The Secure Nervous System for Cloud-Native Agent Ecosystems - Identity, Trust, Reward, Governance
Project description
AgentMesh
The Secure Nervous System for Cloud-Native Agent Ecosystems
Identity · Trust · Reward · Governance
⭐ If this project helps you, please star it! It helps others discover AgentMesh.
🔗 Part of the Agent Ecosystem — Works seamlessly with Agent-OS for IATP trust protocol
Overview
AgentMesh is the first platform purpose-built for the Governed Agent Mesh — the cloud-native, multi-vendor network of AI agents that will define enterprise operations.
The protocols exist (A2A, MCP, IATP). The agents are shipping. The trust layer does not. AgentMesh fills that gap.
┌─────────────────────────────────────────────────────────────────────────────┐
│ AGENTMESH ARCHITECTURE │
├─────────────────────────────────────────────────────────────────────────────┤
│ LAYER 4 │ Reward & Learning Engine │
│ │ Per-agent trust scores · Multi-dimensional rewards · Adaptive │
├───────────┼─────────────────────────────────────────────────────────────────┤
│ LAYER 3 │ Governance & Compliance Plane │
│ │ Policy engine · EU AI Act / SOC2 / HIPAA · Merkle audit logs │
├───────────┼─────────────────────────────────────────────────────────────────┤
│ LAYER 2 │ Trust & Protocol Bridge │
│ │ A2A · MCP · IATP · Protocol translation · Capability scoping │
├───────────┼─────────────────────────────────────────────────────────────────┤
│ LAYER 1 │ Identity & Zero-Trust Core │
│ │ Agent CA · Ephemeral creds · SPIFFE/SVID · Human sponsors │
└───────────┴─────────────────────────────────────────────────────────────────┘
Why AgentMesh?
The Problem
- 40:1 to 100:1 — Non-human identities now outnumber human identities in enterprises
- AI agents are the fastest-growing, least-governed identity category
- A2A gives agents a common language. MCP gives agents tools. Neither enforces trust.
The Solution
AgentMesh provides:
| Capability | Description |
|---|---|
| Agent Identity | First-class identity with human sponsor accountability |
| Ephemeral Credentials | 15-minute TTL by default, auto-rotation |
| Protocol Bridge | Native A2A, MCP, IATP with unified trust model |
| Reward Engine | Continuous behavioral scoring, not static rules |
| Compliance Automation | EU AI Act, SOC 2, HIPAA, GDPR mapping |
Quick Start
Option 1: Secure Claude Desktop (Recommended)
# Install AgentMesh
pip install agentmesh-platform
# Set up Claude Desktop to use AgentMesh governance
agentmesh init-integration --claude
# Restart Claude Desktop - all MCP tools are now secured!
Claude will now route tool calls through AgentMesh for policy enforcement and trust scoring.
Option 2: Create a Governed Agent
# Initialize a governed agent in 30 seconds
agentmesh init --name my-agent --sponsor alice@company.com
# Register with the mesh
agentmesh register
# Start with governance enabled
agentmesh run
Option 3: Wrap Any MCP Server
# Proxy any MCP server with governance
agentmesh proxy --target npx --target -y \
--target @modelcontextprotocol/server-filesystem \
--target /path/to/directory
# Use strict policy (blocks writes/deletes)
agentmesh proxy --policy strict --target <your-mcp-server>
Installation
pip install agentmesh-platform
Or install with extra dependencies:
pip install agentmesh-platform[server] # FastAPI server
pip install agentmesh-platform[dev] # Development tools
Or from source:
git clone https://github.com/imran-siddique/agent-mesh.git
cd agent-mesh
pip install -e .
