| Internet-Draft | FAFA | June 2026 |
| Wolfe | Expires 31 December 2026 | [Page] |
This document specifies the FAF Agent Format (.fafa): a declarative,
YAML-based format for an agent's description, the capabilities it
exposes, and the endpoints through which it is reached. A .fafa
document describes an agent; it never instructs one.¶
.fafa (application/vnd.fafa+yaml, IANA-registered June 2026 in the
vendor tree) is the agent member of the FAF family, alongside .faf
(project context) and .fafm (agent memory) [FAF-FORMAT]. It
extends .faf additively: a .faf-only consumer reads a .fafa
document without breaking.¶
.fafa is a format, not a protocol. It composes with agent-
interaction protocols at the document layer — a protocol carries,
references, or resolves a .fafa document; the document declares the
agent the protocol acts upon. This document documents the existing
IANA vendor-tree registration (application/vnd.fafa+yaml). No
standards-tree registration is requested.¶
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.¶
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.¶
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."¶
This Internet-Draft will expire on 31 December 2026.¶
Copyright (c) 2026 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document.¶
Agent-interaction work consistently defines an object model for agent identity, capability, and endpoint, and then defers the serialization to "some JSON" or an unspecified schema. The object model is specified repeatedly; the on-the-wire, in-the-registry, in-the-repository format — the document an agent publishes about itself — is left unspecified.¶
.fafa specifies that document: a vendor-neutral, YAML-native
declaration of what an agent is, what it can do, and how it is
reached. It defines the document those mechanisms carry; it does not
define discovery, transport, authorization, or orchestration.¶
.fafa is complementary by design. It composes with existing and
future agent-interaction protocols and competes with none of them. A
protocol that needs an agent-identity-and-capability document MAY use
.fafa as that document without adopting any other part of the FAF
family.¶
Declarative, never executable — a .fafa document describes an
agent; it never instructs, authorizes, or executes one.¶
Vendor-neutral — no dependency on any single agent-interaction protocol.¶
Composable — sits at the format layer beneath protocols, not in competition with them.¶
Forward-compatible — unknown fields are preserved as extensions; documents remain valid across minor revisions.¶
Family-coherent — extends .faf [FAF-FORMAT]; shares YAML 1.2
[RFC9512] as base syntax and MIT-licensed distribution.¶
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.¶
The following terms are used throughout this document:¶
Agent — An autonomous or semi-autonomous software entity that exposes capabilities and accepts invocation.¶
Capability — A named, addressable function the agent can perform.¶
Endpoint — A reachable address plus protocol binding for invoking the agent.¶
Attachment — Optional infrastructure context within which the agent operates (gateway, domain, policy scope).¶
Provenance — Optional context substrate the agent reads from,
most commonly a .faf reference.¶
A .fafa file MUST be a valid YAML 1.2 document [RFC9512] [YAML]. It is
declarative: it carries identity, capability declarations, and
endpoint references, and MUST NOT contain executable content,
code, or instructions to a model.¶
The agent format is identified by application/vnd.fafa+yaml,
registered in the IANA vendor tree on 2026-06-26 [IANA-FAFA]. This
document documents that vendor-tree registration. No standards-tree
registration is requested. The canonical specification is
[AGENT-FORMAT]. The file extension is .fafa.¶
A .fafa document is a single YAML mapping. Example:¶
version: "1.0"
agent: # REQUIRED -- identity
name: faf-agent
id: "did:web:faf.one:agent"
vendor: WolfeJAM
version: "1.0.0"
description: "Cites the spec or refuses out of scope"
capabilities: # REQUIRED -- MAY be empty
- name: validate
type: tool
description: "Validate .faf documents against the spec"
tags: [validation, faf, spec]
endpoints: # REQUIRED -- MUST be non-empty
- protocol: mcp
transport: stdio
location: faf-agent-mcp
provenance: # OPTIONAL -- context substrate
faf: "./project.faf"
spec: "application/vnd.faf+yaml"
¶
Required top-level fields: version; agent (with at least
name and id); capabilities (array, MAY be empty); endpoints
(array, MUST be non-empty).¶
Optional top-level fields: attachment, provenance,
signature, metadata (free-form vendor extensions).¶
Declares identity.¶
Each capability is a structured object.¶
Required: name (unique within the document); type (tool,
resource, prompt, event, or other).¶
Optional: description, input_schema, output_schema,
tags, apophatic (boolean; if true, the capability refuses
