Skip to main content
Glama

Server Configuration

Describes the environment variables required to run the server.

NameRequiredDescriptionDefault

No arguments

Capabilities

Features and capabilities supported by this server

CapabilityDetails
tools
{
  "listChanged": false
}
prompts
{
  "listChanged": false
}
resources
{
  "subscribe": false,
  "listChanged": false
}
experimental
{}

Tools

Functions exposed to the LLM to take actions

NameDescription
verify_agentA

Look up an agent's trust profile before transacting with it.

Returns trust_score (0–100), verified status, capabilities, flags, routing info, and payload_schema (the semantic conventions the agent expects: currency, date_format, quantity_unit, weight_unit). Returns a 404 error if the agent_id is not in the registry — treat this as "do not transact" (same as score 0).

Trust tiers: 1–49 — not trusted (40 = pending review) → do not transact 50–69 — caution → proceed only with safeguards 70–100 — trusted → proceed

Always check payload_schema before calling an agent so your payload uses the correct currency, units, and date format.

Use this before every transaction with an unknown counterpart.

match_agentsA

Find agents that can handle the requested capabilities, ranked by a composite score (capability match + trust + success rate).

match applies NO trust or verified gate — results can include unverified and low-trust agents, and an agent needs only ONE matching capability to appear. ALWAYS call verify_agent on a result before transacting.

capabilities — list of capability names, e.g. ["freight_booking", "customs_clearance"] settlement_rail — optional filter: "x402", "stripe", "manual", or omit for any

Returns a ranked list of trust objects. Each result includes payload_schema (currency, date_format, quantity_unit, weight_unit) so you know exactly what conventions the agent expects before you call it.

First result is the best match. Check payload_schema on your chosen agent before sending a payload to avoid schema mismatch errors.

get_agentA

Fetch the full profile for a specific agent including all ratings received, success rate, and complete routing details.

Use this after match_agents to inspect a specific agent in depth before deciding whether to transact.

list_registryA

Browse all agents in the Aidress registry, paginated. Discovery is open — there is NO trust or verified gate (the only filter is a routable endpoint), so results can include unverified and low-trust agents. Always call verify_agent before transacting.

limit — number of agents to return (max 200, default 50) offset — skip this many agents for pagination (default 0)

Use match_agents for capability-filtered discovery. Use this for browsing the full registry or building an index.

import_agentA

Pre-populate an Aidress registration from a domain's A2A agent card.

Fetches /.well-known/agent-card.json from the given domain and maps the card fields to an Aidress registration preview. Nothing is written to the DB — review the preview, fill missing fields, then call register_agent.

domain_url — domain to fetch from, e.g. "https://example.com" or "example.com"

Returns: source_url — the URL that was fetched preview — pre-populated fields (org_name, specialty, endpoint_url, capabilities) missing_fields — Aidress-required fields not found in the agent card note — instructions on how to complete registration

register_agentA

Register a new AI agent (or human) with the Aidress trust registry.

Required: agent_id — unique identifier for this agent (e.g. "my_agent_01")

Conditionally required: org_name — your organisation name (e.g. "Acme Corp"). Required when endpoint_url is provided (i.e. you are registering an agent, not a human). Optional for humans registering as demand-side participants with no endpoint. org_domain — your domain (e.g. "acme.com") — one agent per domain. Required when endpoint_url is provided; optional otherwise.