Examples & Integrations
Real-world examples to get started quickly:
| Example | Use Case | Key Features |
|---|---|---|
| MCP Tool Server | Secure MCP server with governance | Rate limiting, output sanitization, audit logs |
| Multi-Agent Customer Service | Customer support automation | Delegation chains, trust handshakes, A2A |
| Healthcare HIPAA | HIPAA-compliant data analysis | Compliance automation, PHI protection, Merkle audit |
| GitHub PR Review | Code review agent | Output policies, shadow mode, trust decay |
Framework integrations:
- Claude Desktop - Secure MCP tools with one command
- LangChain Integration - Secure LangChain agents with policies
- CrewAI Integration - Multi-agent crew governance
The AgentMesh Proxy: "SSL for AI Agents"
Problem: AI agents like Claude Desktop have unfettered access to your filesystem, database, and APIs through MCP servers. One hallucination could be catastrophic.
Solution: AgentMesh acts as a transparent governance proxy:
# Before: Unsafe direct access
{
"mcpServers": {
"filesystem": {
"command": "npx",
"args": ["-y", "@modelcontextprotocol/server-filesystem", "/Users/me"]
}
}
}
# After: Protected by AgentMesh
{
"mcpServers": {
"filesystem": {
"command": "agentmesh",
"args": [
"proxy", "--policy", "strict",
"--target", "npx", "--target", "-y",
"--target", "@modelcontextprotocol/server-filesystem",
"--target", "/Users/me"
]
}
}
}
What you get:
- 🔒 Policy Enforcement - Block dangerous operations before they execute
- 📊 Trust Scoring - Behavioral monitoring (800-1000 scale)
- 📝 Audit Logs - Tamper-evident record of every action
- ✅ Verification Footers - Visual confirmation in outputs
Set it up in 10 seconds:
agentmesh init-integration --claude
# Restart Claude Desktop - done!
Learn more: Claude Desktop Integration Guide
Core Concepts
1. Agent Identity
Every agent gets a unique, cryptographically bound identity:
from agentmesh import AgentIdentity
identity = AgentIdentity.create(
name="data-analyst-agent",
sponsor="alice@company.com", # Human accountability
capabilities=["read:data", "write:reports"],
)
2. Delegation Chains
Agents can delegate to sub-agents, but scope always narrows:
# Parent agent delegates to child
child_identity = parent_identity.delegate(
name="summarizer-subagent",
capabilities=["read:data"], # Subset of parent's capabilities
)
3. Trust Handshakes (IATP)
Cross-agent communication requires trust verification:
from agentmesh import TrustBridge
bridge = TrustBridge()
# Verify peer before communication
verification = await bridge.verify_peer(
peer_id="did:mesh:other-agent",
required_trust_score=700,
)
if verification.verified:
await bridge.send_message(peer_id, message)
4. Reward Scoring
Every action is scored across multiple dimensions:
from agentmesh import RewardEngine
engine = RewardEngine()
# Actions are automatically scored
score = engine.get_agent_score("did:mesh:my-agent")
# {
# "total": 847,
# "dimensions": {
# "policy_compliance": 95,
# "resource_efficiency": 82,
# "output_quality": 88,
# "security_posture": 91,
# "collaboration_health": 84
# }
# }
5. Policy Engine
Declarative governance policies:
# policy.yaml
version: "1.0"
agent: "data-analyst-agent"
rules:
- name: "no-pii-export"
condition: "action.type == 'export' and data.contains_pii"
action: "deny"
- name: "rate-limit-api"
condition: "action.type == 'api_call'"
limit: "100/hour"
- name: "require-approval-for-delete"
condition: "action.type == 'delete'"
action: "require_approval"
approvers: ["security-team"]
Protocol Support
| Protocol | Status | Description |
|---|---|---|
| A2A | ✅ Alpha | Agent-to-agent coordination |
| MCP | ✅ Alpha | Tool and resource binding |
| IATP | ✅ Alpha | Trust handshakes (via agent-os) |
