NANDA Index: Nursing Diagnosis & AI Agent Registry

• NANDA Index is a dual-system framework: one part standardizes nursing diagnoses using the NNN schema, while the other offers a secure, scalable registry for AI agent discovery.
• Both implementations use schema-driven methodologies—XML Schema for clinical taxonomy and JSON-LD with cryptographic credentials for AI—to ensure interoperability and structural completeness.
• Decentralized, CRDT-based update mechanisms and layered security measures enable robust, privacy-preserving operations in diverse domains from healthcare to internet-scale AI.

The NANDA Index refers to two technically and contextually distinct but semantically related formalizations found in separate domains: (1) the NANDA nursing diagnosis index, foundational for standardized nursing documentation and care planning, which has been formalized within the NNN (NANDA-NIC-NOC) schema; and (2) the NANDA Index architecture for global AI agent discovery and identity, a cryptographically verifiable registry built for internet-scale agent orchestration. Both formalizations prioritize compositional completeness, structural flexibility, and semantic interoperability, although their design motivations, schemas, and operational characteristics are domain-specific and technically independent.

1. NANDA Index in the NNN Formalization (Clinical Domain)

The NANDA nursing diagnosis index defines a controlled taxonomy of nursing diagnoses, each characterized by unique identifiers, definitions, and associated elements, and is foundational for structured care planning processes. The NNN schema, as developed in (Kaes et al., 2014), provides a formally complete, XML-schema-driven mapping for every constituent of the NANDA Index. Its conceptual entity–relationship model distinguishes six core entities:

• Diagnosis: Defined by attributes such as id (NANDA code), title, definition, version, status, author, date, and institution. Each diagnosis aggregates multiple factors (causal/risk), symptoms (defining characteristics), outcomes (care goals), tasks (interventions), and documentation emphases.
• Factor: Represents causes or risks, specified by id, type (related or risk), category, subcategory, and optionally nested factors, hints, and examples.
• Symptom: Encapsulates defining characteristics (subjective/objective), supported with hints and examples.
• Outcome: Associates goals (achieve/maintain/prevent) with standardized NOC codes; includes inputs for structured evaluation.
• Task: Interventions mapped to NIC codes, supporting predicted effort, scores for prioritization, and structured input schemas.
• DocumentationEmphasis: Captures documentation mandates, with in-line hints and structured input fields.

The formal mapping ensures that elements such as related/risk factors, NIC interventions, and NOC outcomes are fully expressible and cross-referenceable. Example representations in XML, RelaxNG, and pseudocode support both machine readability and interoperability with electronic care engines.

2. NANDA Index for AI Agent Identity and Registry (Internet of Agents)

In the context of scalable AI agent architecture, the NANDA Index as defined in (Raskar et al., 18 Jul 2025) and (Singh et al., 5 Aug 2025) emerges as a three-tiered, cryptographically anchored registry enabling secure, privacy-preserving, schema-validated discovery for AI agents across federated, distributed infrastructures.

Layered Architecture

• Lean Index Layer ("Anchor Tier"): Stores AgentAddr records (≤120 bytes), each referencing an agent's stable identity (DID/UUID), primary and privacy-preserving metadata locations (URLs), TTL, and an Ed25519 signature. Sharded, federated registries form a quilt-like global index using state-based OR-Set CRDTs, ensuring commutativity and consistency across autonomous parties.
• AgentFacts Layer ("Metadata Distribution Tier"): Hosts JSON-LD W3C Verifiable Credentials encapsulating agent capabilities, authentication mechanisms, endpoints, compliance assertions, and revocation status. All claims are bound and verifiable by cryptographic signatures (Ed25519/JWS), supporting self-sovereign and enterprise-issued modes.
• Dynamic Resolution Layer ("Adaptive Routing Tier"): Delivers programmable, policy-driven endpoint selection, with options for static, rotating, or adaptive endpoints (TTL granularity down to 30–60 s) and context-aware load balancing.

AgentFacts Formal Schema

AgentFacts are defined as:

$$\mathsf{AgentFacts} ::= \bigl(\,\mathit{id},\,\mathit{public\_key},\,\mathit{capabilities},\,\mathit{endpoints},\,\mathit{metadata},\,\mathit{signature}\bigr)$$

Key invariants enforced include:

• Verifiability of the signature:

$$\mathsf{Verify}(\mathit{issuer\_public\_key},\,\mathit{signature},\,\mathit{facts\_body}) = \texttt{true}$$

• Freshness via nonces and short-lived credentials.
• Schema compliance for all capability and authentication attributes.
• Revocation status must be checked against VC-Status lists on use.

3. CRDT-Backed Decentralized Update and Consistency Mechanisms

The NANDA Index employs a CvRDT-based OR-Set for federated index management. Let each shard’s state for an agent $a$ be:

• $E_a$: the set of all pointers (FactsURLs/registry links) ever added
• $D_a$: those marked as removed

The current state is $E_a\setminus D_a$, and updates are merged via set union, allowing for highly concurrent, coordination-free operation across registries and institutions (Raskar et al., 18 Jul 2025).

