Papers

Topics

Authors

Recent

View all

Assistant

AI Research Assistant

Well-researched responses based on relevant abstracts and paper content.

Custom Instructions Pro

Preferences or requirements that you'd like Emergent Mind to consider when generating responses.

Gemini 2.5 Flash

Gemini 2.5 Flash 71 tok/s

Gemini 2.5 Pro 54 tok/s Pro

GPT-5 Medium 22 tok/s Pro

GPT-5 High 29 tok/s Pro

GPT-4o 88 tok/s Pro

Kimi K2 138 tok/s Pro

GPT OSS 120B 446 tok/s Pro

Claude Sonnet 4.5 35 tok/s Pro

2000 character limit reached

Agent Directory Service (ADS)

Updated 30 September 2025

Agent Directory Service (ADS) is a decentralized registry that indexes and verifies agent capabilities using hierarchical taxonomies and cryptographic signing.
It integrates OCI/ORAS protocols with DHT-based lookup to enable efficient, multi-dimensional queries over distributed agent records.
Schema-driven extensibility allows ADS to support emerging agent modalities while ensuring secure provenance tracking with Sigstore and adherence to OASF standards.

An Agent Directory Service (ADS) is an infrastructure for the discovery, indexing, and verification of agent capabilities, metadata, and provenance in multi-agent systems (MAS). ADS operates as a distributed registry, supporting efficient, multi-dimensional queries on agent records using content-addressed storage, hierarchical taxonomies, and cryptographic signing. The architecture is formalized within the Open Agentic Schema Framework (OASF), realized atop established technologies such as OCI/ORAS for artifact distribution, Sigstore for provenance, and a Kademlia-based Distributed Hash Table (DHT) for decentralized lookup. Schema-driven extensibility accommodates novel agent modalities including LLM prompt agents, MCP servers, and A2A-enabled components, positioning ADS as a substrate for secure, federated agent discovery (Muscariello et al., 23 Sep 2025).

1. Architectural Model

ADS adopts a layered and federated architectural decomposition with strict separation of concerns:

Schema Layer: Defines immutable agent records encoded in OASF. Each record captures agent skills, domains, features, and evaluation signals. Extensibility is provided through media-typed schema extensions.
Indexing Layer: Maintains canonical indices mapping hierarchical taxonomic keys (e.g., "nlp.summarization.abstractive") to Content Identifiers (CIDs), published as immutable OCI artifacts.
Storage Layer: Persists agent records and linked metadata as OCI artifacts within registries backed by object storage systems (S3, GCS).
Distribution Layer: Utilizes OCI registry protocols and ORAS tools for artifact distribution, caching, and replication.
Security Layer: Enforces integrity by content-addressing (SHA-256 digests), Sigstore-powered signing, and transparency logging (Rekor).

Publication involves pushing OASF-formatted agent records and capability indices to OCI registries, followed by index announcement in the DHT. Discovery is realized via two-level mapping: capabilities to CIDs, CIDs to endpoints.

A representative architectural diagram, rendered in LaTeX TikZ, abstracts the layered model:

\begin{tikzpicture}[node distance=2cm]
\node (Schema) [rectangle, draw] {OASF Agent Record};
\node (Index) [rectangle, draw, below of=Schema] {Capability Index (Skill → CID)};
\node (Storage) [rectangle, draw, below left of=Index, xshift=-1cm] {OCI Registry/Storage};
\node (Distribution) [rectangle, draw, below right of=Index, xshift=1cm] {Distribution (ORAS)};
\node (Security) [rectangle, draw, right of=Distribution, xshift=1cm] {Security (Sigstore)};
\draw[->] (Schema) -- (Index) node[midway, right] {Publish};
\draw[->] (Index) -- (Storage) node[midway, left] {Store};
\draw[->] (Storage) -- (Distribution) node[midway, above] {Retrieval};
\draw[->] (Storage) -- (Security) node[midway, below] {Sign/Verify};
\end{tikzpicture}

2. Storage and Discovery Layers

Storage Layer

Agent records, built in deterministic JSON using OASF, are serialized and stored immutably as OCI artifacts. Each is addressed by a SHA-256 digest (CID), ensuring deduplication and tamper-evidence. Additional metadata (signatures, evaluations, composition graphs) are attached as referrer artifacts via OCI APIs. Distribution inherits parallel fetching, caching, and CDN capabilities from OCI's ecosystem.

Discovery Layer

ADS supports hierarchical, multi-dimensional taxonomy for discovery. Skills use dotted notation (e.g., "vision.segmentation.pixelwise"), with additional axes for domains and features. Discovery proceeds as:

Taxonomic indices associate attribute keys with lists of agent CIDs.
Resolvers map CIDs to registry endpoints.

