355 lines
11 KiB
Markdown
355 lines
11 KiB
Markdown
---
|
|
title: "Cross-Protocol Agent Translation (CPAT)"
|
|
abbrev: "CPAT"
|
|
category: std
|
|
docname: draft-cpat-cross-protocol-agent-translation-00
|
|
submissiontype: IETF
|
|
number:
|
|
date:
|
|
v: 3
|
|
area: "ART"
|
|
workgroup: "DISPATCH"
|
|
keyword:
|
|
- agent interoperability
|
|
- protocol translation
|
|
- agentic workflows
|
|
- execution context
|
|
|
|
author:
|
|
-
|
|
fullname: Generated by IETF Draft Analyzer
|
|
organization: Independent
|
|
email: placeholder@example.com
|
|
|
|
normative:
|
|
RFC7519:
|
|
RFC7515:
|
|
RFC9110:
|
|
RFC8615:
|
|
I-D.nennemann-wimse-ect:
|
|
title: "Execution Context Tokens for Distributed Agentic Workflows"
|
|
target: https://datatracker.ietf.org/doc/draft-nennemann-wimse-ect/
|
|
|
|
informative:
|
|
I-D.nennemann-agent-dag-hitl-safety:
|
|
title: "Agent Context Policy Token: DAG Delegation with Human Override"
|
|
target: https://datatracker.ietf.org/doc/draft-nennemann-agent-dag-hitl-safety/
|
|
|
|
--- abstract
|
|
|
|
This document defines the Cross-Protocol Agent Translation (CPAT)
|
|
framework, a mechanism enabling AI agents using different
|
|
communication protocols to interoperate. With over 90 competing
|
|
agent-to-agent protocol drafts and no interoperability standard,
|
|
protocol fragmentation is the primary barrier to multi-vendor agent
|
|
ecosystems. CPAT defines capability advertisement, protocol
|
|
negotiation, and translation gateways. Translation hops are
|
|
recorded as Execution Context Token (ECT) DAG nodes, giving every
|
|
cross-protocol interaction a cryptographic audit trail without
|
|
inventing a parallel tracing mechanism.
|
|
|
|
--- middle
|
|
|
|
# Introduction
|
|
|
|
The IETF AI/agent landscape includes over 90 drafts proposing
|
|
agent-to-agent communication protocols, yet no standard exists
|
|
for agents using different protocols to exchange messages.
|
|
|
|
CPAT takes a pragmatic approach: rather than mandating a single
|
|
protocol, it defines the minimum machinery for agents to discover
|
|
each other's protocol support, agree on a common format, and fall
|
|
back to translation gateways when no common protocol exists.
|
|
|
|
CPAT builds on Execution Context Tokens
|
|
{{I-D.nennemann-wimse-ect}} as its audit and tracing backbone.
|
|
Every translation hop produces an ECT, linking into the workflow
|
|
DAG alongside the source and destination agents. This eliminates
|
|
the need for a separate tracing or provenance mechanism -- the ECT
|
|
DAG already provides it.
|
|
|
|
Design principles:
|
|
|
|
1. Reuse existing standards (HTTP, JSON, TLS, ECT) wherever
|
|
possible.
|
|
2. Keep the core mechanism small enough to implement in a day.
|
|
3. Do not require agents to support any protocol beyond their own
|
|
plus CPAT negotiation.
|
|
|
|
# Conventions and Definitions
|
|
|
|
{::boilerplate bcp14-tagged}
|
|
|
|
The following terms are used in this document:
|
|
|
|
Agent Protocol:
|
|
: A communication protocol used by an AI agent for peer-to-peer
|
|
message exchange (e.g., A2A, MCP, SLIM, uACP).
|
|
|
|
Capability Document:
|
|
: A JSON object describing the protocols an agent supports, served
|
|
at a well-known URI.
|
|
|
|
Translation Gateway:
|
|
: A service that converts messages between two agent protocols,
|
|
recording each translation as an ECT DAG node.
|
|
|
|
# Problem Statement
|
|
|
|
Consider three agents: Agent A speaks Protocol X, Agent B speaks
|
|
Protocol Y, and Agent C speaks both X and Z. Today there is no
|
|
standard way for A to discover that B uses a different protocol,
|
|
negotiate a common format, or route through a translator.
|
|
|
|
Existing work on Agent Name Service (ANS) and agent discovery
|
|
addresses finding agents but not protocol compatibility. CPAT
|
|
fills the gap between discovery and communication.
