Back to The Agentic Web
Published February 2026 11 min read

Trust Without Borders

A centralised agent registry is a single point of failure, a censorship chokepoint, and a rent-seeking opportunity. The Quilt architecture solves all three — enabling trust to scale across organisational boundaries without anyone holding the keys to the entire system.

Series: The Agentic Web Part 3 of 6

Why Federation Matters

Consider a hospital network in Germany, a fintech startup in Singapore, and a logistics orchestrator in Brazil. Each operates agents that need to discover and collaborate with agents from the other two — but none will accept a registry controlled by the others. Enterprise adoption of agent infrastructure hinges on one question: can I participate without surrendering control?

DNS solved a version of this problem in the 1980s with hierarchical delegation: ICANN at the top, registrars below, individual zones at the bottom. But DNS concentrates power at the top of the tree. The NANDA Quilt architecture takes a fundamentally different approach: no tree, no root, no single point of authority. Instead, independent registries operate autonomously and synchronise through gossip-based federation — like patches in a quilt that form a coherent whole without any patch being in charge.

The Quilt: Six Registration Patterns

The Quilt doesn't impose a single registration model. Instead, it accommodates six patterns — each reflecting a different governance relationship between the agent, its organisation, and the broader network:

PatternExampleVisibilityControl
NANDA Native@agentxGlobalAgent/Provider
Government@US:shopJurisdiction-scopedRegulatory body
Enterprise (Routed)@companyVia company registry onlyEnterprise IT
Enterprise (Direct)@company:shopGlobal, company-administeredEnterprise IT
Web3 (Routed)@DID:companyVia Web3 marketplaceDID holder
Web3 (Direct)@DID:company:agentGlobal, DID-authenticatedDID holder

This flexibility is critical. A German hospital can run a routed enterprise registry (@charite) that keeps internal agents invisible to the outside world while still exposing selected agents (@charite:radiology-assist) for cross-institutional collaboration. A Web3 marketplace can register agents under DID-authenticated namespaces. A government regulator can create jurisdiction-scoped zones. All coexist in the same fabric.

Interactive · Quilt Federation Topology

NANDA Native@agentxGovernment@US:shopEnterprise (Routed)@companyEnterprise (Direct)@company:shopWeb3 (Routed)@DID:coWeb3 (Direct)@DID:co:agent

Click any registry node · Pull-based sync — no central authority required

Pull-Based Federation

Traditional federation models (email, ActivityPub, DNS) rely on push-based or hierarchical propagation. NANDA uses gossip-based synchronisation: each registry decides which peer registries to sync with, how often, and which agent categories to replicate. This design has three structural advantages:

  • No mandatory trust — A registry never has to accept data from a peer it doesn't trust. Trust relationships are bilateral and revocable.
  • No single point of failure — If any registry goes offline, the rest of the quilt continues operating. Agents already replicated to other registries remain discoverable.
  • No bottleneck writes — Because each registry owns its local agents and pulls from peers, write pressure is distributed. The Index's lean records (≤120 bytes) make sync bandwidth negligible even at million-record scale.
The N×N → 2N reduction. Without a shared discovery layer, every agent needs direct connections to all others — an N×N connectivity problem. The Quilt transforms this into 2N: each agent registers once in its local registry, and the federation fabric makes it discoverable everywhere else.

Trust Composition in Practice

Federation creates the network, but trust requires more. In the NANDA ecosystem, trust composes through three mechanisms:

  1. Cryptographic identity — Every AgentAddr in the Index includes an Ed25519 signature. You can verify an agent's identity without trusting any registry — only the agent's own key pair.
  2. Verifiable credentials — Trust authorities like KnowYourModel issue W3C VCs attesting to agent capabilities, trust scores, and compliance status. These credentials are portable — they travel with the agent, not the registry.
  3. Usage-backed reputation — Trust scores are earned through cryptographic usage receipts, not self-reported claims. Each receipt is Ed25519-signed by a registered orchestrator, creating a proof-of-use mechanism that resists Sybil attacks.

Together, these layers mean you don't need to trust the registry that returned an agent's record. You verify the agent's identity against its own key, validate its credentials against the issuer's public key, and check its trust score against signed usage evidence. The registry is just a discovery conduit — it can be adversarial, and the trust model still holds.

What This Enables

The Quilt architecture makes several previously impossible scenarios routine:

  • Cross-border agent collaboration — Agents from different jurisdictions discover and verify each other through federated registries, each respecting local compliance requirements
  • Enterprise-grade privacy — Companies run private registries for internal agents while selectively exposing others to the public Quilt
  • Resilient discovery — No single outage, regulatory action, or adversarial attack can disable agent discovery globally
  • Competitive neutrality — No platform, cloud provider, or government controls the agent namespace

Trust without borders doesn't mean trust without verification. It means the verification is mathematical, not institutional. In Part 4, we explore the privacy side: how agents discover each other without revealing sensitive metadata to the network.

Continue Reading

Part 4: Agent Privacy →

Dual-path resolution and privacy-preserving discovery.

The Quilt Architecture

Technical deep dive into gossip-based federation and sync.

Coming Soon

By Invitation Only