Categorical Agent Registry (CAR)
The Categorical Agent Registry is the universal certification and classification system for autonomous AI agents. CAR provides a standardized identifier format, domain taxonomy, capability levels, and certification tiers that enable agents to be registered, discovered, and trusted across organizational boundaries.
The Problem
As AI agents become autonomous actors in enterprise systems, organizations face critical gaps:
- Discovery: How do you find an agent with specific capabilities?
- Trust: How do you know an agent is safe to grant access?
- Routing: How do you direct tasks to the right agent?
- Governance: How do you enforce regulatory compliance?
The Solution: CAR String
CAR provides a compact, machine-parseable identifier that encodes an agent's identity, capabilities, and version:
a3i.vorion.banquet-advisor:FHC-L3@1.2.0
│ │ │ │ │ └── Version (semver)
│ │ │ │ └── Capability Level (Execute)
│ │ │ └── Domains (Finance + Hospitality + Communications)
│ │ └── Agent Class
│ └── Organization
└── Registry
Key design decision: Trust tier is not part of the CAR string — it is computed at runtime from certification status, behavioral history, and deployment context.
Effective Autonomy = MIN(CAR_Certification, Vorion_Runtime_Score)
Core Components
Capability Domains (10 codes)
| Code | Domain | Description |
|---|---|---|
| A | Administration | System admin, user management |
| B | Business | Business logic, workflows, approvals |
| C | Communications | Email, messaging, notifications |
| D | Data | Data processing, analytics, reporting |
| E | External | Third-party integrations, APIs |
| F | Finance | Financial operations, payments, accounting |
| G | Governance | Policy, compliance, oversight |
| H | Hospitality | Venue, events, catering management |
| I | Infrastructure | Compute, storage, networking |
| S | Security | Authentication, authorization, audit |
Capability Levels (8 levels)
| Level | Name | Approval Model |
|---|---|---|
| L0 | Observe | Every action (read-only) |
| L1 | Advise | Every action (recommendations) |
| L2 | Draft | Before commit (staging) |
| L3 | Execute | Per action (human approves) |
| L4 | Autonomous | Exception-based (policy bounds) |
| L5 | Trusted | Minimal oversight |
| L6 | Certified | Audit-only |
| L7 | Sovereign | None |
Certification Tiers (8 tiers)
| Tier | Name | Score Range | Description |
|---|---|---|---|
| T0 | Sandbox | 0–199 | No external verification |
| T1 | Observed | 200–349 | Identity registered, monitored |
| T2 | Provisional | 350–499 | Initial capabilities verified |
| T3 | Monitored | 500–649 | Continuous monitoring active |
| T4 | Standard | 650–799 | Standard certification achieved |
| T5 | Trusted | 800–875 | Full trust established |
| T6 | Certified | 876–950 | Third-party audit completed |
| T7 | Autonomous | 951–1000 | Highest assurance level |
Three-Layer Architecture
| Layer | Name | Purpose |
|---|---|---|
| 1 | Identity & Trust Primitives | WHO (DIDs, OIDC) + WHAT (Domains/Levels/Tiers) |
| 2 | Capability Certification & Extensions | What agent can do, how verified |
| 3 | Semantic Governance & Runtime Assurance | Behavioral monitoring, drift detection |
Relationship to ACI
CAR is the registry and certification layer built on top of the ACI specification. While ACI defines the identifier format and protocol standards, CAR adds:
- Runtime trust scoring (behavioral + certification + context)
- Registry API for agent discovery and management
- Certification workflow and attestation management
- Client SDKs (TypeScript, Python) and CLI tools
Ecosystem
| Project | Description | Link |
|---|---|---|
| Vorion | First validated CAR implementation | vorion.org |
| CAR Spec | Categorical Agent Registry standard | npmjs.com/@vorionsys/car-spec |
| BASIS | Behavioral AI Safety & Integrity Standard | basis.vorion.org |
| ATSF | Agentic Trust Scoring Framework (46 layers) | atsf.vorion.org |
| Cognigate | AI governance gateway & policy engine | cognigate.dev |
| AgentAnchor | Agent identity & attestation registry | agentanchorai.com |