What I Found

We already have a tall stack of FOSS standards. SPDX/REUSE tell you what is in the software. ISO/IEC 5230 and 18974 (OpenChain) tell you whether the consuming organisation has a credible compliance and security program. CHAOSS measures project health. OpenSSF Criticality Score and Census II rank how important a dependency is. Tidelift, Open Collective, GitHub Sponsors, Sovereign Tech Fund, NLnet, Drips, Gitcoin Quadratic Funding, Optimism RetroPGF, ecosyste.ms Funds, Open Source Pledge all move money. Across all of these, not one defines a fair share, a disclosure schema, or a binding between dependency identifiers and funding flows [Source 1, 6, 7]. CHAOSS is closest — they have a Funding Working Group with a 2025 Practitioner Guide — but the guide explicitly states that “no single universal framework exists” and recommends customised approaches per funder.

The vision of million-agent networks is compelling, but how do you actually build the discovery infrastructure to make it real? This article bridges the gap between theory and implementation, exploring practical patterns emerging from registry experiments, the Model Context Protocol (MCP) revolution, and production deployments.

We’ll examine four concrete approaches: DNS-based discovery, registry APIs, well-known URLs, and dynamic tool discovery through MCP. You’ll see how MCP acts as the “USB-C port for AI applications,” enabling runtime capability enumeration without hardcoded integrations. We’ll also tackle critical production challenges: the multiple context problem that fragments agent memory, security patterns for enterprise deployment, and the architectural decisions that determine whether your agent network scales or stalls at 1,000 agents.

This is a discovery problem. We solved it for websites with DNS, for microservices with service meshes. For agents, we haven’t. Whoever does owns the next layer: an Agent Registration System, an Agent Naming Service, an Agent Gateway.

The interesting threshold sits at 10,000 agents. Below it, networks behave linearly and you can muscle through with manual integration. Above it, they self-organise. GPT Store crossed that line in January 2024 and growth went exponential — same platform, different physics.

Core principles differentiate agent and human design

Agent-first API design prioritizes machine interpretability over developer convenience. Where human-focused APIs tolerate ambiguity through context and documentation, agent-first interfaces demand unambiguous semantic meaning in every field, consistent patterns across all endpoints, and self-describing capabilities through structured metadata. The shift represents moving from flexible, multi-path approaches that humans navigate intuitively to single, deterministic paths that machines can reliably traverse.

Beyond the Code: The Human Infrastructure of Successful Projects

The Apache Software Foundation’s enduring principle “Community Over Code” represents more than philosophy—it’s a survival strategy backed by decades of evidence. Analysis from the Linux Foundation reveals that 23 of 30 highest-velocity open source projects are backed by either foundations or corporations, providing what researchers call the “janitor functions” necessary for large-scale project management: triaging bugs, answering user questions, handling legal issues, and maintaining long-term stability.

Analysis of the sovereign tech fund proposal

The proposed European Sovereign Tech Fund addresses a documented market failure. Open source software generates between €65-95 billion annually for the EU economy, yet one-third of maintainers operate without financial compensation. The Log4Shell vulnerability demonstrated our digital economy’s dependence on overworked volunteers who maintain critical infrastructure code.

The debate over AI-generated code in open source projects has reached a fever pitch. While some Open Source projects like NetBSD and Gentoo have implemented restrictive policies against AI-generated contributions, and projects like Curl have banned AI-generated security reports due to floods of low-quality submissions, the conversation often misses a crucial point: this isn’t about demonizing AI technology. It’s about applying the same critical thinking we’ve always used to evaluate any tool that affects code quality.