Skip to content

openagp/registry

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
 
 
 
 
 
 
 
 
 
 

openagp/registry

Public directory of AGP-compliant actors (vendors, planes, customers).

What's here

  • actors/ — one signed JSON file per registered actor

Each entry includes:

  • Actor identity (FQDN, vendor/plane/customer kind)
  • Conformance level (L1, L2, L3)
  • Public keys (Ed25519, with key_id and purpose)
  • Endpoints
  • Signed CTS conformance report reference

Submitting an entry

  1. Run agp-cts against your endpoint to produce a signed conformance report.
  2. Copy actors/example.openagp.io.json to actors/<your-fqdn>.json and replace the identity, public keys, endpoints, and conformance report with your own. The file MUST be named for your FQDN — CI rejects a mismatch between the filename and actor.fqdn.
  3. Sign the entry with one of the keys you listed in public_keys (see "Signing your entry" below). The entry follows schemas/actor.json.
  4. Open a PR.
  5. A maintainer verifies the conformance report's signature, schema validity, and endpoint reachability, then merges.

Signing your entry

Registry entries are self-signed: you sign your own entry with one of the Ed25519 keys it advertises, exactly as you sign AGP events — ADR 0001 (RFC 8785 JCS + Ed25519). The reference SDKs use one signing protocol for every message kind:

from openagp.events import sign   # same signing protocol used for events and policies
import json

entry = json.load(open("actors/your-fqdn.json"))   # authored without signature.value
signed = sign(entry, private_key_b64=YOUR_KEY, key_id="your-key-2026", kind="actor")
json.dump(signed, open("actors/your-fqdn.json", "w"), indent=2)

actors/example.openagp.io.json is a complete, schema-valid, correctly-signed reference entry you can diff against. Its keypair is a fixed example seed — do not reuse it; generate your own.

Trust model

Entries are themselves signed. A registry merge is an attestation that the entry is well-formed and the conformance report is valid — not an endorsement of the actor's product. Anyone can mirror this registry; verification works without the central index.

Local validation

Before opening a PR, run the same checks CI does:

# Clone the spec sibling — the actor schema (once it lands) lives there.
git clone https://github.com/openagp/spec ../spec

# Parse and structurally validate every actor entry.
python - <<'PY'
import json, pathlib
for f in pathlib.Path("actors").glob("*.json"):
    json.loads(f.read_text())
    print(f"OK {f}")
PY

# Once spec/schemas/actor.json exists, also run:
# python -m jsonschema -i actors/your-domain.json ../spec/schemas/actor.json

The CI workflow at .github/workflows/validate-entries.yml runs the authoritative checks — match that locally for fewer round-trips.

Contributing

See CONTRIBUTING.md at the org level for DCO sign-off and PR conventions, and SUPPORT.md for where to ask questions.

License

Registry data is published under CC0 — no rights reserved. Your contributed entry includes your own signed claims; CC0 applies to the index, not to the cryptographic claims you make in your own entry.

About

Public directory of AGP-compliant actors (vendors, planes, customers)

Topics

Resources

License

Code of conduct

Contributing

Security policy

Stars

0 stars

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors