DEV Community

Balachandar Manikandan
Balachandar Manikandan

Posted on

πŸ” Introducing EMCL – A Secure Protocol for AI Agents to Call Tools

#opensource #ai #security #aiseu

In modern AI agent architectures, tools are everything.

Frameworks like LangChain, AutoGen, and OpenDevin all depend on agents invoking tools β€” APIs, functions, external calls β€” that help them reason, generate, and act.

But there’s a missing layer that almost no one talks about:

πŸ”“ Tool calls are not secure by default.

Most tool invocations happen over raw JSON-RPC or simple HTTP APIs, with:

  • No encryption
  • No agent authentication
  • No replay protection
  • No signed payloads

That’s why I created EMCL – Encrypted Model Context Layer – a secure, open protocol designed specifically for AI agent β†’ tool communication.

βš™οΈ What is EMCL?

EMCL is a secure protocol layer built on top of MCP (Model Context Protocol).

If MCP defines the JSON-RPC structure for calling tools, EMCL wraps that with full production-grade security, just like TLS wraps HTTP.

EMCL is to MCP what TLS is to HTTP.

πŸ” What EMCL Adds

EMCL defines a secure envelope around each tool call with:

βœ… AES-256-GCM encryption of tool inputs and outputs

βœ… HMAC-SHA256 request signature integrity

βœ… JWT-based agent identity and scope propagation

βœ… Timestamp + nonce replay protection

βœ… Gateway policy enforcement and optional audit logging

All of this works over any transport β€” HTTP/S, IPC, local loopback β€” and integrates with any JSON-compatible backend tool.

πŸ“¦ What’s Included

The v0.1 public release includes:

  • πŸ“œ Full Protocol Spec
  • πŸ§ͺ Example Client β†’ Gateway β†’ Tool server pipeline
  • πŸ”§ Developer-friendly Python implementation
  • πŸ”“ MIT-licensed, open source

πŸ’‘ Why This Matters

If you're building:

  • LangChain tools that execute sensitive actions
  • Autonomous agents that need verifiable permissions
  • Internal tools for healthcare, finance, or research

…you need to secure the tool chain β€” not just the model.

AI systems are only as secure as the tools they control.

EMCL gives you encryption, identity, and auditability with minimal friction.

πŸ”— Try It Out

πŸ‘‰ GitHub: https://github.com/Balchandar/emcl-protocol

You can run the example client, gateway, and tool server in minutes and inspect the encrypted payload lifecycle.

πŸš€ What’s Next

Future extensions planned:

  • LangChain tool adapter
  • Nested meta encryption (JWE-style)
  • Rewind-safe audit log hashing
  • LLM call graph tracing

πŸ™Œ Feedback Welcome

I’m looking for feedback, contributors, and collaborators.

If you care about AI infrastructure, protocol design, or security β€” let’s talk.

EMCL is fully open source and just getting started.

β†’ https://github.com/Balchandar/emcl-protocol

Tags:

#AIsecurity #LangChain #MCP #JSONRPC #OpenSource #Python #AgentProtocols #EMCL

Top comments (0)