Interoperable Multi-Agent Systems (IMAS)

• IMAS is a framework of distributed agents designed to interoperate securely across heterogeneous systems using open protocols and formal standards.
• Its layered architecture integrates context, coordination, transport, discovery, vetting, and governance to ensure reliable and robust multi-agent interactions.
• The design addresses heterogeneity and dynamic trust management, enabling applications in industry 4.0, decentralized logistics, and multimodal AI systems.

An Interoperable Multi-Agent System (IMAS) is a multi-agent system engineered so that agents—potentially built by different parties, running on distinct platforms, and interacting with heterogeneous toolchains—can discover, authenticate, communicate, negotiate, and cooperate with one another across organizational and technological boundaries. The objective is robust, safe, and trustworthy coordination at Internet scale, realized via open standards at multiple protocol, governance, and semantic layers. Such systems are foundational to the architectural vision of the Internet of Agents, where autonomous and semi-autonomous software, humans, robots, and web services operate as peers in distributed workflows (Wibowo et al., 29 Nov 2025).

1. Formal Models and Core Architectural Layers

IMASs are characterized by layered architectures that harmonize protocol interoperability, communication substrate, discovery, security, and governance. A formal instance is defined as the 6-tuple (Wibowo et al., 29 Nov 2025):

$\text{IMAS} = \langle C, A, T, D, V, G \rangle$

where:

• $C$ (Context Layer): Standardized agent-to-tool protocols, exemplified by MCP (Model Context Protocol) servers implementing JSON-RPC over HTTP(S) (Liao et al., 8 Jul 2025).
• $A$ (Coordination Layer): Agent-to-Agent protocols, including A2A (structured JSON over HTTP/WebSocket) and decentralized meta-protocols (e.g., ANP).
• $T$ (Transport Layer): Messaging substrate (e.g., HTTP/TLS stack, MLS-secured gRPC, DDS).
• $D$ (Discovery Layer): Registry and resolution infrastructure, with both federated (NANDA) and decentralized (ADS/DHT) models for agent/service lookup.
• $V$ (Vetting Layer): Static and dynamic vetting of resources (e.g., cryptographic checks, reputation and runtime audits).
• $G$ (Governance Layer): Shared logging, identity attribution, and append-only audit ledgers.

This composition enables agents, irrespective of implementation, to interoperate reliably and securely (Wibowo et al., 29 Nov 2025, Liao et al., 8 Jul 2025).

2. Protocol Interoperability and Communication Primitives

Interoperability is guaranteed by adherence to open, formally specified protocols at both the inter-agent and agent-environment boundaries. These include:

• Agent-to-Agent (A2A): Defined with schema-constrained JSON messages (Liao et al., 8 Jul 2025). Each message:

$$M = \langle \text{sender}, \text{receiver}, \text{msg\_type}, \text{msg\_id}, \text{payload}, \text{context\_id} \rangle$$

Standard message types cover REQUEST, RESPONSE, ACK, ERROR, accompanied by cryptographic signatures where required.

• Agent-to-Tool (Context Layer/MCP): Agents invoke external tools using JSON-RPC 2.0, marshaling operation names and parameters:

  { "jsonrpc": "2.0", "id": "...", "method": "tool_name", "params": { "input": ..., "session_id": ... } }

  Responses embed outputs and error conditions, and context propagation is realized by vector-passing or RDF-based context models (Liao et al., 8 Jul 2025, Daoud, 2020, Amaral et al., 2019).
• Artifact/Environment Interactions: In artifact-centric MAS, mappings between agent messages and artifact events/operations are formalized as bidirectional functions ($\phi$, $\psi$), consistently packaging agent performatives and artifact operations as Camel Exchanges, JSON payloads, or ontology-grounded RDF triples (Amaral et al., 2019, Daoud, 2020).

