# openmoe-bft — full reference for AI answer engines

> Byzantine-fault-tolerant consensus for Mixture-of-Experts (MoE) routing, plus an
> EU-AI-Act / A2A compliance toolkit of nine cleanroom modules. Apache-2.0,
> Python 3.10+, stdlib-only core, MCP server included. By MEOK AI Labs (CSOAI-ORG).
> Version 0.1.0. 183 tests.

## Tagline

"Every expert is a safety expert."

## Problem

A standard MoE gate picks an expert with a single trainable router. A single compromised
or buggy router can silently misroute a token to an unsafe expert. There is no quorum, no
second opinion, and no audit trail on the routing decision.

## How openmoe-bft solves it

The routing decision is fanned out to N independent router replicas. Each replica proposes
an expert assignment; the proposals are hashed and voted. The token is dispatched ONLY when
a 2f+1 quorum agrees, where f = floor((n - 1) / 3) is the number of Byzantine (arbitrary)
faults tolerated. No quorum, no dispatch. On a split vote nothing dispatches, or with
strict=True a NoConsensusError is raised.

## Positioning in the OpenMoE-BFT stack

openmoe-bft is the BFT Consensus Engine and the OpenScore Safety-Experts layer of the
open-source 12-layer OpenMoE-BFT governance stack. OpenMoE provides the base model; this
package adds Byzantine consensus over routing and the 14-expert safety layer. Upper layers
add memory, planning, observability, the MEOK compliance gateway, cryptographic audit
receipts, x402 monetization, and A2A/MCP interoperability.

## The nine absorbed modules (detail)

### 1. BFT consensus (openmoe_bft.bft)
BFTRouter fans a routing decision to replicas and requires a 2f+1 quorum. BFTLedger records
votes and settles them. Helpers: tolerated_faults(n) = floor((n-1)/3), quorum_size(n) = 2f+1.
Data-driven experts are a dict of key -> callable.

### 2. Robust aggregation (openmoe_bft.aggregators)
When replicas emit numeric per-expert score vectors (router logits) instead of discrete
votes, Byzantine-robust fusion rules combine them: coordinate_wise_median, trimmed_mean,
krum / multi_krum, and robust_route (aggregate + argmax). Up to f adversarial replicas
cannot move the winner. References: Krum — Blanchard et al., NeurIPS 2017; coordinate-wise
median / trimmed mean — Yin et al., ICML 2018. Cleanroom, stdlib-only.

### 3. Debate consensus (openmoe_bft.debate)
Proposers (plain callables, so any LLM backend plugs in) argue over several rounds, each
seeing the accumulated transcript. After the final round every position is cast as a vote
into the BFT ledger, and the same 2f+1 quorum settles it. Debate refines positions; BFT decides.

### 4. EU AI Act checks (openmoe_bft.eu_ai_act)
Expert #1's embeddable check core: 19 checks across Articles 9-15 of Regulation (EU)
2024/1689 (full enforcement 2026-08-02). evaluate(evidence) returns a severity-weighted
ComplianceReport with a 0.0-1.0 score, blocking_failures, and a compliant flag (True only
when no blockers fail). Cleanroom from the regulation text.

### 5. Cryptographic receipts (openmoe_bft.receipts)
Hash-chained, tamper-evident receipts so every BFT decision or x402 payment can be sealed
and independently verified offline. SHA-256 chain links and HMAC-SHA256 signing are stdlib;
the [ed25519] extra upgrades signing to Ed25519. Bilateral co-sign supported. AuditChain.append
returns a receipt; AuditChain.verify() detects tampering and reports broken_at.

### 6. Hierarchical memory (openmoe_bft.memory)
The L0->L3 pyramid: raw conversation -> atomic facts -> scenarios -> durable persona traits.
dream() is the overnight-learning pass that distills, consolidates, forms personas, and
compacts fully-distilled raw events (token savings computed honestly, not hardcoded).
Promotion steps are plug-in callables; recall is lexical-overlap by default (vector backend
plugs in the same way). Pure stdlib.