|
|
|
|
# Protocol Capability Advertisement {#capability-ad}
|
|
|
|
Each CPAT-compliant agent MUST serve a capability document at the
|
|
well-known URI `/.well-known/cpat` {{RFC8615}}. The document is a
|
|
JSON object:
|
|
|
|
~~~json
|
|
{
|
|
"cpat_version": "1.0",
|
|
"agent_id": "spiffe://example.com/agent/pricing",
|
|
"protocols": [
|
|
{
|
|
"id": "a2a-v1",
|
|
"version": "1.0",
|
|
"endpoint": "https://agent.example.com/a2a",
|
|
"priority": 10
|
|
},
|
|
{
|
|
"id": "mcp-v1",
|
|
"version": "2025-03-26",
|
|
"endpoint": "https://agent.example.com/mcp",
|
|
"priority": 20
|
|
}
|
|
],
|
|
"translation_gateways": [
|
|
"https://gateway.example.com/cpat/translate"
|
|
],
|
|
"ect_assurance_level": "L2"
|
|
}
|
|
~~~
|
|
{: #fig-capability title="Capability Document Example"}
|
|
|
|
The `protocols` array MUST contain at least one entry. Each entry
|
|
MUST include `id` (a registered protocol identifier), `version`,
|
|
and `endpoint`. The `priority` field is OPTIONAL; lower values
|
|
indicate higher preference.
|
|
|
|
The `ect_assurance_level` field declares the minimum ECT assurance
|
|
level the agent requires for interactions. This enables gateways
|
|
to produce ECTs at the correct level.
|
|
|
|
Agents SHOULD also advertise their capability document URI in DNS
|
|
SVCB records. The DNS record type `_cpat._tcp` SHOULD be used.
|
|
|
|
# Negotiation Handshake {#negotiation}
|
|
|
|
When Agent A wants to communicate with Agent B:
|
|
|
|
Step 1:
|
|
: Agent A fetches Agent B's capability document from B's
|
|
well-known CPAT URI over HTTPS.
|
|
|
|
Step 2:
|
|
: Agent A computes the intersection of its own protocol list with
|
|
Agent B's. If the intersection is non-empty, the protocol with
|
|
the lowest combined priority score is selected. Communication
|
|
proceeds directly using that protocol.
|
|
|
|
Step 3:
|
|
: If no common protocol exists, Agent A checks whether any
|
|
translation gateway listed by either agent supports both
|
|
protocols. Agent A queries the gateway:
|
|
|
|
~~~
|
|
GET /.well-known/cpat/gateway?from=a2a-v1&to=slim-v1
|
|
~~~
|
|
|
|
The gateway responds with 200 OK if it supports the pair, or
|
|
404 if not.
|
|
|
|
Step 4:
|
|
: If a suitable gateway is found, Agent A sends its message to the
|
|
gateway, which translates and forwards it to Agent B. The
|
|
gateway records the translation as an ECT (see {{ect-integration}}).
|
|
|
|
Step 5:
|
|
: If no gateway supports the required pair, Agent A returns an
|
|
error to its caller with error code `no_translation_path`.
|
|
|
|
The entire negotiation is stateless and cacheable. Agents SHOULD
|
|
cache capability documents for the duration indicated by HTTP
|
|
Cache-Control headers, defaulting to 3600 seconds.
|
|
|
|
# ECT Integration {#ect-integration}
|
|
|
|
Every translation hop produces an ECT {{I-D.nennemann-wimse-ect}}
|
|
that links into the workflow DAG. This provides cryptographic
|
|
proof of protocol translation without a separate tracing mechanism.
|
|
|
|
## Translation ECT Claims
|
|
|
|
A gateway producing a translation ECT MUST set:
|
|
|
|
- `exec_act`: `"cpat:translate"`
|
|
- `par`: array containing the `jti` of the source agent's ECT
|
|
- `wid`: the workflow identifier from the source ECT (preserving
|
|
workflow continuity across protocol boundaries)
|
|
|
|
The `ext` claim carries CPAT-specific metadata:
|
|
|
|
~~~json
|
|
{
|
|
"ext": {
|
|
"cpat.source_protocol": "a2a-v1",
|
|
"cpat.dest_protocol": "slim-v1",
|
|
"cpat.gateway_id": "spiffe://gw.example.com/cpat",
|
|
"cpat.translation_warnings": []
|
|
}
|
|
}
|
|
~~~
|
|
{: #fig-translation-ect title="Translation ECT Extension Claims"}
|
|
|
|
The `inp_hash` claim MUST contain the SHA-256 hash of the source
|
|
protocol message. The `out_hash` claim MUST contain the SHA-256
|
|
hash of the translated message. This allows verifiers to confirm
|
|
that a specific input produced a specific output without accessing
|
|
the message content.
|
|
|
|
## Assurance Level Inheritance
|
|
|
|
The gateway MUST produce ECTs at the higher of:
|
|
|
|
- The source agent's declared `ect_assurance_level`
|
|
- The destination agent's declared `ect_assurance_level`
|
|
|
|
At L3, the translation ECT MUST be recorded in the audit ledger
|
|
before the translated message is forwarded to the destination agent.
