Architecture

The NANDA 3-layer architecture cleanly separates static identity resolution, verifiable metadata distribution, and dynamic endpoint routing.

NANDA 3-Layer Architecture Model

Separation of Concerns

Lean Index

Global, Minimal, Durable

A lightweight, globally replicated index maps agent identifiers to metadata references, not endpoints. Each AgentAddr record is ≤120 bytes, signed, and cacheable.

Metadata / AgentFacts

Dynamic, Verifiable

Capabilities, endpoints, and trust assertions live in signed metadata documents (JSON-LD, W3C Verifiable Credentials) and evolve independently of the index.

Resolver / Dynamic Resolution

Local, Policy-Driven

Resolution decisions occur locally, under enterprise policy, at machine speed. Supports static endpoints, rotating pools, and adaptive routing.

End-to-End Resolution Workflow

1

Index Lookup

Query AgentName → Index → AgentAddr

2

Metadata Resolution

Fetch AgentFacts from FactsURL or PrivateFactsURL

3

Endpoint Discovery

Extract endpoint from AgentFacts or use AdaptiveResolver

4

Connection

Authenticate and establish connection

TTL Layering

Index TTL (AgentAddr)

1-6 hours. Defines how long the AgentAddr record may be cached before re-validation.

Metadata TTL (AgentFacts)

5-15 minutes. Governs freshness of capabilities, telemetry endpoints, and evaluations.

Routing Token TTL

Static endpoints: 1-6 hours. Rotating endpoints: 5-15 minutes. Adaptive routing tokens: 30-60 seconds.

Architecture Mapping to Rollout Stages

Intranet

Single-organization deployment with tight governance and highest control. Enables internal agent discovery and capability negotiation.

Index Layer

  • • Enterprise-controlled registries
  • • Internal namespace governance

Metadata Layer

  • • PrimaryFactsURL hosting
  • • Internal credential authorities

Resolver Layer

  • • Strict policy enforcement
  • • Audit logging

Extranet

Multi-organization federation with negotiated trust exchange. Enables secure agent collaboration across partner boundaries.

Index Layer

  • • Enterprise-controlled registries
  • • Internal namespace governance

Metadata Layer

  • • PrimaryFactsURL hosting
  • • Internal credential authorities

Resolver Layer

  • • Strict policy enforcement
  • • Audit logging

Internet

Global public discovery and trust bootstrapping. Enables open agent ecosystems with verifiable identity and capability assertions.

Index Layer

  • • Enterprise-controlled registries
  • • Internal namespace governance

Metadata Layer

  • • PrimaryFactsURL hosting
  • • Internal credential authorities

Resolver Layer

  • • Strict policy enforcement
  • • Audit logging