DUADP (Decentralized Universal AI Discovery Protocol) is a federated discovery protocol that enables AI agents to find, verify, and connect with each other across the open web. It uses DNS TXT records, WebFinger, and gossip-based federation — like DNS for AI agents.

How does DUADP compare to MCP and A2A?

MCP (Model Context Protocol) connects agents to tools. A2A (Agent-to-Agent) connects agents to each other. DUADP is the missing discovery layer — it helps agents find each other before they can connect. DUADP complements both MCP and A2A by providing federated discovery.

How do I install DUADP?

Install via npm: npm install @bluefly/duadp (TypeScript/JavaScript). Or via pip: pip install duadp (Python). Both packages provide full SDK access to all 17 MCP tools.

What is the difference between a GAID and a DID in DUADP?

A GAID is the global lookup handle for an agent, skill, or tool, such as agent://discover.duadp.org/agents/code-reviewer. A DID is the cryptographic identity used to verify keys, signatures, and publisher authenticity. In DUADP, WebFinger and the node manifest resolve the GAID, and the DID provides the proof that the resource identity is real and has not been tampered with.

Is DUADP aligned with NIST AI standards?

Yes. DUADP was submitted as part of the OSSA formal comment to NIST docket NIST-2025-0035 (CAISI RFI). It addresses federated discovery, DID-based identity, revocation event streams, and governance policies aligned with the NIST AI Risk Management Framework.

What are MCP tools in DUADP?

DUADP exposes 17 MCP (Model Context Protocol) tools that any MCP-compatible AI agent can use directly — including duadp_discover, duadp_search, duadp_publish_agent, duadp_federation_register, duadp_governance_nist, and more. No HTTP code needed.

Live on npm@bluefly/duadp

Decentralized
Universal AI
Discovery Protocol

No universal discovery exists for AI agents. DUADP fills that gap — federated DNS + WebFinger + gossip protocol enables any agent to find any other agent, anywhere on the open web. Currently indexing 36 registered resources.

Try Live Discovery Read the Docs npm @bluefly/duadp

terminal

$ curl https://duadp.org/.well-known/duadp

{
"protocol": "DUADP",
"version": "0.1.4",
"mcp_tools": 17,
"federation": "enabled"
}

AI agents are everywhere — coding assistants, research tools, automation bots. But right now, they can't find each other. Each one lives in its own silo. If your agent needs another agent's help, there's no phonebook to look it up.

DUADP fixes that. It's a simple, open protocol that lets any AI agent publish itself to the web and be discovered by others — no middleman, no vendor lock-in. Think of it like DNS, but for AI: you register once, and the whole network can find you.

DUADP builds on the W3C Decentralized Identifiers (DIDs) v1.1 standard — every agent gets a globally unique identifier that doesn't depend on any central authority. Cryptographic proof baked in. No single point of failure.

“A globally unique persistent identifier that does not require a centralized registration authority.”
— W3C DID Core v1.1

MCP connects agents to tools|A2A connects agents to agents|DUADP helps them find each other

Why DUADP?

MCP connects tools. A2A connects agents. But how do agents find each other? There is no DNS for AI. DUADP is that missing layer.

DNS

Federated Discovery

Nodes discover each other via DNS TXT records and WebFinger. No central registry required. Any domain can host a DUADP node.

P2P

Gossip Federation

Nodes share agent registrations via a gossip protocol. Publish once, discover everywhere across the federated mesh.

DID

DID Identity

Every node has a DID-based identity. Agents carry verifiable credentials. Trust is cryptographic, not assumed.

OSSA

OSSA Native

Built for OSSA agent manifests. Validates schemas, enforces governance policies, and publishes to the registry.

MCP

17 MCP Tools

Complete MCP + REST interface for discovery, search, publishing, validation, federation, governance, and NIST trust. That's the entire protocol.

npm

npm Ready

Install @bluefly/duadp from npm. TypeScript-first with full type definitions. Run your own node in minutes.

DID Identity

GAID Finds It. DID Proves It.

DUADP does not use DID as a decorative label. A GAID is the lookup handle, WebFinger resolves it, the DID document carries keys, signatures prove integrity, and trust tier becomes a policy input for Cedar.

Open Full Inspector View Evidence API

01Portable Handle

GAID is the stable lookup key

A resource gets a global address like agent://discover.duadp.org/agents/code-reviewer. That gives DUADP a portable identifier before any runtime-specific protocol kicks in.

agent://discover.duadp.org/agents/code-reviewer

02Resolution

WebFinger maps the handle to real endpoints

DUADP resolves the GAID through WebFinger and node manifests, so discovery can work across domains, registries, and federation peers without a central broker.

