kyra docs

Multi-Agent Topology

Governing agent chains, delegation boundaries, and parent context propagation.

Multi-Agent Topology

Kyra enforces governance across multi-agent chains — not just at the entry point, but at every delegation boundary.

The problem with multi-agent governance

When Agent A delegates to Agent B, standard authorization checks only see Agent B's individual action. They miss the question that matters: Was Agent A authorized to delegate to Agent B in the first place?

Kyra solves this with topology registration and Gate 2B enforcement.

Registering agent topology

At agent registration, declare the delegation relationships:

# Orchestrator — can delegate to these sub-agents
kyra.agents.register(
    agent_id="renewal-orchestrator",
    name="Renewal Orchestrator",
    mode="enforce",
    can_delegate_to=["eligibility-agent", "fraud-agent", "pricing-agent",
                     "compliance-agent", "payment-agent", "notification-agent"],
    system_prompt="...",
    tools=[...]
)

# Sub-agent — can only be called by this orchestrator
kyra.agents.register(
    agent_id="payment-agent",
    name="Payment Agent",
    mode="enforce",
    allowed_callers=["renewal-orchestrator"],
    system_prompt="...",
    tools=[...]
)

Parent context propagation

When an orchestrator delegates, pass the parent context to the child:

# Python SDK
child_context = kyra.new_child_context(
    parent_agent_id="renewal-orchestrator",
    parent_session_id=session_id,
    tool_name="delegate_payment"
)

# Pass to sub-agent initialization
payment_agent = PaymentAgent(kyra_context=child_context)
// Go SDK
childCtx := kyra.NewChildContext(ctx, kyra.ChildContextOptions{
    ParentAgentID: "renewal-orchestrator",
    ToolName:      "delegate_payment",
})

The child context carries:

  • parentAgentId — ID of the delegating agent
  • traceId — shared across the full chain
  • chainDepth — incremented at each delegation level
  • sessionId — shared session for full audit continuity

How Gate 2B works

When a delegation action is intercepted, Gate 2B checks:

  1. Does the orchestrator's registration include this sub-agent in can_delegate_to?
  2. Does the sub-agent's registration include this orchestrator in allowed_callers?

Both must pass. If either fails, verdict is BLOCK with reason TOPOLOGY_VIOLATION.

Blast radius across chains

aggregateRowsAffected accumulates across the full chain. If Agent A reads 100 rows, then delegates to Agent B which reads 500 rows, the session total is 600. Gate 2 Layer 2 evaluates against the accumulated total — a safe individual action can become an escalation when the chain total crosses your threshold.

Audit trail across hops

Every sub-agent event is linked to the parent via parentAgentId and traceId. The full chain is replayable as a single timeline from the orchestrator's first action to the last sub-agent's completion.

On this page

Multi-Agent TopologyThe problem with multi-agent governanceRegistering agent topologyParent context propagationHow Gate 2B worksBlast radius across chainsAudit trail across hops