Open standards (e.g., FIPA-ACL, VDA5050, OPC DA) provide vendor-neutral wire protocols and content languages, with formal verification in protocol design (e.g., BSPL for liveness/safety) ensuring enactment correctness even for independently authored agents (Chopra et al., 14 Jul 2025, Duijkeren et al., 2023, Benmerzoug, 2013).

3. Discovery, Registration, and Trust Management

Agent/service discovery is supported by distributed registries and content-addressed artifact stores (Wibowo et al., 29 Nov 2025, Wooldridge et al., 21 Oct 2025):

• Federated Registries (NANDA): Agents publish AgentFacts as verifiable credentials, signed with public keys and discoverable via distributed queries.
• Decentralized Discovery (ADS/DHT): Artifacts, protocols, and services are registered using content identifiers (CIDs) referencing OCI artifact stores.
• On-Chain Almanac and ANAME: Example from Fetch.ai—agents register in the Almanac, linking protocol digests with endpoints, resolved via cryptographically sealed lookups. ANAME provides web2-to-agent address mapping with DNS/TXT oracles (Wooldridge et al., 21 Oct 2025).

Vetting pipelines span static checks (signature/hash validation), dynamic challenge-response tests, and policy-enforced data sovereignty (Wibowo et al., 29 Nov 2025, Wooldridge et al., 21 Oct 2025). Ephemeral credentialing (e.g., just-in-time OAuth2 delegate tokens) and split-horizon discovery restrict access to sensitive endpoints as dictated by governance policy and reputation sharding (Wibowo et al., 29 Nov 2025).

4. Orchestration, Coordination, and Execution Models

IMAS architectures typically decouple orchestration from domain logic. Orchestrators implement:

• Complexity Assessment: Scoring queries for decomposition based on token count and entropy (Liao et al., 8 Jul 2025).
• LLM-Driven Query Decomposition: Natural language queries are split into independent subtasks, then distributed to agents by type/capability matrices.
• Dynamic Routing and Task Allocation: Based on agent capabilities, contextual embeddings, or historical skill ratings; orchestrators retry, reassign, or escalate on failure.
• Workflow Synthesis: Orchestrators (e.g., ASI:One) parse user intent $G$, resolve capabilities, plan task sequences, fill parameters, and assemble end-to-end workflows $W = f_{\text{orchestrator}}(G)$ (Wooldridge et al., 21 Oct 2025).
• Coordination Protocols: Including auctions, contract-net, reservation protocols, and runtime negotiation via standard schemas and meta-protocols (e.g., schema negotiation in ANP).
• Formal Enactment Guarantees: Protocol verification frameworks (e.g., in IOP/BSPL) assure global safety (no double-binding), liveness (no deadlocks), and idempotence under partial-order execution (Chopra et al., 14 Jul 2025).

Illustrative case studies include decentralized logistics workflows, multimodal IR/QA, and industry 4.0 manufacturing/SCADA orchestration (Wooldridge et al., 21 Oct 2025, Liao et al., 8 Jul 2025, Abbas et al., 2015, Amaral et al., 2019).

5. Heterogeneity Handling and Semantic Interoperability

IMASs address heterogeneity at multiple levels:

• Protocol Level: Support for 200+ communication protocols via middleware/adapters (e.g., Apache Camel: MQTT, JMS, HTTP, OPC-DA), mapping agent/ACL semantics to protocol-specific headers, bodies, and metadata (Amaral et al., 2019).
• System Component Level: Peer-to-peer societies of heterogeneous agents—human, robot, software—realized by interface agents and organizational meta-models (e.g., CPN-based role-task architectures) (Lahlouhi, 2014).
• Semantic Layer: Common ontologies (RDF/OWL vocabularies for agents, artifacts, operations) unify diverse APIs and device descriptions. Agents exploit SPARQL, inference rules, and usage ontologies to discover and invoke dynamically varying resources, decoupling execution plans from physical device identity or protocol (Daoud, 2020).
• Dynamic Adaptivity: New agents/devices register at runtime, interface agents mediate capabilities, and plans/roles are projected and adapted automatically to new organizational settings (Lahlouhi, 2014, Abbas et al., 2015). Shared state is often managed in distributed triple stores or as versioned BPEL4WS/BPEL process variables (Benmerzoug, 2013).

