ans.veritrust.vc Agent naming & MCP registry

Verifiable names for agents.
A registry for trusted MCP servers.

Veritrust ANS gives agents human-readable names and signed “cards”. The same host also operates the MCP Trust Registry, exposing a machine-readable catalogue of MCP servers at /mcp for AI platforms and hosts.

Agent Name Service (ANS) Signed agent cards MCP Trust Registry DID & VC based trust
Resolve ans.veritrust List MCP servers (API)

ANS & MCP registry entries are ultimately verified against did:web:veritrust.vc and the Veritrust Trust Policy.

How they fit together
Veritrust ANS (names → agent cards)
issues signed metadata →
Agents, zones, issuers
+ MCP-specific entries →
MCP servers (endpoint, manifest, credentials)
consumed by hosts / AI platforms →
MCP Trust Registry API at /mcp

ANS focuses on human-readable naming and signed discovery for agents. The MCP registry focuses on MCP servers: where they live, what they do, and which credentials and issuers are trusted.

Global discovery metadata is also advertised via https://veritrust.vc/.well-known/mcp-trust-registry.json.

Agent Name Service (ANS)

ANS lets you resolve human-readable names like ans.veritrust or agent.robert-cane.neksus into signed “agent cards” that describe identity, capabilities, endpoints and status.

How ANS works

Clients call:

GET /resolve?name=<logical-name>

The response contains a JSON “card” plus a JWS signature. The signature is verified against the ANS key published in the Veritrust DID document: https://veritrust.vc/.well-known/did.json.

This makes “who runs this agent” and “what it can do” verifiable, not just documented.

What an ANS “card” looks like
{
  "card": {
    "name": "issuer.veritrust",
    "version": "1.0.0",
    "provider": "Veritrust",
    "did": "did:web:veritrust.vc",
    "capabilities": [
      "vc-issuer",
      "oidc4vci",
      "status-list-2021"
    ],
    "endpoints": [
      {
        "protocol": "https",
        "url": "https://veritrust.vc/issuer/",
        "purpose": "vc-issuer"
      }
    ],
    "status": "active",
    "issued_at": "..."
  },
  "jws": "<compact signature>",
  "kid": "did:web:veritrust.vc#ans-key-1"
}
Examples
  • name=ans.veritrust
  • name=issuer.veritrust
  • name=zone.neksus.ai
  • name=agent.robert-cane.neksus
Why ANS exists

ANS helps organizations publish verifiable, protocol-agnostic metadata for agents, improving discovery, governance, and security across agent ecosystems. It aligns with work such as:

MCP Trust Registry on ans.veritrust.vc

In addition to ANS, this host exposes the MCP Trust Registry API at /mcp. It implements the MCP Trust Framework (MCPF) registry interface so that AI agents and platforms can discover and verify MCP servers before using them.

Core endpoints
  • GET /mcp/health – basic health check
  • GET /mcp/servers – list MCP servers
  • GET /mcp/servers/{did} – single server by DID
  • GET /mcp/search – search by metadata
  • GET /mcp/issuers – trusted issuers
  • GET /mcp/revocations – revoked servers/credentials
What a registry entry contains
{
  "did": "did:web:veritrust.vc:mcp:edgeguard-siem",
  "endpoint": "https://edgeguard.cyberfort.lv/mcp",
  "manifest": "https://edgeguard.cyberfort.lv/mcp/manifest.json",
  "credentials": [
    "https://veritrust.vc/status/agents-2025/edgeguard-mcp.json"
  ],
  "metadata": {
    "capabilities": ["telemetry","alerts"],
    "organization": "Cyberfort",
    "country": "LV",
    "tags": ["security","siem"],
    "status": "active"
  }
}
Discovery and trust

MCP clients can start at:

https://veritrust.vc/.well-known/mcp-trust-registry.json

That document advertises ans.veritrust.vc/mcp as the registry base URL, as well as the Veritrust issuer DID and key material used to issue MCPServerCredential verifiable credentials.

Hosts then query this registry to apply policy (“which MCP servers are allowed”) before enabling tools.

For developers

Use ANS for human-readable names and signed agent metadata. Use the MCP registry for machine-readable MCP server entries. Both can be integrated with your own policy engine and identity stack.

Resolve with ANS
# Resolve the ANS root
curl "https://ans.veritrust.vc/resolve?name=ans.veritrust"

# Resolve an issuer
curl "https://ans.veritrust.vc/resolve?name=issuer.veritrust"
Query MCP registry
# List MCP servers
curl "https://ans.veritrust.vc/mcp/servers"

# Search for servers with a capability
curl "https://ans.veritrust.vc/mcp/search?capability=telemetry"
MCP Trust Framework specs

The MCP registry on this host follows the MCP Trust Framework (MCPF), which defines how registry entries, credentials and trust checks work.

github.com/Veritrust-VC/mcp-trust-framework →
High-level documentation

For a more complete explanation of the MCP Trust Framework, its relationship to MCP, and how registries and credentials fit together, see:

Veritrust MCP Trust Framework landing page →

Part of the Veritrust identity & trust stack

ANS and the MCP registry live alongside Veritrust's issuer, status lists, DIDComm mediator and other components, all anchored in did:web:veritrust.vc and the Veritrust Trust Policy.

For integration, security reviews or dedicated deployments, contact: [email protected]