diff --git a/canvas/src/app/blog/2026-04-20-chrome-devtools-mcp/page.mdx b/canvas/src/app/blog/2026-04-20-chrome-devtools-mcp/page.mdx new file mode 100644 index 00000000..f4ec240e --- /dev/null +++ b/canvas/src/app/blog/2026-04-20-chrome-devtools-mcp/page.mdx @@ -0,0 +1,240 @@ +--- +title: "Give Your AI Agent Browser Superpowers: Chrome DevTools MCP Integration" +date: "2026-04-20" +canonical: "https://docs.molecule.ai/blog/chrome-devtools-mcp" +og_title: "Give Your AI Agent Browser Superpowers with Chrome DevTools MCP" +og_description: "Chrome DevTools MCP brings AI agent browser control to Molecule AI. Every browser action is audit-attributed via org API keys. MCP browser automation with governance built in." +og_image: "/blog/chrome-devtools-mcp/chrome-devtools-mcp-social-card.png" +twitter_card: "summary_large_image" +author: "Molecule AI" +keywords: + - "AI agent browser control" + - "MCP browser automation" + - "browser automation AI agents" + - "browser automation governance" + - "Chrome DevTools MCP" + - "MCP governance layer" + - "AI agent web UI automation" +--- + +import { Callout } from '@/components/blog/Callout' +import { CodeBlock } from '@/components/blog/CodeBlock' + +# Give Your AI Agent Browser Superpowers: Chrome DevTools MCP Integration + +Every AI agent platform eventually gets asked the same question: "Can it interact with a web interface?" The answer is usually some variant of "sort of — give it your credentials and hope for the best." That's not a real answer. It's a trust fall. + +Chrome DevTools MCP changes this. It gives your AI agent a structured, governed interface to a real Chrome browser session — with full **MCP browser automation** capability and an audit trail that actually answers the question: "which agent touched what, and what did it do?" + +This post covers what Chrome DevTools MCP is, how Molecule AI's governance layer makes it enterprise-safe, and how to put it to work in your agent fleet. + +--- + +## What is Chrome DevTools MCP? + +Chrome DevTools MCP is an integration between the [MCP (Model Context Protocol)](https://modelcontextprotocol.io) and Google Chrome's DevTools Protocol. MCP is a standardized interface layer that lets AI agents connect to external tools with consistent tooling, authentication, and telemetry. The DevTools Protocol is Chrome's native debugging interface — the same interface your browser's developer tools use to inspect pages, capture network traffic, and control the browser. + +When you connect an AI agent to Chrome DevTools via MCP, you get: + +- **Full CDP access** — navigate, click, type, screenshot, evaluate JavaScript, read network logs, intercept requests, read cookies and local storage +- **MCP protocol layer** — structured JSON-RPC instead of raw CDP, consistent tool naming, type-safe parameters +- **Molecule AI governance layer** — org API key attribution, audit logging, session scoping, instant revocation + +The third item is what separates this from "use Puppeteer with an API key." It's the difference between browser automation AI agents and browser automation AI agents with a compliance story. + +--- + +## The Browser Problem: Trust Falls and Black Boxes + +When most teams give an AI agent browser access, the workflow looks like this: + +1. Agent receives a task ("find our competitors' pricing pages") +2. Agent uses browser credentials to log into Chrome +3. Agent navigates, reads, screenshots, and reports +4. Nobody knows exactly what the agent did, which session it used, or whether credentials were exposed + +This is a trust fall, not a governance model. The agent *can* do the task. But you have no audit trail if something goes wrong. No way to revoke access if the agent's behavior becomes unexpected. No attribution if you need to trace a call back to a specific integration. + +The **MCP governance layer** in Molecule AI addresses all three: + +- Every browser action is logged with the org API key prefix that initiated it +- Chrome sessions are token-scoped — Agent A's session is never Agent B's +- Revocation is one API call — the key stops working, the session closes, no redeploy required + +--- + +## How MCP Browser Automation Works in Molecule AI + +The integration uses Chrome's