Layer 7: Protocol
Overview
Section titled “Overview”The Protocol Layer (L7) defines standardized communication protocols enabling agents from different vendors and systems to discover, connect, and work together. This is the top layer required for ARAL-INTEROP profile.
magnifying-glass Discovery
Find and connect to agents
envelope Message Format
Standardized message structure
key Authentication
Secure identity verification
handshake Capability Exchange
Negotiate what agents can do together
Protocol Architecture
Section titled “Protocol Architecture”Message Format
Section titled “Message Format”All ARAL protocol messages follow this structure:
interface ARALMessage { // Header header: { version: string // Protocol version (e.g., "1.0") messageId: string // Unique message ID timestamp: number // Unix timestamp sender: AgentIdentity // Sending agent recipient?: AgentIdentity // Target agent (optional for broadcast) }
// Body body: { type: MessageType // Type of message payload: any // Message content }
// Optional signature for verification signature?: string}
interface AgentIdentity { id: string // Agent ID name: string // Agent name endpoint: string // Agent URL/endpoint profile: ARALProfile // CORE, ORCH, or INTEROP}
type MessageType = | 'discovery' | 'handshake' | 'capability-exchange' | 'task-request' | 'task-response' | 'error' | 'heartbeat'Agent Discovery
Section titled “Agent Discovery”class AgentDiscovery { async discover( registry: string, filter?: DiscoveryFilter ): Promise<Agent[]> { // Query agent registry const response = await fetch(`${registry}/agents`, { method: 'POST', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify({ header: { version: '1.0', messageId: generateId(), timestamp: Date.now(), sender: this.identity }, body: { type: 'discovery', payload: { capabilities: filter?.capabilities, profile: filter?.profile, location: filter?.location } } }) })
const message = await response.json() as ARALMessage return message.body.payload.agents }
async announce(registry: string): Promise<void> { // Announce this agent to registry await fetch(`${registry}/register`, { method: 'POST', body: JSON.stringify({ header: { version: '1.0', messageId: generateId(), timestamp: Date.now(), sender: this.identity }, body: { type: 'announcement', payload: { agent: this.identity, capabilities: this.capabilities, endpoint: this.endpoint, metadata: this.metadata } } }) }) }}Connection Handshake
Section titled “Connection Handshake”class ProtocolHandler { async initiateHandshake( targetAgent: AgentIdentity ): Promise<Connection> { // 1. Send handshake request const handshakeRequest: ARALMessage = { header: { version: '1.0', messageId: generateId(), timestamp: Date.now(), sender: this.identity, recipient: targetAgent }, body: { type: 'handshake', payload: { protocolVersion: '1.0', supportedTransports: ['https', 'wss', 'grpc'], capabilities: this.capabilities, authMethods: ['mtls', 'jwt', 'oauth2'] } } }
const response = await this.send(targetAgent.endpoint, handshakeRequest)
// 2. Verify response if (response.body.type !== 'handshake-ack') { throw new Error('Invalid handshake response') }
// 3. Negotiate transport and authentication const transport = this.negotiateTransport( handshakeRequest.body.payload.supportedTransports, response.body.payload.supportedTransports )
const authMethod = this.negotiateAuth( handshakeRequest.body.payload.authMethods, response.body.payload.authMethods )
// 4. Authenticate await this.authenticate(targetAgent, authMethod)
// 5. Establish connection return new Connection({ agent: targetAgent, transport, authMethod, sessionId: response.body.payload.sessionId }) }}Capability Exchange
Section titled “Capability Exchange”interface CapabilityExchange { // What this agent can do capabilities: Capability[]
// What this agent needs requirements: Requirement[]
// Compatibility check compatible: boolean}
async function exchangeCapabilities( localAgent: Agent, remoteAgent: Agent): Promise<CapabilityExchange> { // Send capabilities const message: ARALMessage = { header: { version: '1.0', messageId: generateId(), timestamp: Date.now(), sender: localAgent.identity, recipient: remoteAgent.identity }, body: { type: 'capability-exchange', payload: { capabilities: localAgent.getCapabilities(), requirements: localAgent.getRequirements() } } }
const response = await send(remoteAgent.endpoint, message)
// Analyze compatibility const compatible = analyzeCompatibility( localAgent.getCapabilities(), response.body.payload.requirements ) && analyzeCompatibility( response.body.payload.capabilities, localAgent.getRequirements() )
