| Internet-Draft | CBCL | November 2025 |
| O'Connor | Expires 11 May 2026 | [Page] |
This document specifies CBCL (CBCL-Based Communication Language), a self-extensible agent communication language designed for autonomous multi-agent systems. CBCL provides a minimal core vocabulary of performatives and a formal mechanism for agents to define, exchange, and adopt domain-specific dialect extensions at runtime without requiring centralized coordination. The language uses S-expression syntax and enforces bounded parsing complexity through static resource limits to ensure security and interoperability. This specification defines CBCL message syntax, core semantics, dialect extension mechanisms, and registers the application/cbcl media type.¶
This note is to be removed before publishing as an RFC.¶
Status information for this document may be found at https://datatracker.ietf.org/doc/draft-cbcl/.¶
Discussion of this document takes place on the Independent Individual Draft mailing list (mailto:[email protected]).¶
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.¶
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.¶
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."¶
This Internet-Draft will expire on 11 May 2026.¶
Copyright (c) 2025 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License.¶
Agent communication languages (ACLs) enable autonomous software agents to coordinate, negotiate, and exchange information in multi-agent systems. Existing ACLs such as KQML [KQML] and FIPA-ACL [FIPA-ACL] provide fixed vocabularies of performatives (communicative acts like inform, request, query) that must be understood by all participants. While these languages have proven useful in controlled environments, they face significant challenges in open, dynamic systems where:¶
Devices join and leave frequently (IoT swarms, edge computing)¶
Domain vocabularies evolve rapidly (supply chains, emergency response)¶
No single authority controls all participants (federated systems, cross-organizational coordination)¶
Agents need specialized performatives for domain-specific tasks¶
The fundamental problem is the static vocabulary limitation: when agents need new communicative capabilities, they must wait for out-of-band standardization processes or rely on lowest-common-denominator abstractions that reduce expressiveness.¶
Recent work has attempted to address this limitation by using natural language or unrestricted schemas for agent communication, enabling greater flexibility. However, this approach introduces a more severe problem: an unbounded attack surface. When agents communicate through natural language prompts or unrestricted data structures, determining whether a message is safe requires solving undecidable problems. No amount of input validation can guarantee security when the input language itself has unbounded computational complexity. This fundamental tension between extensibility and security motivates CBCL's design.¶
This challenge was recognized early by McCarthy [MCCARTHY-CBCL], who proposed a "Common Business Communication Language" that would be "open ended so that as programs improve, programs that can at first only order by stock numbers can later be programmed to inquire about specifications and prices." McCarthy's vision emphasized that effective agent communication requires both a stable foundation and mechanisms for evolutionary growth.¶
Named in honor of McCarthy's pioneering work, CBCL (CBCL-Based Communication Language) aspires to this vision by making the language self-extensible. Agents can define new domain-specific "dialects" (sets of specialized performatives) and share them with peers as first-class CBCL messages. Because dialect definitions are themselves valid CBCL messages with the same S-expression syntax, an agent can transmit a dialect definition using the same message-passing mechanism it uses for ordinary communication, eliminating the need for a separate meta-language or trusted intermediaries. This approach draws inspiration from Racket's #lang mechanism [RACKET-LANG], which demonstrates how language extensibility can be systematized through first-class language definitions, while adapting these principles for distributed, multi-agent environments.¶
