Glossary

Key terms and concepts in AgenticDNS and the NANDA architecture.

AgentAddr

A cryptographically signed, cacheable object (≤120 bytes) returned by the index resolver. Contains agent_id, agent_name, primary_facts_url, private_facts_url, adaptive_resolver_url, ttl, and signature.

AgentFacts

Structured, cryptographically signed metadata documents (JSON-LD format, W3C VC-signed) that contain an agent's capabilities, endpoints, authentication methods, telemetry config, and evaluations. Enables rapid updates without index writes.

FactsURL

Primary metadata URL hosted at the agent's domain (e.g., https://example.com/.well-known/agent-facts). Used for direct access to AgentFacts.

PrivateFactsURL

Privacy-enhanced reference to AgentFacts hosted on a third-party or decentralized service. Enables requester anonymity and access decoupling without contacting agent infrastructure.

AdaptiveResolver

Programmable routing service that dynamically selects optimal endpoints based on context (geo, load, threat signals). Returns temporary signed endpoints or session tokens.

TTL

Time-To-Live. Defines cache duration for AgentAddr (1-6h), AgentFacts (5-15min), and routing tokens (30-60s).

CRDT

Conflict-free Replicated Data Type. Used in the index update protocol for distributed operation without coordination.

DID

Decentralized Identifier. W3C standard for self-sovereign, location-independent identifiers resolvable without a central registry.

Verifiable Credentials (VC)

W3C standard for cryptographically signed, tamper-evident credentials. AgentFacts are signed as VCs to enable trust verification.

Trust Domain

A zone governed by credential authorities that define credential schemas, issuance policies, and revocation mechanisms. Can cross-sign with other trust domains.

Revocation / Status List

VC-Status-List mechanism for sub-second credential revocation. Issuers update status lists; clients verify during credential validation.

Capability Assertions

Signed claims about an agent's skills, performance, and operational characteristics. Included in AgentFacts and verified via credential chains.

Intranet Registry

Single-organization deployment with enterprise-controlled index and credential authorities. Highest control, fastest adoption.

Extranet Registry

Multi-organization federation with negotiated trust exchange. Cross-signing between trust zones, split-horizon resolution.

Internet Registry

Public discovery and trust bootstrapping. CRDT-based distributed storage, open credential validation, privacy-preserving discovery.

Reference Implementation

Open, modular implementation of AgenticDNS including index writer/reader, AgentFacts toolkit, resolver/policy engine, and adapters. Enables ecosystem adoption and interoperability.