Agent Communication Protocols: ACP, AGNTCY & ANP
Beyond MCP and A2A, several other protocols stake out distinct philosophies for how agents find and talk to each other. This page covers ACP (Agent Communication Protocol) in depth — a REST-based, async-first standard with multipart messages, originally from IBM/BeeAI and since merged into A2A — then surveys AGNTCY's directory-and-registry 'Internet of Agents' and ANP's fully decentralized, DID-based agentic web, contrasting their centralized-REST, federated-directory, and decentralized-identity approaches.
The Model Context Protocol (see protocols-mcp.html) and A2A (see protocols-a2a.html) are the
two most widely adopted agent protocols, but they are not the only answers to the
interoperability question. This page covers three further efforts, each built on a different
core philosophy:
- ACP — a pragmatic, rest-first protocol where an agent is just an HTTP service you POST to. Originally from IBM/BeeAI; now merged into A2A.
- AGNTCY — not a single wire protocol but a collective and a stack of components for an "Internet of Agents," centered on a federated directory for discovery.
- ANP — a fully decentralized protocol that gives every agent a self-sovereign, cryptographic identity and lets them meet as peers on the open web.
The contrast is the point. ACP centralizes around a known REST endpoint; AGNTCY centralizes around a (federated) registry; ANP refuses to centralize at all. Reading them together is the fastest way to understand the design space.
ACP — the Agent Communication Protocol
ACP is "an open protocol for communication between AI agents, applications, and humans." Per
IBM's own materials, it was launched by IBM Research in March 2025 to power the open-source
BeeAI platform (the ACP spec site and the i-am-bee/acp repo phrase this more neutrally, as
"developed by contributors to the BeeAI project" under the Linux Foundation). It was designed
around a deliberately boring transport: REST over HTTP, using "simple, well-defined REST
endpoints that align with standard HTTP patterns" rather than a custom RPC envelope. The design
goal is that an agent is reachable with nothing more exotic than curl, Postman, or a browser —
no client library required — which makes ACP-compliant agents trivial to integrate into existing
production infrastructure.
Status note (read this first). On August 25, 2025, the ACP team announced it is winding down active development and "will begin contributing its technology and expertise directly to A2A" under the Linux Foundation; days later the LF AI & Data blog (August 29, 2025) confirmed the consolidation. BeeAI provides A2A adapters (its
A2AServer/A2AAgentclasses plus a migration guide) so existing ACP agents can move to A2A. ACP is therefore best understood today as an influential, now-consolidated design rather than a protocol to adopt for new greenfield work — but its REST/async-first model is instructive, and many of its ideas live on in A2A. Everything below describes ACP as specified before the merger.
Purpose and design principles
ACP set out to solve agent fragmentation: agents written in different frameworks (BeeAI, LangChain, CrewAI, and others) could not easily call one another. Four principles shaped the protocol:
- REST-first transport. Communication uses standard, well-defined REST endpoints aligned with ordinary HTTP patterns rather than a custom RPC envelope. (This is the sharpest contrast with A2A and MCP, which both put json-rpc 2.0 on the wire.)
- Async-first. ACP is built primarily for asynchronous communication so it can handle long-running agent tasks, while still fully supporting synchronous calls.
- Multimodal by MIME type. Message content is identified by standard MIME types, so text, images, audio, video, or custom binary formats flow through the same structure without protocol changes.
- Offline (scale-to-zero) discovery. An agent can embed its manifest metadata in its distribution package, so it remains discoverable even while inactive — useful for scale-to-zero deployments where the agent process may not be running.
REST transport and the endpoint surface
Because ACP is REST rather than a single RPC endpoint, its surface is a small set of resource routes. The core endpoints are:
| Method & path | Purpose |
|---|---|
GET /agents |
List available agents (discovery) |
GET /agents/{name} |
Fetch the manifest / detail for one agent |
POST /runs |
Create and start a run of an agent |
GET /runs/{run_id} |
Poll the current state of a run |
POST /runs/{run_id} |
Resume a run that is awaiting input |
POST /runs/{run_id}/cancel |
Request cancellation of a run |
Agent discovery and the manifest
A client discovers agents by calling GET /agents, which returns a list of agent descriptors.
Each agent exposes a manifest (its "Agent Detail") describing "its identity, capabilities,
metadata, and runtime status." The minimal descriptor carries a name, a description, and a
metadata object:
{
"agents": [
{ "name": "echo", "description": "Echoes everything", "metadata": {} }
]
}
Because that same metadata can be packaged with the agent's distribution artifact, discovery works both online (query a running server) and offline (read embedded manifests from a catalog), supporting the scale-to-zero case above.
