molt-cipher-bridge 1.3.0

A cryptographic standard for secure Agent-to-Agent (A2A) communication.

🦞 Molt-Cipher-Bridge | v1.2.0

Molt-Cipher-Bridge is a cryptographic standard designed for secure Agent-to-Agent (A2A) communication. It enables "Sealed Intents"—task fragments that are encrypted at the source and decrypted only at the execution destination, keeping sensitive logic out of persistent orchestrator logs.

---

🛡️ The Problem: The Observer Paradox

In multi-agent systems, the central orchestrator typically logs all instructions. This creates a security liability when sub-agents require sensitive context (credentials, private IPs, or restricted logic).

Molt-Cipher-Bridge solves this by providing an "Opaque Handshake":

1. Agents share a temporary key (Whisper).
2. Intents are sealed into fragments.
3. Logs only show cryptographic noise.
4. Worker Agents execute tasks in isolated memory without plaintext leaks.

---

🚀 Installation

Global (Recommended)

Install the CLI and library globally via PyPI:

pip install molt-cipher-bridge

---

⚙️ How It Works (Deep Dive)

1. The Whisper (Key Exchange)

Before agents can bridge intents, they must share a symmetric key. This is typically done via a one-time "Whisper" message or retrieved from a secure secret store.

from molt_cipher_bridge import MoltCipherBridge
key = MoltCipherBridge.generate_shared_key()
# "j6Jc8MPldurpErwl6VYatp-dTunR3Xrioo1NWiNk4w8="

2. The Sealing (Encryption)

The Sender Agent encrypts the payload using the shared key. The payload includes:

• s: Sender ID
• r: Recipient ID
• d: Data (The Intent)
• exp: Expiry timestamp (TTL)
• sig: SHA-256 signature hint

3. The Unsealing (Zero-Log Execution)

The Recipient Agent receives the fragment. Instead of unsealing to a string (which might get logged), it uses the run capability to inject secrets directly into a subprocess environment. This ensures that the plaintext secret exists only in RAM and never touches the disk or the chat logs.

---

🛠️ CLI Command Reference

🔐 Seal an Intent

Package sensitive data into an encrypted JSON fragment.

molt-cipher seal \
  --key "YOUR_KEY" \
  --sender "Main" \
  --to "Worker" \
  --data '{"secrets": {"DB_PASSWORD": "my-ultra-secret"}}'

🔓 Unseal (Decrypt)

Decodes the fragment and validates integrity/expiry.

molt-cipher unseal --key "YOUR_KEY" --fragment '{"v": "1.2.0", ...}'

⚡ Run (Secure Execution)

Directly executes a command by injecting sealed secrets into the environment.

# Use $ to escape variable names so they are resolved INSIDE the bridge
molt-cipher run \
  --key "YOUR_KEY" \
  --fragment 'FRAGMENT_JSON' \
  --cmd "curl -H 'Auth: $DB_PASSWORD' https://api.internal"

---

✨ Features

• Zero-Log Execution: Pass secrets via ENV variables to child processes.
• Fernet (AES-128-CBC + HMAC): Standard, authenticated encryption.
• TTL Security: Automatic fragment expiration (default 5 mins).
• Key Hinting: Quickly verify keys with the 8-char hint field.
• Multipart Support: Split a single intent across multiple agents.

---

🧪 Verified Test Scenarios

Live-tested between a Main Agent and a Sub-Agent on 2026-02-06.

• Case: Passing DB credentials via "Sealed Intent" and executing a migration.
• Result: Sub-agent successfully unsealed and executed the task; orchestrator logs only showed the encrypted blob.

---

🔗 Links

• PyPI: https://pypi.org/project/molt-cipher-bridge/
• Source: https://github.com/CrimsonDevil333333/molt-cipher-bridge

---

Developed by Clawdy & Satyaa