BPAX BPAX

Whitepaper

The Open Standard for Agentic Workflows

BPAX is the governance layer for agentic workflows, bridging BPMN-era process thinking and the agentic future. This document outlines the principles, architecture, and maturity model for enterprise agentic automation.

Vision

Business processes are the core of how organizations operate. They define how work gets done, who does it, and what happens when things go wrong. As AI agents become capable of executing these processes, we need a standard way to describe them.

BPAX captures business logic in a format that humans can read, version control systems can track, governance tools can audit, and any AI coding tool can consume to generate framework-specific code. You define the contract once. AI generates the implementation.

Organizations should not rewrite automation when switching frameworks. They should not lose visibility into processes when they become automated. They should not implement governance differently for each project.

If you are familiar with infrastructure-as-code, think of BPAX as the same principle applied to agentic workflows. Terraform doesn't compete with CloudFormation or Pulumi at the code level. It owns the declaration and the state. BPAX owns the process contract and governance. AI tools handle the code generation.

BPMN Superset

BPMN has been the standard for business process modeling for over 20 years. Millions of processes are documented in BPMN format across industries. BPAX does not replace this investment—it extends it.

BPAX is a proper superset of BPMN 2.0. Every BPMN element—events, gateways, subprocesses, lanes, pools— maps directly to BPAX structures. Organizations with existing BPMN processes can import them directly and progressively add agent governance without rewriting their process definitions.

The import path is straightforward: take a .bpmn file, convert it to BPAX, then enrich it with agent-specific concerns that BPMN lacks: agent roles with autonomy levels, tool specifications, governance guardrails, cost controls, and LLM-specific preferences (model choices, token budgets).

This compatibility unlocks a migration path. Teams already thinking in BPMN can adopt agentic automation incrementally, leveraging existing process documentation as the foundation for agent governance.

Agent Skills Integration

The gap between BPMN (how work flows) and Agent Skills (how agents execute) has left organizations without a governance bridge. BPMN excels at capturing process flow and decision logic, but says nothing about governance, roles, or controls. Agent Skills frameworks define individual capabilities and execution patterns, but lack the orchestration and compliance layer that enterprises demand.

BPAX closes this gap. It serves as the governance layer that connects BPMN-style process definition with Agent Skills execution. Organizations can now follow a complete workflow: import BPMN processes or existing Agent Skills, apply BPAX governance (roles, guardrails, cost controls, compliance requirements), and export directly to agentic frameworks or Agent Skills bundles.

The BPAX Workflow

  • 1. BPMN Import: Existing business processes become BPAX documents, preserving structure and semantics.
  • 2. Governance Layer: Enrich with roles (autonomy levels), tool specifications, guardrails, cost controls, and compliance requirements.
  • 3. Agent Skills Export: Use bpax skill export to generate SKILL.md artifacts and bundles.
  • 4. Continuous Drift Monitoring: Close the loop with OpsDen to detect and alert when implementations diverge from specifications.

Individual steps become portable SKILL.md files that agents can discover and execute independently. Complete workflows export as skills bundles with an orchestrator that maintains the process logic defined in BPAX. Ungoverned Agent Skills can be wrapped in BPAX governance via bpax skill import, ensuring consistent controls across all agentic assets.

This positions BPAX as the strategic control plane for agentic systems: where business intent meets AI execution, where governance happens once and applies everywhere, and where process definitions remain stable even as underlying frameworks evolve.

The Problem

Agentic workflows today are tightly coupled to specific frameworks. A workflow built in LangGraph cannot run on CrewAI. One built for OpenAI Assistants will not work with AutoGen. This coupling creates compounding problems.

Vendor lock-in forces organizations into dependency on specific frameworks. Switching costs grow with each new automation. When better frameworks emerge, migration becomes a rewrite.

Knowledge silos form when business logic gets buried in framework-specific code. Only the developers who wrote it can modify it. Business stakeholders lose visibility into their own processes.

Governance gaps appear when security, compliance, and cost controls are implemented inconsistently. Each project reinvents guardrails, often incompletely.

Duplication wastes engineering time. Similar processes get reimplemented across teams, each with different quality and different standards.

Maturity Model

BPAX defines a maturity model for agentic automation. Organizations progress through levels as they formalize processes, implement controls, and build operational capability.

Level 0: Ad-hoc

No documented processes. Automation is script-based and unmaintained. No governance.

Level 1: Documented

Processes exist in BPAX format. Roles and steps are defined. Basic validation passes.

Level 2: Governed

Security boundaries, cost limits, and compliance requirements are specified. Human approval gates exist for sensitive operations.

