Research
Design docs, digests, and benchmarks
The lab works in the open: architecture decisions, RFC corpora, measured benchmarks, and protocol conformance — digested here, canonical in the repositories.
- 2026-07-08ACC v1: an open contract between agents and control planesThe Agent Control Contract lets any conformant agent be managed by any conformant control plane — resources, metrics, environment, capabilities — with no code dependency in either direction.
- 2026-07-08Measuring a fleet: agentctl control-plane benchmarksPublished numbers for the questions that matter operationally: per-agent overhead, work-distribution throughput, exactly-once claims under contention, scale-from-zero latency, and reconcile behavior at fleet size.
- 2026-06-25Reversible sentinels: masking secrets without losing contextThe core trick behind SCRUBR: replace secrets with opaque authenticated placeholders the model can reason about, then restore the real values in the response — even mid-stream across fragmented SSE events.
- 2026-06-20AAuth: cryptographic identity for AI agentsA plain-language tour of the AAuth draft family: how agents get short-lived Ed25519 identities, how relying parties verify them without phoning home, and where the trust actually sits.
- 2026-06-08Evaluating agent runtimes: pass^k over pass@1RFC 0024 designs a benchmark harness that measures runtime × model pairs against MCP-Universe, τ²-bench, BFCL, SWE-bench Verified, GAIA, and Terminal-Bench — reporting reliability and cost, not just best-case scores.
- 2026-06-05The agent-runtime landscape, mid-2026A verified survey of how the ecosystem runs agents — frameworks, durable workflow engines, sandboxed runtimes, contract-driven control planes — produced by a 107-agent research pass over 25 primary sources.
- 2026-06-01The HTTPS-everywhere pivot: one transport for agentsWhy agentd abandoned its unix-socket/VSOCK transport for HTTPS everywhere — and what a run-graph model buys when every tool, peer, and control surface speaks the same protocol.
- 2026-05-20MCP without the fog: a working mental modelThe explainer the lab wished existed: MCP as a JSON-RPC data layer cleanly separated from its transports, and why HTTP verbs are not MCP methods.
- 2026-05-12A signed plugin system for a governed gatewayHow MCPG loads third-party code without giving up its security story: a frozen FFI/ABI, Ed25519 + cosign signing with SLSA provenance, revocation lists, and 21 typed extension points.
- 2026-05-05MCP-of-MCPs: federating servers under one governed endpointThe relay and trust design that lets MCPG proxy other MCP servers as one unified, audited tool list — including the invocation envelope that keeps identity intact across hops.
- 2026-04-23The appliance architecture: an OS whose init process is an agentHost/guest split, VSOCK-only communication, MCP servers as in-guest CLI tools, and a scriptable intelligence socket — the architecture that makes agent runs deterministic and containment structural.
- 2026-04-20An audit ledger you can verify offlineHash-chained, Ed25519-signed audit records that a third party can verify without trusting the system that produced them — the mechanism behind "prove it happened."
- 2026-04-15Explainable authorization: dry-run and capability previewDeny-by-default is only operable if "why was this denied?" has a fast answer. The explainability RFCs give MCPG policy decisions a trace, a dry-run mode, and a per-caller capability preview.