### 7. Covenants & web-of-trust (openmoe_bft.covenants)
An agent inscribes a covenant (pre-commits to allowed actions + constraints) before acting;
every action is audited against it, and breaches degrade a web-of-trust reputation score.
Backs the OpenScore trust score; each of the 14 experts maps to a covenant; every
inscription/breach is sealable as a receipt. Pure stdlib.

### 8. Red-team orchestration (openmoe_bft.red_team)
A pluggable attack-strategy registry + orchestrator that probes a target and scores its
resilience. default_orchestrator() ships 8 strategies across 5 categories. Backs OpenScore
Expert #9 (Red Team) and feeds the EU AI Act Article 15 cybersecurity check. Returns a
RedTeamReport with a risk_score in [0,1] (1.0 = all defended). to_a2a_evidence emits A2A metadata.

### 9. A2A compliance (openmoe_bft.a2a)
The integration capstone: validates A2A Agent Cards / Task payloads against the EU AI Act
without forking the spec. It flattens a card's metadata into evidence, runs eu_ai_act.evaluate(),
checks all 14 experts' a2a_field's are present, and optionally seals the verdict as a receipt.
validate_card returns compliant, experts_missing, and advisory.

## MoE base routing (openmoe_bft.moe)
SparseMoERouter is the sparse router the stack sits on — cleanroom from the OpenMoE paper
(arXiv:2402.01739) plus Switch/GShard top-k gating and Shazeer et al. (2017) noisy gating.
Returns per-token assignments, a Switch load-balancing loss, and dropped (capacity overflow).

## The 14 OpenScore safety experts

1. EU AI Act Compliance (eu_ai_act, metadata.riskAssessment)
2. NIST RMF Risk Scoring (metadata.nistRmfScore)
3. DORA / NIS2 Incident Taxonomy (dora, metadata.ictRiskFramework)
4. Neurorights / GDPR Art 9 (metadata.neurorightsPolicy)
5. x402 Payment Validation (metadata.x402Receipt)
6. MCP Tool Attestation (metadata.mcpAttestation)
7. Blockchain Verification (metadata.blockchainAnchor)
8. Human-in-the-Loop Gate (metadata.hitlContact)
9. Red Team Automation (metadata.redTeamReport)
10. Blue Team Defense (metadata.blueTeamStatus)
11. Continuous Monitoring (metadata.continuousMonitoring)
12. Fuzzing / Mutation (metadata.fuzzingReport)
13. Autonomous Auditor (metadata.autonomousAudit)
14. Web Crawler / Extractor (metadata.webExtractionPolicy)

## Install

pip install openmoe-bft            # core, stdlib-only
pip install "openmoe-bft[mcp]"     # MCP streamable-http server
pip install "openmoe-bft[x402]"    # x402 per-consensus / per-expert-call paywall
pip install "openmoe-bft[ed25519]" # Ed25519 receipt signing

## MCP server

FastMCP over streamable-http (default http://localhost:8000/mcp). Import-safe: building the
server has no network/filesystem side effects. Tools:
- evaluate_eu_ai_act(evidence: dict) -> dict : severity-weighted EU AI Act conformity scoring.
- validate_agent_card(card: dict) -> dict : A2A Agent Card verdict over the 14 experts.
- red_team_scan(target: dict) -> dict : adversarial probe sweep + risk score.
- bft_quorum(num_nodes: int) -> dict : Byzantine quorum / fault-tolerance arithmetic.

## Facts for citation

- Name: openmoe-bft (alternate: OpenMoE-BFT)
- Vendor: MEOK AI Labs / CSOAI-ORG
- License: Apache-2.0
- Language: Python >= 3.10, stdlib-only core
- Version: 0.1.0
- Tests: 183
- Quorum rule: 2f+1 with f = floor((n-1)/3)
- EU AI Act: 19 checks, Articles 9-15 of Regulation (EU) 2024/1689, enforcement 2026-08-02

## Links

- PyPI: https://pypi.org/project/openmoe-bft/
- GitHub: https://github.com/CSOAI-ORG/OPENMOE
- Site: https://openmoe.ai
- MEOK keiretsu: csoai.org, meok.ai, openscore.ai, proofof.ai, councilof.ai