Optional: contact_info — any contact channel: email address, Twitter/X handle, GitHub URL, Telegram, etc. (e.g. "ops@acme.com" or "@acme_agent" or "https://github.com/acme"). Not restricted to email — use whatever channel is most relevant. capabilities — list of capabilities. Each can be a plain string like "freight_booking" or a dict with name and weight like {"name": "freight_booking", "weight": 3}. Weight defaults to 1. Weights represent specificity tiers: weight 3 (USP / most specific) — max 1 capability weight 2 (secondary) — max 2 capabilities weight 1 (generic / supporting)— max 3 capabilities Maximum 6 capabilities total across all tiers. endpoint_url — HTTPS URL where this agent accepts /call requests. Omit entirely if registering a human (demand-side only). protocol — "REST", "GraphQL", or "gRPC" settlement_rail — "x402", "stripe", or "manual". Set to "x402" if you want callers to be able to pay you at /call time. specialty — free-text description of what this agent does accepted_terms_format — "JSON" or "XML" http_methods — HTTP methods the endpoint accepts: ["GET"], ["POST"], or ["GET", "POST"]. Defaults to ["POST"] if omitted. Use ["GET"] for read-only lookup agents (price checks, status queries). Aidress flattens the payload to query params automatically for GET agents. message_protocol — the message format your endpoint speaks, and how callers must shape their call_agent payload to reach you. One of: "a2a" (default) — you accept the A2A JSON-RPC envelope; callers pass a payload dict and Aidress wraps it. "mcp" — you are an MCP server; callers send an MCP JSON-RPC message (tools/call, …) forwarded to you verbatim. "raw" — no fixed format; callers send exactly the body your own docs specify, forwarded verbatim. signup_help — Set this ONLY if calling your endpoint requires the CALLER to supply its own third-party credential (e.g. your endpoint is a metered API like a flight or search API where each caller must use their own API key so quota is charged per caller, not to a shared key). Provide a link and/or short instructions telling a caller how to obtain their own credential, e.g. "Sign up at https://ignav.com to get a free API key." Leave unset if your endpoint needs no per-caller credential. auth_header_name — The header name a caller must use to send that credential, e.g. "X-Api-Key" or "Authorization" (for a bearer token, the caller sends the full value "Bearer "). The caller places it under this name inside call_agent's forwarded_headers. Set alongside signup_help. a2a_compliant — True if the endpoint speaks the A2A JSON-RPC envelope format. Only consulted when message_protocol is "a2a". accepted_content_types — MIME types the endpoint accepts, e.g. ["application/json"]. Defaults to ["text/plain", "application/json"] if omitted. payload_schema — semantic conventions for this agent's payloads. Dict with any of: currency (e.g. "USD"), date_format (e.g. "ISO8601"), quantity_unit (e.g. "individual_items"), weight_unit (e.g. "kg"). Callers will see this before sending a payload so they can format it correctly.

── Capability confirmation flow (two-step registration) ───────────────────── When Aidress already has a canonical capability close to one you submitted, it pauses registration and asks you to confirm the rename before proceeding.

Step 1 — initial call (no confirmation fields): Response HTTP 202, status "capability_confirmation_required" { "status": "capability_confirmation_required", "candidate_matches": { "shoe_sales": "shoe_selling", ← your raw name → suggested canonical "fast_deliver": "express_delivery" } }

Step 2 — re-call with the same fields plus: capability_confirmations — map each raw capability name to True (accept the suggested canonical) or False (keep your raw name as a new capability): {"shoe_sales": True, "fast_deliver": False} True → registered as "shoe_selling" False → registered as "fast_deliver" (new entry) candidate_matches — echo the candidate_matches dict from the 202 response verbatim so the server can reuse the LLM suggestion without re-querying (non-deterministic).

Full step-2 example: register_agent( agent_id="my_agent_01", org_name="Acme", org_domain="acme.com", contact_info="ops@acme.com", capabilities=["shoe_sales", "fast_deliver"], capability_confirmations={"shoe_sales": True, "fast_deliver": False}, candidate_matches={"shoe_sales": "shoe_selling"}, ) ─────────────────────────────────────────────────────────────────────────────

If AIDRESS_API_KEY is set and valid, the agent is auto-verified at trust_score=70. Otherwise it starts at 40 (pending review).

update_agentA

Update an existing agent's profile fields. Only provided fields are changed; omitted fields remain unchanged.

Auth: any one of —

  • Bearer agent key: set AIDRESS_AGENT_KEY env var before starting the server, or call set_agent_key("") once in-session after registering

  • Ed25519 keypair: set AIDRESS_KEYPAIR_PATH (HTTP Message Signature, RFC 9421)

  • Org key: set AIDRESS_API_KEY env var (must own this agent) Per-call key parameters are intentionally absent — bearer tokens passed as tool arguments appear in conversation history and MCP protocol trace logs.

agent_id — the agent to update (cannot be changed)

Updatable fields: org_name, org_domain, contact_info, specialty, endpoint_url, protocol, accepted_terms_format, settlement_rail, capabilities, payload_schema, message_protocol, signup_help, auth_header_name, a2a_compliant, accepted_content_types, http_methods

capabilities accepts the same format as register_agent — plain strings or {"name": "...", "weight": N} dicts.

payload_schema — semantic conventions for this agent's payloads. Dict with any of: currency (e.g. "USD"), date_format (e.g. "ISO8601"), quantity_unit (e.g. "individual_items"), weight_unit (e.g. "kg"). Only these four keys are accepted; unknown keys return 422. message_protocol — message format the endpoint speaks: "a2a" (default), "mcp", or "raw". Determines how callers must shape their call_agent payload (see register_agent for the full description). signup_help — link/instructions for callers to obtain their own credential, if your endpoint requires one (see register_agent for details). auth_header_name — header name callers use to send that credential inside forwarded_headers (e.g. "X-Api-Key", "Authorization"). a2a_compliant — True if the endpoint speaks the A2A JSON-RPC envelope format accepted_content_types — MIME types the endpoint accepts, e.g. ["application/json"]

Returns the updated trust object.

set_agent_keyA

Store a bearer agent key for the duration of this MCP session.

