Submission: FoundationAgents/MetaGPT#1936
Status: Open PR — awaiting review
Type: Extension module (metagpt.ext.agentmesh)
Date Submitted: March 2, 2026
Inter-agent trust verification for MetaGPT multi-agent teams using Agent-Mesh. Adds cryptographic identity (DIDs), trust scoring, capability-based access control, and audit logging to MetaGPT's role-based architecture.
MetaGPT enables powerful multi-agent collaboration through specialized roles, but agents interact without verifying trust:
- ProductManager sends requirements → Is PM authorized?
- Architect designs system → Can we trust the design?
- Engineer writes code → Should we execute untrusted code?
Without trust verification, a compromised role in the pipeline can inject malicious instructions that propagate through the entire team.
from metagpt.ext.agentmesh import TrustedTeam, TrustPolicy, TrustLevel
policy = TrustPolicy(
min_trust_level=TrustLevel.MEDIUM,
sensitive_actions={"WriteCode", "ExecuteCode"},
sensitive_action_trust=TrustLevel.HIGH,
)
team = TrustedTeam(policy=policy)
team.add_role(ProductManager(), trust_level=TrustLevel.HIGH)
team.add_role(Engineer(), trust_level=TrustLevel.MEDIUM)
# Verifies trust before interaction
team.verify_message("ProductManager", "Engineer", "AssignTask")| Component | Purpose |
|---|---|
| TrustedRole | Wraps MetaGPT roles with cryptographic identity |
| TrustPolicy | Configurable trust requirements per team |
| TrustVerifier | Verifies interactions between agents |
| TrustedTeam | Team wrapper with enforcement |
| Level | Score | Use Case |
|---|---|---|
| LOW | 0.0–0.3 | Read-only roles, observers |
| MEDIUM | 0.3–0.7 | Standard collaboration roles |
| HIGH | 0.7–1.0 | Code execution, system modifications |
| Feature | Without Trust | With Agent-Mesh |
|---|---|---|
| Agent Identity | None | Cryptographic DIDs |
| Interaction Control | None | Policy-based |
| Sensitive Actions | Unrestricted | Trust-gated |
| Audit Trail | None | Full logging |
metagpt/ext/agentmesh/
├── __init__.py # Public exports
├── trust_layer.py # Core trust primitives
└── README.md # Documentation