The Agent Identity Stack: How AI Agents Are Discovered, Verified, Called, Paid, and Governed
Agent identity stack is the public layer of records, files, endpoints, payment metadata, and governance controls that let an AI agent be discovered, verified, called, paid, and retired from one persistent identity. The stack connects identity, trust, tools, commerce, and lifecycle operations before an agent acts across platforms.
For HeadlessDomains.com, the practical stack starts with a .agent name, then attaches agent.json, SKILL.md, llms.txt, OpenAPI, MCP, A2A, payment metadata, directory profiles, proof links, and owner controls. The result is a public inspection path for the agentic web.
Human Identity vs Agent Identity
Human identity points to a person, account, employee, customer, or credential holder. Agent identity points to an autonomous software actor that can read context, call tools, represent an operator, and act across systems. The human sponsor stays accountable, but the agent should have its own public record instead of borrowing a human login or hiding behind a marketplace profile.
That distinction becomes important when agents connect to APIs, MCP servers, A2A peers, checkout flows, and directories. Humans can rely on memory, contracts, and account recovery. Agents benefit from machine-readable records that expose operator, purpose, capabilities, endpoint claims, and review state.
Public Identity vs Internal IAM Identity
Internal IAM controls access inside an organization: accounts, service principals, tokens, scopes, policies, logs, and revocation. Public identity answers a different question: what should another agent, merchant, API, or directory inspect before trusting a named surface outside that organization?
A strong stack uses both. IAM governs private access. The .agent record gives external systems a stable public anchor for manifests, proof links, endpoint metadata, payment context, and lifecycle state.
Agent Identity Stack at a Glance
| Layer | Question answered | Published artifact | Risk reduced |
|---|---|---|---|
| Discovery | Where can agents find this surface? | llms.txt, directory profile, internal links | Invisible or duplicated agent surfaces |
| Identity | Who operates this agent? | .agent record, agent.json, DNS TXT proof | Anonymous endpoints and spoofed listings |
| Capability | What can the agent do? | SKILL.md, OpenAPI, MCP, A2A Agent Card | Unclear tool scope and unsafe delegation |
| Commerce | How can value move? | x402, AP2, MPP, BMOS catalog metadata | Unverified spending and weak receipt trails |
| Governance | Who can review, limit, or retire the agent? | Owner, scopes, logs, offboarding status | Shadow automation and stale authority |
Start With Discovery
Discovery is the first layer because an agent cannot inspect a surface that stays hidden or scattered across profiles. A curated /llms.txt file points language models toward high-value pages, docs, APIs, policies, and machine-readable resources. Directory profiles add a public browsing layer for humans and agents.
This is where llms.txt, SKILL.md, and agent.json work together. llms.txt maps the content. SKILL.md explains repeatable workflows. In the HeadlessDomains.com convention, agent.json identifies the agent and its published surfaces.
Add a Public Identity Anchor
A marketplace listing, chat profile, GitHub repo, MCP endpoint, or checkout integration can describe an agent, but none of those is enough by itself. The identity layer gives every surface one canonical place to resolve: the .agent record.
HeadlessDomains.com positions .agent as a persistent identity for autonomous agents. A .agent record can point to operator details, agent.json, SKILL.md, TXT records, endpoint metadata, public keys, payment data, and directory profiles. That keeps agent identity portable across apps, APIs, marketplaces, and partner workflows.
Make the Agent Callable
Once an agent is discoverable and verifiable, the next layer explains how other systems can interact with it. OpenAPI describes HTTP endpoints in JSON or YAML. MCP exposes tools, resources, and prompts to agent clients. A2A publishes Agent Cards at a well-known discovery path so peer agents can discover supported interfaces, skills, authentication schemes, and task exchange patterns.
These protocols do different jobs. MCP helps an agent call tools and context. A2A helps agents coordinate with other agents. OpenAPI gives developers and machines a deterministic API contract. The identity stack links all three back to a single public actor.
Attach Payments and Commerce Metadata
Payment protocols should not float apart from identity. x402 uses HTTP 402 so clients can pay for APIs and content programmatically. AP2 uses mandates and receipts to support agent-performed payments. MPP supports machine-to-machine payment flows. BMOS gives merchants a catalog layer for AI shopping and can feed that commerce surface into a .agent identity.
The identity layer does not replace payment verification. It gives payment systems, merchants, and counterparties a place to inspect the agent name, operator, endpoints, policy URLs, public keys, and proof links before value moves.
Govern the Lifecycle
Agent identity should also include lifecycle controls. A production agent should expose owner contact, scope, policy, review date, revocation path, incident contact, and retirement status. Otherwise a retired endpoint, cloned listing, stale marketplace profile, or old payment authority can keep acting after the organization has moved on.
For enterprise teams, public identity complements internal IAM. IAM governs credentials, tokens, logs, and policy inside the organization. A public identity record gives external agents, merchants, APIs, and directories a shared place to inspect who the agent represents.
Implementation Checklist
- Register a .agent identity for every agent that crosses app, API, tool, marketplace, or payment boundaries.