return { capabilities: response.body.payload.capabilities, requirements: response.body.payload.requirements, compatible }}Authentication
Section titled “Authentication”class MTLSAuthenticator { async authenticate( targetAgent: AgentIdentity ): Promise<AuthToken> { // Load client certificate const cert = await this.loadCertificate() const key = await this.loadPrivateKey()
// Create TLS connection with client cert const connection = await tls.connect({ host: targetAgent.endpoint, cert, key, ca: await this.loadCA(), rejectUnauthorized: true })
// Verify server certificate const serverCert = connection.getPeerCertificate() await this.verifyCertificate(serverCert, targetAgent.id)
return { type: 'mtls', connection, expiresAt: serverCert.valid_to } }}class JWTAuthenticator { async authenticate( targetAgent: AgentIdentity ): Promise<AuthToken> { // Create JWT const token = jwt.sign( { sub: this.identity.id, aud: targetAgent.id, iat: Date.now() / 1000, exp: Date.now() / 1000 + 3600 }, this.privateKey, { algorithm: 'RS256' } )
// Send to target agent for verification const response = await fetch(`${targetAgent.endpoint}/auth`, { method: 'POST', headers: { 'Authorization': `Bearer ${token}`, 'Content-Type': 'application/json' } })
if (!response.ok) { throw new Error('Authentication failed') }
const { accessToken } = await response.json()
return { type: 'jwt', token: accessToken, expiresAt: Date.now() + 3600000 } }}class OAuth2Authenticator { async authenticate( targetAgent: AgentIdentity ): Promise<AuthToken> { // Client credentials flow const response = await fetch(`${targetAgent.endpoint}/oauth/token`, { method: 'POST', headers: { 'Content-Type': 'application/x-www-form-urlencoded' }, body: new URLSearchParams({ grant_type: 'client_credentials', client_id: this.clientId, client_secret: this.clientSecret, scope: 'agent:communicate' }) })
const { access_token, expires_in } = await response.json()
return { type: 'oauth2', token: access_token, expiresAt: Date.now() + expires_in * 1000 } }}Configuration Example
Section titled “Configuration Example”{ "layers": { "protocol": { "version": "1.0", "endpoint": "https://agent.example.com", "transports": ["https", "wss"], "discovery": { "enabled": true, "registries": [ "https://registry.aral-standard.org", "https://private-registry.company.com" ], "announceInterval": 300000 }, "authentication": { "methods": ["mtls", "jwt"], "mtls": { "cert": "/certs/agent.crt", "key": "/certs/agent.key", "ca": "/certs/ca.crt" }, "jwt": { "privateKey": "/keys/private.pem", "publicKey": "/keys/public.pem", "algorithm": "RS256" } }, "security": { "encryption": "tls1.3", "signMessages": true, "verifySignatures": true } } }}Best Practices
Section titled “Best Practices”Discovery
✅ DO:
- Use standard registries
- Implement health checks
- Cache discovery results
- Handle registry failures
❌ DON’T:
- Hardcode agent endpoints
- Skip heartbeat mechanisms
- Trust unverified agents
Authentication
✅ DO:
- Use strong authentication (mTLS preferred)
- Rotate credentials regularly
- Implement token expiration
- Log authentication events
❌ DON’T:
- Use weak authentication
- Share credentials
- Skip certificate validation
Message Format
✅ DO:
- Validate message structure
- Version your protocol
- Handle backward compatibility
- Sign critical messages
❌ DON’T:
- Send unstructured data
- Break protocol versioning
- Skip validation
Testing Interoperability
Section titled “Testing Interoperability”describe('Protocol Layer', () => { it('should discover compatible agents', async () => { const discovery = new AgentDiscovery() const agents = await discovery.discover( 'https://registry.aral-standard.org', { capabilities: ['data-analysis'], profile: 'ARAL-CORE' } )
expect(agents.length).toBeGreaterThan(0) expect(agents[0]).toHaveProperty('capabilities') })
it('should complete handshake with remote agent', async () => { const protocol = new ProtocolHandler() const connection = await protocol.initiateHandshake(remoteAgent)
expect(connection.isConnected()).toBe(true) expect(connection.isAuthenticated()).toBe(true) })
it('should exchange capabilities successfully', async () => { const exchange = await exchangeCapabilities(localAgent, remoteAgent)
expect(exchange.compatible).toBe(true) expect(exchange.capabilities).toContain('data-processing') })})Next Steps
Section titled “Next Steps” diagram-project Implement ARAL-INTEROP book Protocol Specification shield Security Specification code Multi-Agent Examples
Complete L7 implementation
Detailed protocol requirements
Secure your protocols
See interoperability in action
Information
Congratulations! You’ve learned all 7 layers of ARAL. You’re now ready to build fully interoperable AI agent systems.