out-of-scope invocation rather than attempting best effort),
cites_spec (the format or specification the capability operates
against).¶
The capabilities array MAY be empty. Declaration is not
authorization (see Section 5).¶
Each endpoint declares a protocol binding.¶
Required: protocol (mcp, a2a, grpc, http, or other);
transport (stdio, http, websocket, quic); location
(reachable address — URI, package name, or transport-specific
locator).¶
Optional: version, auth, region, health.¶
Multiple endpoints MAY declare the same protocol with different transports.¶
Describes the infrastructure context within which the agent operates,
without requiring any particular gateway protocol. Optional fields:
gateway, domain, policy, attachment_point.¶
Cites the context substrate the agent operates from — the FAF-family
integration point. A .fafa agent SHOULD declare which .faf it
reads. Optional fields: faf (reference to a .faf document), fafm
(reference to a .fafm document), spec (media type of the
substrate), version.¶
Consumers MUST use YAML safe-load (no custom type construction).¶
Consumers MUST treat unknown top-level fields, and unknown
subfields within agent, capabilities, and endpoints, as
forward-compatible extensions.¶
Consumers SHOULD use UTF-8 encoding and SHOULD keep documents within common registry storage budgets (RECOMMENDED: < 64 KB).¶
Standard filename: agent.fafa (alongside project.faf at the
project layer), or served via the /.well-known/faf discovery
anchor defined in [FAF-FORMAT].¶
File extension: .fafa. Encoding: UTF-8.¶
Multiple .fafa documents per scope are permitted, distinguished by
agent.id.¶
The top-level version field declares the version of this
specification to which the document conforms. Versioning is semantic:
1.x revisions are backward-compatible; a new major version is
reserved for breaking changes made only with strong cause. Consumers
MUST accept documents whose version shares their supported major
version, and MUST apply forward-compatible extension handling for
unknown fields. This separates the agent's version (agent.version)
from the format's version (top-level version), so an agent may
revise independently of the specification.¶
.fafa is the agent member of the FAF family [FAF-FORMAT]:¶
.faf -> Context Layer (project IS -- static, read once) .fafm -> Memory Layer (agent REMEMBERS -- mutating) .fafa -> Agent Format (agent IS -- declarative identity)¶
.fafa is format-level, not protocol-level. It composes with — does
not replace — agent-interaction protocols: a protocol carries,
references, or resolves a .fafa document; the document declares the
agent the protocol acts upon.¶
The .fafa schema extends application/vnd.faf+yaml additively. A
consumer that understands only .faf parses a .fafa file as valid
YAML and extracts top-level identity; a .fafa-aware consumer gains
the full agent declaration. A FAF-enabled origin MAY publish its
.fafa document for discovery via the /.well-known/faf URI defined
in [FAF-FORMAT].¶
This section addresses the IANA media-type security-considerations
checklist for application/vnd.fafa+yaml.¶
None. A .fafa document is YAML data with no scripts, code, or active
markup. Implementations MUST treat .fafa content as data, never
as instructions or commands. Declaration is not authorization: an
implementation MUST NOT invoke or auto-execute a capability solely
because it is declared.¶
.fafa is built on YAML 1.2; the YAML security considerations of
[RFC9512] apply. Parsers MUST disable custom type construction
(e.g., !!python/object, !ruby/object), MUST enforce
alias-expansion limits to mitigate entity-expansion ("billion laughs")
attacks, and MUST enforce nesting-depth limits to prevent stack
overflow.¶
.fafa documents originate from agents and third parties and MUST
be treated as untrusted input. Consumers MUST NOT elevate .fafa
content to "system" or "developer" tiers within prompt hierarchies;
it occupies the user-data tier. Capability declarations are a
documented vector for over-trust and prompt injection.¶
Identity claims, capability declarations, and endpoints are
self-asserted. Consumers MUST treat endpoints as untrusted until
verified (against signature where present), MUST scope capability
consumption to the declaring agent's verified identity, and MUST
apply least privilege when acting on declared capabilities.¶
.fafa documents MUST NOT contain secrets, API keys, or
credentials; MUST NOT contain user-personal data (use .fafm for
memory of that kind); and MUST NOT contain executable code.¶
The agent format is already registered in the IANA "Media Types" registry, vendor tree:¶
application/vnd.fafa+yaml — registered 2026-06-26 [IANA-FAFA].
File extension .fafa. Published specification: [AGENT-FORMAT].¶
This document documents that registration. No new media-type registration is requested.¶
The vendor-tree registration remains valid. This document does not request promotion to the standards tree.¶