In every generation of computing, progress has hinged on one deceptively simple question: How do things talk to each other? Mainframes spoke through terminals, the web through URLs and microservices through APIs. Now we’ve given software agency — systems that reason, decide and act. Yet our agents are still whispering through pipes built for information, not intelligence. This mismatch is why I proposed the agent:// protocol: A lightweight way to identify, describe and govern agents so they can interoperate safely at internet scale.

My path here wasn’t theoretical. Over two decades, I’ve shipped systems that had to run 24/7 with 99.9999% uptime: Scaling digital banking for hundreds of millions of users; personalizing e-commerce at Jio; compressing medical device design cycles at Zedsen with AI-assisted simulation; and, most recently, building an AI-driven ERP for EU markets as CTO of ParkStreet. In each arena, I saw the same pattern: The model was rarely the bottleneck — the interface was. We could calculate faster than we could coordinate.

From Smart Endpoints to Sovereign Agents

Digitally transformed organizations already connect tools with APIs, queues and webhooks. But an agentic enterprise asks for more. Agents aren’t mere endpoints; they are strategic actors. If a traditional system is a gate that opens on a matching rule, an agent is a concierge that understands context: She has no reservation, but she’s a VIP customer on another system and there’s a medical issue — override within policy. That jump — from rules to judgment — demands new primitives: Identity, intent, capability and guardrails, all expressed in ways that other agents (and humans) can discover and verify.

Why Now?

Pre-multimodal LLMs, AI mostly lit up dashboards. Today, agents write code, negotiate invoices and plan logistics. At ParkStreet, we connected LLM agents to our ERP via MCP-style gateways; monthly collections that once took weeks dropped to hours. In e-commerce at Jio, we didn’t use AI for simple recommendations; AI agents tailored promotions and couponing in real-time. In medtech at Zedsen, agents ran design experiments that would have taken engineers months. These weren’t ‘nice-to-have’ copilots; they were workforce multipliers. Yet stitching them across stacks felt like soldering a jet engine with a butter knife.

The Core Problems

Three issues kept repeating:

  1. Vendor Lock-In: Tools spoke fluent ‘proprietary’. Projects started with ‘What does the platform allow?’ — not ‘What does the agent need to decide?’
  2. Governance Blind Spots: Great observability for packets and processes; poor observability for thought. Agents can elide steps, or even fib to hit a goal.
  3. Fragile Security: Agents write code and operate tools. One excessive permission or misrouted context and you’re reading a postmortem about a deleted database.

Protocols like MCP help agents talk to legacy systems; agent-to-agent schemes help agents talk to each other. Useful, but they don’t yet solve identity, capability declaration, policy boundaries and accountability as first-class, internet-native concerns.

What Is agent://?

Think of agent:// as a URL for agents plus a passport. A URI identifies the agent; a simple descriptor (e.g., agent.json) tells the world:

  • Who the agent is (identity & version)
  • What it can do (capabilities & tools)
  • Under which rules it operates (policies, escalation thresholds, data-handling)
  • How to talk to it (endpoints, supported protocols such as MCP, Agent2Agent or proprietary bridges)

Crucially, this rides on the existing internet — no rip-and-replace. Just as mailto: and tel: coexisted with HTTP, agent:// complements today’s stacks, giving agents a discoverable identity and a contract that both humans and machines can audit.

How It Differs From ‘Yet Another API’

APIs expose functions. agent:// exposes actors. Where a registry maps names to endpoints, agent:// maps sovereign entities to capabilities within guardrails. It’s decentralized (no single vendor choke point), lightweight (descriptor, not a platform) and compatible (works alongside SOAP dinosaurs and HTTP/3 thoroughbreds alike).