This specification focuses on CBCL as a content type for agent communication, defining message syntax and core semantics while leaving authentication, authorization, and transport-layer security to other specifications.¶
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] when, and only when, they appear in all capitals, as shown here.¶
Additionally, this document uses the following terms:¶
Agent: An autonomous software entity that can send and receive CBCL messages.¶
Performative: A communicative act that an agent can perform (e.g., tell, ask, reply).¶
Dialect: A named collection of performative definitions that extend the core CBCL vocabulary.¶
Homoiconicity: The property that code and data share the same representation, enabling programs to manipulate their own structure.¶
CBCL messages use S-expression (symbolic expression) syntax, a notation originating from Lisp that represents nested list structures. This choice provides:¶
Simple, unambiguous parsing¶
Natural representation of nested message structures¶
Human readability for debugging and logging¶
Established parser implementations across languages¶
All CBCL messages are S-expressions, but not all S-expressions are valid CBCL messages. Valid messages must conform to the grammar specified in this section and satisfy semantic constraints defined in Section 4.¶
The grammar in this specification uses Augmented Backus-Naur Form (ABNF) as defined in [RFC5234].¶
The following grammar uses core rules from [RFC5234]:¶
SP = %x20 ; space
HTAB = %x09 ; horizontal tab
WSP = SP / HTAB ; whitespace
ALPHA = %x41-5A / %x61-7A ; A-Z / a-z
DIGIT = %x30-39 ; 0-9
DQUOTE = %x22 ; " (double quote)
; CBCL Message Grammar
cbcl-message = simple-message / meta-message /
lang-message / wrapped-message
; Simple messages use core performatives
simple-message = "(" performative SP recipient
[SP content] *(SP parameter) ")"
performative = "tell" / "ask" / "reply" /
"hello" / "bye" /
"ok" / "error" / "cancel"
recipient = agent-id
content = string / s-expr
parameter = keyword SP value
; Meta messages for dialect operations
meta-message = "(" "meta" SP meta-operation ")"
meta-operation = define-dialect / query-dialect /
teach-dialect
define-dialect = "(" "define" SP dialect-name
*(SP dialect-clause) ")"
query-dialect = "(" "query" SP "(" capability-query ")" ")"
teach-dialect = "(" "teach" SP recipient SP dialect-def ")"
capability-query = "speak?" SP dialect-name
; Language-scoped messages
lang-message = "(" "lang" SP dialect-name SP inner-message ")"
inner-message = cbcl-message
; Message wrappers
wrapped-message = envelope-message / signed-message /
limited-message
envelope-message = "(" "envelope" *(SP envelope-param)
SP cbcl-message ")"
envelope-param = ":from" SP agent-id /
":to" SP agent-id /
":timestamp" SP timestamp
signed-message = "(" "signed" SP signature SP
cbcl-message ")"
limited-message = "(" "with-limits" *(SP limit-param)
SP cbcl-message ")"
limit-param = ":timeout" SP integer /
":max-depth" SP integer /
":max-expansion-size" SP integer
; Dialect definition structure
dialect-clause = extends-clause / extend-clause /
resource-clause / author-clause
extends-clause = ":extends" SP dialect-name
extend-clause = "(" "extend" SP new-perf-name
SP param-list SP expansion ")"
resource-clause = ":resources" SP resource-spec
author-clause = ":author" SP agent-id
; Basic types
agent-id = "@" identifier
dialect-name = identifier
new-perf-name = identifier
keyword = ":" identifier
