Harness-MU: A Safe, Governed, and Effective Harness for Multi-User LLM Agents
Harness-MU provides a multi-user governance framework for LLM agent deployments, enabling multiple users to share an agent while maintaining safety boundaries, access controls, and audit trails across concurrent sessions.
Focus: LLM agents are typically designed for single-user interaction, but production deployments often require multiple users to share an agent — raising questions about session isolation, privilege escalation, and cross-user information leakage. Harness-MU addresses these challenges with a governance layer that enforces user-specific safety boundaries without requiring model retraining.
Key Insights
- Session isolation under shared context: Multi-user agents risk leaking information from one user’s session into another’s context window; Harness-MU uses structured context partitioning to maintain strict session isolation even when the underlying LLM has a shared conversation history.
- Dynamic privilege enforcement: User permissions are enforced at the tool-call level, allowing different users to have different access rights to the agent’s capabilities (e.g., read-only vs. write access to a shared database) without modifying the agent’s prompting.
- Audit trail completeness: Every action taken by the agent is attributed to the requesting user and logged, providing an audit trail necessary for governance and incident response in regulated deployments.
Failure-First Relevance
Multi-user agent governance is directly relevant to the Failure-First multi-agent coordination scenario class. Cross-session information leakage and privilege escalation are specific attack vectors that the Failure-First scenarios should include. The audit trail completeness requirement maps onto the Failure-First data preservation principle — complete logs are necessary not only for safety governance but for reproducing and analysing failure modes.