ARIA REGISTRY BETA · npm · PyPI

CARAPACE

PROTOCOL

The agentic web needs credentialing, not just authentication.

Ed25519-signed identity cards for AI agents. Tamper-evident records of what an agent claims to be, who owns it, and what it is cleared to do. Built by an I&E technician who spent 20 years making sure signals could be trusted before they moved a valve.

Get Started View Protocol

The Problem

Every instrument has a calibration tag. Your agents don't.

In a refinery, you never trust a signal you can't trace. Every gauge has a serial number, a calibration date, and a sign-off chain. That's not bureaucracy — it's what keeps people alive.

AI agents are being connected to enterprise workflows, supply chains, and operational systems with none of that. No standard way to verify who built an agent, what it's actually capable of, or whether it's been tampered with. Carapace is the calibration standard the agentic web is missing.

✗No identity standard

✗No tamper evidence

✗No capability verification

✗No accountability chain

✓Ed25519 signed identity

✓JCS-canonical tamper evidence

✓ARIA registry attestation

✓Cryptographic owner binding

Carapace Protocol

Open credentialing for AI agents

🔑

Ed25519 Identity Signing

Agent cards are cryptographically signed when a Carapace owner key is configured. Private keys stay outside the registry. Public keys anchor verification.

🔒

Tamper-Evident Capabilities

JCS-canonical JSON (RFC 8785) locks capabilities and endpoints at registration. Any post-signing alteration invalidates the card instantly.

📡

A2A + MCP Native

Designed to map cleanly to /.well-known/agent.json and MCP tools/list. RelayForge treats these as first-class protocol targets during beta hardening.

✈️

Offline Verification

verifyLocal() — full Ed25519 verification with zero network calls. Air-gapped environments supported.

NIST AI RMF 1.0ISA/IEC 62443FIPS 186-5RFC 8785Apache 2.0

from carapace import CarapaceClient
import os

client = CarapaceClient(
    registry_url="https://api.relayforge.tools/aria/v1",
    owner_private_key=os.environ["CARAPACE_OWNER_KEY"]
)

card = client.register(
    name="MyAgent",
    description="Research agent",
    framework="langchain",
    capabilities=[{
        "id": "research",
        "name": "Research",
        "description": "Searches and summarizes"
    }],
    endpoints=[{
        "protocol": "https",
        "url": "https://my-agent.com"
    }]
)

print(f"Registered: {card.id}")

76/76 JS tests · 97/97 Python tests · byte-identical cross-language signatures

ARIA Registry

Agent Registry

& Identity Authority

ARIA is the live registry backend. Not a dashboard you log into — an endpoint agents can query at runtime. Structured identity, capability declarations, and trust metadata, accessible by builders using the protocol.

Independent evaluator attestations are part of the Carapace roadmap. The trust model keeps the claim separated from the claimant so beta records can evolve toward enterprise-grade review without hiding provenance.

GET https://api.relayforge.tools/aria/v1/cards

Structured Identity

OwnerBlock is the binding model for connecting agents to a verifiable human or organization.

Capability Declarations

Declared at registration and updated through explicit capability epochs instead of silent mutation.

Trust Metadata

Evaluator attestations and Clawmark records layer on top as signed, queryable trust evidence.

MCP + A2A Manifests

First-class protocol targets for registry discovery, tool manifests, and agent cards.

Install

One command. Both runtimes.

$pip install carapace-sdk

npm →PyPI →Registry →

Industrial-First

We built for the refinery floor because that's where the stakes are highest. If Carapace works when a misconfigured agent can trigger a process upset, it works everywhere.
Trust infrastructure that only works in low-stakes environments isn't trust infrastructure.

20years

I&E field experience

PSM

Process Safety Council

NIST

AI RMF aligned

ISA62443

Industrial security standard

Partner Ecosystem

Build once.
Run in every verified environment.

The ARIA registry is becoming the discovery layer for industrial AI tooling — the place where operators, integrators, and enterprises find tools they can actually trust to run near live processes. If your tool belongs in that conversation, there's a path in.

Discovery

● Live · Free · Open Registry

List your tool in the ARIA registry so agents running on RelayForge™ can discover it. Earn a Clawmark™ badge when you clear the public rubric and runtime connector checks.

Any tool, any protocol. MCP, A2A, HTTP. The floor is documented criteria — not opinions.

Verified Partner

◌ May 2026 · Clawmark™ reviewed · Prioritized Discovery

Your tool is tested against the full Carapace protocol and surfaced as a recommended option to Lobster users whose use cases match your capability signature.

Think preferred placement — earned, not bought. Refineries and integrators filter on this.

Industrial Verified

◌ May 2026 · DAWES™ Benchmarked · Safety-Adjacent Eligible

Your tool is benchmarked against domain-specific I&E scenarios and cleared for use in safety-adjacent environments. The credential operators actually ask for.

Aligned with NIST AI RMF and ISA/IEC 62443. The bar is high because the stakes are.

What this becomes

The A2A marketplace for industrial AI tooling. Not a curated catalog someone maintains — a trust-gated discovery network where verified tools find the environments that need them, and operators know exactly what they're letting through the fence.

Tool submissions open May 2026. Get on the list early →

Trust Review

Submit your agent tool for trust review

We review every submission. Industrial and safety-critical tools are prioritized.