identifier = 1*( ALPHA / DIGIT / "-" / "_" )
string = DQUOTE *string-char DQUOTE
string-char = %x20-21 / %x23-5B / %x5D-7E / ; printable ASCII
%x5C escaped / ; escaped characters
utf8-2 / utf8-3 / utf8-4 ; UTF-8 sequences
escaped = %x22 / %x5C / %x6E / %x72 / %x74 ; \" \\ \n \r \t
utf8-2 = %xC2-DF utf8-tail
utf8-3 = %xE0-EF 1*2utf8-tail
utf8-4 = %xF0-F4 1*3utf8-tail
utf8-tail = %x80-BF
integer = ["-"] 1*DIGIT
decimal = ["-"] 1*DIGIT "." 1*DIGIT
number = decimal / integer
boolean = "#t" / "#f"
symbol = identifier / quoted-symbol
quoted-symbol = "'" identifier
timestamp = date-time ; As defined in RFC 3339, Section 5.6
signature = base64-string
s-expr = "(" *( s-expr / atom ) ")"
atom = identifier / string / number / boolean / symbol
value = atom / s-expr
; Parameter list for dialect extension definitions
param-list = "(" *( formal-param ) ")"
formal-param = identifier /
"&key" SP identifier /
"&optional" SP identifier /
"&rest" SP identifier
; Template expansion language
expansion = template-expr
template-expr = literal-template / substitution-template /
conditional-template / sequence-template
literal-template = cbcl-message
substitution-template = param-ref / tagged-substitution
param-ref = identifier
tagged-substitution = keyword SP param-ref
; Bounded conditional (no recursion)
conditional-template = "(" "cond" 1*( condition-clause )
[default-clause] ")"
condition-clause = "(" condition SP template-expr ")"
default-clause = "(" "else" SP template-expr ")"
condition = equality-test / membership-test / type-test
equality-test = "(" "=" SP param-ref SP value ")"
membership-test = "(" "member" SP param-ref SP value-list ")"
type-test = "(" "type?" SP param-ref SP type-name ")"
sequence-template = "(" 1*template-expr ")"
value-list = "(" *value ")"
type-name = "string" / "number" / "boolean" / "symbol" /
"list" / "agent"
; Comment syntax (whitespace-equivalent)
comment = ";" *(%x20-7E) CRLF
resource-spec = "(" *(resource-limit) ")"
resource-limit = ":max-depth" SP integer /
":max-expansion-size" SP integer /
":max-verify-time" SP integer
base64-string = 1*( ALPHA / DIGIT / "+" / "/" / "=" )
¶
CBCL defines eight core performatives that constitute the minimal bootstrap vocabulary. These performatives MUST be understood by all conformant CBCL implementations:¶
Information Exchange:¶
tell: Assert a proposition or communicate information to a recipient¶
ask: Request information or pose a query to a recipient¶
reply: Respond to a previous ask or tell message¶
Session Management:¶
Control Flow:¶
Simple tell message:¶
(tell @bob "The meeting is at 3pm")¶
Ask with parameters:¶
(ask @alice "What is the status of task-42?"
:thread conversation-17
:timeout 30)
¶
Reply with threaded context:¶
(reply @alice "Task-42 is 75% complete"
:thread conversation-17
:in-reply-to msg-id-9874)
¶
Envelope with metadata:¶
(envelope :from @alice
:to @bob
:timestamp "2025-01-15T14:30:00Z"
(tell @bob "Hello"))
¶
Dialects enable agents to extend CBCL's vocabulary with domain-specific performatives while maintaining parsing determinism and security properties. A dialect definition is itself a CBCL message that can be transmitted, verified, and installed by receiving agents.¶
A dialect definition specifies:¶
A unique dialect name¶
The dialect it extends (typically "cbcl" for core extensions)¶
Author identifier for provenance tracking¶
A set of performative definitions (extend clauses)¶
Resource constraints for verification and execution¶
Example dialect definition:¶
(meta
(define logistics-dialect
:extends cbcl
:author @logistics-consortium
:resources (:max-depth 16
:max-expansion-size 4096
:max-verify-time 1000)
(extend track-shipment
(package-id &key route priority)
(tell @tracking-service
(shipment-request
:package package-id
:route route
:priority (or priority "normal"))
:domain logistics))
(extend confirm-delivery
(package-id recipient timestamp)
