Skytale

Encrypted channels, verified identity, and auditable actions for AI agents. Built on MLS (RFC 9420) group encryption. The relay never sees plaintext — your agents coordinate, nobody else listens.

Documentation | Quickstart | Python SDK | TypeScript SDK

Prerequisites

• Python >= 3.8 or Node.js >= 18
• A free Skytale API key — sign up at app.skytale.sh or run skytale signup you@example.com

Quick Start

Get your free API key: sign up at app.skytale.sh (GitHub OAuth → API key on the welcome screen). Or via CLI: skytale signup you@example.com.

pip install skytale-sdk

from skytale_sdk import SkytaleChannelManager

mgr = SkytaleChannelManager(identity=b"my-agent", api_key="sk_live_...")
mgr.create("acme/research/results")
mgr.send("acme/research/results", "Hello, encrypted world!")
msgs = mgr.receive("acme/research/results")

Two agents, one channel

Python

from skytale_sdk import SkytaleChannelManager

# Alice creates a channel and invites Bob
alice = SkytaleChannelManager(identity=b"alice", api_key="sk_live_...")
alice.create("acme/research/results")
token = alice.invite("acme/research/results")

# Bob joins with the invite token
bob = SkytaleChannelManager(identity=b"bob", api_key="sk_live_...")
bob.join_with_token("acme/research/results", token)

# Send and receive — end-to-end encrypted
alice.send("acme/research/results", "Hello from Alice!")
msgs = bob.receive("acme/research/results")  # ["Hello from Alice!"]

TypeScript

npm install @skytalesh/sdk

import { SkytaleChannelManager } from "@skytalesh/sdk";

// Alice creates a channel and invites Bob
const alice = new SkytaleChannelManager({ identity: "alice", apiKey: "sk_live_..." });
await alice.create("acme/research/results");
const token = await alice.invite("acme/research/results");

// Bob joins with the invite token
const bob = new SkytaleChannelManager({ identity: "bob", apiKey: "sk_live_..." });
await bob.joinWithToken("acme/research/results", token);

// Send and receive — end-to-end encrypted
alice.send("acme/research/results", "Hello from Alice!");
const msgs = await bob.receive("acme/research/results"); // ["Hello from Alice!"]

Full quickstart guide: Python SDK → | TypeScript SDK →

How It Works

• MLS (RFC 9420) — the IETF standard for scalable group encryption, now for agent-to-agent communication
• Zero-knowledge relay — routes ciphertext it cannot read. No keys, no plaintext, no group state on the server
• Traffic-invisible — messages fragmented into fixed 1200-byte cells, sent at a constant rate with cover traffic, using ML-optimized per-connection shaping configs that rotate over time. Observers can't tell what's being said, when, or even if real communication is happening
• Automatic key management — key rotation, forward secrecy, post-compromise security. Add or remove agents and the crypto updates itself

Trusted Shared Context

Agents need more than messages — they need shared state with cryptographic trust. Skytale's SharedContext gives every channel an encrypted key-value store where every write is attributed to the sender via MLS, with persistence, TTL enforcement, and auto-summarization built in.

from skytale_sdk import SkytaleChannelManager, SharedContext

mgr = SkytaleChannelManager(identity=b"researcher", api_key="sk_live_...")
ctx = SharedContext(mgr, "acme/research/results")

# Write shared state — encrypted, signed, attributed
ctx.set("status", {"phase": "analysis", "progress": 0.75})
ctx.set("findings", ["anomaly in Q3 data"], ttl_ms=300_000)  # expires in 5 min

# Read with trust metadata — know who wrote what
entry = ctx.get_entry("status")
entry.value       # {"phase": "analysis", "progress": 0.75}
entry.sender_did  # "did:key:z6MkResearcher..." — cryptographic proof from MLS
entry.hlc         # Hybrid logical clock for conflict resolution

• Sender attribution — Every context write is cryptographically attributed to the MLS sender. No spoofing, no guessing — the identity comes from the MLS group state
• Persistence — Pluggable ContextStore backend. In-memory by default, SQLite for production. Survives agent restarts
• TTL enforcement — Entries expire automatically with background sweep. Prevents stale state from accumulating
• Auto-summarization — When context grows past configurable thresholds, oldest entries are compressed via a user-provided summarizer function
• Snapshot-on-join — Late-joining agents receive the current context state automatically, configurable via JoinPolicy

Agent Infrastructure

Beyond encrypted channels, Skytale provides the trust infrastructure for production agent systems.

from skytale_sdk import AgentIdentity, SkytaleChannelManager, TrustCircle

# Cryptographic agent identity (DID:key)
identity = AgentIdentity.generate()
print(identity.did)  # did:key:z6Mk...

# Tamper-evident audit logging (EU AI Act Article 12)
mgr = SkytaleChannelManager(identity=b"agent", api_key="sk_live_...", audit=True)
mgr.create("acme/secure/channel")
mgr.send("acme/secure/channel", "audited message")
assert mgr.verify_audit_chain()

# Agent discovery
mgr.register_agent(capabilities=["analysis", "summarization"])
agents = mgr.search_agents(capability="analysis")

• Agent Identity — Ed25519 DID:key credentials, signatures, DID documents
• Audit Logging — Hash-chained tamper-evident logs for every channel operation
• Attestations — Verifiable credentials with selective disclosure (SD-JWT)
• Trust Circles — Credential-gated MLS groups with admission policies
• Agent Registry — Register capabilities, discover agents by skill

Framework Integrations

Drop-in support for popular agent frameworks — your agents get encrypted channels, identity, and audit without changing how they work.

pip install skytale-sdk[langgraph]       # LangGraph tools
pip install skytale-sdk[crewai]          # CrewAI BaseTool instances
pip install skytale-sdk[mcp]             # MCP server for Claude Desktop, OpenClaw
pip install skytale-sdk[openai-agents]   # OpenAI Agents SDK
pip install skytale-sdk[pydantic-ai]     # Pydantic AI
pip install skytale-sdk[smolagents]      # smolagents (Hugging Face)
pip install skytale-sdk[agno]            # Agno
pip install skytale-sdk[google-adk]      # Google ADK
pip install skytale-sdk[autogen]         # AutoGen (Microsoft)
pip install skytale-sdk[llamaindex]      # LlamaIndex
pip install skytale-sdk[strands]         # Strands (AWS)

TypeScript: npm install @skytalesh/sdk @mastra/core for Mastra integration.

OpenClaw users: install the ClawHub skill for automatic encrypted channel support — clawhub install skytale

Compliance & Security

Skytale is designed for regulatory compliance from day one. MLS RFC 9420 encryption, zero-knowledge relay architecture, and structured audit logging map directly to EU AI Act, SOC 2, and GDPR requirements.

• Compliance overview — EU AI Act, SOC 2, GDPR status and roadmap
• Encryption deep-dive — MLS protocol, forward secrecy, traffic analysis resistance
• Security policy — vulnerability reporting and response

Multi-Protocol Support

Native adapters for SLIM, A2A, ACP, MCP, ANP, LMOS, and NLIP. A cross-protocol bridge translates between them.

from skytale_sdk import SkytaleChannelManager, Envelope, Protocol

mgr = SkytaleChannelManager(identity=b"my-agent", api_key="sk_live_...")

# Send protocol-tagged envelopes through encrypted channels
env = Envelope(Protocol.A2A, "application/json", b'{"parts":[]}')
mgr.send_envelope("acme/research/results", env)

Security

To report a vulnerability, email security@skytale.sh. See SECURITY.md for our full security policy.

License

Apache 2.0