Message structure: multipart and multimodal
ACP's content model is a small, multimodal structure. A Message has:
- a
roleidentifying the sender —user,agent, or the qualified formagent/{name}; and - a
partsarray: an ordered list of MessagePart objects.
Each MessagePart carries:
content_type(required) — a MIME type such astext/plain,image/png, orapplication/json;- exactly one of
content(inline) orcontent_url(a reference) — the two are mutually exclusive; content_encoding(optional) —"plain"(default) or"base64"for binary payloads;name(optional) — naming a part promotes it to an Artifact (a first-class output such as a file or attachment); andmetadata(optional) — contextual or semantic annotations.
Because a message is an ordered list of typed parts, a single message can interleave prose, images, and structured JSON — the "multipart" character that distinguishes ACP messages from a single text blob.
Runs: the unit of execution and its lifecycle
Invoking an agent creates a run. A run progresses through a defined set of statuses; the specification defines seven:
created → in-progress → completed, with branches to awaiting (paused for input),
cancelling → cancelled, and failed.
stateDiagram-v2
[*] --> created
created --> in_progress: start
in_progress --> completed: done
in_progress --> awaiting: needs input
awaiting --> in_progress: resume (POST /runs/{run_id})
in_progress --> failed: error
in_progress --> cancelling: cancel requested
cancelling --> cancelled
completed --> [*]
failed --> [*]
cancelled --> [*]
A run is created by POST /runs. The request body names the agent, supplies the input messages,
and selects an execution mode:
sync— the HTTP call blocks and returns the finished run (with itsoutput) in the response.async— the call returns immediately with arun_idand an early status (e.g.created/in-progress); the client then pollsGET /runs/{run_id}until the run reaches a terminal state.stream— the server streams incremental events as the run progresses, delivered over Server-Sent Events (SSE) over HTTP.
Annotated REST example (synchronous run)
curl -X POST http://localhost:8000/runs \
-H "Content-Type: application/json" \
-d '{
"agent_name": "echo", # which agent to invoke (from GET /agents)
"input": [ # an array of ACP Messages
{ "role": "user",
"parts": [ { "content": "Hello" } ] } # one MessagePart, inline content
],
"mode": "sync" # block and return the finished run
}'
{
"agent_name": "echo",
"status": "completed", // terminal run status
"output": [ // array of Messages produced by the agent
{ "role": "agent/echo", // qualified agent role
"parts": [
{ "content_type": "text/plain", "content": "Hello" }
] }
],
"await_request": null // non-null only when status == "awaiting"
}
In async mode the same POST /runs instead returns a run_id with status created/
in-progress, and the client polls GET /runs/{run_id}.
The await / interactive pattern
ACP's most distinctive feature is interactive runs. Mid-execution, an agent can pause to
request external information — a clarifying question, a credential, a human approval. The run
transitions to the awaiting status and the response carries an AwaitRequest (surfaced in
the await_request field) describing what is needed. The client supplies the answer with an
AwaitResume payload via POST /runs/{run_id}, and the run resumes from where it stopped.
This is how ACP models long, multi-turn, human-in-the-loop work without holding an HTTP
connection open.
Related stateful work is grouped with a session_id: passing the same session identifier
across multiple runs lets an agent "maintain state across multiple agent runs" (conversation
history and context), while runs without a session are effectively stateless.
AGNTCY — the "Internet of Agents" collective
AGNTCY is not a single wire protocol; it describes itself as the collective building the Internet of Agents (IoA) — "a new collaboration layer that lets multi-agent systems work together regardless of who built them or where they run." It was initially open-sourced by Cisco in March 2025 (its incubator, Outshift, drove the work, with early collaboration from LangChain and Galileo) and was welcomed into the Linux Foundation on July 29, 2025, with Cisco, Dell Technologies, Google Cloud, Oracle, and Red Hat named as formative members. The LF press release names five building blocks: OASF, the Agent Directory (Agent Discovery), SLIM, Agent Identity, and Agent Observability.
Rather than prescribe how two agents byte-exchange, AGNTCY supplies the infrastructure an open
agent ecosystem needs — discovery, identity, a secure transport, and observability — and is
explicitly interoperable with A2A and MCP (it makes A2A agents and MCP servers discoverable
and identity-bearing rather than replacing them). The cleanest way to read AGNTCY is as five
components, each its own repo under the agntcy GitHub org, that compose into a stack.
