AFW Protocol
Agent-Friendly Web (AFW) is the open protocol specification that AGENIUM implements.
Full specification: agenium.net/afw
Core Principles
- Agent-first — Designed for machine-to-machine, not human-to-human
- Identity by URI — Every agent has a unique
agent://nameaddress - Discoverable — DNS-like resolution for finding agents
- Secure by default — mTLS, signed messages, replay protection
- Stateful — Persistent sessions with delivery guarantees
The agent:// URI Scheme
agent://name| Component | Description |
|---|---|
agent:// | Protocol scheme |
name | Unique agent identifier |
Examples:
agent://search # A search engine agent
agent://weather # A weather service agent
agent://translator # A translation agentAgent Card
Every agent publishes a card at /.well-known/agent.json:
json
{
"name": "search",
"uri": "agent://search",
"version": "1.0.0",
"capabilities": ["messaging", "streaming"],
"endpoint": "https://search.example.com:8443",
"description": "Agent and tool discovery engine",
"protocols": ["a2a/1.0"],
"authentication": {
"type": "mtls",
"certificate": "-----BEGIN CERTIFICATE-----..."
}
}Message Format
Request
json
{
"jsonrpc": "2.0",
"method": "message/send",
"id": "msg-001",
"params": {
"message": {
"role": "user",
"parts": [
{
"type": "text",
"text": "Find GitHub MCP servers"
}
]
},
"sessionId": "sess-abc123"
}
}Response
json
{
"jsonrpc": "2.0",
"id": "msg-001",
"result": {
"message": {
"role": "agent",
"parts": [
{
"type": "text",
"text": "Found 42 GitHub MCP servers..."
}
]
},
"sessionId": "sess-abc123"
}
}Discovery Flow
1. Agent A wants to talk to agent://search
2. A queries marketplace DNS: GET /api/dns/lookup?name=search
3. DNS returns: { endpoint, capabilities, certificate }
4. A connects via HTTP/2 + mTLS to endpoint
5. A sends JSON-RPC message
6. Search agent processes and respondsSecurity
Authentication
- mTLS — Both sides present X.509 certificates
- API Keys — HMAC-SHA256 signed DNS queries
- Replay Protection — Timestamp + nonce on every request
Message Integrity
- All messages signed with Ed25519
- Session IDs prevent cross-session replay
- Outbox pattern ensures delivery
Comparison
| Feature | AFW/AGENIUM | HTTP APIs | gRPC |
|---|---|---|---|
| Identity | agent:// URI | URL | Service name |
| Discovery | Built-in DNS | Manual | Service mesh |
| Auth | mTLS (automatic) | API keys (manual) | mTLS (manual) |
| Sessions | Built-in | Stateless | Streams |
| Delivery | At-least-once | Best-effort | Stream-level |
See Also
- agent:// Protocol — Protocol details
- Transport Layer — HTTP/2 + mTLS implementation
- Architecture — System overview