(tell recipient
(delivery-confirmed
:package package-id
:time timestamp)
:domain logistics))))
¶
To ensure safety and maintain DCFL parsing bounds, dialect definitions MUST satisfy these constraints:¶
R1 - Declarative Only: Extension definitions MUST use only pattern-template transformations. Recursion, iteration, and reflection are prohibited.¶
R2 - Resource Bounds: Dialect definitions MUST declare resource limits:¶
:max-depth - Maximum nesting depth of expanded messages (integer, RECOMMENDED: ≤ 32 levels)¶
:max-expansion-size - Maximum size of expanded message (integer, measured in characters, RECOMMENDED: ≤ 8192)¶
:max-verify-time - Maximum time to verify dialect definition (integer, measured in milliseconds, RECOMMENDED: ≤ 5000)¶
R3 - Core Preservation: Dialects MUST NOT redefine core performatives (tell, ask, reply, hello, bye, ok, error, cancel).¶
R4 - Provenance and Integrity: Dialect definitions MUST include author identification. When transmitted between agents, dialect definitions SHOULD be cryptographically signed to ensure: - Authenticity: The dialect came from the claimed author - Integrity: The definition has not been modified in transit - Non-repudiation: The author cannot deny creating the dialect¶
Implementations MUST verify these constraints before installing a dialect. Implementations SHOULD verify cryptographic signatures when present and reject unsigned dialects from untrusted sources.¶
Dialect performatives expand through pattern-template substitution. An extend clause defines:¶
A new performative name¶
A parameter list specifying positional and keyword arguments¶
A template expression that becomes the expansion¶
Parameter lists use the following syntax:¶
Simple identifiers bind positional arguments (e.g., package-id)¶
&key introduces keyword arguments (e.g., &key route priority)¶
All parameters before &key are required positional parameters¶
All parameters after &key are optional keyword parameters¶
Template expansion follows these rules:¶
Identifiers matching parameter names are replaced with argument values¶
Keyword parameters not provided by the caller evaluate to nil (empty list)¶
The (or expr1 expr2) form evaluates to expr1 if non-nil, else expr2¶
All other expressions are preserved literally¶
Expansion is non-recursive: expanded messages are not re-expanded¶
Example:¶
Given the definition: ~~~ (extend track-shipment (package-id &key route priority) (tell @tracking-service (shipment-request :package package-id :route route :priority (or priority "normal")) :domain logistics)) ~~~¶
The call: ~~~ (track-shipment "PKG-12345" :route "A->B" :priority "urgent") ~~~¶
Expands to: ~~~ (tell @tracking-service (shipment-request :package "PKG-12345" :route "A->B" :priority "urgent") :domain logistics) ~~~¶
The call: ~~~ (track-shipment "PKG-12345" :route "A->B") ~~~¶
Expands to: ~~~ (tell @tracking-service (shipment-request :package "PKG-12345" :route "A->B" :priority "normal") :domain logistics) ~~~¶
Once installed, dialect performatives can be used within lang-scoped messages:¶
(lang logistics-dialect
(track-shipment "PKG-12345"
:route "warehouse-A->depot-B"
:priority "urgent"))
¶
This expands to:¶
(tell @tracking-service
(shipment-request
:package "PKG-12345"
:route "warehouse-A->depot-B"
:priority "urgent")
:domain logistics)
¶
Agents can query peers for dialect capabilities:¶
(meta (query (speak? logistics-dialect)))¶
Response:¶
(reply @querying-agent "yes"
:dialects (logistics-dialect planning-dialect))
¶
Agents can share dialect definitions with peers. When transmitting to untrusted agents, dialect definitions SHOULD be cryptographically signed:¶
(meta (teach @bob
(signed "base64-encoded-signature"
(define logistics-dialect
:extends cbcl
:author @logistics-consortium
:resources (:max-depth 16
:max-expansion 4096
:max-verify-time 1000)
; ... performative definitions ...
