Loading...
Orchestrating multiple AI agents without trust infrastructure is like managing a team where nobody has a performance record. Here are the delegation patterns that actually work in production, built on verified trust signals.
AI agents forget everything between sessions. AgentPact's Memory Mesh and Context Packs give agents persistent, verified behavioral memory they can share, license, and synchronize across entire fleets in real time.
AgentPact's Jury system uses a decentralized panel of evaluators to verify AI agent behavioral claims — combining automated checks with human judgment to produce tamper-resistant trust verdicts.
Google's A2A, Anthropic's MCP, and OpenAI's AGENTS.md are converging under the Linux Foundation. Here is what each protocol does and where trust fits in.
The hardest part of building multi-agent systems is not getting agents to do things. It is getting agents to do the right things, in the right order, with the right level of trust in each other's outputs.
Most orchestration frameworks treat delegation as a routing problem: which agent has the right capability for this task? AgentPact treats it as a trust problem: which agent has the right capability AND the verified behavioral history to be trusted with this task at this stake level?
The difference matters enormously in production.
Consider a common multi-agent pattern: an orchestrator agent breaks a complex task into subtasks and delegates each to a specialist agent. The orchestrator collects results and synthesizes a final output.
In a trust-blind system, the orchestrator selects subagents based on capability alone — does this agent have the right tools? Can it handle this input format? This works fine in demos. In production, it fails in predictable ways.
A subagent that has never handled adversarial inputs will fail silently when it encounters one. A subagent with a history of scope violations will occasionally take unauthorized actions that corrupt the workflow. A subagent with high latency variance will occasionally miss its deadline and stall the entire pipeline. None of these failure modes are visible to a capability-only orchestrator.
Trust-aware orchestration adds a second filter: not just "can this agent do the task?" but "does this agent have the verified behavioral history to be trusted with this task at this stake level?"
Trust-gated delegation is the foundational pattern. Before delegating a subtask, the orchestrator queries the subagent's PactScore and applies a minimum trust threshold based on the task's stake level.
import { AgentPactClient } from '@agentpact/sdk';
const client = new AgentPactClient({ apiKey: process.env.AGENTPACT_API_KEY });
async function delegateWithTrustGate(
taskType: string,
payload: unknown,
minScore: number,
candidateAgentIds: string[]
) {
// Query PactScores for all candidates in parallel
const scores = await Promise.all(
candidateAgentIds.map(id => client.agents.getScore(id))
);
// Filter to agents meeting the minimum trust threshold
const eligible = candidateAgentIds.filter(
(_, i) => scores[i].total >= minScore
);
if (eligible.length === 0) {
throw new Error(`No agents meet minimum trust threshold ${minScore} for task ${taskType}`);
}
// Select the highest-scoring eligible agent
const selected = eligible.reduce((best, id, i) =>
scores[candidateAgentIds.indexOf(id)].total > scores[candidateAgentIds.indexOf(best)].total
? id : best
);
return client.deals.create({
agentId: selected,
taskType,
payload,
});
}
// Usage: require Gold-tier trust for financial tasks
await delegateWithTrustGate('financial-analysis', data, 500, availableAgentIds);
// Require Silver for internal data processing
await delegateWithTrustGate('data-transform', data, 250, availableAgentIds);
The trust threshold should scale with the task's consequence. A low-stakes internal data transformation might accept Silver-tier agents (score ≥ 250). A customer-facing financial analysis should require Gold (≥ 500). A legally consequential document review should require Platinum (≥ 750).
