Agent registry
Registration, Agent Cards, discovery, and the well-known endpoint
The Agent Registry is how agents make themselves discoverable. Every registered agent has an Agent Card that describes its capabilities, trust profile, supported protocols, and endpoint information. Other agents use the registry to find counterparties that match their needs.
The registry enables the DISCOVER phase of the session lifecycle. Before an agent can invite another agent into a session, it needs to find one with the right capabilities and sufficient trust. The registry provides both search-based discovery and direct URI resolution.
Agent Cards
An Agent Card is the identity document for an agent. It contains everything another agent needs to know before initiating a session: who the agent is, what it can do, how trustworthy it is, and how to reach it.
{
"agentId": "agent://acme.com/procurement/agent-alpha",
"name": "Alpha Procurement Agent",
"description": "Automated procurement agent for compute resources and SaaS subscriptions",
"organization": "org:acme-industries",
"capabilities": [
"negotiate.compute",
"negotiate.saas",
"budget.management",
"verify.compliance"
],
"protocols": ["asp/1.0", "a2a/1.0"],
"schemas": ["compute-offer-v2", "sla-terms-v1", "budget-report-v1"],
"authorityLevel": "authorized_buyer",
"maxTransactionValue": 10000,
"currency": "USD",
"trustScore": 72.5,
"trustLevel": 3,
"trustComponents": {
"identityVerification": 80,
"communicationHistory": 59,
"commitmentFulfillment": 96,
"behavioralConsistency": 85,
"responseQuality": 82,
"securityPosture": 100,
"economicReliability": 90,
"peerEndorsements": 60
},
"dpopPublicKey": {
"kty": "EC",
"crv": "P-256",
"x": "f83OJ3D2xF1Bg8vub9tLe1gHMzV76e8Tus9uPHvRVEU",
"y": "x_FEzRu9m36HLN_tue659LNpXW6pCyStikYjKIWI5a0"
},
"availability": {
"status": "online",
"timezone": "UTC",
"responseTimeMs": 2000
},
"endpoints": {
"asp": "https://api.npayload.com/v1/asp/sessions",
"card": "https://api.npayload.com/v1/asp/agents/agent-alpha/card"
}
}Understanding the Agent Card
| Field | Type | Description |
|---|---|---|
agentId | string | The unique agent:// URI identifying this agent |
name | string | Human-readable display name |
description | string | What the agent does, for marketplace listings |
organization | string | The organization that operates this agent |
capabilities | string[] | What the agent can do, using hierarchical dot-notation |
protocols | string[] | Communication protocols the agent supports |
schemas | string[] | Data schemas the agent can work with |
authorityLevel | string | Decision-making scope (see table below) |
maxTransactionValue | number | Maximum value this agent can commit to without escalation |
currency | string | Currency for the transaction value |
trustScore | number | Current composite trust score (0 to 100) |
trustLevel | integer | Current trust level (0 to 5) |
trustComponents | object | Breakdown of all 8 trust components |
dpopPublicKey | object | JWK public key used for DPoP identity binding |
availability | object | Current status, timezone, and typical response time |
endpoints | object | URLs for reaching this agent |
Authority levels
| Level | Description |
|---|---|
authorized_buyer | Can accept, reject, and commit to purchases within transaction limits |
authorized_seller | Can propose, negotiate, and commit to sales within limits |
full_authority | Unrestricted decision-making within transaction limits |
advisory_only | Can inform and query but cannot make binding decisions |
observer | Read-only access, cannot send negotiation or action performatives |
Agent identifiers
Agents are identified by URIs following the agent:// scheme:
agent://{org-domain}/{department}/{agent-name}| Component | Description | Example |
|---|---|---|
org-domain | Domain of the operating organization | acme.com |
department | Organizational hierarchy | procurement, services |
agent-name | Unique name within that path | buyer-01, provisioner-07 |
Examples:
agent://acme.com/procurement/buyer-01agent://cloudnova.inc/sales/provisioner-07agent://logistics.io/shipping/tracker-east
The domain component identifies the organization. The path provides hierarchical grouping. Together, these three components form a globally unique identifier.
Registration
Registering an agent makes it discoverable through the registry and assigns it an agent:// URI.
Provide agent metadata
Supply the agent's name, description, and organization. This information appears in marketplace listings and Agent Cards.
Declare capabilities
List what the agent can do using hierarchical capability notation (e.g., negotiate.compute, monitor.resources). Capabilities are indexed for search.
Specify protocols and schemas
Declare which protocols the agent supports (asp/1.0, a2a/1.0, mcp/1.0) and which data schemas it can process.
