Quick Start
Publish and discover your first agent in minutes.
Quick Start
AID is the 0-th hop for agent discovery. Start with a domain, publish one _agent TXT record, and clients can find the endpoint, protocol, and optional endpoint proof key.
Use this page for the happy path. Deeper field rules live in the Specification, SDK details live in SDKs and Packages, and PKA mechanics live in PKA Endpoint Proof.
Publish An Agent
Install the CLI:
npm install -g @agentcommunity/aid-doctor
Generate a record interactively:
aid-doctor generate
# Optional: save the output to a file for later deployment
aid-doctor generate --save-draft /path/to/my-record.txt
The wizard prompts for uri, proto, optional auth, desc, and other fields, then prints the canonical TXT value and copies it to your clipboard:
v=aid2;u=https://api.example.com/mcp;p=mcp;s=Example AI Tools
Publish it in DNS:
| DNS field | Value |
|---|---|
| Type | TXT |
| Name | _agent |
| Content | v=aid2;u=https://api.example.com/mcp;p=mcp;s=Example AI Tools |
| TTL | 300 |
For the full key table, aliases, allowed URI schemes, and metadata rules, see the current AID v2 specification.
Verify The Record
After DNS propagates, run:
aid-doctor check example.com --show-details
You can also inspect the raw DNS answer:
dig TXT _agent.example.com
For CI, use JSON output:
aid-doctor json example.com > aid-result.json
Discover From A Client
Install the TypeScript SDK:
pnpm add @agentcommunity/aid
Discover the endpoint:
import { discover } from '@agentcommunity/aid';
const { record } = await discover('example.com');
console.log(record.proto);
console.log(record.uri);
Browser clients use the browser entrypoint, which resolves through DNS-over-HTTPS and optional .well-known fallback:
import { discover } from '@agentcommunity/aid/browser';
const { record } = await discover('example.com');
console.log(record.uri);
Language-specific guides:
Add Endpoint Proof
For production or high-trust deployments, add k with an Ed25519 public key:
v=aid2;u=https://api.example.com/mcp;p=mcp;k=ebVWLo_mVPlAeLES6KmLp5AfhTrmlb7X4OORC60ElmQ
When k is present, compliant clients perform the AID v2 PKA endpoint-proof handshake before trusting the endpoint. The CLI and SDKs handle the wire details. By default they also send the queried host in the AID-Domain header and report a domainBound indicator (true only for a verified domain-bound proof — one whose aid-pka-v2 covered set includes "aid-domain";req). Requesting binding does not by itself mitigate unauthorized association — only domain-binding=require enforces it. See Specification Appendix B.7.
Read Identity & PKA for the concept and PKA Endpoint Proof for implementation details.