Security, Compliance and Control — by Design

If agents can act, governance must be protocol-deep, not PowerPoint-thin. In the descriptor we can declare:

  • AuthN/AuthZ: Supported schemes, required scopes, least privilege defaults
  • Data Policies: Retention, residency, PII handling (think GDPR, HIPAA alignment)
  • Operational Limits: Rate caps, budget ceilings, escalation paths, human-in-the-loop points
  • Audit Hooks: Where telemetry goes, how to verify provenance, how to reproduce decisions

You can add a decentralized trust layer (e.g., Web3 attestations), then you get cross-organization verification without handing keys to a single gatekeeper.

Use Cases That Get Better Immediately

  • Finance & Payments: Agents negotiate within policy, settle across rails and log proofs for auditors. Our invoicing agents cut cycle time without a line-by-line rewrite when EU requirements shifted; the policy lived next to the agent, not buried in a workflow engine.
  • Healthcare & Regulated R&D: Agents propose designs, run sims and attach compliance evidence inline. At Zedsen, this turned multi-month loops into weeks while staying within MDR boundaries.
  • Logistics & Field Ops: Agents coordinate fleets across ERPs and TMSs, adapting to weather, priority and SLAs — no brittle spaghetti of point-to-point scripts.
  • Customer Support: An agent://support/triage entity can declare what it may resolve, what it must escalate and how it records consent. No more ‘shadow agents’ running wild in back-channels.

For DevOps: CI/CD Becomes CI/CA/CD

Agent delivery adds continuous alignment. Every prompt, tool or model update needs policy checks, regression tests, evals and red-team scenarios. In practice, our pipelines treat the agent descriptor as a contract artifact: Versioned, diffed and promoted. Observability shifts from ‘CPU and p95’ to ‘intent, outcome, exceptions and override rate’. Your SRE runbooks should include ‘how to pause an agent’, not just ‘how to drain a pod’.

Best Practices

  1. Aim Small, Miss Small: Go after high-value but low-risk flows (expense verification, invoice reminders, QA triage).
  2. Set up an Agent Gateway: Bridge to your ERP/CRM using MCP or equivalent, and avoid the need for future forklift updates.
  3. Write the Descriptor: Identity, capabilities, policies and limits. Treat it like code.
  4. Instrument First: Logs, traces, decision proofs. No metrics, no production.
  5. Human-in-the-Loop by Default: Autonomy is earned through data, not granted by hype.
  6. Govern Like You Mean It: Treat policy as code, approvals as code and rollbacks as code.

Standards, Community and Where This Is Going

The agent:// internet-draft has sparked productive discussion across standards circles. The goal isn’t to compete with APIs or cloud-native patterns, but to sit alongside them as the identity and governance fabric for agents. As MCP gateways become common and agent-to-agent channels mature, a URI-level identity with auditable capabilities is the glue practitioners are reaching for because it’s simple, and it composes.

Lessons From the Early Web

TCP/IP gave us a common language; HTTP/URLs gave us a common address book. Today, MCP is helping translate between old software and new intelligence; agent-to-agent protocols are paving the high-speed lane. agent:// adds the license plate — a way to know who’s driving, what they’re allowed to do and where to reach them without centralizing the highway.

The Next 3–5 Years

Expect semi-agentic and demi-agentic enterprises to become the norm: Agents owning entire workflows with humans reviewing exceptions. Startups, unburdened by legacy and cultural gravity, will ship neotic models faster — some run by teams small enough to fit in a café. Incumbents that standardize early will avoid shadow AI chaos and earn the only currency that matters at scale: Trust.

In engineering, we say: ‘Move fast, but make it observable’. The agentic era upgrades that: ‘Move fast, make it observable and governable’. That is the promise of agent:// — not smarter models, but safer markets, where intelligence can finally operate at the speed of the internet with built in accountability.

TECHSTRONG AI PODCAST

SHARE THIS STORY

RELATED STORIES:

Engineering AI Agents with Model Context Protocol (MCP) 

AI Gateways and MCP Servers: Building the Infrastructure for Production AI

Unlocking Agentic AI: MCP Enables AI Agents to Discover, Inspect and Invoke Tools Autonomously

The Universal Translator for AI: Model Context Protocol Sets a New Standard for Smarter Agents