ADAMAS is an adaptive, decentralized architecture for multi-agent systems. It provides the isolation, memory, orchestration, and accountability that agents need to operate in the real world.
Most agent frameworks give agents tools and hope for the best. ADAMAS enriches their context with domain knowledge, execution history, and policy constraints — then records what worked so the next agent is smarter.
From Greek adamas — unconquerable. The origin of diamond.
Finding tools isn't enough. Agents need context about when to use them, how they relate to the task, and what happened last time.
ADAMAS doesn't just help agents find tools. It enriches their context with related code, requirements, policies, and execution history — then records what worked so the next run is smarter.
Every execution makes the system smarter. ADAMAS records what tools agents used, what succeeded, what failed — and feeds that back into future discovery and routing.
Agents describe what they need; ADAMAS surfaces relevant capabilities via vector embeddings and graph traversal. Not just tool names — related code patterns, requirements they satisfy, and policies that constrain them.
ADAMAS observes agent reasoning in real-time and injects relevant context mid-execution. When an agent starts thinking about authentication, authentication-related atoms appear in context — without the agent asking.
Discovering a tool means discovering its neighborhood: the code that implements it, the requirements it satisfies, related patterns from similar tasks. Context flows through the knowledge graph, not from static schemas.
Agents don't receive a catalogue of every available capability upfront. They discover what's relevant as their understanding of the task deepens — matching the natural rhythm of reasoning.
Autonomy without accountability is a liability. ADAMAS gives agents independence while maintaining the audit trail that real-world deployment requires.
Dynamic permissions scope tools per-task based on intent. A "summarize this document" task gets read capabilities only — no shell, no network, no file writes. Constraints live in the graph and are enforced at discovery time.
Every tool call, policy decision, and approval request logs with cryptographic agent attribution. ExecutionAtoms record what tools were used, what the agent was thinking, what changed, and why policies allowed it.
High-risk actions pause for confirmation via real-time NATS messaging. Configurable per tenant, per action type, or triggered by causal patterns like "read email then execute code."
The same ExecutionAtom that powers learning also serves auditors. Answer "what did agent X do on task Y?" with a single query. The audit trail and the intelligence layer are the same system.
Prompt injection will succeed. Security isn't about perfect prevention — it's about limiting blast radius when attacks land.
Each agent runs in a dedicated Firecracker microVM with hardware-enforced boundaries. Not containers — actual hypervisor isolation with sub-second cold start. A compromised agent cannot escape its VM.
Agents cannot reach the internet directly. All external communication routes through an API proxy that enforces domain allowlists and injects credentials on the agent's behalf.
Agents never see API keys. The DGP Gateway holds credentials in Vault and injects them at the network layer. A compromised agent cannot exfiltrate secrets it doesn't have.
Agents authenticate with Ed25519 keypairs, not bearer tokens. Identity is unforgeable, revocation is instant, and every action is cryptographically attributable to a specific agent instance.
Structured prompts differentiate trusted instructions from untrusted data. Content from emails, URLs, and webhooks is tagged at ingestion, with elevated scrutiny for actions following untrusted input.
Permission restriction — scoping limits tools per-task
Deterministic policy — rules that can't be prompt-injected
Monitoring for forensics — understand incidents, don't pretend to block them
Blast radius limitation — assume breach, contain damage
Prompt-based defenses — bypassed trivially, can't be patched
AI guardrails — another model to attack; fails at scale
Perfect prevention — attack surface is infinite
Beyond the three pillars, ADAMAS provides the execution substrate for multi-agent systems.
Long-running agent tasks survive process restarts and network failures. State checkpoints automatically via Restate, with exactly-once execution guarantees for multi-step workflows.
Default to fast, cost-effective models and escalate to larger models for complex reasoning. Automatic routing based on task complexity reduces cost significantly for routine operations.
Sequential pipelines, parallel fan-out, iterative refinement, hierarchical delegation, self-modifying workflows. Patterns combine automatically — describe goals, ADAMAS selects coordination strategy.
Token accounting, operation costs, and execution time tracked at every layer. Full provenance through ExecutionAtom audit trails. Every action is attributable and budgetable.
ADAMAS is powered by open specifications that can be adopted independently.
An agent-first protocol for exposing business domains as unified, queryable graphs. Cost-transparent operations with semantic filtering and relationship traversal designed for LLM consumption.
dgp.dev →A notation system for multi-agent orchestration — the equivalent of musical scores for agent systems. The orchestration patterns above are expressed and composed through TURN.
turn.dev →ADAMAS is the brain of AI agents that operate in real domains. These are the first two — each backed by its own knowledge graph, each getting smarter with every interaction.
Competitive analysis, market trend synthesis, customer intelligence, and due diligence. Satya accumulates and connects knowledge across time — the cumulative intelligence model in action. Every research session makes the next one deeper.
satya.ai →Contextual support with long-term user memory, knowledge base integration, and intelligent escalation. Nishchinta tracks user history, preferences, and past interactions — creating ease through understanding, not scripts.
nishchinta.ai →ADAMAS handles the hard parts of AI application infrastructure: intelligent context enrichment, security isolation, policy enforcement, and execution learning. Your application talks to ADAMAS via DGP; ADAMAS handles everything else.
We're currently in private beta. If you're building AI-native products and need infrastructure where agents get smarter over time — not just safer — we'd like to talk.