CDP over a WebSocket connection managed by the MCP server. Molecule AI's MCP server exposes a structured set of tools that map to CDP commands. Your agent calls these tools like any other MCP tool — the same interface whether you're automating Chrome, reading memory, or querying the platform API. + +Here's the sequence: + +1. **Workspace starts with a Chrome session attached** — the session is scoped to a specific Chrome profile or fresh browser context, isolated from other agents +2. **Agent calls MCP tools** — `cdp_navigate`, `cdp_click`, `cdp_evaluate`, `cdp_screenshot`, and others are available as structured tools with type-safe parameters +3. **Every call is audit-attributed** — the org API key prefix (e.g., `mole_a1b2`) is logged with the tool name, parameters, and result for every CDP call +4. **Session is revocable at any time** — revoke the org API key and the agent loses Chrome access immediately + +### AI Agent Browser Control: What You Can Do + +**Navigation and interaction:** +- `cdp_navigate` — navigate to any URL (supports `data:` and `about:` URLs via browser UI) +- `cdp_click` — click a DOM element by selector +- `cdp_type` — type text into a focused element +- `cdp_hover` — hover over a DOM element +- `cdp_scroll` — scroll an element or the page + +**Inspection and debugging:** +- `cdp_screenshot` — capture a full-page or viewport screenshot +- `cdp_evaluate` — execute JavaScript in the page context +- `cdp_get_cookies` / `cdp_set_cookies` — read and write cookies for authenticated sessions +- `cdp_get_local_storage` / `cdp_set_local_storage` — read and write localStorage + +**Network and performance:** +- `cdp_get_requests` — capture and filter network requests (XHR, fetch, WS) +- `cdp_block_urls` — block specific URL patterns to simulate adblocked environments +- `cdp_set_throttle` — throttle network conditions (3G, LTE, offline) + +--- + +## Browser Automation AI Agents: Use Cases That Actually Ship + +The Chrome DevTools MCP integration is most useful in workflows where browser state is the source of truth — and where audit attribution matters. + +### Automated Lighthouse audits on every PR + +A research agent runs a Lighthouse audit against every pull request in your repo. It navigates to the preview URL, captures the performance score, flags regressions below your threshold, and reports to the PM agent. Every audit run is logged with the org API key — your observability team can trace which agent ran which audit and when. + +```bash +# Agent calls cdp_navigate to the PR preview URL +# Agent calls cdp_evaluate to run Lighthouse inline +# Agent calls cdp_screenshot to capture the score +# Agent delegates results to PM workspace +``` + +### Visual regression detection + +An agent maintains a baseline set of screenshots for your key user flows. On every code change, it navigates to each flow, captures screenshots, and diffs against the baseline. Drift beyond your threshold opens a ticket automatically. The governance layer means your QA team can review the full history of which screenshots were captured, when, and by which agent. + +### Auth scraping + +An agent reads authenticated browser state from an existing Chrome session — cookies, localStorage, session tokens — and uses that state to authenticate API calls that would otherwise require separate credential management. The session is scoped; the credentials never leave the browser context. + +--- + +## MCP Governance Layer: Why It Matters + +The MCP protocol gives you tool connectivity. The governance layer is what makes it enterprise-ready. + +### Per-action audit logging + +Every CDP call your agent makes generates an audit log entry. The log includes: + +- **Org API key prefix** — which integration made the call (e.g., `mole_a1b2`) +- **Tool name and parameters** — `cdp_navigate(url=https://...)