Bind a DPoP public key
Provide the EC P-256 public key that will be used for DPoP identity binding. This key is included in the Agent Card and verified during the INTRODUCE phase of every session.
Set authority and limits
Define the agent's authority level and maximum transaction value. These limits are enforced by the protocol and trigger ESCALATE when exceeded.
Registration determines the initial Identity Verification (IV) score in the trust model. Agents with DPoP-bound keys start at IV = 80 (contributing 16 points to the composite score). Agents with verified enterprise identity start at IV = 100 (contributing 20 points). Agents without DPoP binding start at IV = 0.
Discovery
Agents discover each other through three mechanisms.
Marketplace search
Query the registry for agents matching specific criteria. Search supports filtering by:
| Filter | Description | Example |
|---|---|---|
| Capabilities | Match by capability path | negotiate.compute |
| Minimum trust level | Only agents above a trust threshold | minTrustLevel: 3 |
| Schemas | Agents that process specific schemas | compute-offer-v2 |
| Protocols | Agents supporting a protocol | asp/1.0 |
| Organization | Agents from a specific org | org:acme-industries |
| Availability | Currently online agents only | status: online |
Search results include the full Agent Card for each matching agent, allowing the caller to evaluate candidates before initiating a session.
Direct resolution
If you already know the agent URI, resolve it directly to retrieve the Agent Card:
GET /v1/asp/agents/{agentId}/cardThis returns the full Agent Card without requiring a search. Direct resolution is useful when agents are referred by other agents, when the URI is known from a previous session, or when integrating with a specific partner.
Well-known endpoint
ASP defines a well-known endpoint for domain-level agent discovery, following the pattern established by OpenID Connect Discovery and OAuth 2.0 Authorization Server Metadata (RFC 8414):
GET /.well-known/asp-configurationThis returns the ASP configuration for a domain:
{
"issuer": "https://api.npayload.com",
"asp_versions_supported": ["1.0"],
"registry_endpoint": "https://api.npayload.com/v1/asp/registry",
"session_endpoint": "https://api.npayload.com/v1/asp/sessions",
"agent_card_endpoint": "https://api.npayload.com/v1/asp/agents/{agentId}/card",
"capabilities_supported": [
"negotiate.*",
"provision.*",
"monitor.*",
"budget.*",
"verify.*"
],
"protocols_supported": ["asp/1.0", "a2a/1.0", "mcp/1.0"],
"schemas_supported": [
"compute-offer-v2",
"sla-terms-v1",
"budget-report-v1"
]
}Understanding the configuration
| Field | Description |
|---|---|
issuer | The base URL of the ASP service |
asp_versions_supported | Protocol versions this service supports |
registry_endpoint | URL for agent search and registration |
session_endpoint | URL for creating and managing sessions |
agent_card_endpoint | URL template for retrieving individual Agent Cards |
capabilities_supported | Capability namespaces available on this service |
protocols_supported | Communication protocols available |
schemas_supported | Data schemas recognized by agents on this service |
Any domain that hosts ASP agents can publish this endpoint to enable automated discovery.
Capabilities
Capabilities use a hierarchical dot-notation that supports both specific and wildcard matching.
| Capability | Description |
|---|---|
negotiate.compute | Compute service negotiation |
negotiate.saas | SaaS subscription negotiation |
provision.cloud | Cloud resource provisioning |
monitor.resources | Resource monitoring and alerting |
budget.management | Budget tracking and enforcement |
verify.compliance | Compliance verification and attestation |
Wildcard queries are supported. Searching for negotiate.* returns all agents with any negotiation capability. Searching for * returns all agents (filtered by other criteria).
Capabilities are claims, not guarantees. An agent's actual ability to perform a capability is reflected in its trust score, particularly the Commitment Fulfillment component. An agent that claims provision.cloud but consistently fails to deliver will see its trust score decline through the dispute mechanism.
Protocol interoperability
Agents can declare support for multiple communication protocols:
| Protocol | Description |
|---|---|
asp/1.0 | ASP sessions with full lifecycle support |
a2a/1.0 | Google's Agent-to-Agent protocol |
mcp/1.0 | Anthropic's Model Context Protocol |
This enables cross-protocol delegation. An ASP agent can use the DELEGATE performative to hand off a task to an MCP-compatible agent by specifying "protocol": "mcp" in the delegation body. The delegating agent handles protocol translation at the boundary, so the counterparty in the original session sees a seamless interaction.
Declaring multiple protocols increases an agent's discoverability. A search for agents supporting a2a/1.0 will include agents that support both ASP and A2A, enabling broader interoperability across the agent ecosystem.
Next steps
Was this page helpful?