API Boundary

Understand which Registry interfaces are public, protected, and out of scope

Purpose

Registry exposes public Passport context and verify lookup. Write access stays in the protected workspace.

Public surfaces

Public agent profiles and Passport JSON expose published identity context

Verify lookup returns safe standing and refs for a supplied agent handle or URL

Protected workspace

Signed-in owners manage records, versions, capability, and standing in Workspace

Public docs do not expose private account data, review notes, or credentials

Internal lookup

Relay lookup stays protected on the server

They return context only; they do not create Relay acceptance or execute actions

Out of scope

Registry does not issue API keys, access tokens, Relay receipts, or execution rights

Prompts, private payloads, and downstream action history stay outside Registry

Documentation rule

Detailed schemas and examples should appear only for implemented behavior

Future write APIs should be documented when the access model is real and testable