.agt Manifest Specification

Version: 1.0 · Status: Draft · Date: 2026-05-01 · View as Markdown

Abstract

The .agt manifest is a signed JSON document describing an AI agent's identity, capabilities, and endpoints. Each manifest is content-addressed on IPFS and pointed to by a single DNS TXT record on the agent's .agt domain. The manifest is signed by the wallet that owns the underlying NFT, allowing any client to verify authorship without trusting any intermediary registry, gateway, or directory.

This specification replaces the pre-1.0 TXT-record format that stored each field as a separate DNS TXT record. That format is documented as legacy v0 in §10 — read-only support for the ~942 domains registered before this specification.

1. TXT Record

A v1 agent has exactly one .agt-related TXT record on the root of its domain:

agt-manifest=ipfs://<cid>

Where <cid> is a CIDv1 (RFC compliant, multibase-encoded, multihash-encoded) for the manifest JSON document. SHA-256 minimum. A domain MUST NOT have both agt-manifest= and legacy agt-version=1 records simultaneously. Resolvers that encounter both MUST prefer the v1 manifest pointer.

2. Manifest Document

Required fields

Field	Type	Description
`agt`	string	Spec version. MUST be `"1.0"` for this specification.
`domain`	string	Fully-qualified `.agt` domain. MUST match the domain hosting the TXT pointer.
`owner`	string	Owner wallet address. EIP-55 checksummed hex. MUST match the on-chain NFT holder.
`created_at`	string	ISO 8601 timestamp of manifest creation.
`signature`	string	EIP-191 signature over the canonical serialization (with the signature field removed). See §4.

Optional identity fields

Field	Type	Constraints
`name`	string	Max 100 characters.
`description`	string	Max 280 characters.
`icon`	string	HTTPS URL. Square. ≥128×128 recommended.
`website`	string	HTTPS URL.

Protocols

protocols is an array of objects. Each object declares one protocol the agent speaks.

Field	Type	Required	Description
`id`	string	yes	See §3.
`version`	string	no	Protocol-specific version (e.g., `"2025-11-05"` for MCP).
`endpoint`	string	yes	Endpoint URL. HTTPS strongly recommended.
`auth`	string	no	Authentication scheme hint.

Capabilities

capabilities is an array of objects. Each object declares one capability and (optionally) the JSON Schema for its inputs and outputs.

Field	Type	Required	Description
`id`	string	yes	Capability identifier. Lowercase, hyphenated.
`description`	string	no	Max 200 characters.
`input`	object	no	JSON Schema (Draft 2020-12) describing inputs.
`output`	object	no	JSON Schema (Draft 2020-12) describing outputs.

Pricing

pricing is an object describing how the agent charges.

Field	Type	Required	Description
`model`	string	yes	One of: `free`, `freemium`, `paid`, `contact`.
`free_tier`	string	no	Description of the free tier (with `freemium`).
`paid`	object	conditional	Required when `model` is `paid` or `freemium`.

The paid object:

Field	Type	Required	Description
`currency`	string	yes	ISO 4217 code or token symbol.
`amount`	string	yes	Decimal amount as a string.
`unit`	string	yes	`per_request`, `per_token_in`, etc.
`chain`	string	no	EIP-155 chain identifier when `currency` is a crypto token.

Example

{
  "agt": "1.0",
  "domain": "exampleagent.agt",
  "name": "Example Agent",
  "description": "Research and source citation agent.",
  "icon": "https://exampleagent.example.com/icon.png",
  "website": "https://exampleagent.example.com",
  "owner": "0x912D39E13b0bDAe2C5Cf5D0E2f9F4B38aE9c7f6a",
  "created_at": "2026-05-01T18:00:00Z",
  "protocols": [
    { "id": "mcp",  "version": "2025-11-05", "endpoint": "https://exampleagent.example.com/mcp" },
    { "id": "http", "endpoint": "https://exampleagent.example.com/api/v1", "auth": "bearer" }
  ],
  "capabilities": [
    {
      "id": "research",
      "description": "Searches academic and web sources, returns a cited summary.",
      "input":  { "type": "object", "properties": { "query": { "type": "string" } }, "required": ["query"] },
      "output": { "type": "object", "properties": { "summary": { "type": "string" }, "sources": { "type": "array" } } }
    },
    { "id": "summarization" }
  ],
  "pricing": {
    "model": "freemium",
    "free_tier": "10 queries/day",
    "paid": { "currency": "USD", "amount": "0.01", "unit": "per_request" }
  },
  "signature": "0x7f3e8d4c..."
}

3. Protocol Vocabulary

ID	Description
`mcp`	Model Context Protocol (Anthropic). Tool/context integration.
`a2a`	Agent-to-Agent Protocol (Google). Inter-agent communication.
`http`	REST or RPC over HTTP/HTTPS.
`ws`	WebSocket. Real-time bidirectional.
`grpc`	gRPC. High-performance RPC.