OASF — the Open Agentic Schema Framework
OASF is AGNTCY's data model for describing an agent. Its vocabulary is precise and self-referential:
- a field is a named piece of data with a
data_type; - an object is a collection of contextually related fields (and is itself a
data_type); - a class is a named set of attributes (fields and objects) — also a
data_type— that represents the metadata of a record.
At the core of OASF is the record object, the primary data structure for an agentic application. Classes are grouped into three families — Skills, Domains, and Modules — and a record is annotated with skills and domains (drawn from a versioned taxonomy of capabilities) to drive announcement and discovery, while modules extend a record with additional information in a modular, composable way. Records also carry locators (where to reach the agent) among their key attributes. Because OASF is schema-driven, the AGNTCY tooling (e.g. the Directory MCP server) can import from MCP/A2A formats — wrapping an A2A Agent Card or an MCP server — and export to others, so an OASF record is a superset descriptor rather than a rival manifest format. The live schema (Skills/Domains/Modules taxonomies) is browsable at the OASF schema server.
Agent Directory (dir) — discovery over a content-addressed, federated store
The Agent Directory Service (ADS) is the discovery layer, and its design is the philosophical heart of AGNTCY: a registry of registries, not one central catalog. Concretely:
- Records are the units stored, each an OASF record describing one agent. A record is content-addressed: it is stored and retrieved by its CID (Content Identifier).
- The Store is a content-addressable layer backed by an OCI registry (the reference implementation uses Zot), reusing OCI/ORAS plumbing rather than a bespoke database.
- A Distributed Hash Table (DHT) maps agent attributes — skills, domains, modules, and locators — to record identifiers, so the skill taxonomy itself is routable: a query for a skillset resolves to the records (and the peer servers hosting them) that announce it.
- A content-routing protocol ties independent Agent Directory servers together, letting distributed instances federate into a shared, searchable inventory (Outshift also runs a hosted public directory).
The CLI (dirctl) exposes the lifecycle directly: you push a record into the local store,
pull it back by CID, publish (announce) it so other peers can find it, then list
records held locally on a peer versus search across the network via cached announcements.
Records can be cryptographically signed and verified for trust. The directory exposes
gRPC APIs and protobuf schemas (published at buf.build/agntcy/dir).
SLIM — the secure messaging transport
SLIM (Secure Low-Latency Interactive Messaging) is AGNTCY's transport layer: it defines how messages are securely delivered, leaving what they say to protocols like A2A and MCP (for which SLIM is explicitly positioned as the transport). Its concrete shape:
- it is built on gRPC over HTTP/2 and HTTP/3, and extends plain gRPC beyond request/reply to add publish/subscribe, streaming, fire-and-forget, and group/channel communication;
- end-to-end encryption uses MLS (Message Layer Security) at a dedicated session layer — so that even TLS connection termination along the path does not break confidentiality;
- SLIMRPC / SRPC carries protobuf RPC over SLIM (analogous to gRPC-over-HTTP/2);
- the deployment splits a data plane (the
slimmessage-routing nodes) from a control plane (the SLIM Controller, which configures nodes and monitors the network).
Identity — verifiable credentials and Agent Badges
AGNTCY Identity onboards and verifies identities for Agents, MCP Servers, and Multi-Agent
Systems (MASs) under one model with three stated properties: Open (no central authority
required), Collision-free (a universally unique identifier per entity), and Verifiable
(each entity is backed by a Verifiable Credential). It is deliberately bring-your-own-identity
— an entity can be identified by an IdP account (Okta, Entra ID, Auth0, Google), by an A2A
/.well-known/agent.json Agent Card, or by a W3C DID — and that identifier is then bound to
one or more Verifiable Credentials (VCs). The headline primitive is the Agent Badge: an
enveloped VC captured as a JSON-LD object that asserts a specific definition of an agent
under a given schema (an OASF definition or an A2A Agent Card schema), so one agent may hold
several badges for nuanced, least-privilege access.
Observability — OTel-native telemetry for multi-agent systems
AGNTCY Observability ships an Observe SDK and an observability data schema that is an extension of OpenTelemetry (OTel), following the GenAI semantic conventions. It captures the three OTel signal types — Metrics, Traces, and Events — enriched with MAS-specific measures (e.g. agent-collaboration success rate, task-delegation accuracy), so multi-agent runs are inspectable across frameworks without re-instrumentation.