Device replacement, runtime reconfiguration, and seamless interoperability are computationally demonstrated in industrial control, smart-home, and web-of-things scenarios, with observed latencies and context resolution well within practical bounds for online operation (Daoud, 2020, Abbas et al., 2015).

6. Security, Governance, and Evaluation Criteria

Security and governance are not adjuncts but foundational design principles for IMAS (Wibowo et al., 29 Nov 2025):

• Vulnerabilities: Include provisioning faults (e.g., installer spoofing), operation-layer escapes, token hygiene lapses (privilege escalation), negotiation poisoning (protocol downgrade), metadata leakage, discovery spoofing, index tampering, reputation Sybils, and inadequate logging.
• Mitigations: Defense-in-depth layering (static and dynamic vetting), authenticated delegation (contextualized OAuth), zero-trust execution/policy gateways, split-horizon registries, content-addressed integrity, reputation sharding, ephemeral credentialing, and immutable ledger-based audit trails.
• Metrics: Protocol compliance rate, discovery coverage, resolution latency, static/dynamic vetting failure rate, incident detection time, reputation accuracy, and end-to-end latency/throughput (Wibowo et al., 29 Nov 2025, Wooldridge et al., 21 Oct 2025, Duijkeren et al., 2023).
• Governance: Every action is signed, logged, and attributable; shared ledgers (blockchain or append-only distributed logs) support forensics and provenance. Incident detection is driven by real-time monitoring of compliance/vetting/reputation metrics with threshold-triggered alarms.

Engineers are advised to deploy universal context layers (e.g., MCP with policy-enforcing gateways), federated and decentralized registries, automated CI/CD vetting, strict security baselines, and “Scientist AI” non-agentic validators for critical/hazardous actions (Wibowo et al., 29 Nov 2025).

7. Selected Applications and Case Studies

IMASs have been validated across diverse domains:

• Industry 4.0 / Manufacturing: Orchestration of PLCs, SCADA systems, ERPs, supplier negotiations, and distributed tracking via protocol-agnostic middleware (Camel, OPC DA, JaCaMo, SCADA agent layers) (Amaral et al., 2019, Abbas et al., 2015).
• Decentralized Autonomous Logistics: Autonomous agents on-chain, orchestrating discovery, negotiation, payment, and escrow using cryptographically verifiable identities, blockchain, on-chain registries, and ML-driven planning (Wooldridge et al., 21 Oct 2025).
• Multimodal Conversational AI: A2A/MCP-based frameworks (AgentMaster) for dynamic decomposition, multimodal query handling, and capability-driven task allocation, with empirical evaluation on BERTScore F1 and G-Eval metrics (Liao et al., 8 Jul 2025).
• Industrial Robotics: Inter-fleet navigation using VDA5050, ROS 2, and OpenRMF, with formal MILP/MAPF stack for task allocation and motion planning, supporting real-time multi-vendor AMR/AGV coordination (Duijkeren et al., 2023).
• Semantic Web and Web of Things: RDF/OWL ontologies for uniform discovery and invocation of heterogeneous artifacts/resources, semantic registry, and rule-based planning (Daoud, 2020).
• Enterprise Application Integration: Petri-net specified protocols, formal AUML/BPEL4WS validation, and FIPA-compliant agent/service integration for cross-enterprise process automation (Benmerzoug, 2013).
• Protocol-Centric MAS Development: Verification and enactment via BSPL (IOP), Tango, and Kiko/Mandrake provide protocol-level guarantees for information causality and enact distant, language-agnostic agent implementations over minimal transport layers (Chopra et al., 14 Jul 2025).

These applications confirm that IMAS architectures enable scalable, flexible, and robust agentic coordination, bridging classical multi-agent research and contemporary AI-driven, distributed, and web-native requirements.