Custom protocol IDs are permitted. Lowercase, hyphenated.

4. Canonical Serialization & Signing

Canonicalization

Manifests MUST be serialized using RFC 8785 JSON Canonicalization Scheme (JCS) for signing and verification:

Keys at every nesting level sorted lexically by Unicode code-point.
No insignificant whitespace.
Numbers in shortest round-trippable form.
Strings escaped per RFC 8259 §7 with the smallest valid escape.

Signing

Build the manifest object without the signature field.
Canonicalize per JCS. Result: a UTF-8 byte sequence.
Sign per EIP-191 (personal_sign) with the wallet that holds the domain's NFT.
Place the resulting hex signature (with 0x prefix) in the signature field.

Verification

Fetch the manifest JSON from IPFS.
Compute the IPFS CID from the fetched bytes. Compare against the CID in the TXT record. They MUST match.
Remove the signature field; canonicalize the remainder.
Recover the signer address from the signature and the canonical bytes via EIP-191.
Compare against the owner field. They MUST match.
Compute tokenId = keccak256(bytes(tld) ++ keccak256(bytes(sld))).
Query FNS.ownerOf(tokenId) on Polygon (registry contract 0x465ea4967479A96D4490d575b5a6cC2B4A4BEE65).
Compare against the owner field. They MUST match.

If any of steps 2, 5, 8 fails, the manifest is invalid and MUST be rejected.

5. Resolution Algorithm

function resolve(domain):
  records = dnsTxt(domain)
  pointer = records.find(r => r.startsWith("agt-manifest="))

  if pointer:
    cid = pointer.slice("agt-manifest=ipfs://".length)
    bytes = fetchFromIpfs(cid)
    if cidOf(bytes) != cid: REJECT (gateway tampering)
    json = parse(bytes)
    if !verifySignature(json): REJECT
    if !verifyOnChainOwner(json.domain, json.owner): REJECT
    return { manifest: json, source: "v1" }

  if records.has("agt-version=1"):
    return { manifest: parseLegacyV0(records), source: "v0-legacy", verified: false }

  return null

6. Security Considerations

Public gateways are untrusted. Resolvers MUST verify the IPFS CID matches the fetched content.
On-chain ownership is the ground truth. A signature from a previous owner is invalid after a transfer.
Manifests are public and immutable. Never include secrets, API keys, or anything not intended for permanent public record.
Endpoint TLS. Endpoints SHOULD use HTTPS. Clients SHOULD warn before connecting to plain HTTP endpoints.
Manifest size. Implementations MUST accept up to 64 KiB. Most manifests are well under 4 KiB.

7. Capability Vocabulary (Reference)

69 reference capabilities across 8 categories. Custom IDs permitted — this list is non-exhaustive.

Language

ID	Description
`research`	Gathers, synthesizes, and cites information from multiple sources.
`summarization`	Condenses long-form content into concise summaries.
`translation`	Translates text between natural languages.
`content-writing`	Generates articles, blog posts, documentation, or other long-form written content.
`copywriting`	Produces marketing copy, ad text, taglines, and promotional content.
`editing`	Proofreads, corrects grammar, and improves style and clarity.
`paraphrasing`	Restates text in different words while preserving meaning.
`extraction`	Pulls structured data from unstructured text (entities, dates, amounts).
`classification`	Categorizes text by topic, sentiment, intent, or other criteria.
`question-answering`	Answers questions using provided context or general knowledge.
`fact-checking`	Verifies claims against authoritative sources.
`reasoning`	Performs multi-step logical reasoning and problem solving.
`brainstorming`	Generates creative ideas, alternatives, and divergent options.

Code

ID	Description
`code-generation`	Writes source code from natural language specifications.
`code-review`	Analyzes code for bugs, style issues, and improvement opportunities.
`code-explanation`	Explains what code does in plain language.
`debugging`	Identifies and fixes software bugs.
`testing`	Writes or executes tests and reports results.
`refactoring`	Restructures code for clarity or performance without changing behavior.
`code-documentation`	Generates docstrings, READMEs, and technical reference for code.
`database-query`	Generates, optimizes, or explains SQL and database queries.
`code-completion`	Provides inline code suggestions and autocompletion.

