什么是 AgentMesh？

AgentMesh 是一个强大的通信框架，旨在为每个 AI 智能体提供唯一的加密身份。它确保所有智能体间的通信均通过 AES-256-GCM 进行加密，并使用 Ed25519 数字签名进行身份验证。通过将其集成到您的 Openclaw Skills 生态系统中，您可以构建复杂的跨智能体系统，由于路由中心（Hub）永远无法看到实际的消息内容，消息隐私得到了绝对保障。

该框架既适用于本地开发，也适用于生产规模的网络。它利用 X25519 ECDH 生成临时会话密钥，提供前向安全性，即使长期密钥泄露，也能保护过去的通信记录。这使其成为开发者构建需要防篡改和防重放攻击消息协议的安全自主智能体网络时不可或缺的工具。

下载入口:https://github.com/openclaw/skills/tree/main/skills/cerbug45/agentmesh

安装与下载

1. ClawHub CLI

从源直接安装技能的最快方式。

2. 手动安装

将技能文件夹复制到以下位置之一

优先级：工作区 > 本地 > 内置

3. 提示词安装

将此提示词复制到 OpenClaw 即可自动安装。

AgentMesh 应用场景

• 在自主 AI 智能体之间建立安全、私密的通信通道。
• 构建对数据机密性有严格要求的跨智能体任务分配系统。
• 创建持久的智能体身份，在系统重启后仍能保持相同的加密指纹。
• 利用安全 TCP 中心在公共网络上实现跨机器的智能体协作。

1. 智能体通过唯一 ID 初始化并连接到充当消息路由器的 Hub。
2. 系统自动生成由 Ed25519 签名密钥和 X25519 交换密钥组成的加密身份。
3. 智能体向 Hub 注册其公钥包，允许其他智能体通过其唯一的指纹进行发现。
4. 发送消息时，发送方执行 ECDH 密钥交换以派生共享密钥并建立安全会话。
5. 消息负载经过签名并加密成 AEAD 信封后发送至 Hub。
6. Hub 将加密信封转发给接收者，在此过程中无法解密内部数据。
7. 接收方智能体解密信封，验证发送方签名，并触发注册的消息处理器。

AgentMesh 配置指南

要开始使用此技能，您可以直接从源代码库安装：

pip install git+https://github.com/cerbug45/AgentMesh.git

对于需要修改协议或运行测试套件的开发者：

git clone https://github.com/cerbug45/AgentMesh.git
cd AgentMesh
pip install -e ".[dev]"
pytest

AgentMesh 数据架构与分类体系

AgentMesh 通过结构化的 JSON 和加密包管理身份和消息数据。这种组织方式是 Openclaw Skills 处理安全数据交换的核心部分。

AgentMesh SKILL.md

WhatsApp-style end-to-end encrypted messaging for AI agents. GitHub: https://github.com/cerbug45/AgentMesh | Author: cerbug45

What Is AgentMesh?

AgentMesh gives every AI agent a cryptographic identity and lets agents exchange messages that are:

No TLS certificates. No servers required for local use. One pip install.

Installation

Requirements

• Python 3.10 or newer
• pip

Option 1 – Install from GitHub (recommended)

pip install git+https://github.com/cerbug45/AgentMesh.git

Option 2 – Clone and install locally

git clone https://github.com/cerbug45/AgentMesh.git
cd AgentMesh
pip install .

Option 3 – Development install (editable, with tests)

git clone https://github.com/cerbug45/AgentMesh.git
cd AgentMesh
pip install -e ".[dev]"
pytest           # run all tests

Verify installation

python -c "import agentmesh; print(agentmesh.__version__)"
# → 1.0.0

Quick Start (5 minutes)

from agentmesh import Agent, LocalHub

hub   = LocalHub()                  # in-process broker
alice = Agent("alice", hub=hub)     # keys generated automatically
bob   = Agent("bob",   hub=hub)

@bob.on_message
def handle(msg):
    print(f"[{msg.recipient}] ← {msg.sender}: {msg.text}")

alice.send("bob", text="Hello, Bob! This is end-to-end encrypted.")

Output:

[bob] ← alice: Hello, Bob! This is end-to-end encrypted.

Core Concepts

Agent

An Agent is an AI agent with a cryptographic identity (two key pairs):

• Ed25519 identity key – signs every outgoing message
• X25519 exchange key – used for ECDH session establishment

from agentmesh import Agent, LocalHub

hub   = LocalHub()
alice = Agent("alice", hub=hub)

# See the agent's fingerprint (share out-of-band to verify identity)
print(alice.fingerprint)
# → a1b2:c3d4:e5f6:g7h8:i9j0:k1l2:m3n4:o5p6

Hub

A Hub is the message router. It stores public key bundles (for discovery) and routes encrypted envelopes. It cannot decrypt messages.

