AI Catalog Standard¶
The foundation for federated agentic resource discovery
ARD is built directly on top of the ai-catalog specification. The ai-catalog standard establishes the base artifact-agnostic data model, progressive trust layer, and verification rules that enable dynamic runtime agentic resource discovery.
Standard manifest location¶
A host advertises its agentic resources by publishing a well-known static JSON manifest at:
This allows secure, decentralized, and cacheable ingestion by crawlers and discovery services worldwide.
Core envelope schema¶
A baseline ai-catalog.json manifest includes the following root elements:
specVersion: The version of the catalog format (e.g.,"1.0").host: Information about the entity operating the catalog (display name, DID/domain identifier).entries: An array of individual agentic resource card definitions.collections: Links to sub-catalogs or related departmental feeds.
Example baseline entry¶
{
"specVersion": "1.0",
"host": {
"displayName": "Acme Systems",
"identifier": "acme.com"
},
"entries": [
{
"identifier": "urn:ai:acme.com:tool:ocr",
"displayName": "OCR Text Extractor",
"type": "application/mcp-server+json",
"url": "https://tools.acme.com/ocr/mcp.json",
"description": "Extracts plain text and structured tables from scanned PDFs and PNGs."
}
]
}
Progressive trust & compliance¶
The ai-catalog standard decouples complex security and compliance data from lightweight metadata, using a trustManifest object within each entry. This facilitates:
- Workload identity: Binding agentic resources to SPIFFE IDs, decentralized identifiers (DIDs), or standard HTTPS domains.
- Compliance attestations: Standardizing links to SOC2, HIPAA, GDPR, or ISO audits.
- Provenance links: Recording lineage such as derived relationships (
derivedFrom,publishedFrom) to enable supply-chain tracking. - Cryptographic signatures: Verifiable detached JWS signatures computed over the trust metadata to prevent tampering.