Skip to main content

Multi-Agent Safety

When AI agents call other AI agents, risk accumulates. CRP defines a chain budget and circuit breaker that prevent run-away multi-agent chains from silently exceeding governance limits. Specified in SPEC-012.

The Problem

Three agents chained together can each individually pass safety thresholds yet produce a combined output whose aggregate hallucination probability is unacceptable. The protocol must observe the chain, not just each call.

The Mechanism

Every agent-to-agent call carries:

CRP-Chain-Id: 0d2f7a09-…
CRP-Chain-Step: 3
CRP-Chain-Budget: max-risk=0.20; max-steps=8; max-tokens=180000
CRP-Risk-Accumulator: 0.14

When Risk-Accumulator would exceed the budget on the next step, the gateway returns 409 Conflict with CRP-Safety-Verdict: CIRCUIT-BREAK.

Interaction with MCP / A2A

CRP layers cleanly under MCP (tool calling) and A2A (agent communication):

[A2A — who calls whom]
[MCP — what tools to use]
[CRP — chain budget, risk accumulator, audit chain]

SPEC-012 normative text