Level 3: Observable

Full tracing, metrics, and audit logging. Cost attribution per process. Anomaly detection.

Level 4: Optimized

Continuous improvement through data. A/B testing of process variants. Automated performance tuning.

Most organizations discover they are at Level 0 when they attempt their first serious agentic deployment. BPAX provides the structure to advance deliberately.

Process Definition

You cannot automate what you have not defined. This sounds obvious, but most organizations lack documented processes for the work they want to automate. Tribal knowledge lives in people's heads. Exceptions are handled ad-hoc.

BPAX enforces explicit process definition. Every step must be declared. Every decision point must have conditions. Every role must be assigned. This rigor serves two purposes: it produces automatable specifications, and it creates institutional documentation.

A BPAX document answers questions that informal processes leave ambiguous:

  • What happens when step three fails?
  • Who approves exceptions?
  • What data does this process need access to?
  • How long should each step take?
  • What are the success criteria?

Organizations that complete BPAX documentation often report that the exercise itself surfaces process problems they did not know existed.

Human in the Loop

Full automation is rarely the goal. Most business processes require human judgment at critical points. BPAX treats human tasks as first-class steps, not exceptions to be worked around.

Human steps specify their interface: Slack, email, web form, or custom UI. They define timeout behavior. They capture the output schema that humans must provide. They integrate with existing approval workflows.

BPAX supports multiple human-in-the-loop patterns:

  • Approval gates: Human must approve before high-stakes actions proceed.
  • Exception handling: Human intervenes when agent confidence is low.
  • Quality review: Human samples agent output for accuracy.
  • Escalation: Human takes over when automation cannot proceed.

The specification captures escalation contacts, notification channels, and SLA requirements for human response. When a human step times out, the process knows what to do next.

Identity & Access

Agentic systems act on behalf of organizations. They access APIs, databases, and external services. Identity management determines what they can access and how their actions are attributed.

BPAX specifies access control at multiple levels. Process-level permissions determine who can execute, view logs, modify, or delete a workflow. Step-level permissions determine which tools an agent can use.

Secret management is declared, not hardcoded. The specification references secrets by name: SALESFORCE_TOKEN or SENDGRID_API_KEY. The runtime resolves these from your secrets provider. Credentials never appear in process definitions.

Authentication requirements flow to tools. A tool definition specifies whether it needs API keys, OAuth tokens, or mutual TLS. The runtime handles credential injection and rotation.

Data Hygiene

Agents process sensitive data: customer information, financial records, health data, proprietary content. Data hygiene determines how this information flows through the system and what protections apply.

BPAX requires data classification at the process level. You declare whether the workflow handles PII, PHI, financial data, or other sensitive categories. This classification drives downstream controls.

Input validation prevents injection attacks and malformed data from entering the workflow. Output filtering redacts sensitive fields from logs and external responses. Retention policies specify how long data persists.

Context inputs declare what data the process needs and mark sensitive fields explicitly. A contact email is sensitive. A company name is not. This distinction matters for logging, caching, and external transmission.

Data residency requirements specify geographic constraints. Some processes must keep data within specific regions. BPAX captures these requirements so runtimes can enforce them.

Secure by Default

Security in agentic systems cannot be an afterthought. Agents have agency. They take actions. A misconfigured agent can exfiltrate data, delete records, or send unauthorized communications.

BPAX builds security into the process definition. Network egress rules specify which domains agents can contact. Tool annotations mark which operations are read-only, destructive, or idempotent. Approval requirements gate dangerous actions behind human confirmation.

Guardrails define hard limits that the runtime enforces:

  • PII filtering: Prevent sensitive data from leaking to logs or external services.
  • Content filtering: Block generation of inappropriate or off-brand content.
  • Rate limiting: Prevent runaway loops from overwhelming external systems.
  • Cost caps: Stop execution before spending exceeds budget.

These controls travel with the process definition. They apply regardless of which framework executes the workflow or which team deploys it.

Compliance

Regulated industries face specific requirements for automated systems. GDPR mandates data subject rights. HIPAA requires audit trails for health data. SOC 2 demands access controls and monitoring. The EU AI Act imposes transparency requirements.

BPAX captures compliance requirements declaratively. The specification states which frameworks apply, what the legal basis for data processing is, and whether human oversight is required. Audit configuration specifies retention periods and what gets logged.

Immutable audit logs capture every decision an agent makes: the inputs it received, the reasoning it produced, the tools it called, and the outputs it generated. These logs support compliance audits and incident investigation.

