SLIM Communication
SLIM (Secure Low-Latency Interactive Messaging) enables agents to communicate across application and organizational boundaries with fine-grained permission controls.
When to Use SLIM
Use SLIM when agents need to communicate across boundaries:
| Scenario | Example | Protocol |
|---|---|---|
| Same app, same team | Sales Rep → Sales Manager | A2A |
| Same app, different team | Sales Rep → Marketing Lead | A2A |
| Different apps | Sales App → HR App | SLIM |
| Different orgs | Your Agent → Partner's Agent | SLIM |
Quick Decision
If agents are in the same app → Use A2A (see Agent-to-Agent)
If agents are in different apps or orgs → Use SLIM (this page)
Why Cross-App Uses SLIM
A key design decision: cross-app communication uses the same security model as cross-org communication. Here's why:
Security Boundaries
Apps represent distinct security boundaries:
- Sales App and HR App may have different compliance requirements
- Data isolation between apps is a feature, not a limitation
- Treating cross-app as "internal but secured" provides defense in depth
Progressive Trust
SLIM enables graduated trust levels:
internal:hr-app— Cross-app within your tenant (higher implicit trust)external:partner-corp— Cross-org (explicit trust required)
Testability
Same-tenant cross-app becomes a staging ground for cross-org:
- Test SLIM integration without external partners
- Same code path, same security model
- Bugs found in cross-app testing apply to cross-org
How SLIM Works
┌─────────────────────────────────────────────────────────┐
│ YOUR TENANT (Acme Corp) │
│ ┌─────────────┐ SLIM ┌─────────────┐ │
│ │ Sales App │ ←───────────────→ │ HR App │ │
│ │ (A2A) │ internal:hr-app │ (A2A) │ │
│ └─────────────┘ └─────────────┘ │
└─────────────────────────────────────────────────────────┘
│
│ SLIM external:partner-inc
▼
┌─────────────────────────────────────────────────────────┐
│ PARTNER TENANT │
│ ┌─────────────┐ │
│ │ Partner App │ │
│ └─────────────┘ │
└─────────────────────────────────────────────────────────┘
Organization Format
SLIM uses prefixed identifiers:
| Format | Description | Example |
|---|---|---|
internal:{appSlug} | Cross-app (same tenant) | internal:hr-app |
external:{tenantSlug} | Cross-org | external:partner-corp |
Permission Hierarchy
SLIM checks permissions at four levels. The most restrictive setting wins.
Tenant (CISO kill switch)
↓
Project (scope boundaries)
↓
Team (bulk settings)
↓
Agent (fine-grained control)
Tenant Level
The master switch—if disabled, no SLIM for the entire tenant:
{
slim: {
capabilityEnabled: true, // CISO can disable entirely
allowedOrganizations: ['external:partner-a', 'internal:hr-app'],
blockedOrganizations: ['external:competitor']
}
}
Project Level
Define cross-app boundaries for specific projects:
{
slimConfig: {
enabled: true,
allowedOrganizations: [
{
organization: 'internal:hr-app',
permissions: ['task', 'query']
},
{
organization: 'external:partner-corp',
agents: ['agent_partner_lead'],
permissions: ['query']
}
]
}
}
Agent Level
Fine-grained control per agent:
{
slimConfig: {
enabled: true,
outbound: true, // Can call external agents
inbound: false, // Cannot be called externally
allowedTargets: [
{ organization: 'internal:hr-app', namespace: 'compliance' }
]
}
}
Virtual Teams
For cross-app projects, virtual teams enable role-based agent discovery:
virtualTeam:
enabled: true
name: "Deal Approval Team"
# Agents from this app
localMembers:
- agents: [agent_deal_lead]
# Agents from HR App (same tenant)
crossAppMembers:
- app: hr-app
agents: [agent_hr_lead, agent_legal]
role: compliance_approvers
# Map local roles to counterparts
roleMappings:
deal_owner: ["internal:hr-app/agent_hr_lead"]
legal_reviewer: ["internal:hr-app/agent_legal"]
Finding Counterparts
import { getVirtualTeamService } from '@meetloyd/sdk';
const virtualTeamService = getVirtualTeamService();
// Find who should review compliance