|
|
|
|
## DAG Continuity
|
|
|
|
The translation creates a three-node subgraph in the workflow DAG:
|
|
|
|
~~~
|
|
Source Agent ECT (exec_act: "send_task")
|
|
|
|
|
v [par reference]
|
|
Gateway ECT (exec_act: "cpat:translate")
|
|
|
|
|
v [par reference]
|
|
Dest Agent ECT (exec_act: "receive_task")
|
|
~~~
|
|
{: #fig-dag-continuity title="Translation DAG Subgraph"}
|
|
|
|
The Execution-Context HTTP header {{I-D.nennemann-wimse-ect}}
|
|
survives protocol translation: the gateway includes the
|
|
translation ECT in the Execution-Context header of the forwarded
|
|
request to the destination agent.
|
|
|
|
# Translation Gateway Requirements {#gateway-reqs}
|
|
|
|
A CPAT translation gateway MUST:
|
|
|
|
1. Serve a capability document listing all supported protocol
|
|
pairs at `/.well-known/cpat/gateway`.
|
|
|
|
2. Accept messages via HTTP POST at its translate endpoint.
|
|
|
|
3. Produce an ECT for every translation per {{ect-integration}}.
|
|
|
|
4. Preserve message semantics: the intent, core payload content,
|
|
and metadata MUST survive translation. Fields with no
|
|
equivalent in the destination protocol SHOULD be carried in a
|
|
protocol-specific extension field or dropped with a warning
|
|
recorded in `cpat.translation_warnings`.
|
|
|
|
5. Return the translated message in the response body, or forward
|
|
it directly to the destination agent.
|
|
|
|
A gateway MUST NOT modify payload semantics during translation.
|
|
|
|
Gateways MUST require TLS 1.3 for all connections and SHOULD
|
|
implement rate limiting per source agent.
|
|
|
|
# Policy Integration {#policy-integration}
|
|
|
|
When used with the Agent Context Policy Token
|
|
{{I-D.nennemann-agent-dag-hitl-safety}}, CPAT-related policies
|
|
can be expressed as DAG node constraints:
|
|
|
|
~~~json
|
|
{
|
|
"dag": {
|
|
"nodes": [
|
|
{
|
|
"id": "n-translate",
|
|
"type": "cpat:translate",
|
|
"agent": "spiffe://gw.example.com/cpat",
|
|
"constraints": {
|
|
"allowed_source_protocols": ["a2a-v1", "mcp-v1"],
|
|
"allowed_dest_protocols": ["slim-v1"],
|
|
"max_translation_hops": 2
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|
|
~~~
|
|
{: #fig-policy title="CPAT Policy as DAG Node Constraints"}
|
|
|
|
The `max_translation_hops` constraint prevents messages from being
|
|
translated through an excessive number of gateways. Agents
|
|
receiving a message SHOULD reject it if the ECT DAG contains more
|
|
translation hops than allowed by policy.
|
|
|
|
# Security Considerations
|
|
|
|
Capability documents are served over HTTPS, ensuring transport
|
|
security. Agents SHOULD verify TLS certificates before trusting
|
|
capability documents.
|
|
|
|
Gateways are trusted intermediaries with access to message content
|
|
during translation. For end-to-end confidentiality, agents MAY
|
|
encrypt the message payload using a shared key established out of
|
|
band; the gateway translates only the protocol framing, not the
|
|
encrypted content.
|
|
|
|
The ECT audit trail ({{ect-integration}}) enables detection of:
|
|
|
|
- Unauthorized gateways (unexpected `cpat.gateway_id` in the DAG)
|
|
- Content tampering (mismatched `inp_hash`/`out_hash` relative to
|
|
message content)
|
|
- Routing loops (repeated gateway IDs in the DAG ancestry)
|
|
|
|
At L3, the audit ledger provides tamper-evident proof of all
|
|
translations for regulatory compliance.
|
|
|
|
# IANA Considerations
|
|
|
|
This document requests the following IANA registrations:
|
|
|
|
1. A "CPAT Protocol Identifier" registry under Expert Review
|
|
policy. Initial entries: "a2a-v1", "mcp-v1", "slim-v1",
|
|
"uacp-v1", "ainp-v1".
|
|
|
|
2. A well-known URI registration for "cpat" per {{RFC8615}}.
|
|
|
|
3. Registration of the `exec_act` value "cpat:translate" in a
|
|
future ECT action type registry.
|
|
|
|
--- back
|
|
|
|
# Acknowledgments
|
|
{:numbered="false"}
|
|
|
|
This document builds on the Execution Context Token specification
|
|
{{I-D.nennemann-wimse-ect}} and the Agent Context Policy Token
|
|
{{I-D.nennemann-agent-dag-hitl-safety}}.
|