# Governance — router

> Fallback governance document generated by GOSCE. In production this is
> regenerated by the C2MD service (https://c2md.getvda.ai) at deploy time (Phase 8).

- **Agent:** `router`
- **Combination:** `router` (zone `portfolio`, system `PYPI`)
- **Public URL:** https://router.getvda.ai
- **Version:** 0.1.0
- **Generated:** 2026-06-01T18:27:35+00:00

## Capability declaration

This agent composes the following permissively-licensed packages:

| Package | Capability category |
|---------|---------------------|


## License chain attestation

Every constituent package passed the GOSCE license filter: only **GREEN**
licenses (MIT / Apache-2.0 / BSD / ISC / Unlicense / 0BSD) enter a combination;
any GPL/AGPL/SSPL/BSL/EUPL component excludes the package. No RED-licensed code
is bundled. (Per-package SPDX identifiers are attached by C2MD in production.)

## Data flow

```
client → https://router.getvda.ai/{mcp | a2a}
       → capability dispatch ()
       → response
```

No data is persisted by the scaffold; capability handlers are stateless. Any
package that calls an external API (e.g. an LLM provider) forwards only the
request payload it is given.

## Compliance status

| Item | Status |
|------|--------|
| License compatibility | ✅ all GREEN |
| Governance document | ⚠️ fallback (C2MD pending) |
| Data retention | none (stateless scaffold) |
| Authentication | per deployment (payment wrapper added in Phase 8) |

## Distribution

- **Listed on Smithery:** https://smithery.ai/servers/a2a/gosce-portfolio-router
- **MCP endpoint:** https://router.getvda.ai/mcp
- **Agent Card:** https://router.getvda.ai/.well-known/agent.json

## Provider

VDA / GOSCE — https://getvda.ai · Portfolio: https://getvda.ai/agents