/.well-known/webfinger?resource=agent://...

03Proof

DID supplies the cryptographic identity

The project supports did:web today and also resolves did:key and did:pkh in the SDKs. That DID document is where verification methods and public keys live.

did:web:discover.duadp.org:agents:code-reviewer

04Integrity

Signature and provenance prove what was published

Manifest signatures are checked against the DID keys. DUADP can also carry SBOM, build provenance, and publisher metadata so the identity story extends into supply-chain trust.

Ed25519 signature + provenance chain

05Enforcement

Trust tier becomes a policy input

Once identity resolves and signatures verify, Cedar policies can gate discovery, publishing, federation, and execution based on trust tier, risk level, and autonomy bounds.

community -> signed -> verified-signature -> official

identity pipeline

Lookup

GAID

agent://discover.duadp.org/agents/code-reviewer

↓

Identity

DID

did:web:discover.duadp.org:agents:code-reviewer

↓

Verification

DID document exposes verification methods. Signature matches key. Publisher metadata and provenance enrich the trust calculation.

↓

Policy Result

verified-signature

Discovery, federation, and higher-risk execution paths can now be gated by a verifiable trust tier instead of an unverified claim.

evidence-first inspector

Live GAID / DID Inspection

Open Inspector

Inspect any GAID or DID with full evidence: resolution trace, signature verification, federation witnesses, revocation state, provenance, and policy decisions.

Resolution TraceDID HealthSignature ProofFederation WitnessesPolicy ChecksRevocation State

FederationSelf-Hostable

The Federated Discovery Mesh

DUADP nodes form a decentralized mesh. Search fans out across every peer simultaneously — results stream back from wherever agents live. No single point of failure, no gatekeeper.

Your Query

discover.duadp.org

marketplace.bluefly

agents.enterprise.io

ai.research.edu

community-agents.dev

federated search

$&federated=true

Type a query and press Search to see federated results from across the mesh

FAN

Federated Search

One query, every node in the mesh. When you search with federated=true, your DUADP node fans the query out to all registered peers via the gossip protocol. Results are deduplicated by content hash, ranked by relevance, and tagged with their source node.

→

Parallel fan-out

Query propagates to all peers simultaneously, bounded by max_hops

→

Content-hash dedup

Same agent registered on multiple nodes appears once in results

→

Source attribution

Every result carries the source_node DID for provenance

→

Circuit breaker

Slow or unreachable peers are automatically deprioritized — mesh stays fast

$ curl "https://discover.duadp.org/api/v1/search
?q=code+review&federated=true"

SRV

Run Your Own Node

Any domain can become a DUADP node. Host your own agent registry, control your data, and join the federated mesh. Three steps, five minutes.

DNS TXT Record

_duadp.yourdomain.com TXT
"v=DUADP1 url=https://yourdomain.com"

Deploy the Server

$ npm install @bluefly/duadp
$ npx duadp-server --port 3000

Join the Mesh

$ curl -X POST discover.duadp.org
/api/v1/federation/register \
-d '{"url":"https://yourdomain.com"}'

✓

Verify

$ curl https://yourdomain.com/.well-known/duadp
{"protocol":"DUADP","version":"0.1.4"}

Full setup guide →|Federation docs →

Undersold Features

The Project Is Deeper Than The Website Used To Show

Auditing the main DUADP project shows a broader protocol surface than the site was highlighting. These are some of the strongest capabilities that make DUADP more than a registry.

Desktop Bridge

duadp:// turns discovery into a local action

The main DUADP project includes a native protocol handler, so a web page can trigger secure local actions like IDE MCP installation with duadp://install-mcp?ide=cursor.

Revocation Mesh

Compromised identities can be invalidated across the federation

The reference node ships revocation endpoints and gossip propagation, so a bad agent is not only removed from one registry — it can be rejected network-wide.

Supply Chain

Identity extends into provenance, audit, and risk APIs

The broader project exposes provenance, governance audit, and risk endpoints. DUADP is not only discovery; it is also an evidence surface for compliance and trust review.

Real P2P

There is a libp2p path, not only HTTP fan-out

The reference node already contains GossipSub, Kademlia DHT, and Yjs/CRDT sync work. That is a much more ambitious federation story than the website was showing.

Interop

SDK and MCP support are deeper than the homepage implied

The DUADP repo ships TypeScript, Python, and Go SDKs, plus MCP manifest auto-discovery and GAID resolution helpers. It is not just an npm package story.

