How Nacos 3.2 Transforms into an Enterprise AI Governance Platform

AI Registry

Why unify AI assets?

Discovery difficulty ：Teams cannot easily locate reusable Prompts or Skills, leading to duplicated effort.

Change difficulty ：Modifying a Prompt requires redeploying the application, resulting in low efficiency.

Security difficulty ：Skills may be maliciously injected and Prompts may leak sensitive information.

Unified model and registration process

Developers submit resources via the Nacos console or SDK.

Nacos Server validates format and performs security scanning.

Validated resources are persisted in MySQL or PostgreSQL and a version number is generated.

Clients receive real‑time change notifications through long‑polling or gRPC streams.

Client pull principle mirrors Nacos configuration long‑polling: the AI Registry client calls /v1/ai/listen; the server returns immediately when a change occurs, allowing incremental fetching of the new version. This enables second‑level propagation for frequently changed assets such as Prompts.

Dynamic Prompt hot‑update example

// Client code example
@NacosAiResource(dataId = "order-prompt", group = "AI_PROMPT", autoRefreshed = true)
private String orderPrompt;

public String buildOrderStatusQuery(String orderId) {
    // When the Prompt is modified in the Nacos console, orderPrompt updates automatically without restart
    return String.format(orderPrompt, orderId);
}

The implementation relies on Nacos Listener and registers a change callback via addListener so that Prompt updates are reloaded on the fly.

MCP Registry

Pain points of traditional MCP migration

Writing JSON‑RPC handling logic for the MCP protocol.

Defining JSON Schemas for each tool’s input and output.

Deploying additional MCP Server instances.

These steps lead to high cost, long cycles, and error‑prone work.

Nacos MCP Registry + Higress AI gateway

Solution uses a “declarative conversion” approach. Core design:

MCP Registry stores each tool’s endpoint URL, input‑parameter mapping, and output‑format conversion template.

Higress AI gateway embeds an MCP protocol parser and HTTP adapter to perform runtime protocol conversion.

Dynamic metadata sync maintains a gRPC long‑connection between Nacos and Higress to sync tool additions, deletions, and updates without restarting the gateway.

Protocol conversion subtlety

The MCP protocol expects a ToolResult type containing a content field. Higress extracts key fields from the legacy HTTP body and assembles a ToolResult according to a configured template.

Example conversion:

// HTTP API response
{
  "code": 0,
  "data": {
    "status": "PAID",
    "amount": 99.9
  }
}

// Higress‑converted MCP ToolResult
{
  "content": [{
    "type": "text",
    "text": "订单状态：PAID，金额：99.9"
  }]
}

This design reduces integration time for existing APIs from weeks to hours.

Skill Security System

Security risks of Skills

A 2026 security report indicated that public Skill marketplaces contain many malicious Skills capable of stealing environment variables, SSH keys, and other sensitive data. Private Skills also face poisoning risks.

Three‑layer sandbox

Static scanning ：Built‑in rule engine scans for over ten risk categories (hard‑coded passwords, deserialization flaws, out‑of‑bounds file operations, etc.) and blocks publishing if violations are found.

Signature lock ：Skills are signed with HMAC at publish time; the Agent verifies the signature at runtime to prevent tampering.

Sandbox isolation ：Skills run in isolated Docker containers or under Java SecurityManager, limiting access to authorized resources only.

Least‑privilege ：Each Skill receives only the permissions it needs (e.g., a weather‑query Skill can only call the weather API, not read the file system).

Nacos Copilot and Ecosystem Integration

Copilot intelligent agent architecture

Prompt optimization suggestions ：Analyzes user‑written Prompts, identifies structural issues (missing role definition, insufficient examples), and generates improved versions.

Agent code generation ：Generates skeleton code for Spring AI Alibaba or AgentScope based on user intent.

A2A protocol and OpenClaw integration

Nacos 3.2 supports the A2A (Agent‑to‑Agent) protocol, enabling automatic discovery and collaborative task execution among Agents. Each Agent registers its capabilities (task types it can handle, required Skills) in Nacos; other Agents can discover and delegate tasks dynamically.

OpenClaw is deeply integrated: it can search for Skills in Nacos and install them on demand, achieving unified sharing and distribution of internal Skills.

Summary of Core Capabilities

AI Registry ：Unified metadata model + real‑time long‑polling push; solves scattered assets and change difficulty.

MCP Registry ：Declarative protocol conversion + automatic adaptation; solves high cost of integrating legacy APIs with AI.

Skill Security System ：Three‑layer sandbox, signature lock, static scanning; mitigates malicious Skill poisoning risk.

Ecosystem Integration ：A2A protocol + OpenClaw adaptation; addresses agent silos and Skill reuse difficulty.