A solara.associates product

Your AI agents don't trust each other.

Every multi-agent system you build today is a liability.

Organisations run agents from different teams, vendors and frameworks. The moment two of them need to work together, there is no shared way to verify who they are, what they're allowed to do, or what they did. SYNTHERA fixes that.

What it isTrust infrastructure for multi-agent systems
Core primitiveVAID: verifiable agent identity
Built withRust kernel, five primitive surfaces
StagePre-pilot, early access
01 The problem

Agents are multiplying. Trust isn't keeping up.

Your company already uses AI agents. Some were built in-house, some came from vendors, some were spun up by teams you've never met. They work fine alone. But the moment one agent needs to call another, or act on another's behalf, four questions have no good answer.

Q1

Identity

Which agent is this? Can you verify that claim, or are you just taking its word for it?

Q2

Authority

What is this agent actually allowed to do? Where does that permission stop?

Q3

Provenance

Who created it? Who approved it? What chain of trust does it carry?

Q4

Accountability

What did it do? Is there a record that nobody can quietly edit after the fact?

Right now, every pair of agents that needs to cooperate gets custom glue code.
5 agents means 10 trust relationships. 20 agents means 190. It doesn't scale, and it can't be audited.

Fig.01: Point-to-point glue vs. shared trust layer CUSTOM GLUE, POINT-TO-POINT SYNTHERA: ONE SHARED TRUST LAYER SYNTHERA

From quadratic glue to a single trust surface

02 The answer

One identity standard every agent speaks.

SYNTHERA gives every agent a VAID (verifiable agent identity). Think of it like a passport. It says who the agent is, what it's allowed to do, and who issued it. Any other agent or system can check that passport instantly, without having to trust the agent's own claim.

01

Cryptographically signed

Identity is proven, not claimed. Any party can verify a VAID on sight, without trusting the source.

02

Capability-scoped

The VAID carries exactly what the agent is allowed to do, and nothing more. Permissions travel with identity.

03

Lineage-tracked

Every VAID records where it came from. Delegation, issuance and chain of trust are traceable end to end.

Fig.02: The VAID envelope SIGNATURE LINEAGE CAPABILITY SET IDENTITY CORE

Identity wrapped in capability, lineage and a verifiable seal

If an agent speaks VAID, you can trust it. Even if you've never seen it before.

03 Under the hood

One foundation. Five services every agent can rely on.

SYNTHERA is infrastructure, not a library you bolt on. It provides five core services that every agent and every system above it can use: identity, policy, capabilities, audit, and federation. One source of truth for all of them.

Fig.03: Kernel primitive surfaces SYSTEMS AND AGENTS (CONSUME PRIMITIVES) UAB · AI FACTORY · SENTINEL IDENTITY VAID ISSUE + VERIFY POLICY DETERMINISTIC EVALUATION CAPABILITIES SCOPED GRANTS AUDIT TAMPER-EVIDENT LOG FEDERATION CROSS-TENANT DISPATCH RUST KERNEL: CANONICAL SOURCE OF TRUTH

Five primitives, one kernel, one source of truth

PRIMITIVE 01

Identity

Issues, signs and verifies VAIDs. This is where an agent's identity is created and where any party comes to check it.

vaid · signed · capability-scoped · lineage
PRIMITIVE 02

Policy

A deterministic evaluation engine: sandboxed, repeatable, fast. Rules are authored elsewhere and enforced here.

bytecode vm · deterministic · sandboxed
PRIMITIVE 03

Capabilities

Authority is granted as bounded, scoped capabilities. An agent can only do what its capability set allows, nothing more.

scoped grants · least authority
PRIMITIVE 04

Audit

A tamper-evident event log. Every action is recorded. No party can quietly rewrite history after the fact.

auditevent · subscribe + project
PRIMITIVE 05

Federation

Cross-tenant dispatch over a single, well-defined surface. Independent systems coordinate through SYNTHERA, not through each other.

federation/dispatch · uniform transport
Architectural rules
R1

The kernel is canonical. Systems above it subscribe and project from it. They never duplicate its state.

