What is an Agent Registry and why now?

An Agent Registry is the authoritative inventory of every AI agent your company runs—purpose, capabilities, data boundaries, identity, permissions, owners, telemetry endpoints, and lifecycle state. Think of it like a service catalog + identity directory for AI actors.

Why now? Vendors are pushing production‑grade agent platforms (AgentKit, Agentforce 360), and Microsoft is previewing Agent 365 as an enterprise control layer. citeturn0search0turn0search2turn0news12 Without a registry—and policy tied to it—you’ll drift into shadow agents, duplicated automations, and untracked access that create security, compliance, and cost blow‑ups. Microsoft’s recent research underscores the stakes: agents can be steered or fail in surprising ways in realistic markets. citeturn0search4

The core blueprint (vendor‑agnostic)

1. Identity first: Issue a service identity to every agent via your IdP (e.g., Entra ID, Okta). Bind identities to the registry entry and disable shared credentials. Rotate secrets via a vault. Map each agent to a human owner and a security group.
2. Least‑privilege permissions: Express permissions as granular, task‑level scopes (read_orders, create_refund, send_email). Deny by default; allow through an explicit allowlist referenced from the registry.
3. OpenTelemetry everywhere: Instrument agents to emit traces for each step (goal → tool call → external API). Standardize span names and attributes (agent_id, owner_team, pii_class, customer_id_hash). Route to your observability stack for replay and RCA.
4. A2A for cross‑agent calls: Use A2A to exchange goals and invoke actions across vendors with policy and governance. Put trust boundaries in the registry: which external agents are allowed partners, under which scopes, with what SLAs. citeturn0search5
5. Change control + evals: Every registry change (prompt, tools, model, or scope) triggers an evaluation and a canary release. Log artifact hashes and version notes. Use a sandbox and red‑team scenarios before prod rollout, inspired by Microsoft’s synthetic market tests. citeturn0search4
6. Cost + attribution hooks: Capture token/compute costs per agent, and tag spans with cost_center and campaign_id to enable chargeback and ROI analysis. For a deeper plan, see our FinOps playbook. Agent FinOps for 2026.

Design your Agent Registry schema

Start with a simple table or JSON document. You can run it in Postgres today; migrate to a service catalog later.

{
  "agent_id": "support-refunds-v1",
  "display_name": "Support: Refunds Agent",
  "purpose": "Authorize and process refunds under policy",
  "model": { "provider": "vendor", "name": "model-x" },
  "capabilities": ["read_orders", "create_refund", "email_customer"],
  "data_boundaries": ["orders.read", "payments.redacted"],
  "owner": { "team": "CX", "oncall": "@oncall-cx" },
  "identity": { "idp": "Okta", "client_id": "..." },
  "permissions": { "allow": [ {"resource": "refunds", "action": "create", "limit": "$250" } ] },
  "telemetry": { "otel_endpoint": "https://otel-collector" },
  "a2a_trust": [ "shipping-returns-agent" ],
  "risk_class": "medium",
  "eval_suite": ["refund-sanity", "prompt-injection"],
  "release_channel": "canary",
  "version": "1.3.2",
  "last_reviewed": "2025-11-18"
}

Tip: tie risk_class to obligatory controls (e.g., high → human‑in‑the‑loop + dual approval for money movement).

Implement in 30–60 days: a pragmatic rollout

Days 1–10: Inventory and ownership

• Inventory every agent across Zendesk, Shopify, Slack, Gmail, and internal scripts. Assign a human owner and on‑call for each.
• Create the minimal registry (fields above). Enforce: “no registry, no production.”
• Stand up OpenTelemetry Collector and a basic dashboard (success rate, error types, median step latency, PII touches).

Days 11–25: Permissions, tests, and canary

• Convert all agents to least‑privilege scopes and rotate credentials.
• Codify canary channels. On each change, run evals: success paths, adversarial prompts, and policy edge cases. Microsoft’s agent market tests are a great inspiration set. citeturn0search4
• Set SLOs per agent (e.g., 99% path success for critical flows) and wire alerting. For reliability tactics, see our guide: Reliability Engineering for AI Agents in 2026.

Days 26–45: Cross‑vendor interoperability (A2A)

• Adopt A2A for cross‑agent calls where feasible so your Shopify agent can securely hand off to a marketing or logistics agent across vendors with clear SLAs and scopes. citeturn0search5
• Define an allowlist of external agents in the registry (a2a_trust) and enforce pre‑flight policy checks.
• If you’re trialing a platform like AgentKit or Agentforce 360, document how each surfaces registry, policy, and eval hooks. citeturn0search0turn0search2

Days 46–60: Production guardrails and audits

• Require human approval for irreversible actions (refunds over threshold, price changes, vendor payments).
• Schedule quarterly registry reviews; expire unused agents automatically.
• Run a red‑team game day each quarter; see our playbook: Agent Evaluation & Red‑Team Certification.

Concrete example: an agentic support desk

Suppose you launch a returns agent that reads Shopify orders and emails customers. Your registry entry limits refunds to $250 and requires human approval above that. The agent emits OpenTelemetry spans for each step and tags them with customer_id_hash and policy_version for auditability. It can call a translation agent via A2A for multilingual responses, but only agents on the allowlist are permitted. If your company later trials Microsoft’s Agent 365 or Salesforce Agentforce, your registry remains the source of truth while those platforms provide additional control‑plane features. citeturn0news12turn0search2

Want a full buildout? Follow our 30‑day tutorial to ship an agentic support desk across WhatsApp, Email, and Shopify: Ship an Agentic Support Desk in 30 Days.

How this differs from “AI staff” hype

You may see stories about fully AI‑run companies staffed by agents. They’re fun—and instructive—but they also surface failure modes like confabulation and fabricated activity. Governance via a registry, evals, and telemetry is how you avoid those pitfalls when money and customer data are involved. citeturn1search10

Tooling notes and vendor landscape

• Agent platforms: OpenAI AgentKit (builder, evals, connectors), Salesforce Agentforce 360 (builder + Slack integration), Microsoft Agent 365 (early access control plane). Evaluate feature parity against your registry and policy needs. citeturn0search0turn0search2turn0news12
• Interop: A2A is emerging as a cross‑cloud protocol for agent collaboration—plan for it. citeturn0search5
• Observability: OpenTelemetry is the neutral choice to standardize traces/logs/metrics across multi‑vendor agents.

Checklist to keep agent sprawl in check

• “No registry, no prod” policy is enforced.
• Every agent has a unique identity and owner.
• Permissions are least‑privilege and auditable.
• OpenTelemetry spans exist for every step; alerts map to SLOs.
• A2A trust list and SLAs are defined for cross‑agent calls.
• Evals + red‑teaming run before every release; canaries by default.
• Costs and ROI are tagged for chargeback and pruning.