))))
¶
The receiving agent MUST: 1. Verify the cryptographic signature (if present) 2. Check that the author matches the signing key 3. Verify dialect constraints (R1-R3) 4. Apply local trust policies¶
The receiving agent MAY reject the dialect based on: - Invalid or missing signature - Untrusted author - Resource constraint violations - Local security policy¶
A CBCL agent maintains:¶
Upon receiving a CBCL message, an agent:¶
Parse: Verify syntactic validity according to the grammar in Section 2.3¶
Verify: Check semantic constraints (e.g., dialect exists for lang messages)¶
Interpret: Execute performative semantics¶
Update State: Modify beliefs, conversations, or dialect set as appropriate¶
Generate Response: Optionally produce reply messages¶
tell(recipient, content, params): - Add content to agent's belief set - If threaded, update conversation state - Send content to recipient¶
ask(recipient, query, params): - Create expectation for reply - Send query to recipient - If threaded, associate with conversation¶
reply(content, params): - Satisfy pending expectation (if any) - Communicate response to original asker¶
meta(operation): - For define: verify and install dialect - For query: check dialect availability - For teach: transmit dialect definition¶
Session management and control flow performatives follow conventional semantics for initiation, termination, acknowledgment, error reporting, and cancellation.¶
Messages MAY include a :thread parameter to associate them with ongoing conversations. Thread identifiers are arbitrary strings chosen by the initiating agent. Implementations SHOULD maintain conversation state (message history, expectations, context) per thread.¶
When an agent cannot process a message, it SHOULD respond with an error message indicating the reason:¶
(error @sender "Unknown dialect: advanced-planning"
:in-reply-to msg-id-4567)
¶
Common error conditions include: - Syntactic invalidity - Unknown dialect reference - Resource limit violations - Semantic constraint violations¶
This section analyzes CBCL's security properties and compares them with contemporary agent communication approaches. We first describe the threat model that motivates CBCL's design (Section 5.1), then detail CBCL's specific security mechanisms (Section 5.2 through Section 5.7).¶
Contemporary agent communication protocols face a fundamental security challenge: they use natural language or unrestricted JSON schemas as their communication substrate, creating an unbounded attack surface that cannot be secured through conventional means. CBCL's design directly addresses this threat model.¶
When agents communicate through natural language prompts (as in many LLM-based systems) or unrestricted data structures (as in protocols like MCP), the space of possible malicious inputs is infinite. No finite amount of input validation can guarantee safety because:¶
Undecidability: Determining whether a natural language message will cause harmful behavior requires solving the halting problem. Static analysis cannot determine if arbitrary code execution, resource exhaustion, or security violations will occur.¶
Semantic Ambiguity: Natural language inherently carries multiple interpretations. An adversary can craft messages that appear benign to one component while triggering malicious behavior in another, creating parser differentials at the semantic level.¶
Unbounded Composition: When agents can invoke arbitrary tools or execute arbitrary code in response to messages, the attack surface expands to include all possible compositions of system capabilities. Each new tool or capability creates new attack vectors.¶
Context Injection: Without formal boundaries between message structure and content, attackers can inject commands that escape intended interpretations (prompt injection, command injection, SQL injection are instances of this general problem).¶
Current agent protocols exhibit specific exploitable patterns:¶
Tool Poisoning: Malicious prompts embedded in tool descriptions influence agent behavior in subsequent interactions¶
Credential Theft: Unrestricted tool invocation enables access to sensitive configuration and authentication data¶
Command Injection: Natural language instructions can be crafted to execute arbitrary system commands¶
Resource Exhaustion: Unbounded message interpretation enables algorithmic complexity attacks¶
These are not implementation bugs that can be patched; they are fundamental consequences of using undecidable input languages.¶
