agentmeshProvides end-to-end encrypted, authenticated, and forward-secret messaging between AI agents with cryptographic identities and tamper-proof delivery.
Install via ClawdBot CLI:
clawdbot install cerbug45/agentmeshWhatsApp-style end-to-end encrypted messaging for AI agents.
GitHub: https://github.com/cerbug45/AgentMesh | Author: cerbug45
AgentMesh gives every AI agent a cryptographic identity and lets agents
exchange messages that are:
| Property | Mechanism |
|---|---|
| Encrypted | AES-256-GCM authenticated encryption |
| Authenticated | Ed25519 digital signatures (per message) |
| Forward-secret | X25519 ECDH ephemeral session keys |
| Tamper-proof | AEAD authentication tag |
| Replay-proof | Nonce + counter deduplication |
| Private | The Hub (broker) never sees message contents |
No TLS certificates. No servers required for local use. One pip install.
pippip install git+https://github.com/cerbug45/AgentMesh.gitgit clone https://github.com/cerbug45/AgentMesh.git
cd AgentMesh
pip install .git clone https://github.com/cerbug45/AgentMesh.git
cd AgentMesh
pip install -e ".[dev]"
pytest # run all testspython -c "import agentmesh; print(agentmesh.__version__)"
# โ 1.0.0from agentmesh import Agent, LocalHub
hub = LocalHub() # in-process broker
alice = Agent("alice", hub=hub) # keys generated automatically
bob = Agent("bob", hub=hub)
@bob.on_message
def handle(msg):
print(f"[{msg.recipient}] โ {msg.sender}: {msg.text}")
alice.send("bob", text="Hello, Bob! This is end-to-end encrypted.")Output:
[bob] โ alice: Hello, Bob! This is end-to-end encrypted.An Agent is an AI agent with a cryptographic identity (two key pairs):
from agentmesh import Agent, LocalHub
hub = LocalHub()
alice = Agent("alice", hub=hub)
# See the agent's fingerprint (share out-of-band to verify identity)
print(alice.fingerprint)
# โ a1b2:c3d4:e5f6:g7h8:i9j0:k1l2:m3n4:o5p6A Hub is the message router. It stores public key bundles (for discovery)
and routes encrypted envelopes. It cannot decrypt messages.
| Hub | Use case |
|---|---|
| LocalHub | Single Python process (demos, tests, notebooks) |
| NetworkHub | Multi-process / multi-machine (production) |
@bob.on_message
def handle(msg):
msg.sender # str โ sender agent_id
msg.recipient # str โ recipient agent_id
msg.text # str โ shortcut for msg.payload["text"]
msg.type # str โ shortcut for msg.payload["type"] (default: "message")
msg.payload # dict โ full decrypted payload
msg.timestamp # int โ milliseconds since epochalice.send(
"bob",
text = "Run this task",
task_id = 42,
priority = "high",
data = {"key": "value"},
)All keyword arguments beyond text are included in msg.payload.
# Handler as decorator
@alice.on_message
def handler_one(msg):
...
# Handler as lambda
alice.on_message(lambda msg: print(msg.text))
# Multiple handlers โ all called in registration order
alice.on_message(log_handler)
alice.on_message(process_handler)Save keys to disk so an agent has the same identity across restarts:
alice = Agent("alice", hub=hub, keypair_path=".keys/alice.json")# List all agents registered on the hub
peers = alice.list_peers() # โ ["bob", "carol", "dave"]
# Check agent status
print(alice.status())
# {
# "agent_id": "alice",
# "fingerprint": "a1b2:โฆ",
# "active_sessions": ["bob"],
# "known_peers": ["bob"],
# "handlers": 2
# }On the broker machine (or in its own terminal):
# Option A โ module
python -m agentmesh.hub_server --host 0.0.0.0 --port 7700
# Option B โ entry-point (after pip install)
agentmesh-hub --host 0.0.0.0 --port 7700# Machine A
from agentmesh import Agent, NetworkHub
hub = NetworkHub(host="192.168.1.10", port=7700)
alice = Agent("alice", hub=hub)
# Machine B (different process / different computer)
from agentmesh import Agent, NetworkHub
hub = NetworkHub(host="192.168.1.10", port=7700)
bob = Agent("bob", hub=hub)
bob.on_message(lambda m: print(m.text))
alice.send("bob", text="Cross-machine encrypted message!")โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ NetworkHubServer โ
โ Stores public bundles. Routes encrypted envelopes. โ
โ Cannot read message contents. โ
โโโโโโโโโโโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ TCP (newline-delimited JSON)
โโโโโโโโโโโโโผโโโโโโโโโโโโ
โ โ โ
Agent A Agent B Agent C
(encrypted) (encrypted) (encrypted)โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ Application layer (dict payload) โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
โ Ed25519 signature (sender authentication) โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
โ AES-256-GCM (confidentiality + integrity) โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
โ HKDF-SHA256 key derivation (directional keys) โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
โ X25519 ECDH (shared secret / forward secrecy) โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ| Attack | Defence |
|---|---|
| Eavesdropping | AES-256-GCM encryption |
| Message tampering | AES-GCM authentication tag (AEAD) |
| Impersonation | Ed25519 signature on every message |
| Replay attack | Nonce + monotonic counter deduplication |
| Key compromise | X25519 ephemeral sessions (forward secrecy) |
| Hub compromise | Hub stores only public keys; cannot decrypt |
| File | What it shows |
|---|---|
| examples/01_simple_chat.py | Two agents, basic send/receive |
| examples/02_multi_agent.py | Coordinator + 4 workers, task distribution |
| examples/03_persistent_keys.py | Keys saved to disk, identity survives restart |
| examples/04_llm_agents.py | LLM agents (OpenAI / any API) in a pipeline |
Run any example:
python examples/01_simple_chat.pyAgent(agent_id, hub=None, keypair_path=None, log_level=WARNING)| Method | Description |
|---|---|
| send(recipient_id, text="", **kwargs) | Send encrypted message |
| send_payload(recipient_id, payload: dict) | Low-level send |
| on_message(handler) | Register message handler (decorator or call) |
| connect(peer_id) | Pre-establish session (optional, auto-connects) |
| connect_with_bundle(bundle) | P2P: connect using public bundle directly |
| list_peers() | List all peer IDs on the hub |
| status() | Dict with agent state |
| fingerprint | Human-readable hex identity fingerprint |
| public_bundle | Dict with public keys (share with peers) |
LocalHub()| Method | Description |
|---|---|
| register(agent) | Register an agent (called automatically) |
| deliver(envelope) | Route an encrypted envelope |
| get_bundle(agent_id) | Get a peer's public bundle |
| list_agents() | List all registered agent IDs |
| message_count() | Number of messages routed |
NetworkHub(host, port=7700)Same interface as LocalHub, but communicates with a NetworkHubServer over TCP.