const result = await virtualTeamService.findRoleCounterparts(
projectId,
'compliance_approvers'
);
// Returns agents from HR App that can review this deal
Enabling SLIM
1. Enable at Tenant Level
await client.tenants.update('tenant-123', {
settings: {
slim: {
capabilityEnabled: true,
defaultDirectoryVisibility: 'private'
}
}
});
2. Configure Project
await client.projects.update('project-456', {
slimConfig: {
enabled: true,
allowedOrganizations: [
{ organization: 'internal:hr-app', permissions: ['task', 'query'] }
]
}
});
3. Enable on Agent
await client.agents.update('agent-789', {
slimConfig: {
enabled: true,
outbound: true,
inbound: true,
allowedCallers: [
{ organization: 'internal:hr-app', permissions: ['task'] }
],
allowedTargets: [
{ organization: 'internal:hr-app', namespace: '*' }
]
}
});
Checking Permissions
Before sending a cross-app message:
import { getSlimPermissionService } from '@meetloyd/sdk';
const slimService = getSlimPermissionService();
// Check if SLIM is needed
const { required, reason } = await slimService.isSlimRequired(
sourceAgentId,
targetAgentId
);
if (required) {
// Check if permitted
const result = await slimService.checkPermission({
sourceAgentId,
targetAgentId,
targetOrganization: 'internal:hr-app',
direction: 'outbound',
operationType: 'task'
});
if (!result.allowed) {
console.log('Blocked:', result.reason, 'at', result.blockedAt);
}
}
Common Patterns
Cross-App Project Collaboration
Sales App needs HR approval for enterprise deals:
# Project in Sales App
project:
name: Enterprise Deal Approval
slimConfig:
enabled: true
allowedOrganizations:
- organization: internal:hr-app
permissions: [task, query]
virtualTeam:
enabled: true
crossAppMembers:
- app: hr-app
agents: [agent_hr_approver]
role: deal_approver
Cross-Org Partner Integration
Your agent collaborates with a partner's agent:
# Your project
project:
name: Partner Integration
slimConfig:
enabled: true
allowedOrganizations:
- organization: external:partner-corp
agents: [agent_partner_api]
permissions: [query] # Read-only access
Directory Registration
Make your agent discoverable in Agntcy Directory:
await client.agents.update('agent-123', {
slimConfig: {
enabled: true,
directoryRegistration: {
enabled: true,
visibility: 'partners-only', // Only trusted partners can find
autoSync: true
}
}
});
Best Practices
1. Start Restrictive
Enable only what's needed:
{
slimConfig: {
enabled: true,
outbound: true,
inbound: false, // Start with outbound only
allowedTargets: [
{ organization: 'internal:hr-app', agents: ['agent_hr_lead'] } // Specific agent
]
}
}
2. Use Projects for Scoping
Don't enable SLIM tenant-wide. Enable per project:
// Good: Scoped to specific project
project.slimConfig.enabled = true
// Avoid: Blanket tenant-wide access
tenant.settings.slim.allowedOrganizations = ['*']
3. Audit Cross-Boundary Communication
All SLIM communications are logged:
const logs = await client.audit.query({
type: 'slim_communication',
projectId: 'project-456',
since: '2024-01-01'
});
4. Test with Cross-App First
Before integrating with external partners:
- Create a test app in your tenant
- Configure SLIM between your main app and test app
- Validate permissions, virtual teams, and workflows
- Then extend to
external:organizations
Troubleshooting
"SLIM disabled for this agent"
Agent-level SLIM is not enabled:
await client.agents.update(agentId, {
slimConfig: { enabled: true, outbound: true }
});
"Organization not allowed"
Project doesn't include target organization:
await client.projects.update(projectId, {
slimConfig: {
allowedOrganizations: [
{ organization: 'internal:hr-app' } // Add the org
]
}
});
"SLIM capability disabled at tenant level"
Contact your admin to enable SLIM:
await client.tenants.update(tenantId, {
settings: { slim: { capabilityEnabled: true } }
});
Next: Learn about Process Orchestration for complex multi-agent workflows.