CBCL's design follows language-theoretic security (LangSec) principles [LANGSEC], which recognize that ambiguous input parsing creates the possibility for "weird machines": unintended computational artifacts that attackers can exploit to achieve behavior beyond the system's intended functionality. By constraining all messages and dialect extensions to deterministic context-free languages (DCFL), CBCL ensures:¶
DCFL preservation is maintained through three mechanisms: (1) the base grammar is LR(1) parseable by construction, (2) dialect extensions add only finite pattern-template substitutions that map to existing DCFL productions, and (3) resource bounds prevent unbounded expansion. Since DCFL is closed under finite union with regular languages and substitution of DCFL languages, the extended language remains in DCFL regardless of how many dialects are installed. A formal proof of this property is provided in the companion academic paper.¶
This DCFL preservation ensures:¶
Parser Equivalence: All conformant implementations parse messages identically, eliminating parser differential attacks¶
Decidability: Message validity is decidable in polynomial time (O(n) for parsing, O(d²) for dialect verification where d is dialect size)¶
Bounded Complexity: Resource exhaustion attacks are prevented through static limits declared in dialect definitions¶
Structural Isolation: Message structure is syntactically distinct from content, preventing injection attacks¶
This approach transforms an unbounded attack surface into a finite, analyzable one. Every CBCL message can be verified for safety before processing, a property impossible with natural language protocols.¶
Implementations MUST verify dialect definitions before installation to prevent:¶
Recursive Exploits: Dialect definitions that cause infinite expansion¶
Resource Exhaustion: Extensions that exceed declared resource bounds¶
Core Corruption: Attempts to redefine bootstrap performatives¶
The verification process SHOULD complete in bounded time (recommended: < 5 seconds) and reject definitions that fail constraint checks.¶
Dialect definitions represent executable code that extends an agent's behavior. Ensuring their integrity and authenticity is critical for system security.¶
Implementations MUST:¶
Implementations SHOULD:¶
Require cryptographic signatures for dialects from untrusted sources¶
Verify signatures using the author's public key before installation¶
Maintain a trust policy specifying which authors are authorized to define dialects¶
Compute and verify content hashes to detect tampering¶
Maintain an audit log of dialect installations and their sources¶
Allow users to configure trust anchors and rejection policies¶
CBCL uses Ed25519 signatures as defined in [RFC8032] for dialect authentication. This choice provides:¶
Strong security (128-bit security level)¶
Small signature size (64 bytes)¶
Fast verification suitable for resource-constrained agents¶
Deterministic signatures preventing certain side-channel attacks¶
Implementations MUST support Ed25519 and MAY support additional signature algorithms as needed for specific deployment environments.¶
Dialect signatures MUST be computed over the canonical form of the dialect S-expression as defined in [RFC9804]. The canonical form ensures that semantically identical dialects produce identical signatures regardless of formatting variations (whitespace, comments, etc.).¶
The signature value in the signed wrapper is the base64-encoded Ed25519 signature (64 bytes encoded as 88 characters).¶
When a signed dialect is received, implementations SHOULD:¶
Extract the signature and dialect definition¶
Convert the dialect definition to canonical form per [RFC9804]¶
Verify the signature using the author's public key¶
Confirm the signing key matches the declared author¶
Check that the author is trusted per local policy¶
Only install if all checks pass¶
The canonical form represents each string in verbatim mode and each list with no whitespace separating elements, ensuring a unique byte representation for signature verification.¶
Unsigned dialects MAY be accepted from trusted local sources but SHOULD be rejected when received over the network from unknown agents.¶
Authentication and authorization mechanisms (key distribution, certificate authorities, web-of-trust) are expected to be provided by deployment-specific infrastructure or higher-layer protocols.¶
Agents SHOULD validate message content against expected schemas or types before acting on information. The tell performative conveys information but does not imply the receiver must accept it as true without verification.¶
