Agent Identity & Discovery (AID)
The DNS-based discovery protocol for the agentic web.
Agent Identity & Discovery (AID)
The 0-th hop for agent discovery.
Type a domain. Find the current agent endpoint.
AID is a small, DNS-first standard for the first contact with an agent or tool service.
It answers one question: "Given a domain, where does the agent interaction begin?"
One _agent TXT record maps a domain to an endpoint, protocol hint, and optional endpoint-proof key. From there, the selected protocol, auth, policy, and capability layers take over.
Start with Core Concepts for a quick overview, then follow the Quick Start to publish your first agent.
Try it Now — Live Resolver & Generator
Why It Matters
AID gives clients a stable starting point without creating a central registry.
You want to connect your Notion to a new AI assistant. You type notion.so. The connection happens automatically. Your experience is instant.
As an autonomous agent, you're tasked with analyzing a dataset stored in a Supabase project. You don't need a hard-coded endpoint. You can discover the supabase.com agent endpoint, then continue into the protocol and auth layer.
How It Works: The 30-Second Explainer
The entire mechanism is a single DNS lookup. It's simple, decentralized, and built on infrastructure that has powered the internet for decades.
- Publish: A provider (e.g.,
supabase.com) adds oneTXTrecord to their DNS at a standard location:_agent.supabase.com. - Discover: A client, given
supabase.com, makes a single DNS query for theTXTrecord at that address. - Connect: The record contains the agent's
uri. The client uses it to connect directly. - Verify: If a public key (
k) is present, the client performs PKA endpoint proof before trusting the endpoint. (Optional)
Learn more
Want the deep dive?
- Specification – The exact format, algorithms, and security rules.
- Core Concepts – How DNS discovery, protocols, and identity fit together.
- Identity & PKA – What endpoint proof adds and where its boundary is.
- PKA Endpoint Proof – The exact HTTP signature profile for implementers.
- Rationale – The design philosophy behind AID.
- Security Best Practices – DNSSEC, redirect handling, local execution, IDN safety, TTL & caching.
- Enterprise Rollout – Change windows, delegation patterns, and DNS team vs app team ownership.
- aid-doctor CLI – Validate, secure, and generate AID records.
SDKs and Tools
AID has official libraries and tools across multiple languages, with additional ports in progress.
- TypeScript/Node & Browser:
@agentcommunity/aid - TypeScript Core Library:
@agentcommunity/aid-engine– Pure business logic for discovery, validation, and PKA - CLI Tool:
@agentcommunity/aid-doctor– Validate, secure, and generate AID records (wraps aid-engine) - Python:
aid-discovery(transfer to community planned) - Go:
aid-go - Rust:
aid-rs - .NET:
aid-dotnet - Java:
aid-java - Web Workbench: Interactive generator/resolver
See the full package overview in SDKs and Packages and the cross-language Discovery API.
Use Cases
- Simple connections: Type a domain, connect automatically. No manual setup.
- Stronger trust (optional): Add identity proof to ensure you’re talking to the right service. See Identity & PKA.
- Local and dev workflows: Safely run local agents with explicit consent; discover dev agents on your network.
- Multi-protocol ecosystems: Connect across MCP, A2A, OpenAPI, gRPC, GraphQL, or WebSocket.
- Smooth migrations: Deprecate old endpoints gracefully with clear timelines.