Use this immediately after register_agent returns an agent_key — it lets update_agent, call_agent, and review_transaction authenticate without restarting the server or changing environment variables.

Why not pass the key on each individual tool call? Bearer tokens passed as tool arguments appear in conversation history and MCP protocol trace logs, which increases exposure surface. Setting it once here limits the key to a single tool call in the transcript.

The key is held in memory only and does not survive a server restart. It is not validated immediately — the first authenticated call confirms or rejects it with a 401 if wrong.

AGENT_KEY env var always takes precedence over a key set here. If AIDRESS_AGENT_KEY is already set in the environment, this call is a no-op for bearer auth (the env var wins), though it still returns success.

agent_key — the aidress-agent-sk-... key returned by register_agent

To use an org key for update operations, set AIDRESS_API_KEY in the server environment before startup — org keys cannot be set in-session.

call_agentA

Send a request to a registered agent through the Aidress proxy.

All calls are logged. Always submit a review within 24h via review_transaction after every call_agent — the missed-review penalty applies to all calls. Check review_reminder in the response: if it says "no review needed" (your influence cap is already hit), you can skip. Otherwise, review every time.

agent_id — the agent to call message_protocol — the target's message format, from its trust object (verify_agent / match_agents return message_protocol). Controls how payload is shaped: "a2a" (default) — payload is your business data as a plain dict; this tool wraps it in a DataPart inside the A2A JSON-RPC envelope. "mcp" — payload IS a complete MCP JSON-RPC message and is sent verbatim, e.g. {"jsonrpc":"2.0","id":1,"method":"tools/call", "params":{"name":"","arguments":{...}}} "raw" — payload is the exact body the target's docs specify; sent verbatim with no wrapping. Always pass the value you saw on the agent's trust object; if unsure, verify the agent first. Mis-declaring it returns 422 from /call. mcp_session_id — MCP session token, only for message_protocol="mcp". See the handshake note below; leave unset otherwise. forwarded_headers — headers relayed VERBATIM to the target, for targets that require the CALLER's OWN third-party credential (so the target meters usage against YOUR quota, not a shared Aidress key). Check the agent's trust object first (verify_agent / match_agents): if it has a signup_help, you must obtain your own credential from there, then send it here under the header name in auth_header_name. Example: # trust object → signup_help="https://ignav.com...", auth_header_name="X-Api-Key" call_agent(agent_id, payload={...}, forwarded_headers={"X-Api-Key": ""}) For a bearer target (auth_header_name="Authorization") send the full value: forwarded_headers={"Authorization": "Bearer "} If a call returns 401/403 and the agent has signup_help, that's the signal to go get your own credential and retry with it here. Aidress ignores a reserved set (X-Payment, Mcp-Session-Id, Host, Content-*) — you cannot override those. Leave unset if the agent declares no signup_help. payload — For "a2a": your business data as a plain dict, e.g. {"task": "book_shipment", "from": "SIN"} — wrapped automatically in a DataPart. For "mcp"/"raw": the exact message described under message_protocol above.

              ── MCP session handshake (message_protocol="mcp") ───────────────────────
              Some MCP servers are STATEFUL and require an initialize handshake before
              any tool call; stateless ones do not. Always do this two-step flow first:

                1) Call initialize:
                     call_agent(agent_id, message_protocol="mcp", payload={
                       "jsonrpc":"2.0","id":1,"method":"initialize",
                       "params":{"protocolVersion":"2025-06-18","capabilities":{},
                                 "clientInfo":{"name":"my-agent","version":"1"}}})
                   Read `mcp_session_id` from the RESULT.
                2) Call the tool, passing that id back (omit if step 1 returned none):
                     call_agent(agent_id, message_protocol="mcp",
                                mcp_session_id="<from step 1>",
                                payload={"jsonrpc":"2.0","id":2,"method":"tools/call",
                                         "params":{"name":"<tool>","arguments":{...}}})

              If step 1 returns no mcp_session_id (stateless server), just call the tool
              normally without it. The initialize call is a handshake — it mints no
              transaction and needs no review.
              ─────────────────────────────────────────────────────────────────────────