Pseudocode for merge:

def merge(E1, D1, E2, D2): return (E1.union(E2), D1.union(D2))

Network-wide consistency and conflict-freedom are achieved via periodic gossip of CRDT deltas, with no requirement for global coordination or locks, enabling scalability to ≥10⁴ updates/s per shard.

4. Security, Authentication, and Privacy in Agent Registry

Security in the NANDA Index derives from a multi-layered design:

• Signature-based Integrity and Authentication: All index records and facts are signed (Ed25519, optionally JWS, Merkle-based for privacy). Agent identity is tied to DIDs/public keys, and all claims are cryptographically anchored (Singh et al., 5 Aug 2025).
• Credentialed Capability Assertions: Capabilities, compliance, and routing claims are issued as W3C Verifiable Credentials with defined status-check URLs for fast revocation (sub-second update cadence).
• Selective Disclosure and Privacy: Agents may serve PrivateFacts URLs (obfuscated/IPFS/Onion endpoints) enabling privacy-preserving lookups; Merkle-based claim proofs and prospective BBS+ style ZKPs enable selective disclosure.
• Least-Disclosure Queries and Split-Horizon Governance: The architecture permits returning different agent pointers based on client identity or geography, with minimal index exposure and optional audit log trails.
• Performance Characteristics: Index access is O(1) (CDN-cached, ~20–50 ms); metadata fetch and proof verification is O(1) per agent (typ. <100 ms end-to-end) (Raskar et al., 18 Jul 2025).

5. Schema-Validated, Structured Discovery and Comparison to Other Registries

AgentFacts apply schema-validated, context-linked JSON-LD credentials referencing a canonical ontology of capabilities (OASF, healthcare/FHIR, etc.). This enables interoperable capability negotiation, credential-based authentication (including DID keys, OAuth scopes, mTLS), and dynamic endpoint handoff. Compared to contemporaneous agent registry solutions, NANDA AgentFacts achieves:

Dimension	NANDA AgentFacts	MCP Registry	A2A Agent Cards	AGNTCY ADS	Entra Agent ID
Security	Ed25519+VCv2	DNS+OAuth (no payload sig)	TLS only	Sigstore/optional chain	Azure AD (enterprise)
Authentication	DID-based VC	DNS proof	Per-RPC, OOB	mTLS/SPIFFE	Managed identity
Scalability	Lean index/federated	Central + CDN	1-hop/well-known	P2P DHT	SaaS/SLAs
Maintainability	Stable schema, decoupled	Mono Go svc	Minimal	K8s+GitOps	Managed SaaS

NANDA uniquely combines sub-second identity resolution (cached pointers), cryptographically assured claims, and privacy via PrivateFacts/Selective Disclosure, enabling both self-sovereign and managed deployment modes (Singh et al., 5 Aug 2025).

6. Workflow Patterns and Applications

Typical agent lifecycle workflows utilizing the NANDA Index include:

• Registration: Agent constructs AgentFacts VC, hosts at FactsURL, submits signed AgentAddr to the Lean Index.
• Discovery/Trust Evaluation: Client fetches AgentAddr, verifies signature, chooses FactsURL/PrivateFactsURL based on policy, verifies AgentFacts, and performs VC status checks.
• Dynamic Endpoint Selection: Based on policy and endpoint classes, the client negotiates with an adaptive resolver or selects among static/rotating endpoints, supporting geo-LB and DDoS resilience.
• Capability Update/Revocation: Updated AgentFacts can be pushed to the FactsURL without index update; revocation is realized through fast-pushed VC-Status list updates.

A plausible implication is that such modular lifecycle flow—separating identity, claims, and endpoints—enables scalable, autonomous, and secure AI agent ecosystems across organizational and infrastructural boundaries.

7. Formal Completeness, Flexibility, and Generalization

Both NANDA formalizations (NNN clinical, AI agent) are characterized by:

• Completeness: All taxonomic elements are representable; every diagnosis/agent has a schema-validated, canonical model; risk/related factors and credential assertions are first-class.
• Flexibility: Scoring, input constraints, custom institutional policies, and hierarchical/nested compositions are supported in both care process and agent identity workflows.
• Generalization Potential: The separation of lean identity/pointer layers from dynamic, domain-specific metadata, plus CRDT-backed federated updates, suggests applicability for any globally distributed system requiring compositional, verifiable discovery and policy-driven orchestration.

The NANDA Index in both domains exemplifies a state-of-the-art structure for compositional knowledge formalization and globally scalable, verifiably secure identity and capability discovery (Kaes et al., 2014, Raskar et al., 18 Jul 2025, Singh et al., 5 Aug 2025).