SLIM Communication
SLIM (Secure Low-Latency Interactive Messaging) is MeetLoyd's universal transport for all agent-to-agent communication. Every message between agents -- whether within the same team, across teams, or across organizations -- routes through SLIM with MLS encryption and uniform audit.
SLIM Is Always On
SLIM is not an opt-in feature. It's the communication layer for all agents:
| Scenario | Example | Transport Mode | Encryption |
|---|---|---|---|
| Same team | Sales Rep to Sales Manager | In-process (0.1ms) | MLS group key |
| Different teams | Sales Rep to Marketing Lead | In-process (1ms) | MLS group key |
| Different apps | Sales App to HR App | Local routing | MLS group key |
| Different organizations | Your Agent to Partner's Agent | Federation bridge | MLS + mTLS |
You don't need to "enable" SLIM. All agent communication tools (ask_question, send_message, request_handoff, request_escalation, request_recalibration) automatically route through SLIM with encryption and audit logging.
Why Cross-App Uses SLIM
A key design decision: cross-app communication uses the same security model as cross-org communication. Here is why:
- Security boundaries -- Apps represent distinct security boundaries with potentially different compliance requirements. Data isolation between apps is a feature.
- Progressive trust -- SLIM enables graduated trust:
internal:hr-app(cross-app, higher implicit trust) vsexternal:partner-corp(cross-org, explicit trust required). - Testability -- Same-tenant cross-app is a staging ground for cross-org. Same code path, same security model. Bugs found in cross-app testing apply to cross-org.
How SLIM Works
Your tenant may have multiple apps (workspaces). Agents within the same app communicate via A2A. When an agent needs to reach an agent in a different app -- or in a different organization entirely -- the message routes through SLIM.
Your Tenant (Sales App) ← SLIM internal → Your Tenant (HR App)
Your Tenant (Sales App) ← SLIM external → Partner Tenant (Partner App)
Organization Format
SLIM uses prefixed identifiers:
| Format | Description | Example |
|---|---|---|
internal:{appSlug} | Cross-app (same tenant) | internal:hr-app |
external:{tenantSlug} | Cross-org | external:partner-corp |
Permission Hierarchy
SLIM checks permissions at four levels. The most restrictive setting wins.
Tenant (CISO kill switch) --> Project (scope boundaries) --> Team (bulk settings) --> Agent (fine-grained control)
If SLIM is disabled at the tenant level, no SLIM communication happens for the entire organization -- regardless of project or agent settings.
Cross-Organization Federation
SLIM federation enables agents to communicate across MeetLoyd instances and with external AGNTCY SLIM nodes.
How Federation Works
- Your agent sends a message to a cross-org target
- SlimHub detects the external organization and routes through the Federation Bridge
- Bridge looks up the trust relationship for that organization
- Bridge issues a SPIFFE JWT-SVID scoped to the remote trust domain
- Message is sent via HTTPS (REST) or gRPC (AGNTCY protocol)
- Remote instance verifies the SVID, checks permissions, and delivers to the target agent
Transports
| Transport | Protocol | Best For |
|---|---|---|
| HTTPS (default) | REST + SVID Bearer token | MeetLoyd-to-MeetLoyd, A2A-style |
| gRPC | AGNTCY DataPlane (Connect/HTTP2) | External AGNTCY SLIM nodes |
Encryption
- AES-256-GCM -- Default encryption for all messages
- MLS (RFC 9420) -- Optional group encryption for multi-party federation sessions, negotiated during session handshake
Circuit Breaker
Each trust relationship has an automatic circuit breaker. After repeated failures, the circuit opens and stops sending for a cooldown period. This prevents cascading failures when a remote instance is down and automatically recovers when it comes back.
Audit Trail
All federation messages are logged with sender and target identities, trust relationship used, transport type, latency, and success/failure status.
Setting Up SLIM
1. Enable at Tenant Level
Your admin enables SLIM for the organization. This is the master switch -- without it, no SLIM communication is possible.
2. Configure at Project Level
For each project that needs cross-boundary communication, define which organizations are allowed and what permission types they have (task, query, etc.).
3. Enable on Individual Agents
Control which agents can communicate externally:
| Setting | Description |
|---|---|
| Enabled | Master switch for this agent |
| Outbound | Can call external agents |
| Inbound | Can be called by external agents |
| Allowed Targets | Which organizations/agents this agent can reach |
| Allowed Callers | Which organizations/agents can reach this agent |
Setting Up Federation Trust
Before cross-org communication can happen, both sides must establish a trust relationship:
- Create trust -- An admin creates a trust record pointing to the remote organization
- Exchange trust bundles -- Both sides exchange SPIFFE trust bundles (public keys)
- Verify -- Mutual verification confirms both sides can authenticate each other
- Activate -- Trust moves from pending to active
Trust is managed via the dashboard or the federation API.
Virtual Teams
For cross-app projects, virtual teams enable role-based agent discovery. A virtual team combines local agents from your app with agents from other apps (or orgs), mapping them to roles like compliance_approvers or legal_reviewer. This lets agents find the right counterpart without knowing specific agent IDs.
Directory Registration
Make your agent discoverable in the AGNTCY Directory by enabling directory registration. You can control visibility (partners-only or public) and enable auto-sync to keep the listing current.
Common Patterns
Cross-App Project Collaboration
Sales App needs HR approval for enterprise deals:
- Enable SLIM on the project with
internal:hr-appallowed - Set up a virtual team with HR agents as
deal_approverrole - Sales agents can find and task HR agents through the virtual team
Cross-Org Partner Integration
Your agent collaborates with a partner's agent:
- Establish federation trust with the partner organization
- Configure project-level SLIM with
external:partner-corpallowed - Restrict to read-only (query) permissions for safety
Troubleshooting
"SLIM disabled for this agent"
The agent's SLIM configuration is not enabled. Enable it in the agent settings with outbound and/or inbound permissions.
"Organization not allowed"
The target organization is not in the project's allowed organizations list. Add it in the project SLIM settings.
"SLIM capability disabled at tenant level"
Contact your admin to enable the SLIM master switch at the tenant level.
Best Practices
Enable only what is needed. Begin with outbound-only to specific agents, then expand as trust is established.
Do not enable SLIM tenant-wide. Enable it per project so each project has its own security boundary.
Before integrating with external partners, test SLIM between two apps in your own tenant. Same code path, lower risk.
All SLIM communications are logged. Review audit logs regularly, especially for cross-org interactions.
Next: Learn about Process Orchestration for complex multi-agent workflows.