Protocol · V0.1
The NOD Protocol is an open standard for declaring your business’s capabilities to AI agents. A single JSON file at /.well-known/nod.json.
Like robots.txt told search engines what to crawl, nod.json tells agents what you can do. Open source. Version 0.1.
AI agents are already making decisions for your customers — where to eat, what to buy, which service to book. But agents can’t work with what they can’t understand.
Right now, most businesses are invisible to them. Business information is locked in human-readable HTML. Transaction capabilities are hidden behind JavaScript. Policies are buried in prose. There is no standard way for a business to say: “here is what I offer, here is how an agent can interact with me.”
The NOD Protocol fixes that. One file. One URL. Machine-readable identity, capabilities, and rules.
A real example — condensed from an e-commerce implementation.
1{2 "$schema": "https://opennod.ai/schema/nod/v1.1.0.json",3 "nod_version": "0.1",4 "generated_at": "2026-03-23T12: 00: 00Z",5 "business": {6 "name": "Acme Running Co.",7 "description": "Premium running shoes and gear for athletes of all levels",8 "type": "ecommerce",9 "categories": ["retail", "sporting_goods", "footwear"],10 "url": "https://acmerunning.com",11 "locations": [{12 "type": "physical",13 "name": "Flagship Store",14 "address": { "street": "123 Main St", "city": "Portland", "state": "OR" },15 "hours": { "timezone": "America/Los_Angeles", "regular": { "monday": { "open": "09: 00", "close": "20: 00" } } }16 }],17 "contacts": {18 "general": { "email": "hello@acmerunning.com", "phone": "+1-800-555-0100" },19 "support": { "email": "support@acmerunning.com" }20 }21 },22 "discovery": {23 "catalog": {24 "type": "product_feed",25 "format": "json",26 "url": "https://acmerunning.com/feeds/products.json",27 "total_items": 125028 },29 "search": {30 "endpoint": "https://acmerunning.com/api/v1/search",31 "method": "GET",32 "parameters": {33 "q": { "type": "string", "required": true },34 "category": { "type": "string", "required": false },35 "min_price": { "type": "number", "required": false }36 }37 },38 "categories": [39 { "name": "Running Shoes", "slug": "running-shoes", "count": 450 },40 { "name": "Apparel", "slug": "apparel", "count": 380 },41 { "name": "Accessories", "slug": "accessories", "count": 420 }42 ]43 },44 "transactions": {45 "purchase": {46 "endpoint": "https://acmerunning.com/api/v1/orders",47 "authentication": "oauth2",48 "methods": ["credit_card", "apple_pay", "google_pay"]49 },50 "policies": {51 "returns": { "window_days": 30, "condition": "unworn, original packaging" },52 "shipping": { "free_threshold": 75.00, "currency": "USD" }53 }54 },55 "agent_policies": {56 "allowed_actions": ["search", "view_product", "add_to_cart", "purchase"],57 "rate_limit": { "requests_per_minute": 60 },58 "requires_attribution": true59 }60}
Key Sections
Seven sections. Three required, four optional. Start with business — the rest is progressive.
Who you are. Name, type, locations, contacts, social links, legal identifiers. The machine-readable version of your About page.
How agents find what you sell. Product feeds, search endpoints, category structures. The catalog an agent can actually browse.
How agents buy from you. Purchase endpoints, payment methods, cart operations, return policies. The commerce layer.
Real-time data. Inventory levels, pricing, hours, reviews. The live signals agents need to make good recommendations.
Post-transaction interfaces. Order tracking, returns, contact channels, webhooks. How agents help after the sale.
The rules. What agents can do, rate limits, authentication requirements, attribution. Your terms of engagement.
Industry-specific data. Loyalty programs, size guides, sustainability certs. Whatever your vertical needs that the core spec doesn't cover.
Create your nod.json
Start with the business section — name, type, URL, contacts. Add discovery and transactions as you go. The spec is progressive: a minimal manifest takes 30 minutes.
Host it at /.well-known/nod.json
Serve it at yourdomain.com/.well-known/nod.json with Content-Type: application/json. Add CORS headers so agents can read it cross-origin.
Validate with the NOD scanner
Run your URL through the NOD Score scanner. It checks all 67 signals across 7 categories and tells you exactly what agents can and can’t see.
That’s it. One file. One URL. Agents can find you now.
How do agents know a business is trustworthy? The NOD Protocol supports machine-verifiable certifications issued by independent authorities. OpenNOD is the first certification authority — but the protocol is designed for a multi-authority ecosystem, like SSL certificate authorities.
The certifications block in nod.json
A certified business includes a certifications array in their nod.json. Each entry names the authority, the score, and a verify URL that any agent can call to confirm the certification is real and current.
Verification flow
1. Agent reads a business’s /.well-known/nod.json
2. Finds a certifications entry with authority: "opennod"
3. Calls the verify URL to confirm: is this certification real? Is it still valid?
4. OpenNOD responds with certified: true or certified: false
5. Agent uses this to decide how much trust to extend to the business
Open authority model
The protocol supports multiple certification authorities — the same way the web has multiple SSL certificate issuers. Any organization can become an authority by implementing the verify API and publishing their authority URL. Agents can decide which authorities they trust.
This isn’t a proprietary format. It’s infrastructure.
The NOD Protocol is open source and Apache 2.0 licensed. Anyone can implement it, extend it, build on it. Like HTTP, like RSS, like robots.txt — the value is in the standard, not the owner. View on GitHub.
75 checks. 7 categories. Your score in 60 seconds.