The git for organizational context.
An open protocol for synchronizing versioned, permissioned, auditable organizational knowledge between human and AI actors.
Content-addressed. Versioned. Permissioned. Auditable. Real-time.
ContextSync is a protocol specification — not a product, not a framework, not a library. It defines how organizational artifacts (policies, procedures, datasets, business intelligence) are addressed, versioned, permissioned, queried, and mutated across any number of human users and AI agents.
MCP solved how agents connect to tools. ContextSync solves how agents connect to organizational context.
Any organization can implement it. Any agent framework can speak it. Any tool vendor can integrate with it.
Organizations deploying AI agents alongside human teams have no standard protocol for keeping both sides synchronized on the same organizational context. Knowledge lives fragmented across Slack, email, drives, wikis, and SaaS tools.
When a human updates a compliance policy at 09:00, the agent processing customer requests at 09:05 has no way of knowing the policy changed. When an agent writes a research brief, the human reviewing it cannot trace which source versions it used.
This produces three cascading failures:
- Information decay — agents operate on stale context; in regulated industries this is a compliance risk
- Coordination collapse — multiple actors writing to the same knowledge base with no protocol governing ordering, conflict detection, or attribution
- Auditability gap — no audit trail that captures the full provenance chain across the human-AI boundary
Every artifact gets a stable, unique URI:
ctx://{org}/{domain}/{id}
This address persists across edits, moves, and renames. The URI scheme is hierarchical: organizations contain domains, domains contain artifacts.
Every mutation produces a new version with a monotonically increasing version number, an author (human or agent), a timestamp, a change summary, and a content-addressable hash (SHA-256). Any actor can request a line-level diff between any two versions. Full rollback is supported.
Actors subscribe to change feeds on specific artifacts, domains, or the entire context. Notifications are delivered via Server-Sent Events containing the diff, author, and version number. No polling. Millisecond propagation.
Permissions are expressed as tuples:
(actor | agent_class, artifact_pattern, operations)
- Grants target a specific actor (
human-alex-chen) or an entire agent class (compliance-monitor) - Patterns support glob wildcards:
ctx://acme/compliance/* - Operations:
read,write,suggest,approve,admin - The system is default-deny: no access unless explicitly granted
Every read and write is recorded as an immutable provenance entry: who, what artifact, which version, when, and optionally what downstream artifact it informed. This is the layer that answers the question regulators ask.
See SPEC.md for the complete protocol specification including request/response schemas, error codes, and object models.
| Resource | Endpoints |
|---|---|
| Artifacts | Create, read (with version), update, soft-delete, history, diff, list |
| Actors | Create, list, get |
| Changes | Global feed, domain-scoped feed |
| Subscriptions | Create, stream (SSE), delete |
| Permissions | Grant, list, explain |
| Provenance | Query by artifact or actor |
| Field | Type | Description |
|---|---|---|
uri |
string | ctx://{org}/{domain}/{id} |
name |
string | Human-readable name |
org |
string | Organization identifier |
domain |
string | Functional domain (compliance, engineering, hr, etc.) |
content_type |
string | MIME type |
head_version |
integer | Current version number |
created_at |
ISO 8601 | Creation timestamp |
updated_at |
ISO 8601 | Last mutation timestamp |
| Field | Type | Description |
|---|---|---|
actor_id |
string | Unique identifier |
actor_type |
enum | human or agent |
name |
string | Display name |
agent_class |
string | (agents only) Class for permission grouping |
| Field | Type | Description |
|---|---|---|
event_id |
string | Unique event identifier |
event_type |
string | artifact.created or artifact.updated |
artifact_uri |
string | The artifact that changed |
version |
integer | New version number |
previous_version |
integer | Prior version (null for creates) |
author_id |
string | Who made the change |
summary |
string | Human-readable change description |
diff_json |
object | Diff statistics |
created_at |
ISO 8601 | Event timestamp |
| Field | Type | Description |
|---|---|---|
actor_id |
string | Specific actor (mutually exclusive with agent_class) |
agent_class |
string | Agent class for bulk grants |
artifact_pattern |
string | Glob pattern (ctx://acme/compliance/*) |
operations |
string[] | read, write, suggest, approve, admin |
| Field | Type | Description |
|---|---|---|
prov_id |
string | Unique record identifier |
actor_id |
string | Who performed the operation |
operation |
enum | read or write |
artifact_uri |
string | Target artifact |
version_touched |
integer | Version that was read or created |
downstream_uri |
string | (optional) Artifact this read informed |
created_at |
ISO 8601 | Timestamp |
| Document | Description |
|---|---|
| SPEC.md | Complete protocol specification |
| WHITEPAPER.md | Problem statement, protocol design, evaluation |
| ENTERPRISE.md | GCP and AWS production architectures |
| COMPETITIVE.md | Competitive landscape analysis |
- Christian Johnson
- Vikas Badam
- Sage Hart
- Eswari Subbiah
Apache License 2.0 — see LICENSE
ContextSync | DevFest 2026 | WashU