Message

@bob.on_message
def handle(msg):
    msg.sender     # str  – sender agent_id
    msg.recipient  # str  – recipient agent_id
    msg.text       # str  – shortcut for msg.payload["text"]
    msg.type       # str  – shortcut for msg.payload["type"] (default: "message")
    msg.payload    # dict – full decrypted payload
    msg.timestamp  # int  – milliseconds since epoch

Usage Guide

Sending messages with extra data

alice.send(
    "bob",
    text     = "Run this task",
    task_id  = 42,
    priority = "high",
    data     = {"key": "value"},
)

All keyword arguments beyond text are included in msg.payload.

Chaining handlers

# Handler as decorator
@alice.on_message
def handler_one(msg):
    ...

# Handler as lambda
alice.on_message(lambda msg: print(msg.text))

# Multiple handlers – all called in registration order
alice.on_message(log_handler)
alice.on_message(process_handler)

Persistent keys

Save keys to disk so an agent has the same identity across restarts:

alice = Agent("alice", hub=hub, keypair_path=".keys/alice.json")

• File is created on first run (new keys).
• File is loaded on subsequent runs (same keys = same fingerprint).
• Store this file securely – it contains the private key.

Peer discovery

# List all agents registered on the hub
peers = alice.list_peers()   # → ["bob", "carol", "dave"]

# Check agent status
print(alice.status())
# {
#   "agent_id": "alice",
#   "fingerprint": "a1b2:…",
#   "active_sessions": ["bob"],
#   "known_peers": ["bob"],
#   "handlers": 2
# }

Network Mode (multi-machine)

1. Start the hub server

On the broker machine (or in its own terminal):

# Option A – module
python -m agentmesh.hub_server --host 0.0.0.0 --port 7700

# Option B – entry-point (after pip install)
agentmesh-hub --host 0.0.0.0 --port 7700

2. Agents connect from anywhere

# Machine A
from agentmesh import Agent, NetworkHub
hub   = NetworkHub(host="192.168.1.10", port=7700)
alice = Agent("alice", hub=hub)

# Machine B (different process / different computer)
from agentmesh import Agent, NetworkHub
hub = NetworkHub(host="192.168.1.10", port=7700)
bob = Agent("bob", hub=hub)

bob.on_message(lambda m: print(m.text))
alice.send("bob", text="Cross-machine encrypted message!")

Network hub architecture

┌──────────────────────────────────────────────────────┐
│                   NetworkHubServer                   │
│  Stores public bundles.  Routes encrypted envelopes. │
│  Cannot read message contents.                       │
└──────────────────────┬───────────────────────────────┘
                       │ TCP (newline-delimited JSON)
           ┌───────────┼───────────┐
           │           │           │
      Agent A      Agent B      Agent C
   (encrypted)  (encrypted)  (encrypted)

Security Architecture

Cryptographic stack

┌─────────────────────────────────────────────────────┐
│  Application layer (dict payload)                   │
├─────────────────────────────────────────────────────┤
│  Ed25519 signature  (sender authentication)         │
├─────────────────────────────────────────────────────┤
│  AES-256-GCM  (confidentiality + integrity)         │
├─────────────────────────────────────────────────────┤
│  HKDF-SHA256 key derivation (directional keys)      │
├─────────────────────────────────────────────────────┤
│  X25519 ECDH  (shared secret / forward secrecy)     │
└─────────────────────────────────────────────────────┘

Security properties

What the Hub can see

• ? Agent IDs (to route messages)
• ? Public key bundles (required for discovery)
• ? Metadata: sender, recipient, timestamp, message counter
• ? Message contents (always encrypted)
• ? Payload data (always encrypted)

Examples

Run any example:

python examples/01_simple_chat.py

API Reference

Agent(agent_id, hub=None, keypair_path=None, log_level=WARNING)

LocalHub()

NetworkHub(host, port=7700)

Same interface as LocalHub, but communicates with a NetworkHubServer over TCP.

NetworkHubServer(host="0.0.0.0", port=7700)

Low-level crypto (advanced)

from agentmesh.crypto import (
    AgentKeyPair,        # key generation, serialisation, fingerprint
    CryptoSession,       # encrypt / decrypt
    perform_key_exchange,# X25519 ECDH → CryptoSession
    seal,                # sign + encrypt (high-level)
    unseal,              # decrypt + verify (high-level)
    CryptoError,         # raised on any crypto failure
)

Troubleshooting

CryptoError: Replay attack detected

You are sending the same encrypted envelope twice. Each call to send() produces a fresh envelope – do not re-use envelopes.

CryptoError: Authentication tag mismatch

The envelope was modified in transit. Check that your transport does not corrupt binary data (use JSON-safe base64).

ValueError: Peer 'xxx' not found on hub

The recipient has not registered with the hub yet. Ensure both agents are created with the same hub instance (LocalHub) or connected to the same hub server (NetworkHub).

RuntimeError: No hub configured

You created Agent("name") without a hub. Pass hub=LocalHub() or hub=NetworkHub(...) to the constructor.

Contributing

git clone https://github.com/cerbug45/AgentMesh.git
cd AgentMesh
pip install -e ".[dev]"
pytest -v

Issues and PRs welcome at https://github.com/cerbug45/AgentMesh/issues

License

MIT ? cerbug45 – see LICENSE