NAIS Specification

Formal technical specification for the NAIS (Network Agent Identity Standard) protocol.

Current version: v1.0-draft (2025-01-15)

Overview

NAIS defines a two-step discovery model for AI agent identity using existing internet infrastructure:

1. DNS lookup — Query _agent.<domain> TXT records for metadata pointers
2. Manifest fetch — Retrieve /.well-known/agent.json for full agent profile

Specification Contents

Core Protocol

• Discovery model — Two-step resolution via DNS + HTTPS
• DNS TXT record format — _agent.<domain> with semicolon-delimited fields
• agent.json manifest schema — Standard JSON format for agent capabilities
• MCP endpoint discovery — Locating Model Context Protocol endpoints

Extensions

• Wallet authentication — Challenge-response auth using EIP-191 signatures
• x402 payment flow — HTTP 402-based payment with USDC

DNS Record Fields

Field	Required	Description
v	Yes	Protocol version (e.g., nais1)
manifest	Yes	URL to agent.json manifest
mcp	No	MCP endpoint URL
auth	No	Auth method (wallet, bearer, none)
pay	No	Payment method (x402)

Example

_agent.example.com  IN  TXT  "v=nais1; manifest=https://example.com/.well-known/agent.json; mcp=https://example.com/mcp; auth=wallet; pay=x402"

Security Considerations

• DNSSEC recommended for DNS record integrity
• TLS required for all manifest and endpoint URLs
• Replay attack prevention in wallet auth flows
• Rate limiting on resolver and auth endpoints

Reading the Full Spec

The complete specification is published at nais.id/spec.

Contributing

Changes to the specification follow the NAIP process. Propose changes by opening an RFC.

Related

• nais — Main website with rendered spec
• resolver — Reference implementation
• naips — Improvement proposals