Philosophy and status
AGNTCY's bet is that the missing piece is discovery, identity, and trust at enterprise scale,
not the message format — so it standardizes the directory, schema, identity, and transport
(OASF + dir + Identity + SLIM + Observability) and stays deliberately neutral about whether the
agents then talk A2A, MCP, or something else. It is an active, multi-repo Linux Foundation
project under continuing development.
ANP — the Agent Network Protocol
ANP (Agent Network Protocol) takes the opposite stance from a central endpoint or registry: it aims to be "the HTTP of the Agentic Web era," a decentralized, peer-to-peer standard in which agents meet as equals on the open internet with no required intermediary. It is developed and maintained by the open-source community, which "pledges never to commercialize," and its standardization is being pursued through the W3C AI Agent Protocol Community Group. Where AGNTCY centralizes discovery in a (federated) directory, ANP pushes identity and discovery to the edge and relies on the web itself.
Three-layer architecture
ANP is structured as three layers, bottom-up:
- Identity & encrypted communication layer. Every agent has a self-sovereign,
cryptographic identity based on the W3C did (Decentralized Identifier) standard,
specifically the
did:wba("Web-Based Agent") method.did:wbabuilds ondid:web: it requires no blockchain and resolves over ordinary HTTPS. An identifier looks likedid:wba:example.comordid:wba:example.com:user:alice; resolution converts the method-specific colons to slashes, prependshttps://, and fetches the DID document at/.well-known/did.json(e.g.did:wba:example.com→https://example.com/.well-known/did.json). Authentication is single-request: the client puts its DID and a signature in the first HTTP request via anAuthorization: DIDWba …header carryingdid,nonce,timestamp,verification_method, andsignature(a signature over the canonicalized nonce + timestamp + service domain + DID); the server verifies against the public key in the DID document and typically returns a short-lived JWT for follow-up calls. End-to-end encryption is negotiated via ECDHE, and high-risk operations can require a separatehumanAuthorizationcheck — all without a central authority. - Meta-protocol layer. Agents negotiate how they will communicate in natural language, then use AI code generation to produce, jointly debug, and deploy the agreed protocol — letting two agents that never pre-shared an interface still establish one dynamically, and caching negotiated protocols for reuse. This is ANP's most distinctive idea: the wire contract is emergent, not pre-standardized.
- Application protocol layer. Built on semantic-web technologies (json-ld,
schema.org, RDF), this layer holds the Agent Description Protocol (ADP) and an Agent
Discovery mechanism. An Agent Description is a JSON-LD document whose required fields include
protocolType("ANP"),protocolVersion,type("AgentDescription"),name,securityDefinitions, andsecurity, with optionaldid,owner,description,url,created,interfaces, and aproof. AsecurityDefinitionnames the scheme — e.g.{"scheme": "didwba", "in": "header", "name": "Authorization"}referenced asdidwba_sc.interfacescome in two shapes: aNaturalLanguageInterface(conversational, often YAML-described) and aStructuredInterfaceover protocols like OpenRPC, MCP, WebRTC, or YAML/OpenAPI, with an optionalhumanAuthorization: trueon sensitive operations. Theproofobject (e.g.type: "EcdsaSecp256r1Signature2019", withproofPurpose,verificationMethod,challenge, andproofValue, using JCS JSON Canonicalization + SHA-256) makes the description tamper-evident.
Annotated Agent Description (abridged)
{
"protocolType": "ANP", // fixed discriminator
"protocolVersion": "1.0.0",
"type": "AgentDescription",
"name": "Grand Hotel Assistant",
"did": "did:wba:grand-hotel.com:service:hotel-assistant", // self-sovereign id
"url": "https://grand-hotel.com/agents/assistant/ad.json", // where this doc lives
"securityDefinitions": {
"didwba_sc": { "scheme": "didwba", "in": "header", "name": "Authorization" }
},
"security": "didwba_sc", // callers authenticate with a signed DIDWba header
"interfaces": [
{ "type": "StructuredInterface", "protocol": "MCP", // reuse an MCP server, or…
"url": "https://grand-hotel.com/agents/assistant/mcp" },
{ "type": "NaturalLanguageInterface", // …just talk to it
"url": "https://grand-hotel.com/agents/assistant/nl" }
],
"proof": { // tamper-evidence over the canonicalized doc
"type": "EcdsaSecp256r1Signature2019",
"proofPurpose": "assertionMethod",
"verificationMethod": "did:wba:grand-hotel.com:service:hotel-assistant#keys-1",
"proofValue": "<base64url-signature>"
}
}
Note how a single description can advertise both an MCP StructuredInterface and a
free-form NaturalLanguageInterface — ANP catalogues other protocols rather than replacing them.
