Federation

Federation¶

Enable secure, policy-controlled interactions between AI agents across different Xybern workspaces and organizations. Federation links establish bilateral trust, and short-lived tokens allow scoped cross-org actions.


Concept	Description
`Federation Link`	A trust relationship between two workspaces (source → target) with configurable guardrails
`Federation Token`	A short-lived, scope-limited, use-counted token for cross-org agent calls
`Trust Cap`	Maximum trust level for external agents (prevents foreign agents from exceeding local thresholds)
`Direction`	`outbound` (you → partner) or `inbound` (partner → you)

Propose a Federation Link¶

from xybern import Xybern

client = Xybern(api_key="xb_your_key")

# Propose federation to a partner organization
link = client.federation.propose(
    target_workspace_id="partner_workspace_id",
    source_org_name="Acme Corp",
    target_org_name="Partner Inc",
    allowed_action_types=["data:read", "data:query"],
    allowed_scopes=["read:market_data"],
    max_trust_level=40.0,        # External agents capped at 40
    expires_in_days=90,           # Link expires after 90 days
)
print(link["link_id"])           # fed_a1b2c3d4e5f6
print(link["shared_secret"])     # Exchange this securely

Accept an Inbound Link (Partner Side)¶

# Partner accepts the pending link
partner_client = Xybern(api_key="xb_partner_key")
result = partner_client.federation.accept(
    link_id="fed_a1b2c3d4e5f6",
    approved_by="security-team",
)
# Both sides now show status: "active"

Issue a Cross-Org Token¶

# Source org issues a token for one of its agents
token = client.federation.issue_token(
    link_id="fed_a1b2c3d4e5f6",
    agent_id="research-agent-01",
    scopes=["read:market_data"],
    action_types=["data:read"],
    ttl_seconds=300,     # 5-minute lifetime
    max_uses=10,         # Up to 10 uses
)
print(token["token"])    # Short-lived credential
print(token["expires_in"])  # 300

Use Token in Cross-Org Intercept¶

# Agent includes the federation token in its intercept call
result = partner_client.agents.intercept(
    action_type="data:read",
    action_content="Query market data for AAPL",
    credential="./my_agent.cred",
    federation_token=token["token"],
)
# Response includes federation proof:
# result.raw["federation"]["source_org"]  → "Acme Corp"
# result.raw["federation"]["trust_cap"]   → 40.0

REST API Reference¶


Method	Endpoint	Description
`POST`	`/v1/enforce/federation/links`	Propose a new federation link
`GET`	`/v1/enforce/federation/links`	List all federation links
`POST`	`/v1/enforce/federation/links/:id/accept`	Accept a pending link
`POST`	`/v1/enforce/federation/links/:id/suspend`	Suspend an active link
`POST`	`/v1/enforce/federation/links/:id/revoke`	Permanently revoke a link
`POST`	`/v1/enforce/federation/tokens`	Issue a cross-org token
`GET`	`/v1/enforce/federation/stats`	Get federation statistics

Authorisation Layer¶

The Authorisation Layer Control Plane includes a dedicated Federation view showing all active links, pending invites, token counts, and federated action totals. You can accept, suspend, or revoke links directly from the dashboard.