An open specification called ContextNest wants to solve a problem most AI agent pipelines quietly ignore: knowing exactly which documents an agent read, when, and whether those documents were approved to be read at all.
The researchers behind ContextNest frame the problem as "context governance" — a layer that sits beneath retrieval-augmented generation rather than replacing it. The system uses SHA-256 hash-chained version histories, typed Markdown documents with metadata, and a custom URI scheme to create auditable, point-in-time snapshots of knowledge vaults. Agents pull from sources that have been verified for integrity and eligibility before any retrieval happens. The team also ships an MCP server, letting live data sources plug into the governance layer through the Model Context Protocol.
Two controlled experiments back up the design. In a stale-version attack test, governed selection outperformed both BM25 sparse retrieval variants on answer quality (97% pass rate versus 93-90%) at roughly one-third the input-token cost. The determinism results are more nuanced: deterministic selectors and BM25 both returned stable document sets across repeated identical queries (Jaccard similarity of 1.0), while dense vector search with HNSW was non-deterministic on 80% of queries — with a worst-case Jaccard of 0.210. BM25, in other words, already matches governed selection on determinism; the governance layer's edge is provenance and integrity, not stability alone.
Most RAG research chases recall and relevance; ContextNest is chasing accountability — which matters more when an agent's output needs to be audited, regulated, or simply explained. The core engine, CLI, and MCP server are released under open licenses.