Skip to main content

SLIM Communication

SLIM (Secure Low-Latency Interactive Messaging) is MeetLoyd's universal transport for all agent-to-agent communication. Every message between agents -- whether within the same team, across teams, or across organizations -- routes through SLIM with MLS encryption and uniform audit.

SLIM Is Always On

SLIM is not an opt-in feature. It's the communication layer for all agents:

ScenarioExampleTransport ModeEncryption
Same teamSales Rep to Sales ManagerIn-process (0.1ms)MLS group key
Different teamsSales Rep to Marketing LeadIn-process (1ms)MLS group key
Different appsSales App to HR AppLocal routingMLS group key
Different organizationsYour Agent to Partner's AgentFederation bridgeMLS + mTLS
No Configuration Needed

You don't need to "enable" SLIM. All agent communication tools (ask_question, send_message, request_handoff, request_escalation, request_recalibration) automatically route through SLIM with encryption and audit logging.

Why Cross-App Uses SLIM

A key design decision: cross-app communication uses the same security model as cross-org communication. Here is why:

  • Security boundaries -- Apps represent distinct security boundaries with potentially different compliance requirements. Data isolation between apps is a feature.
  • Progressive trust -- SLIM enables graduated trust: internal:hr-app (cross-app, higher implicit trust) vs external:partner-corp (cross-org, explicit trust required).
  • Testability -- Same-tenant cross-app is a staging ground for cross-org. Same code path, same security model. Bugs found in cross-app testing apply to cross-org.

How SLIM Works

Your tenant may have multiple apps (workspaces). Agents within the same app communicate via A2A. When an agent needs to reach an agent in a different app -- or in a different organization entirely -- the message routes through SLIM.

Your Tenant (Sales App) ← SLIM internal → Your Tenant (HR App)

Your Tenant (Sales App) ← SLIM external → Partner Tenant (Partner App)

Organization Format

SLIM uses prefixed identifiers:

FormatDescriptionExample
internal:{appSlug}Cross-app (same tenant)internal:hr-app
external:{tenantSlug}Cross-orgexternal:partner-corp

Permission Hierarchy

SLIM checks permissions at four levels. The most restrictive setting wins.

Tenant (CISO kill switch) --> Project (scope boundaries) --> Team (bulk settings) --> Agent (fine-grained control)

If SLIM is disabled at the tenant level, no SLIM communication happens for the entire organization -- regardless of project or agent settings.

Cross-Organization Federation

SLIM federation enables agents to communicate across MeetLoyd instances and with external AGNTCY SLIM nodes.

How Federation Works

  1. Your agent sends a message to a cross-org target
  2. SlimHub detects the external organization and routes through the Federation Bridge
  3. Bridge looks up the trust relationship for that organization
  4. Bridge issues a SPIFFE JWT-SVID scoped to the remote trust domain
  5. Message is sent via HTTPS (REST) or gRPC (AGNTCY protocol)
  6. Remote instance verifies the SVID, checks permissions, and delivers to the target agent

Transports

TransportProtocolBest For
HTTPS (default)REST + SVID Bearer tokenMeetLoyd-to-MeetLoyd, A2A-style
gRPCAGNTCY DataPlane (Connect/HTTP2)External AGNTCY SLIM nodes

Encryption

  • AES-256-GCM -- Default encryption for all messages
  • MLS (RFC 9420) -- Optional group encryption for multi-party federation sessions, negotiated during session handshake

Circuit Breaker

Each trust relationship has an automatic circuit breaker. After repeated failures, the circuit opens and stops sending for a cooldown period. This prevents cascading failures when a remote instance is down and automatically recovers when it comes back.

Audit Trail

All federation messages are logged with sender and target identities, trust relationship used, transport type, latency, and success/failure status.

Setting Up SLIM

1. Enable at Tenant Level

Your admin enables SLIM for the organization. This is the master switch -- without it, no SLIM communication is possible.

2. Configure at Project Level

For each project that needs cross-boundary communication, define which organizations are allowed and what permission types they have (task, query, etc.).

3. Enable on Individual Agents

Control which agents can communicate externally:

SettingDescription
EnabledMaster switch for this agent
OutboundCan call external agents
InboundCan be called by external agents
Allowed TargetsWhich organizations/agents this agent can reach
Allowed CallersWhich organizations/agents can reach this agent

Setting Up Federation Trust

Before cross-org communication can happen, both sides must establish a trust relationship:

  1. Create trust -- An admin creates a trust record pointing to the remote organization
  2. Exchange trust bundles -- Both sides exchange SPIFFE trust bundles (public keys)
  3. Verify -- Mutual verification confirms both sides can authenticate each other
  4. Activate -- Trust moves from pending to active

Trust is managed via the dashboard or the federation API.

Virtual Teams

For cross-app projects, virtual teams enable role-based agent discovery. A virtual team combines local agents from your app with agents from other apps (or orgs), mapping them to roles like compliance_approvers or legal_reviewer. This lets agents find the right counterpart without knowing specific agent IDs.

Directory Registration

Make your agent discoverable in the AGNTCY Directory by enabling directory registration. You can control visibility (partners-only or public) and enable auto-sync to keep the listing current.

Common Patterns

Cross-App Project Collaboration

Sales App needs HR approval for enterprise deals:

  • Enable SLIM on the project with internal:hr-app allowed
  • Set up a virtual team with HR agents as deal_approver role
  • Sales agents can find and task HR agents through the virtual team

Cross-Org Partner Integration

Your agent collaborates with a partner's agent:

  • Establish federation trust with the partner organization
  • Configure project-level SLIM with external:partner-corp allowed
  • Restrict to read-only (query) permissions for safety

Troubleshooting

"SLIM disabled for this agent"

The agent's SLIM configuration is not enabled. Enable it in the agent settings with outbound and/or inbound permissions.

"Organization not allowed"

The target organization is not in the project's allowed organizations list. Add it in the project SLIM settings.

"SLIM capability disabled at tenant level"

Contact your admin to enable the SLIM master switch at the tenant level.

Best Practices

Start Restrictive

Enable only what is needed. Begin with outbound-only to specific agents, then expand as trust is established.

Use Projects for Scoping

Do not enable SLIM tenant-wide. Enable it per project so each project has its own security boundary.

Test with Cross-App First

Before integrating with external partners, test SLIM between two apps in your own tenant. Same code path, lower risk.

Audit Cross-Boundary Communication

All SLIM communications are logged. Review audit logs regularly, especially for cross-org interactions.


Next: Learn about Process Orchestration for complex multi-agent workflows.