Sub-agent orchestration #709
Description
Overview
Implement sub-agent orchestration for Zeph, enabling the main agent to delegate tasks to specialized child agents running in isolated contexts with controlled permissions. Sub-agents communicate with the main agent via A2A protocol semantics.
Security model: Zero-Trust — every sub-agent starts with zero permissions. All grants (secrets, tools) require explicit user approval, are TTL-bounded, and auto-revoked on expiry or sub-agent termination. Secrets never persist to disk or message history.
Architecture document: .local/plan/sub-agent-orchestration.md
Design Principles
- Zero-trust: every sub-agent is untrusted by default
- Least privilege: grant only minimum required for the specific task
- Time-bounded access: all grants have TTL, auto-revoked on expiry
- No nesting: sub-agents cannot spawn sub-agents
- Main agent is the single user-facing interface
- A2A protocol for all orchestrator↔sub-agent communication
Phases
- M28-A: Sub-agent definition format and parser #710 M28-A: Sub-agent definition format and parser
- M28-B: SubAgentManager core with in-process A2A channels #711 M28-B: SubAgentManager core with in-process A2A channels
- M28-C: Tool and skill filtering for sub-agents #712 M28-C: Tool and skill filtering for sub-agents
- M28-D: Permission and secret delegation protocol #713 M28-D: Permission and secret delegation protocol (zero-trust)
- M28-E: Background sub-agent execution #714 M28-E: Background sub-agent execution
- M28-F: TUI sub-agent panel #715 M28-F: TUI sub-agent panel
- M28-G: CLI /agent commands #716 M28-G: CLI /agent commands