Change management rules require review before process modifications deploy. Approval workflows ensure that compliance and security teams sign off on changes to sensitive automation.

Observability

You cannot improve what you cannot measure. Agentic workflows require comprehensive observability: logging, metrics, and tracing that reveal how processes actually behave in production.

BPAX specifies observability requirements at the process level. Logging configuration determines verbosity: step-level, decision-level, or full tool-call logging. Destinations can be stdout, Datadog, CloudWatch, or custom endpoints.

Metrics collection captures operational data:

  • Step duration and process latency
  • Agent confidence scores
  • Human intervention rates
  • Token consumption per step
  • Cost per run
  • Success and error rates

Distributed tracing connects steps across the workflow. When a process calls an external agent via A2A, the trace context propagates. You can follow a request from initiation through every agent interaction to completion.

This telemetry feeds dashboards, alerts, and optimization. Without it, agentic systems become black boxes that fail in mysterious ways.

Versioning

Processes evolve. Requirements change. Bugs get fixed. BPAX treats process definitions as code, subject to version control and change management.

Every BPAX document carries a version identifier. The schema itself is versioned. When the schema evolves, migration tooling helps upgrade existing definitions. Breaking changes follow semantic versioning principles.

Process definitions belong in Git. Pull requests capture proposed changes. Code review ensures quality. CI validates schema compliance and runs simulation tests. CD deploys approved changes to production.

Governance rules can require minimum reviewers, specific approvers for sensitive processes, or automated rollback when error rates spike after deployment.

This workflow is familiar to engineering teams. BPAX extends it to business process management, bringing software engineering rigor to operational automation.

Cost Management

Agentic systems consume resources: LLM tokens, API calls, compute time. Without cost controls, a single runaway process can generate surprising bills. BPAX makes cost management explicit.

Budgets operate at three levels. Per-step budgets cap spending on individual operations. Per-run budgets limit total cost for a single process execution. Per-month budgets provide organizational guardrails.

When limits approach, the system can warn, block, or escalate. A research step might warn at 80% budget and block at 100%. A critical process might escalate to a human for approval to continue.

Cost attribution tags processes with team, project, and cost center. This data feeds finance systems for chargeback and capacity planning. You can answer questions like: what does lead qualification cost per prospect?

Pre-execution estimation predicts costs before running. If the estimate exceeds thresholds, execution can abort before spending occurs.

Framework Agnostic

The agentic framework landscape is evolving rapidly. LangGraph, CrewAI, OpenAI Agents, AutoGen, and others each offer different capabilities and tradeoffs. Betting on one framework today means rewriting when better options emerge tomorrow.

BPAX separates process governance from execution runtime. The spec defines what a workflow should look like. AI coding tools (Claude Code, Cursor, Copilot) generate the framework-specific code. BPAX validates the result.

One contract, any runtime

Define the process in BPAX. Export the contract with bpax context. Let AI generate the code for LangGraph, CrewAI, or whatever comes next.

This abstraction provides strategic advantages. When new frameworks emerge, the spec remains unchanged. AI tools already know the new framework's API. You evaluate new runtimes without rewriting your process definition.

Best-of-breed selection becomes possible. Use LangGraph for complex state machines. Use CrewAI for collaborative multi-agent tasks. Choose the right tool for each use case.

Testing improves because process logic validates independent of runtime behavior. You can simulate workflows without executing them on expensive LLM infrastructure.

The Ecosystem

BPAX complements emerging standards in the agentic ecosystem. Each standard addresses a different layer of the stack.

MCP

Model Context Protocol

Standardizes how agents access tools and context. BPAX references MCP tools in process definitions, enabling portable tool integration.

A2A

Agent-to-Agent Protocol

Enables coordination between autonomous agents. BPAX can delegate steps to external agents via A2A, enabling distributed workflows.

BPAX

Business Process Agent eXchange

Defines the workflow logic that orchestrates tools via MCP and agents via A2A. The coordination layer.

Together, these standards form a complete stack for enterprise agentic systems. Each can evolve independently while maintaining interoperability.

Roadmap

BPAX is in active development. The current alpha focuses on the specification, configuration language, and governance tooling.

v0.1-alpha Core schema, BCL config language, CLI validation, context export
v0.2 Code-against-spec validation, drift detection, governance enrichment
v0.3 Reverse import (code → spec), process mining integration
v0.4 Tool providers, workflow templates, language server (LSP)
v1.0 Stable schema, enterprise governance, production-ready tooling

Development happens in public. Contributions welcome at github.com/bpax-io/bpax.