| ACP | 🔄 Beta | Lightweight messaging |
| SPIFFE | ✅ Alpha | Workload identity |
Architecture
agentmesh/
├── identity/ # Layer 1: Identity & Zero-Trust
│ ├── agent_id.py # Agent identity management
│ ├── credentials.py # Ephemeral credential issuance
│ ├── delegation.py # Delegation chains
│ └── spiffe.py # SPIFFE/SVID integration
│
├── trust/ # Layer 2: Trust & Protocol Bridge
│ ├── bridge.py # Protocol bridge
│ ├── handshake.py # Trust handshakes
│ └── capability.py # Capability scoping
│
├── protocols/ # Protocol implementations
│ ├── a2a/ # A2A support
│ ├── mcp/ # MCP support
│ └── iatp/ # IATP (uses agent-os)
│
├── governance/ # Layer 3: Governance & Compliance
│ ├── policy.py # Policy engine
│ ├── compliance.py # Compliance mapping
│ ├── audit.py # Merkle-chained audit logs
│ └── shadow.py # Shadow mode
│
├── reward/ # Layer 4: Reward & Learning
│ ├── engine.py # Reward engine
│ ├── scoring.py # Multi-dimensional scoring
│ └── learning.py # Adaptive learning
│
├── cli/ # Command-line interface
└── sdk/ # Python SDK
Compliance
AgentMesh automates compliance mapping for:
- EU AI Act — Risk classification, transparency requirements
- SOC 2 — Security, availability, processing integrity
- HIPAA — PHI handling, audit controls
- GDPR — Data processing, consent, right to explanation
from agentmesh import ComplianceEngine
compliance = ComplianceEngine(frameworks=["soc2", "hipaa"])
# Generate compliance report
report = compliance.generate_report(
agent_id="did:mesh:healthcare-agent",
period="2026-01",
)
Threat Model
| Threat | AgentMesh Defense |
|---|---|
| Prompt Injection | Tool output sanitized at Protocol Bridge |
| Credential Theft | 15-min TTL, instant revocation on trust breach |
| Shadow Agents | Unregistered agents blocked at network layer |
| Delegation Escalation | Chains are cryptographically narrowing |
| Cascade Failure | Per-agent trust scoring isolates blast radius |
Roadmap
| Phase | Timeline | Deliverables |
|---|---|---|
| Alpha | Q1 2026 | Identity Core, A2A+MCP bridge, CLI |
| Beta | Q2 2026 | IATP handshake, Reward Engine v1, Dashboard |
| GA | Q3 2026 | Compliance automation, Enterprise features |
| Scale | Q4 2026 | Agent Marketplace, Partner integrations |
Dependencies
AgentMesh builds on:
- agent-os — IATP protocol, Nexus trust exchange
- SPIFFE/SPIRE — Workload identity
- OpenTelemetry — Observability
Contributing
See CONTRIBUTING.md for guidelines.
License
Apache 2.0 — See LICENSE for details.
Agents shouldn't be islands. But they also shouldn't be ungoverned.
AgentMesh is the trust layer that makes the mesh safe enough to scale.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
agentmesh_platform-1.0.0a3.tar.gz
(132.2 kB
view details)
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file agentmesh_platform-1.0.0a3.tar.gz.
File metadata
- Download URL: agentmesh_platform-1.0.0a3.tar.gz
- Upload date:
- Size: 132.2 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.13.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
e4bb9a4caabd47876fdf1ad8ce65bf6c503d0355f367178d24deadd2851f39f9
|
|
| MD5 |
da408f6633504f7af17b4befd44f70ad
|
|
| BLAKE2b-256 |
20dbcff38d7e104f05c8290795a8ac7916a7c6eb6edb2e3a770deb1382bf1c35
|
File details
Details for the file agentmesh_platform-1.0.0a3-py3-none-any.whl.
File metadata
- Download URL: agentmesh_platform-1.0.0a3-py3-none-any.whl
- Upload date:
- Size: 107.8 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.13.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
5772a60124b72a9d620781c036a866c29fc371efa2b36e6cebd621eaef696766
|
|
| MD5 |
93b1cc23d896a99809a64238d1d5ee8e
|
|
| BLAKE2b-256 |
d584cb453c2f88028b3eb6065366d9ab85fe54c897b9b3c2329dbd77978e8fdc
|