Agent Ops

The protocol surface already reaches orchestration and attestations

The SDKs expose delegation, feedback, reputation, attestations, and structured query patterns. Even beyond the core website today, that shows how far the protocol can go.

17 MCP Tools. The Entire Protocol.

Every tool serves a clear purpose. No bloat, no optional features that nobody implements. REST endpoints + MCP tools for the complete surface area.

Discovery

GET

/.well-known/duadp

Node capabilities & version

GET

/api/v1/agents

Browse registered agents

GET

/api/v1/skills

Discover available skills

GET

/api/v1/tools

List published tools

Search & Registry

GET

/api/v1/search

Full-text search across all types

POST

/api/v1/publish

Publish agent/skill/tool

POST

/api/v1/validate

Validate OSSA manifest

Federation & Identity

GET

/api/v1/federation/list

Known federated nodes

POST

/api/v1/federation/register

GET

/api/v1/federation/peers

Active peer connections

POST

/api/v1/federation/gossip

Gossip protocol exchange

GET

/api/v1/identity/node

DID-based node identity

NIST Governance

GET

/api/v1/governance

Governance policies

GET

/api/v1/governance/nist

NIST AI RMF trust profile

POST

/api/v1/governance/evaluate

Evaluate agent trust score

Operations

GET

/api/v1/health

Node health status

GET

/api/v1/metrics

Usage & performance metrics

Native MCP Integration

Every DUADP node exposes 17 MCP tools via the Model Context Protocol. Any MCP-compatible AI agent can discover, search, publish, and federate without writing a single line of HTTP code.

MCP

duadp_discover

Get node capabilities and version info

MCP

duadp_list_agents

Browse all registered agents

MCP

duadp_list_skills

Discover available skills

MCP

duadp_list_tools

List published tools

MCP

duadp_search

Full-text search across all types

MCP

duadp_get_agent

Get detailed agent information

MCP

duadp_publish_agent

Publish agent to the network

MCP

duadp_validate_manifest

Validate OSSA manifest schema

MCP

duadp_federation_list

List known federated peers

MCP

duadp_federation_register

MCP

duadp_federation_peers

Active peer connections

MCP

duadp_federation_gossip

Exchange registrations via gossip

MCP

duadp_identity

DID-based node identity

MCP

duadp_governance

Node governance policies

MCP

duadp_governance_nist

NIST AI RMF trust profile

MCP

duadp_governance_evaluate

Evaluate agent trust score

MCP

duadp_health

Node health and metrics

mcp config

{
  "mcpServers": {
    "duadp": {
      "url": "https://discover.duadp.org/mcp/sse"
    }
  }
}

Get Started in 60 Seconds

Install

npm install @bluefly/duadp

Discover

$ curl discover.duadp.org
/api/v1/agents

Publish

$ curl -X POST
/api/v1/publish

View on npm Full Protocol Docs

NIST AlignedCedar Enforced

Standards Compliance

DUADP maps to NIST AI Risk Management Framework with 13 Cedar policy sets, 18 authorization statements, and a four-tier trust model. Submitted to NIST docket NIST-2025-0035 as part of the OSSA formal comment.

View Standards

The Missing Discovery Layer

Join the federated network of AI agent discovery nodes. Run your own node, publish your agents, discover the ecosystem.

Explore Live Discovery View Source

DecentralizedUniversal AIDiscovery Protocol

Why DUADP?

Federated Discovery

Gossip Federation

DID Identity

OSSA Native

17 MCP Tools

npm Ready

GAID Finds It. DID Proves It.

GAID is the stable lookup key

WebFinger maps the handle to real endpoints

DID supplies the cryptographic identity

Signature and provenance prove what was published

Trust tier becomes a policy input

Live GAID / DID Inspection

The Federated Discovery Mesh

Federated Search

Run Your Own Node

The Project Is Deeper Than The Website Used To Show

duadp:// turns discovery into a local action

Compromised identities can be invalidated across the federation

Identity extends into provenance, audit, and risk APIs

There is a libp2p path, not only HTTP fan-out

SDK and MCP support are deeper than the homepage implied

The protocol surface already reaches orchestration and attestations

17 MCP Tools. The Entire Protocol.

Discovery

Search & Registry

Federation & Identity

NIST Governance

Operations

Native MCP Integration

Get Started in 60 Seconds

Install

Discover

Publish

Standards Compliance

The Missing Discovery Layer

Decentralized
Universal AI
Discovery Protocol