# Auth.md

## Agent Registration for Mermail

To begin, POST to /api/agent/register with your signed agent metadata and redirect URI.

## agent_auth

OAuth/OIDC token issuance is not enabled for this deployment yet. Agent
registration requests can be submitted for review, but credentials are not
issued by these placeholder endpoints.

```json
{
  "register_uri": "/api/agent/register",
  "identity_types": [],
  "credential_types": [],
  "claims_uri": "/api/agent/claims",
  "revocation_uri": "/api/agent/revoke"
}
```

## DNS for AI Discovery (DNS-AID) Records

To enable DNS-based agent discovery for this domain, configure the following DNS records at your DNS provider (e.g. Cloudflare):

### DNS-AID ServiceMode HTTPS Records (RFC 9460)

| Record Name | Type | Value / Target |
|-------------|------|----------------|
| `_index._agents` | HTTPS | `1 . alpn="oauth-authz-server,api-catalog" port=443 ipv4hint=104.21.34.186,172.67.143.149 ipv6hint=2606:4700:3036::ac43:8f95,2606:4700:3031::6815:22ba` |
| `_a2a._agents` | HTTPS | `1 . alpn="oauth-authz-server,api-catalog" port=443` |

Ensure your domain has DNSSEC enabled and signed so validating resolvers can securely return authenticated data.