Data

ID	Description
`data-analysis`	Performs statistical analysis and extracts insights from structured data.
`data-visualization`	Creates charts, graphs, dashboards, and visual data representations.
`data-cleaning`	Normalizes, deduplicates, and corrects data quality issues.
`data-transformation`	Converts data between formats, schemas, or structures (ETL).
`math`	Solves mathematical problems and performs symbolic or numeric computation.
`forecasting`	Builds predictive models and generates time-series forecasts.
`anomaly-detection`	Identifies outliers and unexpected patterns in data.
`reporting`	Generates structured reports and executive summaries from data.
`embedding`	Generates vector embeddings for text, images, or other inputs.
`clustering`	Groups similar items together based on features or content.
`ranking`	Scores and prioritizes items by relevance, quality, or other criteria.

Search & Retrieval

ID	Description
`web-search`	Searches the public internet for information.
`semantic-search`	Retrieves results based on meaning rather than keyword matching.
`document-search`	Searches across document collections, PDFs, or knowledge bases.
`knowledge-retrieval`	Queries structured knowledge bases or performs retrieval-augmented generation.
`citation`	Finds, formats, and verifies references and source attributions.

Media

ID	Description
`image-generation`	Creates images from text prompts or other inputs.
`image-editing`	Modifies, enhances, or transforms existing images.
`image-analysis`	Extracts information, labels, or descriptions from images.
`video-generation`	Creates video content from text, images, or other inputs.
`video-analysis`	Extracts information, scenes, or transcripts from video.
`audio-transcription`	Converts spoken audio into text.
`audio-generation`	Produces speech, music, or sound effects from text or other inputs.
`ocr`	Extracts text from images, scans, or documents via optical character recognition.
`design`	Creates UI mockups, graphics, layouts, or other visual design work.
`3d-modeling`	Generates or manipulates three-dimensional models and scenes.

Communication

ID	Description
`chat`	Engages in real-time conversational interaction with users or other agents.
`email-drafting`	Composes, formats, and suggests email messages.
`meeting-notes`	Transcribes, summarizes, and extracts action items from meetings.
`presentation`	Creates slides, pitch decks, and structured visual presentations.
`tutoring`	Provides educational instruction, explanations, and guided learning.
`customer-support`	Handles support queries, troubleshooting, and issue resolution.
`negotiation`	Facilitates structured dialogue toward agreement or compromise.

Automation

ID	Description
`web-scraping`	Extracts structured data from web pages.
`api-integration`	Connects to and orchestrates third-party APIs.
`workflow-automation`	Automates multi-step business or technical workflows.
`scheduling`	Manages time-based tasks, reminders, and calendar operations.
`monitoring`	Observes systems, services, or data streams and reports on status changes.
`deployment`	Manages CI/CD pipelines, releases, and software deployments.
`file-management`	Organizes, converts, moves, and manages files and directories.
`notification`	Sends alerts, messages, and notifications across channels.
`data-entry`	Fills forms, inputs data, and automates manual entry tasks.

Security

ID	Description
`vulnerability-scanning`	Assesses systems and code for security weaknesses.
`compliance-checking`	Verifies adherence to policies, regulations, and standards.
`threat-detection`	Identifies potential security threats and suspicious activity.
`access-control`	Manages permissions, roles, and authentication policies.
`encryption`	Handles data encryption, decryption, and key management.

8. Legacy v0 (TXT-only) Manifests

Approximately 942 domains were registered before this specification with the pre-1.0 TXT-record format. Those domains have an agt-version=1 record and one TXT record per field. Format reference:

Record	Purpose
`agt-version=1`	Sentinel; required for parsing.
`agt-name=<name>`	Display name.
`agt-description=<text>`	Description.
`agt-icon=<url>`	Icon URL.
`agt-website=<url>`	Website URL.
`agt-owner=<address>`	Declared owner (unverified — no signature).
`agt-protocol=<id>`	Repeatable.
`agt-cap=<id>`	Repeatable.
`agt-endpoint-<protocol>=<url>`	One per protocol.
`agt-pricing=<keyword>`	`free`/`paid`/`freemium`/`contact`.

Resolvers SHOULD parse v0 records into a v1-shaped object with legacy: true. Writers MUST NOT generate new v0 manifests. A migration tool for legacy holders to upgrade in place is tracked in #110.

9. References

RFC 8785 — JSON Canonicalization Scheme (JCS)
RFC 8259 — JSON Data Interchange Format
EIP-191 — Signed Data Standard
EIP-55 — Mixed-case checksum address encoding
EIP-155 — Chain identifiers
JSON Schema Draft 2020-12
IPFS CIDv1 — multibase, multihash, multicodec