Locator entries are published over a Kademlia-based DHT. Multi-dimensional queries are resolved by intersecting sorted posting lists: $C = P_s \cap \left(\bigcap_i P_{d_i}\right) \cap \left(\bigcap_j P_{f_j}\right)$ where $P_s$ is the skill posting list, and $P_{d_i}$ , $P_{f_j}$ are lists for domains and features. Only after intersecting indices are actual agent records retrieved, minimizing bandwidth and computation.

3. Security and Performance Properties

Security

Content Addressing: All artifacts addressed by SHA-256; any alteration changes the CID and invalidates index entries.
Provenance: Sigstore integration provides keyless signing via ephemeral OIDC-bound certificates, with signatures stored as detached referrer artifacts and recorded in a transparency log (Rekor).
Trust Partitioning: Trust is distributed among publishers (signers), storage registries (non-authoritative wrt integrity), DHT nodes (verified by digest), and clients enforcing signature/evaluation requirements.
Threat Mitigations: Digest verification, index supersession, epoch/sequence tracking, and rate limiting defend against tampering, signature forgery, Sybil attacks, and stale/replay poisoning.

Performance

Index Compression: Capability indices with sorted, compressible posting lists improve query speed.
On-Demand Retrieval: Only candidate CIDs are fetched post-intersection.
Caching and Replication: High-frequency posting lists employ cache validation (weak ETags) and "hotset" replication.
Optimized Updates: Delta indices and probabilistic prefilters (e.g., Bloom filters) are used to minimize update and query overhead.

4. Integration with Existing Infrastructures

ADS is architected for interoperability:

OCI / ORAS Integration: Utilizes mature OCI registry protocols and ORAS tools for distribution, transport, parallel fetching, CDN integration, and access control.
Provenance via Sigstore: Keyless signing yields OIDC-based ephemeral certificates. Signatures are detached artifacts and captured in append-only transparency logs (Rekor).
No bespoke infrastructure: ADS leverages existing registry, signing, and DHT/federation mechanisms rather than redefining delivery, reducing operational friction and aligning with established supply chain security patterns.

5. Schema-Driven Extensibility

ADS leverages the OASF's modular schema approach:

Minimal Core: Records describe essential metadata—skills, domains, features—with immutability.
Extension Mechanism: Additional payloads (MCP descriptors, A2A metadata, prompt bundles) attach as modular extensions, each with globally unique media types and schema URLs.
Compatibility: Extensions are additive; unknown types can be ignored, preserving backwards compatibility.
Support for Modalities: LLM prompt agents publish "Prompt Bundles" (system/task/evaluation templates); MCP server descriptors capture orchestration endpoints. Schema-driven extension enables rapid adaptation to new agent classes.

A representative pseudocode for an agent record:

class AgentRecord(BaseModel):
    schema: str       # OASF schema ID
    version: str      # semantic version
    skills: List[str]
    domains: List[str]
    features: List[str]
    resources: Dict   # endpoints, model URIs
    metadata: Dict    # ext-friendly map

6. Position within the Interoperability Landscape

ADS distinguishes itself from naming-centric and runtime communication frameworks:

Naming vs Capability Discovery: Unlike frameworks focusing on mnemonic DNS-like naming and endpoint dynamic resolution (e.g., NANDA (Zinky et al., 5 Aug 2025), AgentDNS (Cui et al., 28 May 2025), ANS (Huang et al., 15 May 2025)), ADS centers on content-addressed, capability-indexed discovery. Names are resolved to CIDs using two-level mappings.
Complementarity to Runtime Registries: Interoperability frameworks (MCP, A2A) focus on execution-time handshake and protocol mediation; ADS is strictly focused on discovery, provenance, and decentralized lookup.
Federated Substrate: The combination of hierarchical taxonomic indices, cryptographic integrity, and DHT-based lookup positions ADS as a complementary substrate for more specialized overlays (ranking, governance, reputation).
Leverages Proven Ecosystems: ADS piggybacks on OCI and Sigstore, minimizing bespoke operational risk and benefitting from robust, widely-adopted infrastructure.

7. Summary and Significance

The AGNTCY Agent Directory Service represents a modular, cryptographically verifiable, and highly extensible substrate for MAS discovery. By embedding content-addressed storage, capability-centric hierarchical indices, and federated DHT resolution, ADS enables efficient multi-dimensional queries across heterogeneous agent populations. Schema-driven extensibility supports rapid evolution to new agent modalities, while integration with existing OCI/ORAS and Sigstore infrastructures ensures artifact integrity and provenance at scale. ADS is positioned as a foundational directory service for agent discovery, securely interoperating across diverse AI ecosystems, with explicit separation from naming, identity, and runtime protocol registries (Muscariello et al., 23 Sep 2025).

Table: Layered Model Overview

Layer	Function	Technologies
Schema	Defines agent records	OASF
Indexing	Capability-to-CID map	OCI artifacts, DHT
Storage	Artifact persistence	OCI registry, S3/GCS
Distribution	Fetch/caching/replica	ORAS, CDN
Security	Integrity/provenance	SHA-256, Sigstore