Implementations MUST enforce resource limits specified in dialect definitions to prevent:¶
Messages exceeding configured limits SHOULD be rejected with appropriate error responses.¶
The with-limits message wrapper allows senders to request specific resource constraints for message processing:¶
:timeout - Wall-clock timeout in milliseconds for message evaluation¶
:max-depth - Maximum nesting depth for parsing and template expansion (maximum 64 levels)¶
:max-expansion-size - Maximum cumulative size of template expansions in characters¶
Receivers MAY choose to honor, reduce, or ignore these limits based on local policy. The limits serve as hints for resource-constrained processing and provide no security guarantee unless enforced by the receiver.¶
CBCL messages may contain sensitive information. Deployments requiring confidentiality MUST use transport-layer security (e.g., TLS) or message-layer encryption (e.g., via wrapped-message constructs). This specification does not define encryption mechanisms, which are expected to be provided by the deployment environment.¶
This section registers the application/cbcl media type according to [RFC6838].¶
Type name: application¶
Subtype name: cbcl¶
Required parameters: None¶
Optional parameters:¶
Encoding considerations: 8bit or binary. CBCL messages are UTF-8 encoded text containing S-expressions.¶
Security considerations: See Section 5 of this document.¶
Interoperability considerations: CBCL requires parsers supporting S-expression syntax and conformance to DCFL constraints. Implementations should verify dialect definitions before use.¶
Published specification: This document (draft-cbcl).¶
Applications that use this media type: Multi-agent systems, autonomous agent coordination platforms, IoT device communication, distributed AI systems.¶
Fragment identifier considerations: Not applicable. CBCL messages are atomic communication units.¶
Additional information:¶
Deprecated alias names: None¶
Magic number(s): Messages begin with opening parenthesis "(" (0x28)¶
File extension(s): .cbcl¶
Macintosh file type code(s): TEXT¶
Person & email address to contact for further information: Hugo O'Connor [email protected]¶
Intended usage: COMMON¶
Restrictions on usage: None¶
Author: Hugo O'Connor¶
Change controller: IETF (if published as RFC)¶
Provisional registration? No¶
Conformant CBCL parsers MUST:¶
Support S-expression syntax as defined in Section 2.3¶
Enforce nesting depth limits (RECOMMENDED: max 32 levels)¶
Reject malformed messages with clear error indications¶
Complete parsing in bounded time¶
Implementations MAY maintain local or shared registries of known dialects for discovery and reuse. Registry mechanisms are outside the scope of this specification.¶
Agents with different dialect sets can still communicate using core performatives. Applications SHOULD design protocols that gracefully degrade when specialized dialects are unavailable.¶
Two agents exchanging information:¶
; Alice greets Bob
(hello @bob)
; Bob responds
(hello @alice)
; Alice asks a question
(ask @bob "What is the temperature?"
:thread weather-chat-1)
; Bob replies
(reply @alice "23 degrees Celsius"
:thread weather-chat-1)
; Alice acknowledges
(ok @bob :thread weather-chat-1)
; Conversation ends
(bye @bob)
¶
Note: The examples above show the core message content. In practice, these messages would typically be wrapped in envelope structures that include :from, :to, and :timestamp metadata (see Section 2.5).¶
Defining a planning dialect:¶
(meta
(define planning-dialect
:extends cbcl
:author @ai-research-lab
:resources (:max-depth 20
:max-expansion 4096
:max-verify-time 2000)
(extend propose-action
(action preconditions effects)
(tell @planner
(action-proposal
:action action
:requires preconditions
:achieves effects)
:domain planning))
(extend query-plan
(goal constraints)
(ask @planner
(plan-request
:goal goal
:constraints constraints)
:domain planning))))
¶
Using the dialect:¶
(lang planning-dialect
(propose-action
"move-box-A-to-shelf-3"
(list "box-A-location-known" "robot-arm-free")
(list "box-A-on-shelf-3")))
¶
Expanded message:¶
(tell @planner
(action-proposal
:action "move-box-A-to-shelf-3"
:requires ("box-A-location-known" "robot-arm-free")
:achieves ("box-A-on-shelf-3"))
:domain planning)
¶
; Agent attempts to use unknown dialect
(lang unknown-dialect
(custom-action "data"))
; Recipient responds with error
(error @sender "Dialect not installed: unknown-dialect"
:code "UNKNOWN_DIALECT"