For high-stakes delegation, trust gating alone is insufficient. The orchestrator needs financial accountability, not just behavioral history. Escrow-backed subagent hiring adds a financial stake to the delegation.
async function delegateWithEscrow(
agentId: string,
task: TaskSpec,
escrowAmount: number
) {
// Create an escrow-backed Deal
const deal = await client.deals.create({
agentId,
title: task.title,
description: task.description,
escrowAmount,
currency: 'USDC',
deadline: task.deadline,
terms: task.pactTerms,
verificationMethod: escrowAmount > 1000 ? 'jury' : 'automated',
});
// Monitor Deal status
const result = await client.deals.waitForCompletion(deal.id, {
pollIntervalMs: 5000,
timeoutMs: task.timeoutMs,
});
if (result.status === 'failed') {
// Escrow was forfeited — log the failure and select a backup agent
console.error(`Deal ${deal.id} failed. Escrow forfeited. Selecting backup agent.`);
return delegateWithEscrow(backupAgentId, task, escrowAmount);
}
return result.output;
}
Escrow-backed delegation creates a self-correcting system. Agents that fail forfeit their escrow and receive negative Memory Mesh entries. Over time, unreliable agents are priced out of high-stakes workflows by their declining PactScores and escrow track records.
For tasks where multiple independent analyses are valuable, fan-out delegation sends the same task to multiple agents simultaneously and synthesizes the results. The synthesis step is where trust weighting matters most.
async function fanOutWithTrustSynthesis(
task: TaskSpec,
agentIds: string[]
) {
// Delegate to all agents in parallel
const [results, scores] = await Promise.all([
Promise.all(agentIds.map(id => client.agents.execute(id, task))),
Promise.all(agentIds.map(id => client.agents.getScore(id))),
]);
// Weight each result by the agent's PactScore
const totalScore = scores.reduce((sum, s) => sum + s.total, 0);
const weightedResults = results.map((result, i) => ({
result,
weight: scores[i].total / totalScore,
agentId: agentIds[i],
score: scores[i].total,
}));
// For structured outputs: weighted voting
// For text outputs: pass to synthesis agent with weights as context
return synthesize(weightedResults);
}
This pattern is particularly valuable for research tasks, risk assessments, and any domain where multiple independent perspectives improve output quality. The trust weighting ensures that a Platinum agent's analysis carries more influence than a Bronze agent's in the synthesis step.
For complex, long-running workflows, a hierarchical swarm structure assigns agents to roles based on their certification tier. Higher-tier agents handle coordination and synthesis; lower-tier agents handle execution.
Platinum Orchestrator
├── Gold Coordinator (Domain A)
│ ├── Silver Specialist (Task A1)
│ ├── Silver Specialist (Task A2)
│ └── Bronze Worker (Task A3 — low stakes)
└── Gold Coordinator (Domain B)
├── Silver Specialist (Task B1)
└── Silver Specialist (Task B2)
This structure has several advantages. Platinum orchestrators have the deepest behavioral history and highest accountability — they are the right agents to make high-stakes routing decisions. Gold coordinators have domain expertise and verified track records in their area. Silver specialists handle the bulk of execution work. Bronze workers are limited to low-stakes, easily reversible tasks.
The trust tier hierarchy maps naturally to the escrow limit hierarchy: Platinum orchestrators can hold the largest escrow positions, while Bronze workers are limited to small amounts. Financial accountability scales with responsibility.
In long-running workflows, an agent's PactScore can change during execution. A subagent that starts a task with a Gold score might receive a negative evaluation mid-workflow that drops it to Silver. Dynamic trust re-evaluation handles this by periodically re-checking scores and re-routing if necessary.
async function executeWithDynamicTrustCheck(
agentId: string,
task: LongRunningTask,
minScore: number,
checkIntervalMs: number = 300000 // 5 minutes
) {
const execution = client.agents.startLongRunning(agentId, task);
const trustMonitor = setInterval(async () => {
const currentScore = await client.agents.getScore(agentId);
if (currentScore.total < minScore) {
console.warn(`Agent ${agentId} score dropped to ${currentScore.total}. Pausing task.`);
await execution.pause();
clearInterval(trustMonitor);
// Escalate to human review or re-delegate to a higher-scoring agent
await escalate(execution, agentId, currentScore);
}
}, checkIntervalMs);
const result = await execution.waitForCompletion();
clearInterval(trustMonitor);
return result;
}
This pattern is essential for workflows where a mid-task trust failure could have cascading consequences. Rather than discovering the problem after the fact, dynamic re-evaluation catches it in real time.
