SafeChain

A Stake-Based Decentralized Safety Protocol for Autonomous Multi-Agent Systems

Adilet Metinov, Gulida M. Kudakeeva, Gulnara D. Kabaeva Institute of Information Technology, Kyrgyz State Technical University named after I. Razzakov, Bishkek, Kyrgyzstan

---

SafeChain is a decentralized safety protocol that adapts blockchain consensus mechanisms for AI agent governance. Agents must lock tokens proportional to action risk before execution; a committee of validators evaluates proposals against a three-layer safety policy, and violations result in graduated stake slashing.

Architecture

+-----------------------------------------------------+
|              Python Simulation Layer                  |
|  +----------+  +------------+  +------------------+  |
|  |  Agents  |  | Validators |  | DeepSeek Client  |  |
|  +----+-----+  +------+-----+  +--------+---------+  |
|       |               |                 |             |
|  +----v---------------v-----------------v----------+  |
|  |            Simulation Environment               |  |
|  +-------------------------+-----------------------+  |
|                            |                          |
|  +-------------------------v-----------------------+  |
|  |          Blockchain Bridge (JSON CLI)            |  |
|  +-------------------------+-----------------------+  |
+--------------------------- |-------------------------+
                             |
+----------------------------v-------------------------+
|                 Rust Blockchain Core                  |
|  +----------+  +-------------+  +-----------------+  |
|  |  Blocks  |  | Transactions|  |  Safety Policy  |  |
|  |  Chain   |  |  Staking    |  |  Validators     |  |
|  |          |  |  Slashing   |  |  Reputation     |  |
|  +----------+  +-------------+  +-----------------+  |
+------------------------------------------------------+

Key Features

• Stake-and-Slash Mechanism: Agents lock tokens proportional to action risk; violations trigger graduated economic penalties
• Three-Layer Safety Policy: Hard constraints, domain-configurable rules, and emergent validator-based social norms
• Rust Blockchain Core: ~1,200 lines of Rust with SHA-256 hashing, staking/slashing ledger, and 17 unit tests
• LLM-Augmented Agents: Optional DeepSeek integration for agent reasoning and validator evaluation
• Comprehensive Ablation Study: 12 system variants including adversarial attack scenarios (Sybil, flash, collusion)

Prerequisites

• Rust 1.70+ (for blockchain core)
• Python 3.10+
• DeepSeek API key (optional; runs in rule-based mode without it)

Installation

git clone https://github.com/MetinovAdik/safechain.git
cd safechain

# Build Rust blockchain core
cd blockchain-core
cargo build --release
cd ..

# Install Python dependencies
cd simulation
python3 -m venv venv
source venv/bin/activate
pip install -r requirements.txt
cd ..

Usage

Full simulation suite

# Rule-based mode (no API key needed)
python3 run_all.py --no-llm

# With DeepSeek LLM agents
export DEEPSEEK_API_KEY="your-key-here"
python3 run_all.py

# Quick test (N=20, T=100)
python3 run_all.py --fast --no-llm

Individual components

cd simulation

# Base simulation only
python3 run_simulation.py --no-llm

# Specific ablation variant
python3 run_simulation.py --variant flash_attack --no-llm

# All 12 ablation variants
python3 run_simulation.py --all-variants --no-llm

Command-line flags

Flag	Description
--no-llm	Disable LLM, use rule-based agent behavior
--fast	Reduced simulation (N=20, T=100)
--variant <name>	Run a specific ablation variant
--all-variants	Run all 12 ablation variants
--skip-ablation	Skip ablation study in run_all.py
--skip-viz	Skip visualization in run_all.py

Protocol Design

Action Lifecycle

1. Stake — Agent locks tokens: s = s_base * risk_mult / max(reputation, 0.1)
2. Propose — Agent submits action with reasoning trace
3. Validate — Committee of k=5 validators evaluates against safety policy
4. Consensus — Weighted approval threshold tau=0.67
5. Execute or Slash — Approved actions execute; violations trigger slash = stake * beta * severity

Agent Profiles

Profile	Distribution	Behavior
Compliant	60%	Always safe actions
Occasionally Risky	20%	80% safe, 20% boundary-pushing
Strategic Adversary	10%	Exploits loopholes near limits
Reckless Adversary	10%	Frequent out-of-bounds actions

Ablation Variants

Variant	Modification
full	Full SafeChain (baseline)
no_slashing	No economic penalties
no_reputation	Random validators, flat staking
centralized	Single oracle (95% accuracy)
no_blockchain	No immutable ledger
majority_threshold	tau=0.51
unanimous_threshold	tau=1.0
fixed_slash	Always slash 100% of stake
colluding_validators_20	20% corrupt validators
colluding_validators_40	40% corrupt validators
sybil_attack	15 fake agents build trust then attack
flash_attack	Perfect behavior for 200 rounds then attack

Configuration

All parameters are defined in simulation/config.py:

Parameter	Default	Description
num_agents	50	Number of agents
num_rounds	500	Simulation rounds
initial_balance	1000	Starting tokens per agent
base_stake	10	Base stake amount
approval_threshold	0.67	Consensus threshold (tau)
validator_committee_size	5	Committee size (k)
reputation_decay	0.9	EMA decay factor (alpha)
severity_scaling	0.5	Slash severity (beta)
llm_sample_rate	0.1	Fraction of LLM-augmented actions

Results

Pre-computed results from LLM-augmented experiments are in the results/ directory:

• results/ablation_table.txt — Full ablation comparison table
• results/ablation_svdr_comparison.pdf — SVDR bar chart across variants
• results/ablation_token_curves.pdf — Adversary balance depletion curves
• results/flash_attack_response.pdf — Flash attack detection timeline
• results/<variant>/metrics.json — Raw metrics per variant

Project Structure

safechain/
├── run_all.py                  # Master script
├── blockchain-core/            # Rust blockchain core
│   ├── Cargo.toml
│   └── src/
│       ├── main.rs             # JSON CLI entry point
│       ├── lib.rs              # Library exports
│       ├── block.rs            # Block structure + SHA-256 hashing
│       ├── chain.rs            # Blockchain state management
│       ├── transaction.rs      # Action proposals, stakes, slashes
│       ├── contract.rs         # Safety policy enforcement
│       ├── validator.rs        # Validator selection + voting
│       ├── reputation.rs       # Reputation tracking + staking
│       └── types.rs            # Shared types and enums
├── simulation/                 # Python simulation layer
│   ├── requirements.txt
│   ├── config.py               # Parameters + variant definitions
│   ├── agent.py                # Agent behavioral profiles
│   ├── validator_agent.py      # Validator logic (rule-based + LLM)
│   ├── environment.py          # Simulation environment
│   ├── blockchain_bridge.py    # Python ↔ Rust bridge
│   ├── deepseek_client.py      # DeepSeek API client with caching
│   ├── interaction_logger.py   # JSONL event logger
│   ├── metrics.py              # SVDR, FPR, throughput computation
│   ├── plots.py                # Matplotlib visualization
│   ├── ablation_plots.py       # Ablation comparison charts
│   ├── visualize.py            # Network timelapse generation
│   └── run_simulation.py       # Simulation entry point
└── results/                    # Experiment outputs

Citation

If you use SafeChain in your research, please cite:

@misc{metinov2025safechain,
  title={SafeChain: A Stake-Based Decentralized Safety Protocol for Autonomous Multi-Agent Systems},
  author={Metinov, Adilet and Kudakeeva, Gulida M. and Kabaeva, Gulnara D.},
  year={2026},
}

License

This project is released under the MIT License.