Consensus & Federation
Raft, Byzantine, gossip protocols, mTLS + ed25519 trust, cross-machine federation, behavioral trust scoring, and harness-layer injection defense.
Behavioral Trust Scoring
Behavioral trust scoring assigns each federated peer a reputation score that updates based on observed behavior (latency, accuracy, protocol compliance, malicious actions detected) — and uses that score to gate privileges; cryptographic identity proves who, behavioral trust proves whether they should be allowed.
Byzantine Fault-Tolerant Agents
Byzantine fault-tolerant (BFT) protocols handle the case where peers may not just fail but actively misbehave — returning wrong data, breaking the protocol, colluding — with the cost of needing 3f+1 peers to tolerate f bad ones; for federated agent systems with peers from untrusted parties, BFT is the right correctness model.
Consensus in Multi-Agent Systems
Consensus protocols — Raft, Byzantine, gossip — are how multiple agents agree on state, decisions, or outputs in the presence of disagreement, latency, or untrusted peers, and they are increasingly first-class primitives in modern multi-agent harnesses.
Cross-Machine Agent Federation
Federation lets agents on different machines (and sometimes different organizations) collaborate on tasks while preserving each side’s privacy, trust assumptions, and resource budgets — exemplified by ruflo’s federation mode, which combines mTLS for transport, ed25519 for identity, gossip for membership, and Raft/BFT for shared decisions.
Gossip Protocols for Agents
Gossip protocols spread information probabilistically — each peer periodically picks a few random peers and exchanges state with them, converging the cluster toward a shared view over time without any leader; for large agent populations where eventual consistency is acceptable, gossip is the right scaling strategy.
mTLS and ed25519 for Agent Trust
Mutual TLS (both sides authenticate via certificates) and ed25519 message signatures (compact, fast, modern) are the cryptographic substrate of federated agent systems — they are how a remote agent proves “I am who I say I am” before any meaningful interaction begins.
PII Gating and AIDefence
PII gating is the harness-layer scrubbing of personally identifiable information (and secrets, credentials, sensitive metadata) from data flowing across trust boundaries; ruflo’s AIDefence plugin is the reference implementation, identifying 14+ classes of sensitive data and either redacting, blocking, or alerting based on configured policy.
Prompt Injection Defense in Harnesses
Prompt injection — adversarial text embedded in retrieved content, tool outputs, files, or messages that hijacks the agent’s behavior — is defended at the harness layer through a defense-in-depth stack: input sanitization, content provenance tracking, tool permission scoping, hook-based blocking, and behavioral monitoring.
Raft for Agents
Raft is a distributed-consensus protocol that elects a leader from a peer group and serializes all decisions through that leader, with a clean recovery story when the leader fails — applied to agent systems, Raft gives a peer group a way to agree on shared state (a plan, a memory entry, a verdict) without trusting any single agent permanently.