Why architecture matters here
Without a registry, agents call each other by URL and hope. Malicious agents impersonate; expensive calls burn budget; failures cascade silently. The architecture matters because the registry is the trust plane.
With it, agents discover capabilities safely, calls are gated by policy, and misuse is audited. Without it, you rebuild the same solution per-project.
The architecture: every piece explained
The top strip is publish + discovery. Agent publish registers a manifest with declared capabilities. Registry service offers search by tag, capability, and version. Capability schema defines typed interfaces so callers can bind programmatically. Version + compat uses semver with deprecation windows.
The middle row is trust + policy. Reputation + reviews add social trust signals. Policy engine enforces which callers can invoke which agents. Auth + identity uses OIDC or SPIFFE for caller identity. Rate + spend caps prevent misuse.
The lower rows are ops. Audit trail records discovery and calls. Observability exposes per-agent metrics. Ops handles de-listing bad actors, incident response, and governance.
End-to-end flow
End-to-end: an ops agent needs to find an image classification agent. Queries registry: capability=vision.classify, tag=production. Gets three candidates with reputation scores. Picks top. Auth via SPIFFE. Policy allows the call under caller's tenant. Rate caps enforced. Response returns. Audit records both discovery and call. Weeks later, one classifier reports quality drift; users flag reviews down; policy raises threshold and eventually de-lists.