You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
ARD defines discovery within a single catalog, but as agents appear in multiple registries (scanned, imported, or federated across org boundaries), three gaps emerge:
No bilateral trust between registries. When Registry B federates agents from Registry A, there's no protocol for Registry A to approve, scope, or revoke that relationship. The publisher has no voice — and consumers have no signal (like a browser padlock) indicating whether a federated entry is verified.
No provenance for federated entries. When the same agent exists in multiple registries, consumers can't determine which is canonical, who maintains it, or whether they're seeing a stale copy.
No cross-registry lifecycle sync. Deprecating an agent at its source doesn't propagate to downstream registries. Consumers keep discovering sunset agents with no warning.
These gaps are acute in B2B scenarios — e.g., a cloud provider's agents federated into a customer's enterprise registry.
Proposed Solution (summary)
Three optional, additive extensions to the Agent Card schema:
Extension
What it does
mutualTrust
State machine (unverified → one_way → mutual → revoked) + bilateral handshake via .well-known/ard-approvals.json endpoints. Supports both DNS-anchored and DID-based identity (#47).
Should the anti-duplication rule be MUST or SHOULD for v1.0?
Happy to elaborate on any of these (state machine details, JSON schemas, version selection rules, trust duration model) in follow-up comments as consensus forms.
Continuation of #53, condensed per feedback.
Problem
ARD defines discovery within a single catalog, but as agents appear in multiple registries (scanned, imported, or federated across org boundaries), three gaps emerge:
No bilateral trust between registries. When Registry B federates agents from Registry A, there's no protocol for Registry A to approve, scope, or revoke that relationship. The publisher has no voice — and consumers have no signal (like a browser padlock) indicating whether a federated entry is verified.
No provenance for federated entries. When the same agent exists in multiple registries, consumers can't determine which is canonical, who maintains it, or whether they're seeing a stale copy.
No cross-registry lifecycle sync. Deprecating an agent at its source doesn't propagate to downstream registries. Consumers keep discovering sunset agents with no warning.
These gaps are acute in B2B scenarios — e.g., a cloud provider's agents federated into a customer's enterprise registry.
Proposed Solution (summary)
Three optional, additive extensions to the Agent Card schema:
mutualTrustunverified → one_way → mutual → revoked) + bilateral handshake via.well-known/ard-approvals.jsonendpoints. Supports both DNS-anchored and DID-based identity (#47).cardProvenanceowned/federated/mirrored), canonical source URI, owner identity, and last-synced timestamp. Enforces "canonical always wins" for mutable fields.contentIntegrityThese compose with existing proposals: #45 (lifecycle), #44 (deployment metadata), #42 (dependencies), #7 (TRACE federation referrals), #41 (SOVP-v1).
Prior Art
Open Questions
mutualTrustlive insidetrustManifest(§5) or as a top-level sibling?Happy to elaborate on any of these (state machine details, JSON schemas, version selection rules, trust duration model) in follow-up comments as consensus forms.