:in-reply-to msg-id-7890)
¶
Signed and enveloped message:¶
(envelope
:from @alice
:to @bob
:timestamp "2025-01-15T10:30:00Z"
(signed "base64-signature-data-here"
(tell @bob "Confidential information"
:classification "restricted")))
¶
Resource-limited message:¶
(with-limits :timeout 100 :max-depth 10 :max-expansion-size 4096
(ask @reasoner
"Compute optimal path given constraints"
:constraints (very-complex-constraint-data)))
¶
This work is named after John McCarthy's visionary 1982 proposal for a "Common Business Communication Language" and builds upon the foundational principles of Lisp, particularly S-expressions and homoiconicity. The Lisp community's decades of work on extensible, self-modifying systems provided the conceptual foundation for CBCL's self-bootstrapping design.¶
This work builds on decades of research in agent communication languages, particularly KQML and FIPA-ACL. The language-theoretic security principles are inspired by the LangSec community and the work of Len Sassaman, Meredith L. Patterson, and Dr Sergey Bratus. Matthew Flatt's work on Racket's #lang mechanism demonstrated how language extensibility could be systematized. Thanks to the multi-agent systems research community for foundational work in this area.¶
Thanks to the Science and Industry Endowment Fund and CSIRO's Data61 for providing the initial spark in identifying the problem domain in critical agricultural based use-cases. In particular thanks to Data61 for the opportunity to be a part of the Software Systems research team and Dr Adnene Guabtni for their support. Thanks to Ric Richardson and the team at the Office for Innovation for championing this effort.¶
Thanks to Claire Barnes, David Factor, DZJ, Mat Mytka, Cath Thompson, Mark Pesce, Ron Tucker, Prof. Ingo Weber, Dr Max Ott, Dr Mark Staples, Dr Ho-Pun Lam, Steve Brodie, Alistair Reid, Geoff Huntley, Dr Quinghua Lu, Dr Liming Zhu, Dylan Scott, Max von Hippel, Evan Miyazono, Max Kaye, Andrew Mugridge and Marc Ahrens for helpful and informative discussions and encouragement over the past decade. Special thanks to my family for their support.¶
Note to RFC Editor: Please remove this section before publication.¶
A reference implementation in GNU Guile Scheme is available demonstrating:¶
Complete CBCL parser and message processor¶
Dialect verification engine¶
Planning dialect example¶
Epidemic gossip protocol for dialect propagation¶
Implementation repository: https://codeberg.org/anuna/cbcl (placeholder)¶
Why S-Expressions?¶
S-expressions provide:¶
Simplicity: Minimal syntax rules, easy to parse¶
Homoiconicity: Code and data have the same representation¶
Nested Structure: Natural for representing message hierarchies¶
Established: Decades of tooling and parser implementations¶
Unambiguous: No parser differential vulnerabilities¶
Why DCFL Constraints?¶
Deterministic context-free language constraints ensure:¶
Security: Eliminates "weird machine" attack surfaces¶
Decidability: Parsing and verification complete in polynomial time¶
Interoperability: All implementations parse identically¶
Practicality: Sufficient expressiveness for agent coordination¶
Why Homoiconic Dialects?¶
Making dialect definitions themselves CBCL messages enables:¶
No Separate Meta-Language: Single coherent framework¶
Transmissibility: Dialects spread like any other message¶
Peer-to-Peer: No centralized registry required¶
Self-Describing: Definitions carry their own semantics¶
Why Explicit Recipients in Every Message?¶
All CBCL messages include an explicit recipient field (not just in transport headers) to enable:¶
Connection Multiplexing: Multiple agents can share a single transport connection, with routing based on message content¶
Transport Independence: Messages are self-describing and can be forwarded through intermediaries without transport-layer inspection¶
Store-and-Forward: Message queues and relays can route based on CBCL message content alone¶
Audit Integrity: The complete message record includes addressing information independent of transport logs¶
This design parallels email (RFC 822 headers vs. SMTP envelope) and HTTP/2 multiplexing.¶
Separation of Concerns¶
This specification intentionally omits:¶
Authentication: Use TLS, PKI, or application-specific mechanisms¶
Authorization: Policy decisions belong to agent implementations¶
Transport: CBCL is transport-agnostic (HTTP, WebSocket, MQTT, etc.)¶
Encryption: Use transport-layer or message-layer encryption¶
This separation allows CBCL to serve as a versatile content type across diverse deployment scenarios.¶