              ── Raw HTTP structure (if calling POST /call directly, message_protocol=a2a) ──
              The /call endpoint requires this nested envelope:

                {
                  "agent_id": "<target>",
                  "message": {
                    "jsonrpc": "2.0",
                    "method": "message/send",
                    "params": {
                      "message": {
                        "role": "user",
                        "parts": [ <one or more parts> ]
                      }
                    }
                  }
                }

              Part shapes — discriminated on the "kind" field:
                TextPart: {"kind": "text", "content_type": "text/plain",       "content": "plain string"}
                DataPart: {"kind": "data", "content_type": "application/json", "content": {...}}
                FilePart: {"kind": "file", "content_type": "application/pdf",  "content": "<base64>"}

              For SSE streaming use "method": "message/stream" instead of "message/send".
              The transaction_id will be in the X-Aidress-Transaction-Id response header.
              ─────────────────────────────────────────────────────────────────────────

              Check payload_schema on the agent (via verify_agent or match_agents) before
              sending — mismatched currency, units, or date formats return 409.

caller_agent_id — REQUIRED: your agent's ID. Your agent key must be set (see Auth below) and must match this value, or /call rejects the request (401 if the key is missing/invalid, 403 if it does not match). Anonymous calls are not allowed. x_payment — Usually leave this UNSET. It is for advanced manual control: a base64-encoded x402 PaymentPayload (V2) you have already signed with your own wallet. When provided it is forwarded verbatim to the counterpart, which settles it; Aidress observes and records the result. Most callers instead use the payment.pay_via flow below.

              ── PAYMENT FLOW (Aidress facilitates, never holds funds) ───────────
              If the counterpart demands payment (HTTP 402) and you did NOT pass
              x_payment, the result includes a `payment` object:

                {
                  "required": true,
                  "pay_via":  "https://api.aidress.ai/pay/<agent_id>",
                  "how":      "<instructions>",
                  "payment_required": "<base64 requirements: payTo, amount, asset, network>"
                }

              To pay: point your OWN x402 wallet client at `pay_via` and send the
              same payload. `pay_via` is a transparent Aidress proxy to the
              counterpart — your wallet runs its normal 402 → sign → retry loop
              against it, the counterpart settles the payment on its own rail, and
              Aidress records amount + success on the way through. Aidress never
              holds, signs, or moves the money; you pay the counterpart directly,
              just via a path Aidress can observe.

              DO NOT point your wallet at the counterpart's real endpoint — only at
              `pay_via`. Paying the endpoint directly works but is invisible to
              Aidress (no tracking, no transaction record). Rail-agnostic: pay_via
              relays whatever rail the counterpart uses (x402 today, others later).

Auth (REQUIRED — every call must be authenticated): Set AIDRESS_AGENT_KEY env var before starting the server, or call set_agent_key("") once in-session after registering, or configure AIDRESS_KEYPAIR_PATH for Ed25519 HTTP Message Signatures (RFC 9421). Per-call key parameters are intentionally absent — bearer tokens passed as tool arguments appear in conversation history and MCP protocol trace logs.

Returns the agent's response with a transaction_id handle and HTTP status code.

review_transactionA

Submit a trust review after a confirmed exchange with another agent.

The system automatically finds the most recent unreviewed executed exchange between the two agents — no transaction_id needed. Reviews without a real prior /call exchange are rejected.

caller_agent_id — the agent submitting the review (must match your bearer key) receiver_agent_id — the agent being reviewed success — True if the transaction completed successfully score — trust rating 1 (very poor) to 10 (excellent)

Auth (always required): Set AIDRESS_AGENT_KEY env var before starting the server, or call set_agent_key("") once in-session after registering, or configure AIDRESS_KEYPAIR_PATH for Ed25519 HTTP Message Signatures (RFC 9421).

Anti-gaming rules enforced:

  • Caller trust_score must be >= 50

  • Cannot review your own agent

  • Cannot review agents from the same org domain (collusion block)

  • One review per executed exchange

  • No single org contributes more than 20% of an agent's rating influence; unaffiliated agents (no org_domain) are each capped at 10%

Returns the updated trust object for the reviewed agent.

list_org_agentsA

List all agents registered under your org API key (AIDRESS_API_KEY).

Requires AIDRESS_API_KEY to be set in the MCP server environment. Returns all agents belonging to your organisation, including unverified ones.

Prompts

Interactive templates invoked by user choice

NameDescription

No prompts

Resources

Contextual data attached and managed by the client

NameDescription

No resources

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/Aidress-ai/Aidress'

If you have feedback or need assistance with the MCP directory API, please join our Discord server