NetworkHubServer(host="0.0.0.0", port=7700)| Method | Description |
|---|---|
| start(block=True) | Start listening (block=False for background thread) |
from agentmesh.crypto import (
AgentKeyPair, # key generation, serialisation, fingerprint
CryptoSession, # encrypt / decrypt
perform_key_exchange,# X25519 ECDH โ CryptoSession
seal, # sign + encrypt (high-level)
unseal, # decrypt + verify (high-level)
CryptoError, # raised on any crypto failure
)CryptoError: Replay attack detectedYou are sending the same encrypted envelope twice.
Each call to send() produces a fresh envelope โ do not re-use envelopes.
CryptoError: Authentication tag mismatchThe envelope was modified in transit.
Check that your transport does not corrupt binary data (use JSON-safe base64).
ValueError: Peer 'xxx' not found on hubThe recipient has not registered with the hub yet.
Ensure both agents are created with the same hub instance (LocalHub) or
connected to the same hub server (NetworkHub).
RuntimeError: No hub configuredYou created Agent("name") without a hub.
Pass hub=LocalHub() or hub=NetworkHub(...) to the constructor.
git clone https://github.com/cerbug45/AgentMesh.git
cd AgentMesh
pip install -e ".[dev]"
pytest -vIssues and PRs welcome at https://github.com/cerbug45/AgentMesh/issues
MIT ยฉ cerbug45 โ see LICENSE
Generated Mar 1, 2026
AI agents managing patient data across different hospital systems can use AgentMesh for encrypted communication, ensuring HIPAA compliance. Agents can securely exchange diagnostic reports and treatment plans without exposing sensitive information to intermediaries, maintaining patient privacy and data integrity.
Automated trading bots operating on separate servers can communicate securely via AgentMesh to coordinate strategies and share market data. The end-to-end encryption prevents eavesdropping by third parties, while digital signatures authenticate each bot, reducing fraud risk in high-frequency trading environments.
AI agents controlling IoT sensors and actuators in urban infrastructure can use AgentMesh for encrypted command-and-control messaging. This ensures that traffic signals, environmental monitors, and security cameras communicate privately, preventing tampering and unauthorized access across distributed networks.
Research teams using AI agents for data analysis in academia or corporate R&D can employ AgentMesh to share findings and coordinate experiments securely. The forward-secret encryption protects intellectual property during transmission, allowing agents to collaborate on sensitive projects without risking data leaks.
Businesses deploying AI agents for customer support across multiple platforms can use AgentMesh to handle sensitive customer data like payment details or personal information. Agents can securely route queries and responses, ensuring compliance with data protection regulations like GDPR while maintaining service efficiency.
Offer a cloud-based NetworkHub service with managed servers for businesses needing multi-machine AI agent communication. Charge monthly fees based on the number of agents or message volume, providing scalability and reliability for enterprises in regulated industries like finance or healthcare.
Provide professional services to help companies integrate AgentMesh into their existing AI systems, including custom development, security audits, and training. This model targets organizations with complex infrastructure that require tailored solutions for secure agent-to-agent messaging.
Distribute AgentMesh as open-source software while offering premium enterprise licenses with additional features like advanced monitoring, priority support, and compliance certifications. This appeals to large corporations needing guaranteed support and enhanced security for critical operations.
๐ฌ Integration Tip
Start with LocalHub for testing in a single process, then transition to NetworkHub for production by deploying the hub server on a secure machine and updating agent configurations accordingly.
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
Helps users discover and install agent skills when they ask questions like "how do I do X", "find a skill for X", "is there a skill that can...", or express interest in extending capabilities. This skill should be used when the user is looking for functionality that might exist as an installable skill.
Search and analyze your own session logs (older/parent conversations) using jq.
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linking related objects, enforcing constraints, planning multi-step actions as graph transformations, or when skills need to share state. Trigger on "remember", "what do I know about", "link X to Y", "show dependencies", entity CRUD, or cross-skill data access.
Ultimate AI agent memory system for Cursor, Claude, ChatGPT & Copilot. WAL protocol + vector search + git-notes + cloud backup. Never lose context again. Vibe-coding ready.
Headless browser automation CLI optimized for AI agents with accessibility tree snapshots and ref-based element selection