R2

Policy is enforced on the hot path, authored off it. The kernel evaluates; authoring happens elsewhere.

R3

Primitives are consumed, never reimplemented. One identity model, one audit log, one policy engine.

Proven in practice When the kernel's identity model changed, the Sentinel security system absorbed it with a single-line reference update and zero changes on the kernel side. That's the point: get the primitives right and the systems above them barely have to move.
Illustration · governed multi-agent run (autoplay walkthrough)

Autoplay — no controls needed; self-advances for a cold visitor.  Open presenter mode for walkthroughs →

Fig.05 · UAB → SYNTHERA, end to end
Sequence diagram: a browser composing a system in UAB, through operator-mediated provisioning and a VAID mint, to runtime delegation and a fail-closed over-envelope containment denial at the SYNTHERA substrate.

Compose in UAB · provision · mint VAID · delegate at runtime · over-envelope spawn denied at the substrate.  Open full-size →

Proof · for engineers VAID is verifiable by reproduction. Clone github.com/solara-associates/vaid and run cargo test — the frozen conformance vectors in vaid-client/tests/ reproduce byte-for-byte. Separately, the substrate runs live on Cloud Run and governance has been demonstrated framework-agnostic across ADK, LangChain and OpenAI adapters; the captured run exchanges (zip) illustrate one governed run end to end.
Verify
git clone https://github.com/solara-associates/vaid
cd vaid && cargo test

Open vs commercial. VAID — the spec and reference SDK (vaid-pop, vaid-client) — is open source (Apache‑2.0). The SYNTHERA substrate (policy, federation, audit, hosted authority) is the commercial product.

04 How it stacks

One substrate. Everything else builds on it.

SYNTHERA is the foundation. The names around it are not five competing products to choose between — they are layers of a single stack. You compose at the top; the substrate governs all the way down to the identity primitive underneath.

Fig.04: The stack, top to primitive
UAB

Compose a governed multi-agent system. The public product builders work in.

The product
composes on ↓
AI FACTORY

Generates and runs governed systems — a Prime Builder and a Loyal Opposition review each other, with a human as the final gate.

The engine
runs on ↓
SYNTHERA

The trust & coordination substrate. Governs throughout: identity, policy, capabilities, audit, federation — one source of truth for everything above it.

The substrate
built on ↓
VAID

The identity primitive underneath. A verifiable agent identity — the unit everything else is built from, like a container image for trust.

The primitive

Compose at the top · governed all the way down to the primitive

To the side — the enterprise surface Sentinel is the enterprise governance wedge: MCP-native agentic security — threat-surface monitoring, identity revocation and runtime defence. It sits alongside the stack rather than on top of it, consuming the same substrate primitives every other layer does.

Every layer speaks VAID, evaluates against the same policy, and writes to the same audit log. That shared foundation is what lets them compose without custom integration — the proof the architecture works.

05 Where this goes

Containers followed a pattern. This is following the same one.

Direction, not commitment. Three phases worth thinking about.

PHASE 01 · NOW

The primitive

Docker took a messy idea (how to ship software) and turned it into a standard unit anyone could verify. SYNTHERA does that for agent identity: a working kernel, a verifiable envelope, proven against the systems already built on it.

PHASE 02 · NEXT

The orchestration layer

Once containers existed, an orchestration layer grew around them. Kubernetes coordinated what Docker made portable. The same shape is emerging here. UAB, AI Factory and Sentinel are independent layers that compose because the primitive underneath is stable.

PHASE 03 · LATER

Open governance

Kubernetes eventually moved to neutral stewardship under CNCF, so no single vendor owned the standard. SYNTHERA is built with the same handover in mind. A trust layer no one party controls.

The governance and licensing model is an open decision. What's fixed is the destination: a trust layer the whole ecosystem can rely on because no one party owns it.

06 Early access

Early access is open to a small group of organisations.

SYNTHERA is for teams putting agents into production who already feel the cost of making them work together safely. If that's you, we'd like to talk.