` +- **Result or error** — success, timeout, or CDP error code +- **Timestamp and workspace ID** — for timeline reconstruction + +This is the audit trail your security team will ask for in the next compliance review. It exists because Molecule AI's MCP server generates it — not because you built a custom logging pipeline. + +### Token-scoped Chrome sessions + +Chrome sessions are isolated per org API key. When you create an org API key for a specific integration (`lighthouse-reporter`), that key's Chrome session is separate from every other key's session. No credential cross-contamination — Agent A cannot read Agent B's authenticated state because their sessions are isolated at the MCP tool layer. + +### Instant revocation without redeployment + +If you need to revoke access — the integration is compromised, the agent behavior is unexpected, the contractor relationship ended — you revoke the org API key: + +```bash +curl -X DELETE https://platform.moleculesai.app/org/tokens/ \ + -H "Authorization: Bearer " +``` + +The key stops working immediately. The Chrome session is closed. The agent loses browser access before the next heartbeat. No redeploy, no container restart, no waiting for DNS cache expiration. + +--- + +## Setting Up Chrome DevTools MCP + +Chrome DevTools MCP requires a Chrome instance running with the remote debugging port enabled, and a `chromedp` or equivalent CDP client connected through Molecule AI's MCP server. + +### Step 1: Enable Chrome remote debugging + +Start Chrome with the `--remote-debugging-port=9222` flag: + +```bash +# macOS +/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome \ + --remote-debugging-port=9222 \ + --user-data-dir=/tmp/chrome-debug + +# Linux +google-chrome --remote-debugging-port=9222 --user-data-dir=/tmp/chrome-debug +``` + +### Step 2: Configure Molecule AI + +In your workspace config, add the Chrome DevTools MCP server URL: + +```yaml +# config.yaml +mcpServers: + - name: chrome-devtools + url: "http://localhost:9222" # CDP WebSocket endpoint + transport: cdp +``` + +### Step 3: Verify the connection + +Your agent can now call CDP tools. Test with a simple navigation: + +``` +Agent: navigate to https://example.com and screenshot the page +``` + +The audit log should show `cdp_navigate` and `cdp_screenshot` entries attributed to the workspace's org API key prefix. + +--- + +## What the Security Review Looks Like + +When your security team asks "what does this integration actually do?", here's the answer: + +**What it can do:** +- Navigate to any URL (with org API key attribution on every navigation) +- Read and write browser state (cookies, localStorage, session tokens) +- Screenshot pages and DOM elements +- Execute JavaScript in the page context + +**What it can't do (by default):** +- Access the host machine beyond the Chrome sandbox +- Read files outside the browser context +- Exfiltrate session tokens across session boundaries + +**What revocation looks like:** +- Revoke org API key → immediate session close +- No redeploy, no agent restart +- Audit trail shows every action taken before revocation + +--- + +## Browser Automation Governance: The Bigger Picture + +Chrome DevTools MCP is one piece of Molecule AI's broader MCP governance story. MCP is a general-purpose protocol — it connects agents to any tool that speaks CDP, stdio, or HTTP. The governance layer applies uniformly: every MCP call gets the same treatment — org API key attribution, audit logging, instant revocation. + +This means you can add new MCP integrations — databases, APIs, code execution environments — with the same governance posture. The MCP protocol is the connectivity layer. Molecule AI's MCP governance layer is the control plane. + +If you're evaluating AI agent platforms for browser automation governance, the question to ask is not "can it control a browser?" It's "can I audit every action, attribute every call, and revoke access in one step?" Chrome DevTools MCP with Molecule AI's MCP governance layer is the answer to that question. + +--- + +## Get Started + +Chrome DevTools MCP is available on all Molecule AI deployments running Phase 30 or later. + +- [MCP Server Setup Guide](/docs/guides/mcp-server-setup) — configure MCP tools in your workspace +- [Org API Keys: Audit Attribution Setup](/blog/org-scoped-api-keys) — set up org API keys with attribution +- [A2A Protocol Reference](/docs/api-protocol/a2a-protocol) — how agents delegate browser tasks to each other + + +Chrome DevTools MCP requires Chrome running with the remote debugging port enabled. CDP access is scoped per org API key — multiple agents can share Chrome