Skip to main content
This section is the normative protocol specification. It describes what any compliant implementation must do, independent of programming language. The reference implementation is @samvad-protocol/sdk (TypeScript). The full spec and JSON Schema definitions are in the repository.

Protocol version

Current version: 1.2 The protocol version is declared in the agent card’s protocolVersion field and returned in every /agent/health response. Receivers may reject requests from agents running incompatible versions.

Conformance requirements

A compliant agent implementation must:
  1. Host a valid agent card at GET /.well-known/agent.json
  2. Expose all seven standard endpoints
  3. Validate inbound envelope signatures against the sender’s published public key
  4. Reject envelopes older than 5 minutes or with a seen nonce
  5. Enforce skill trust tiers after signature verification
  6. Validate skill inputs against the declared inputSchema
  7. Return standard error codes for all failure conditions
  8. Retain async task results for at least 1 hour after completion

Sections

Agent Card

The /.well-known/agent.json format — identity, skills, keys, rate limits.

Message Format

The signed request/response envelope shared by all three communication modes.

Communication Modes

Sync, async-with-webhook, and SSE streaming.

Error Codes

Standard error codes and their HTTP status mappings.

Discovery

Self-sovereign discovery and the optional public registry.