Discover.
A governed public agent catalog where listing is earned, never bought — through a multi-condition eligibility chain: publication, lifecycle, health, protocol policy, verification tier, freshness. Standing is computed, not declared, and it expires.
Verify.
Identity and provenance via registry attestation and DNS domain-ownership evidence. Liveness via protocol-correct probes. Freshness via automated re-verification every six hours: pass refreshes, failure auto-delists. Tier promotion is operator-gated and evidence-recorded.
Govern.
AI governance as guardrails in the request path — explicit policy on every governed request: allow, deny, require-approval. Approval queues with full request context. Overrides that are scoped, time-bounded, and audited. Kill switches at global, tenant, and agent scope.
Route.
Versioned, replayable routing decisions — capability graph, trust snapshot, embedding and ranking versions, all pinned. Execution outcomes feed trust scores across a seven-state, audit-transitioned agent lifecycle.
Invoke.
One hardened dispatch path running MCP and A2A end-to-end in production, with HTTP/JSON, gRPC, and WebSocket supported at the platform layer. Egress protections, upstream credential custody, minimized anonymous responses. Per-protocol policy enforced in code — not convention.
Audit.
Traces for accepted and rejected requests. Correlation IDs end to end. Tenant-facing observability surfaces ship with it. Cryptographically anchored trust provenance via SHA-256 Merkle commitments. Configurable retention. Compliance control mappings — including EU AI Act Article 13 — as audit tooling.
Build on it.
Documented OpenAPI. TypeScript and Python SDKs. Contract drift guards backed by extensive automated regression testing — so the interface you build on is the interface that ships.