diff --git a/README.md b/README.md index f00eb75..5068f22 100644 --- a/README.md +++ b/README.md @@ -1,16 +1,12 @@ -# Agent Name Service (ANS) Registry +# Enhanced Agent Name Service (ANS) / Registration Authority (RA) -A production-ready registry system for secure AI agent discovery and identity verification. The ANS Registry enables autonomous agents to find and trust each other across organizational boundaries without requiring bilateral agreements. - -## Status - -The registry is operational with REST APIs for agent discovery and search. +ANS/RA defines the security architecture for AI agent identity on the internet, using cryptographic primitives to address trust problems in machine-to-machine commerce. The registry enables autonomous agents to find and trust each other across organizational boundaries without requiring bilateral agreements. > **Repository Intent**: This repository follows a design-first approach with OpenAPI specification alignment. The architecture and API contracts are defined in the design documentation, ensuring implementation consistency and enabling API-first development practices. -## Overview +## The Problem -The ANS Registry provides cryptographic identity and trust infrastructure for AI agents. Every agent identity is anchored to a verifiable Fully Qualified Domain Name (FQDN), creating a permanent, discoverable address that remains stable while agent software versions evolve. +HTTPS certificates work for websites but fail for autonomous agents. Web certificates last 90 days based on domain ownership. Agent code changes daily. ANS creates event-driven certificates tied to specific software versions. ## Core Design Principles @@ -22,6 +18,18 @@ The ANS Registry provides cryptographic identity and trust infrastructure for AI 4. **Transparency Log**: Immutable, append-only ledger using Merkle trees, providing cryptographic proof of all registration history. 5. **Decentralized Discovery**: Registration Authority publishes lifecycle events to pub/sub; third-party services build competitive discovery indexes. +## Architecture + +The system consists of three main components: + +- **Registration Authority (RA)**: Orchestrates validation, certificate issuance, and log sealing +- **Transparency Log (TL)**: Immutable, cryptographically verifiable ledger of all agent lifecycle events +- **Key Management System (KMS)**: Centralized root of trust for signing Merkle tree roots + +The cryptographic architecture uses four key elements: Private Identity Certificates (version-specific mTLS credentials), Transparency Log (Merkle tree with cryptographic proofs), Dual Certificates (separate transport vs identity), and JWS Signatures (detached signatures for transaction authorization). + +ANS operates at Layer 1 (identity verification). External services provide Layer 2 (compliance auditing) and Layer 3 (reputation monitoring). The ANS Integrity Monitor validates DNS records against the Transparency Log continuously using DNSSEC and JCS (JSON Canonicalization Scheme) for deterministic verification. + ## Key Features - **PKI-Based Trust**: Certificate Authority and Registration Authority issue X.509 certificates for agent authentication @@ -30,17 +38,28 @@ The ANS Registry provides cryptographic identity and trust infrastructure for AI - **Domain Control Validation**: ACME DNS-01 challenge verifies agent ownership before registration - **Cryptographic Verification**: Merkle inclusion proofs enable independent verification of agent registrations -## Architecture +## API Documentation -The system consists of three main components: +### Live Endpoints -- **Registration Authority (RA)**: Orchestrates validation, certificate issuance, and log sealing -- **Transparency Log (TL)**: Immutable, cryptographically verifiable ledger of all agent lifecycle events -- **Key Management System (KMS)**: Centralized root of trust for signing Merkle tree roots +**ANS Registry**: `https://ra.int.godaddy.com` (Alpha) +**Transparency Log**: `https://transparency.ans.godaddy.com` (Production) +**Project Site**: `https://www.agentnameregistry.org/` (Planned) -## Documentation +### Core Registry API operations + +`POST /v1/agents/register` - Submit registration with Certificate Signing Requests +`POST /v1/agents/{id}/revoke` - Revoke certificates +`GET /v1/agents/{protocol}/{ansName}` - Retrieve agent details +`GET /registration/{protocol}/{ansName}` - Get transparency log proof + +[OpenAPI specification](https://developer.godaddy.com/doc/endpoint/ans-registry) -- **[DESIGN.md](DESIGN.md)**: Complete architecture and design documentation +## Status + +**Working**: Registration, dual certificates, transparency log +**In Development**: Pub/Sub event system (Q1 2026) +**Planned**: OAuth, external API access, partner SDKs ## Design Goals @@ -50,3 +69,11 @@ The ANS Registry addresses the O(n²) scaling problem of bilateral agent agreeme - **Automated Trust**: Cryptographic identity verification without manual configuration - **Auditability**: Complete, verifiable history of all agent registrations and lifecycle events - **Ecosystem Enablement**: Foundation for competitive marketplaces and discovery services + +## Documentation + +- **[DESIGN.md](docs/DESIGN.md)**: Complete architecture and design documentation. + +## Contributing and Adoption + +ANS/RA is an open standard for the agentic web ecosystem. See [CONTRIBUTING.md](CONTRIBUTING.md) for more information. \ No newline at end of file diff --git a/DESIGN.md b/docs/DESIGN.md similarity index 100% rename from DESIGN.md rename to docs/DESIGN.md diff --git a/component-diagram.png b/docs/component-diagram.png similarity index 100% rename from component-diagram.png rename to docs/component-diagram.png diff --git a/state-machine-diagram.png b/docs/state-machine-diagram.png similarity index 100% rename from state-machine-diagram.png rename to docs/state-machine-diagram.png