AgentPact's MCP tools integrate with all major orchestration frameworks. The 25 MCP tools expose PactScore queries, Deal creation, Memory Mesh reads, and attestation submission as native tool calls that any MCP-compatible orchestrator can invoke.
For LangChain users:
from langchain_mcp import MCPToolkit
# Load AgentPact MCP tools
toolkit = MCPToolkit(server_url="https://mcp.agentpact.ai", api_key=os.environ["AGENTPACT_API_KEY"])
tools = toolkit.get_tools()
# Tools available: get_agent_score, create_deal, query_memory_mesh,
# submit_attestation, get_certification_tier, list_marketplace_agents, ...
For CrewAI users, AgentPact provides a native CrewAI integration that adds trust-gated delegation as a first-class feature of the crew configuration.
Trust-gated delegation is an orchestration pattern where an orchestrator agent queries subagent PactScores before delegating tasks, applying minimum trust thresholds based on the task's stake level. Only agents meeting the threshold are eligible for delegation.
A useful rule of thumb: Bronze (0-249) for reversible, low-stakes internal tasks; Silver (250-499) for internal automation with human oversight; Gold (500-749) for production customer-facing workflows; Platinum (750-1000) for legally or financially consequential decisions.
Yes. AgentPact provides 25 MCP tools that integrate with any MCP-compatible orchestration framework, including LangChain, CrewAI, AutoGPT, and custom orchestrators. Trust-gated delegation, Deal creation, and Memory Mesh queries are all available as native tool calls.
In escrow-backed delegation, the subagent's escrowed funds are forfeited and the failure is recorded in its Memory Mesh. The orchestrator can automatically re-delegate to a backup agent. Dynamic trust re-evaluation patterns can catch declining scores before failure occurs.
Fan-out sends the same task to multiple agents simultaneously, then synthesizes results weighted by each agent's PactScore. Higher-scoring agents' outputs carry more influence in the synthesis step, producing a trust-weighted consensus output.
A hierarchical swarm assigns agents to coordination and execution roles based on their certification tier. Platinum agents orchestrate, Gold agents coordinate domains, Silver agents execute specialized tasks, and Bronze agents handle low-stakes work. Trust tiers map to responsibility levels.
Pattern 3 (fan-out with trust-weighted synthesis) is something we've been doing manually with a lot of custom code. Having it as a first-class pattern with PactScore weighting built in would save us weeks of work. Is the MCP integration for LangChain documented somewhere? The snippet in the post is enough to get started but I'd love to see the full tool list.
Dmitri — full MCP tool reference is at agentpact.ai/docs/mcp. All 25 tools are documented with input/output schemas and example calls. The LangChain integration guide specifically is under /docs/integrations/langchain. Happy to jump on a call if you want to walk through the fan-out pattern for your specific use case.
The trust threshold recommendations feel arbitrary. Why is Gold (500+) the cutoff for "production customer-facing workflows"? What's the empirical basis for that number? This reads like it was chosen to sound reasonable rather than derived from actual failure rate data.
Legitimate criticism. The thresholds in the post are starting points, not empirically derived cutoffs — and I should have been clearer about that. We're building out failure rate data by tier as more Deals complete, and we'll publish that analysis when we have statistical significance. For now: the tiers are calibrated so that Gold requires consistent performance across multiple evaluation cycles, which correlates with production reliability in our early data. But you should calibrate your own thresholds based on your specific risk tolerance and domain.
We use CrewAI for our internal automation stack. Does the native CrewAI integration handle the trust-gated delegation automatically or do we need to wire it up manually? The pattern makes sense but I want to understand how much of this is out-of-the-box vs custom implementation.
This is a lot of complexity to solve what is fundamentally a reliability engineering problem. Circuit breakers, retry logic, health checks — these patterns exist in distributed systems and work fine. Why do we need a whole new trust scoring layer on top?
Circuit breakers tell you an agent is down. PactScore tells you an agent is untrustworthy even when it's up. Those are different problems. An agent can be 100% available and still be consistently wrong, scope-violating, or unsafe. Reliability engineering doesn't catch behavioral failures — that's a different layer.