- Publish
agent.jsonwith operator, purpose, capabilities, endpoints, auth model, public keys, proof links, and profile URL. - Publish
/SKILL.mdfor repeatable workflows agents should follow. - Publish
/llms.txtwith curated docs, product pages, API references, policies, and hub articles. - Attach OpenAPI and MCP metadata when the agent exposes callable endpoints or tools.
- Attach A2A Agent Card metadata when the agent collaborates with peer agents.
- Attach payment metadata for x402, AP2, MPP, checkout policy, receipts, and dispute evidence.
- Link the same public identity from marketplace listings, docs, directory pages, and internal registries.
- Track owners, scopes, review dates, incident contacts, and retirement status.
Example Identity Record
{"name":"atlas.agent","operator":"Atlas Research","purpose":"research procurement agent","identity":{"agent_json":"https://atlas.agent/.well-known/agent.json","skill_md":"https://atlas.agent/SKILL.md","llms_txt":"https://atlas.agent/llms.txt","directory_profile":"https://agents.headlessdomains.com/atlas.agent"},"interfaces":{"openapi":"https://api.atlas.agent/openapi.json","mcp":"https://api.atlas.agent/mcp","a2a_agent_card":"https://atlas.agent/.well-known/agent-card.json"},"payments":{"x402":"https://api.atlas.agent/x402","mpp":"https://api.atlas.agent/.well-known/mpp","ap2_policy":"https://atlas.agent/policies/ap2"},"governance":{"owner":"security-team@example.com","status":"active","review_cycle":"monthly","retirement":"https://atlas.agent/offboarding"}}Where Headless Domains Fits
HeadlessDomains.com gives the stack a persistent public anchor. A .agent identity can connect the agent name, manifest, playbook, records, endpoints, payment metadata, directory profile, and governance state into one inspection path.
Start by registering a .agent identity, then publish the artifacts that other agents can resolve before they call tools, delegate work, or send payment. Pair commerce work with BMOS catalog feeds when merchants want agent-readable product data tied to identity.
Agent Identity Hub Reading Path
- llms.txt vs SKILL.md vs agent.json
- How to Make Your Website AI-Agent Readable
- Markdown for Agents
- AI Crawler Readiness Checklist
- agent.json Examples for Public AI Agent Identity
- A2A Agent Identity
- MCP vs A2A: Tools, Collaboration, and the Missing Identity Layer
- Agent-to-Agent Commerce: The Trust Layer Nobody Can Skip
- The Agent Handshake
- Canonical Identity for AI Agents
- Your Marketplace Name Is Not Agent Identity
- The Agent Identity Graph
- AI Agent Name Collision
- What Is Agent Identity?
- What Is agent.json?
- What Is SKILL.md?
- What Is an AI-Readable Website?
- What Is a Machine-Readable Identity Record?
- What Is Agent-to-Agent Commerce?
- What Is an Agent Trust Layer?
Product Links
- HeadlessDomains.com Domain Search
- .agent registration
- Headless Profile Directory
- HeadlessDomains.com docs
- HeadlessDomains.com SKILL.md
- HeadlessDomains.com OpenAPI
- HeadlessDomains.com MCP server
- BMOS catalog layer
Sources
- HeadlessDomains.com
- .agent page
- Model Context Protocol specification
- Model Context Protocol authorization
- A2A Protocol specification
- x402 documentation
- x402 homepage
- AP2 specification
- llms.txt proposal
- Cloudflare Markdown for Agents
- OpenAI Skills overview
- OpenAPI Initiative overview
- BMOS homepage
FAQ
What is an agent identity stack?
An agent identity stack is the public bundle that lets an AI agent be discovered, verified, called, paid, and governed. It usually includes a name, manifest, workflow playbook, content map, API contract, tool endpoints, payment metadata, proof links, and lifecycle controls.
Is a .agent record the same as enterprise IAM?
No. Enterprise IAM controls internal access, credentials, scopes, and logs. A .agent record complements IAM by giving external agents, merchants, APIs, directories, and partner tools a stable public record to inspect.
Where do MCP and A2A fit?
MCP fits in the callable tool layer. A2A fits in the peer-agent collaboration layer. A public identity record should link to both when an agent exposes tools and also coordinates work with other agents.
Where do x402, AP2, and MPP fit?
Payment protocols fit after identity and policy inspection. x402 supports HTTP-native paid access, AP2 supports mandate and receipt evidence for agent-performed payments, and MPP supports machine-to-machine payment flows.
Should every AI agent publish agent.json?
Any agent that crosses platform, tool, API, marketplace, or payment boundaries should publish a machine-readable manifest. For HeadlessDomains.com records, agent.json gives verifiers a structured place to inspect operator, purpose, capabilities, endpoints, auth model, payment metadata, and proof links.
What should teams publish first?
Publish the public identity anchor first, then connect agent.json, SKILL.md, llms.txt, OpenAPI, MCP, A2A Agent Card, payment metadata, and profile links. That order gives verifiers one path to inspect before interaction.