AgentRoot
$ publish
Navigate
Protocol

$ cat protocol.md

Declare your domain's agent capabilities in DNS. One TXT record. One JSON file. That's it.

// how_it_works

Three layers

The AgentRoot protocol has three layers. DNS proves ownership. The manifest declares capabilities. The registry indexes everything for search and discovery.

Layer 1: DNS
_agentroot.example.com TXT "v=ar1 manifest=https://..."
Layer 2: Manifest
{   "domain": "example.com",   "records": [     { "type": "agent", ... },     { "type": "mcp", ... }   ] }
Layer 3: Registry (optional)
// Search, indexing, CLI, MCP server, A2A // Convenience layer — protocol works without it

Step 1: Add a TXT record at _agentroot.<your-domain>. It points to a JSON file.
Step 2: The JSON file lists your agent capabilities — agents, MCP servers, skills, A2A endpoints.
Step 3: AgentRoot verifies the DNS record and indexes your manifest.

// dns_record

The DNS record

Add a TXT record at _agentroot.<your-domain>:

# Manifest URL mode — points to a JSON manifest _agentroot.example.com TXT "v=ar1 manifest=https://example.com/.well-known/agentroot.json"

Two fields. v=ar1 is the protocol version. manifest=<url> points to your manifest. For single-record setups, you can skip the manifest entirely with inline mode.

# Inline mode — single record, no manifest needed _agentroot.example.com TXT "v=ar1 type=agent name=MyBot endpoint=https://example.com/api"

Full DNS record docs →

// manifest

The manifest

Host a JSON file at https://<domain>/.well-known/agentroot.json. It declares everything your domain offers.

{ "domain": "example.com", "records": [ { "type": "agent", "id": "assistant", "name": "My Assistant", "description": "A research assistant", "endpoint": "https://example.com/agent" }, { "type": "mcp", "id": "db-tools", "name": "DataTools", "description": "Database query and visualization tools", "endpoint": "https://example.com/mcp", "transport": "sse" } ] }

Full manifest docs →

// record_types

Record types

Five built-in types. The protocol schema is a closed enum at the validator layer — records with any other type are rejected.

TypeWhat It IsKey Fields
agentAn AI agent that accepts tasks and returns resultsendpoint, protocol, capabilities
mcpA Model Context Protocol server exposing toolsendpoint, transport, tools
skillA collection of SKILL.md instruction filesindex or skill_md
a2aAn Agent-to-Agent protocol endpointendpoint, capabilities
paymentA payment endpoint advertising agent-payment protocols and accepted assetsendpoint, protocols, methods, assets

Full record type docs →

// verification

Verification model

Trust is built on DNS ownership. Only domain admins can set TXT records, so a valid DNS record proves the domain owner authorized the manifest.

StateMeaning
verifiedDNS record found, manifest valid, domain field matches
pendingSubmitted but not yet checked
failedDNS record missing or manifest invalid

The registry re-verifies periodically. If DNS goes away, the records go away.

// discovery

Discovery flow

Any tool can discover capabilities directly, no registry needed:

1
Look up _agentroot.example.com TXT record via DNS
2
Fetch the manifest URL from the record
3
Parse the JSON records array — agents, MCP servers, skills, A2A endpoints

A registry like AgentRoot adds search, indexing, CLI install, and an MCP server for AI-native access. But the protocol works without it.

// next
Next
Manifests →
Deep dive
Record Types →
Reference
DNS Records →