Skip to content

feat: Add DNS-AID discovery utilities for multi-agent systems#7205

Open
Ingmar Van Glabbeek (IngmarVG-IB) wants to merge 4 commits intolangchain-ai:mainfrom
IngmarVG-IB:feat/dns-aid-discovery
Open

feat: Add DNS-AID discovery utilities for multi-agent systems#7205
Ingmar Van Glabbeek (IngmarVG-IB) wants to merge 4 commits intolangchain-ai:mainfrom
IngmarVG-IB:feat/dns-aid-discovery

Conversation

@IngmarVG-IB
Copy link
Copy Markdown

@IngmarVG-IB Ingmar Van Glabbeek (IngmarVG-IB) commented Mar 17, 2026
edited
Loading

Summary

  • Adds langgraph/prebuilt/dns_aid.py with DNS-AID discovery utilities for multi-agent systems
  • discover_tools() / discover_agents() query DNS-AID records and create LangChain tools
  • publish_graph() / unpublish_graph() publish compiled LangGraphs as discoverable agents
  • Supports protocol filtering, DNSSEC validation, LangServe and A2A invocation

New: DNS-AID resolver node

  • langgraph/prebuilt/dns_aid_node.py: DnsAidResolverNode — a LangGraph node for capability-filtered agent dispatch
  • Discovers agents via DNS-AID, filters by required capabilities, ranks specialists over generalists
  • TTL-aware discovery caching (configurable, default 5 min)
  • Auto-dispatches queries to best-matching agent via LangServe /invoke or A2A message/send
  • resolve_and_dispatch() convenience function for one-shot usage
  • Integrates with StateGraph via MessagesState pattern

Test plan

  • 9 unit tests for DNS-AID discovery utilities
  • 13 unit tests for resolver node (capability filtering, ranking, caching, dispatch, error handling)
  • Integration test: publish graph → discover via resolver node → invoke

@IngmarVG-IB @claude
feat: Add DNS-AID discovery utilities for multi-agent systems
dd693c8 
Adds dns_aid module to langgraph-prebuilt enabling dynamic agent
discovery and publishing via DNS using the DNS-AID protocol
(SVCB + TXT records).

Key functions:
- discover_tools(): find agents via DNS and create invocable tools
- discover_agents(): get agent metadata from DNS-AID records
- publish_graph() / unpublish_graph(): register/remove graphs in DNS

Enables multi-agent LangGraph systems where agents discover
collaborators at runtime rather than hardcoding references.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@IngmarVG-IB @claude
feat: add DNS-AID resolver node with capability-filtered dispatch
cc207aa 
LangGraph node that discovers agents via DNS-AID, filters by required
capabilities, ranks specialists over generalists, and dispatches queries.
Includes TTL-aware discovery caching and support for LangServe/A2A endpoints.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Mar 24, 2026

This PR has been automatically closed because it does not link to an approved issue.

All external contributions must reference an approved issue or discussion. Please:

  1. Find or open an issue describing the change
  2. Wait for a maintainer to approve and assign you
  3. Add Fixes #<issue_number>, Closes #<issue_number>, or Resolves #<issue_number> to your PR description and the PR will be reopened automatically

Maintainers: reopen this PR or remove the missing-issue-link label to bypass this check.

@github-actions github-actions bot closed this Mar 24, 2026
@mdrxy Mason Daugherty (mdrxy) added the bypass-issue-check Maintainer override: skip issue-link enforcement label Mar 24, 2026
corridor-security[bot]
corridor-security bot reviewed Mar 24, 2026
View reviewed changes
Copy link
Copy Markdown

@corridor-security corridor-security bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Security Issues\n- Insecure transport selection (cleartext HTTP) due to port-based scheme logic\nBoth the DNS-AID tool creation and resolver node select the HTTP/HTTPS scheme based solely on whether the port equals 443, ignoring the declared protocol from discovery. If an agent is published as HTTPS on a non-standard port (e.g., 8443), these functions will connect over HTTP in cleartext, exposing user queries and responses to interception or manipulation. This is a realistic risk when integrating third-party/discovered agents and can lead to sensitive data exposure.\n\nRecommendations\n- Derive the scheme from the discovered protocol (e.g., 'https' means HTTPS regardless of port), not the port number.

@IngmarVG-IB
fix: address review issues in DNS-AID discovery module
5e71b9d 
- Derive HTTP/HTTPS scheme from discovered protocol instead of port
  number, preventing cleartext connections to HTTPS agents on non-443 ports
- Make dns_aid imports lazy in __init__.py to avoid breaking
  langgraph-prebuilt when dns-aid is not installed
- Use consistent 'endpoint' field name across dns_aid.py and
  dns_aid_node.py (was 'target_host' in node module)
- Log exceptions at debug level instead of silently swallowing them
- Export DnsAidResolverNode, ResolverResult, resolve_and_dispatch from
  __init__.py
- Add dns-aid and httpx as optional dependencies in pyproject.toml
- Fix docstring to show correct StateGraph usage with custom state type
@IngmarVG-IB
Merge branch 'main' into feat/dns-aid-discovery
9c37861
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@corridor-security corridor-security[bot] corridor-security[bot] left review comments

Assignees

No one assigned

Labels

bypass-issue-check Maintainer override: skip issue-link enforcement external

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@IngmarVG-IB @mdrxy