@@ -132,6 +132,119 @@ AgentMesh provides:
132132| ** Reward Engine** | Continuous behavioral scoring |
133133| ** Compliance Automation** | EU AI Act, SOC 2, HIPAA, GDPR mapping |
134134
135+ ## How It Works
136+
137+ ### 1. Agent Registration & DID Issuance
138+
139+ ``` mermaid
140+ sequenceDiagram
141+ participant Agent
142+ participant CLI as AgentMesh CLI
143+ participant CA as Certificate Authority
144+ participant Registry as Agent Registry
145+
146+ Agent->>CLI: agentmesh init --name my-agent --sponsor alice@company.com
147+ CLI->>CA: Request Ed25519 keypair & DID
148+ CA-->>CLI: did:mesh:my-agent + signed certificate
149+ CLI->>Agent: Write identity to local config
150+ Agent->>CLI: agentmesh register
151+ CLI->>Registry: Register DID + capabilities + sponsor
152+ Registry-->>CLI: Registration confirmed
153+ CLI-->>Agent: Agent ready (status: registered)
154+ ```
155+
156+ ### 2. Trust Handshake Between Two Agents
157+
158+ ``` mermaid
159+ sequenceDiagram
160+ participant A as Agent A
161+ participant Bridge as TrustBridge
162+ participant B as Agent B
163+
164+ A->>Bridge: verify_peer(did:mesh:agent-b, min_trust=700)
165+ Bridge->>B: IATP challenge (nonce + timestamp)
166+ B-->>Bridge: Signed response (Ed25519 signature)
167+ Bridge->>Bridge: Verify signature & check trust score
168+ alt Trust score ≥ 700
169+ Bridge-->>A: Verification succeeded (score: 850)
170+ A->>Bridge: send_message(did:mesh:agent-b, payload)
171+ Bridge->>B: Deliver message
172+ B-->>Bridge: Acknowledge
173+ Bridge-->>A: Message delivered
174+ else Trust score < 700
175+ Bridge-->>A: Verification failed (score: 620)
176+ end
177+ ```
178+
179+ ### 3. MCP Proxy Request Flow
180+
181+ ``` mermaid
182+ sequenceDiagram
183+ participant Client as MCP Client (e.g. Claude)
184+ participant Proxy as AgentMesh Proxy
185+ participant Policy as Policy Engine
186+ participant Server as MCP Server
187+
188+ Client->>Proxy: Tool call request
189+ Proxy->>Policy: Evaluate action against policy rules
190+ alt Action allowed
191+ Policy-->>Proxy: Allow
192+ Proxy->>Server: Forward tool call
193+ Server-->>Proxy: Tool result
194+ Proxy->>Proxy: Sanitize output & append verification footer
195+ Proxy-->>Client: Governed tool result
196+ else Action denied
197+ Policy-->>Proxy: Deny (rule: no-pii-export)
198+ Proxy-->>Client: Action blocked + reason
199+ end
200+ Proxy->>Proxy: Write audit log entry
201+ ```
202+
203+ ### 4. Credential Rotation Lifecycle
204+
205+ ``` mermaid
206+ sequenceDiagram
207+ participant Agent
208+ participant CA as Certificate Authority
209+ participant Registry as Agent Registry
210+
211+ CA->>Agent: Issue ephemeral credential (TTL: 15 min)
212+ Note over Agent: Credential active
213+
214+ loop Every 15 minutes
215+ Agent->>CA: Request credential rotation
216+ CA->>CA: Verify agent DID & trust score
217+ CA-->>Agent: New ephemeral credential (TTL: 15 min)
218+ CA->>Registry: Update credential fingerprint
219+ Note over Agent: Old credential invalidated
220+ end
221+
222+ alt Trust breach detected
223+ Registry->>CA: Revoke credential immediately
224+ CA-->>Agent: Credential revoked
225+ Note over Agent: Agent must re-register
226+ end
227+ ```
228+
229+ ### 5. Trust Score Update After Task Completion
230+
231+ ``` mermaid
232+ sequenceDiagram
233+ participant Agent
234+ participant Governance as Governance Layer
235+ participant Reward as Reward Engine
236+ participant Registry as Agent Registry
237+
238+ Agent->>Governance: Complete task (action: data_export)
239+ Governance->>Governance: Check compliance (SOC2, HIPAA)
240+ Governance-->>Reward: Task result + compliance status
241+ Reward->>Reward: Calculate score delta
242+ Note over Reward: Policy compliance: +10<br/>Task success: +5<br/>No violations: +3
243+ Reward->>Registry: Update trust score (820 → 838)
244+ Registry-->>Agent: Updated trust score: 838
245+ Reward->>Governance: Write audit log
246+ ```
247+
135248## Quick Start
136249
137250### Option 1: Secure Claude Desktop (Recommended)
0 commit comments