Discovery and philosophy
ANP's Agent Discovery Protocol follows RFC 8615: a domain publishes a JSON-LD document at
the well-known URI /.well-known/agent-descriptions that lists the URLs of all its public
agent descriptions (typed as a CollectionPage, paginated via a next property), so any peer —
or a search engine — can crawl a domain knowing nothing but its name (active discovery);
agents may also register their description URLs with a search-service agent (passive
discovery). No central registry is required. The philosophy is full decentralization: identity
is self-sovereign (DID), discovery is host-local (well-known URIs), and trust is cryptographic
rather than mediated by a platform — which is why the community positions ANP as a neutral,
non-commercial public good rather than a vendor standard.
Three philosophies, side by side
The three differ less in features than in where each puts the center of gravity — the one
thing it refuses to let move. ACP centralizes on a known REST endpoint: an agent is an HTTP
service and the contract is the URL. AGNTCY centralizes on a federated registry: the schema
(OASF) and the content-addressed, DHT-routed Agent Directory are the fixed point, and the wire
protocol between agents is left open (A2A, MCP, or SLIM). ANP refuses to centralize at all:
identity is self-sovereign (did:wba), discovery is host-local (well-known URIs), and even the
protocol itself is negotiated per-pair at the meta-protocol layer. Read as a spectrum, they run
from "trust the endpoint" (ACP) through "trust the registry" (AGNTCY) to "trust only the
cryptography" (ANP):
flowchart TB
subgraph ACP["ACP — centralized REST endpoint"]
A1[Client] -->|"POST /runs"| A2[Agent HTTP service]
end
subgraph AGNTCY["AGNTCY — federated directory / registry"]
G1[Agent] -->|publish OASF record| G2[(Directory dir / DHT)]
G3[Client] -->|discover| G2
G2 -. federates .- G4[(Peer directory)]
end
subgraph ANP["ANP — decentralized DID, no intermediary"]
N1[Agent A
did:wba] <-->|"fetch /.well-known
+ signed requests"| N2[Agent B
did:wba]
end
| Dimension | ACP | AGNTCY | ANP |
|---|---|---|---|
| Core philosophy | Centralized REST endpoint | Federated directory / registry | Fully decentralized, peer-to-peer |
| Transport | REST over HTTP | SLIM — gRPC/HTTP-2, MLS-encrypted (+ interop with A2A/MCP) | HTTP(S); JSON-LD over signed requests |
| Wire format | REST + MIME-typed parts | OASF records (field/object/class) | JSON-LD Agent Descriptions + signed HTTP |
| Discovery | GET /agents (+ offline manifest) |
Agent Directory (dir): CID-addressed records, DHT-routed by skill |
/.well-known/agent-descriptions (RFC 8615) |
| Identity | App/transport-level | AGNTCY Identity: VCs + JSON-LD Agent Badges | W3C DID (did:wba), self-sovereign |
| Governance | Linux Foundation (merged into A2A) | Linux Foundation (Cisco/Outshift, since Jul 29 2025) | W3C AI Agent Protocol CG; community-run |
| Status (2026) | Consolidated into A2A | Active, five components | Active, decentralized/spec-stage |
For how these compare against MCP and A2A overall, see protocols-comparison.html.
Key takeaways
- ACP treated an agent as a plain REST service —
GET /agentsto discover,POST /runsto invoke — with async-first runs, a seven-state run lifecycle (created,in-progress,awaiting,cancelling,cancelled,failed,completed), MIME-typed multipart messages, and anawaiting/AwaitRequest pattern for human-in-the-loop work. It has since merged into A2A. - AGNTCY standardizes infrastructure — a five-component stack: the OASF schema
(record/field/object/class, with Skills/Domains/Modules families), a federated Agent
Directory of CID-addressed records routed by skill over a DHT (OCI/Zot-backed,
dirctl push/pull/publish/list/search), the SLIM transport (gRPC/HTTP-2 with MLS end-to-end encryption), Identity (VCs and JSON-LD Agent Badges), and OTel-based Observability — rather than a single message format, and is explicitly interoperable with A2A and MCP. It joined the Linux Foundation on July 29, 2025. - ANP pushes everything to the edge: self-sovereign DID identity (
did:wba, resolved at/.well-known/did.json, authenticated by a signedDIDWbaheader), a meta-protocol layer that negotiates the wire contract in natural language, JSON-LD Agent Descriptions, and host-local well-known discovery (/.well-known/agent-descriptions) — cryptographically signed peer-to-peer exchange with no central registry.