

Protocol Stack

AGX implements ACP, which fills Layer 4 in the agentic AI protocol stack:

Layer 4 ── ACP   Agent Context Protocol    [MEMORY]
           Implemented by AGX
Layer 3 ── WebMCP  Agent-to-Web            [WEB]
Layer 2 ── A2A    Agent-to-Agent           [COLLABORATION]
Layer 1 ── MCP    Agent-to-Tool            [TOOLS]

Tech Stack

• Language: Rust (performance, single binary, memory safety)
• Storage: SQLite embedded (zero external dependencies)
• Embeddings: OpenAI, local (ONNX), pluggable
• Archive: tar + zstd (OCI-compatible)
• Wire format: JSON-RPC 2.0 (same as MCP)
• Bindings: Python (PyO3), TypeScript (napi-rs)

Roadmap

• Specification & architecture design
• Core implementation (Rust workspace)
• .agx format reader/writer
• Model Router (Anthropic, OpenAI, Ollama shims)
• ACP-MCP bridge (memory as MCP tools)
• CLI (agx init, build, run, push, pull)
• Python SDK
• TypeScript SDK
• Public registry
• Claude Code integration guide
• Codex / Cursor integration guide

Contributing

AGX is in early development. We welcome contributions, feedback, and discussion.

• Open an issue to discuss ideas
• See the architecture docs for technical details (coming soon)

Related

• ACP — Agent Context Protocol — The protocol specification
• MCP — Model Context Protocol — Agent-to-Tool (Layer 1)
• A2A — Agent-to-Agent Protocol — Agent collaboration (Layer 2)

License

Apache 2.0 — see LICENSE