Capability Matrix
19 capabilities where AGA provides cryptographic proof. For each row, we document what exists today, not what is planned.
UNKNOWN is used where public documentation does not confirm or deny the capability.
| Capability | AGA | Anthropic | MS AGT | Strata | MCP Proxy |
|---|---|---|---|---|---|
| Sealed policy artifact | |||||
| Continuous external enforcement | PARTIAL | ||||
| Signed receipts per decision | |||||
| Tamper-evident chain (hash-linked, monotonic) | |||||
| Offline verification (no network, no API) | |||||
| Chain continuity verification | |||||
| Timestamp monotonicity verification | |||||
| Cryptographic policy binding to sealed artifact | |||||
| Response hash attestation | |||||
| Independent decision re-derivation | |||||
| Phantom execution with timing-matched spoofing | |||||
| Threshold signing (Shamir, k-of-n) | |||||
| Post-quantum hybrid signatures (Ed25519 + ML-DSA-65) | |||||
| Roughtime timestamp corroboration | |||||
| Network isolation verification receipts | |||||
| Portal self-attestation (binary SHA-256) | |||||
| Air-gapped operation | PARTIAL | ||||
| Third-party verifiable without trusting operator | |||||
| Open-source independent verifier |
Notes
Anthropic Managed Agents: First-party governance. Anthropic defines policies and enforces them on their own models. Logging is internal. No independent third-party verification is architecturally possible because the governed entity and the governance provider are the same organization.
Microsoft AGT (AutoGen Team): Agent framework with tool-use orchestration. Governance is application-level, not cryptographic. No sealed artifacts, no signed receipts, no offline verification.
Strata Identity: Identity governance platform. Focuses on identity federation and access control, not AI agent runtime governance. No tool-call-level receipts or evidence bundles.
Standard MCP Proxy: Generic MCP protocol proxy. Forwards tool calls without governance evaluation. No policy enforcement, no receipts, no verification.