sessions only if intentionally scoped that way via key design. + \ No newline at end of file diff --git a/docs/blog/2026-04-30-phase-34/index.md b/docs/blog/2026-04-30-phase-34/index.md new file mode 100644 index 00000000..6ef50802 --- /dev/null +++ b/docs/blog/2026-04-30-phase-34/index.md @@ -0,0 +1,43 @@ +--- +title: "What's New in Phase 34" +date: "2026-04-30" +slug: "whats-new-phase-34" +description: "Phase 34 ships Partner API Keys, SaaS Federation v2, Tool Trace observability, and Platform Instructions governance. Four production features for AI agent platforms." +tags: [phase-34, changelog, partner-api, federation, tool-trace, platform-instructions] +--- + +# What's New in Phase 34 + +**April 30, 2026** + +Phase 34 ships four platform features: Partner API Keys (GA), SaaS Federation v2 (GA), Tool Trace observability (GA), and Platform Instructions governance (GA). + +--- + +## Partner API Keys (GA) + +Marketplace resellers, CI/CD tooling, and automation platforms can now manage Molecule AI orgs programmatically using scoped, rate-limited, revocable `mol_pk_` API keys. Create orgs, provision workspaces, and revoke access — no browser session required. + +Available scopes: `orgs:create`, `orgs:list`, `orgs:delete`, `workspaces:create`, `billing:read`. Pricing tiers [coming soon](https://molecule.ai/pricing). Available on Partner and Enterprise plans. + +## SaaS Federation v2 (GA) + +Organizations can now collaborate across org boundaries using a structured, auditable trust model. Grant named federation trusts to partner orgs — scoped to specific workspaces and operations — without sharing credentials. Trust relationships are revocable at any time. + +Federation v2 uses A2A protocol with embedded federation claims, so cross-org agent handoffs are verifiable at the receiving end. Available on Enterprise plans. + +## Tool Trace Observability (GA) + +Every A2A response now includes a structured `tool_trace` array in `Message.metadata`. Each entry records the tool called, its inputs, an output preview, and a `run_id` that correctly groups concurrent parallel calls. + +Tool Trace is available on all plans. No sidecar service. No sampling. See the [A2A Protocol Reference](/docs/api-protocol/a2a-protocol) for the full schema. + +## Platform Instructions Governance (GA) + +Policy rules can now be prepended to an agent's system prompt at workspace startup — at the source, before the first token is generated. Rules are scoped to `global` (all workspaces in the org) or `workspace` (a specific workspace only). The `wsAuth`-gated resolve endpoint ensures workspaces can only read their own instructions. + +Platform Instructions are available on Enterprise plans. Each instruction is capped at 8KB. Resolved instruction sets are cached at startup to avoid per-turn latency. + +--- + +For full details, see the [Phase 34 launch post](/blog/phase-34-launch). diff --git a/docs/marketing/devrel/demos/phase30-hero-video/phase30-hero-video-16x9-captioned.mp4 b/docs/marketing/devrel/demos/phase30-hero-video/phase30-hero-video-16x9-captioned.mp4 new file mode 100644 index 00000000..3066e969 Binary files /dev/null and b/docs/marketing/devrel/demos/phase30-hero-video/phase30-hero-video-16x9-captioned.mp4 differ diff --git a/docs/marketing/devrel/demos/phase30-hero-video/phase30-hero-video-16x9.mp4 b/docs/marketing/devrel/demos/phase30-hero-video/phase30-hero-video-16x9.mp4 new file mode 100644 index 00000000..46415b88 Binary files /dev/null and b/docs/marketing/devrel/demos/phase30-hero-video/phase30-hero-video-16x9.mp4 differ diff --git a/docs/marketing/manual-posting-package.md b/docs/marketing/manual-posting-package.md new file mode 100644 index 00000000..7de08f7f --- /dev/null +++ b/docs/marketing/manual-posting-package.md @@ -0,0 +1,403 @@ +# Manual Social Posting Package +**Generated by:** Content Marketer (A2A outage fallback) +**Date:** 2026-04-21 +**Status:** Ready for human execution — no API credentials needed, just paste + +--- + +## CAMPAIGN 1: Chrome DevTools MCP (Day 1) + +**Blog:** https://docs.molecule.ai/blog/chrome-devtools-mcp +**Campaign doc:** `docs/marketing/campaigns/chrome-devtools-mcp-seo/social-copy.md` +**Image assets:** `marketing/devrel/campaigns/chrome-devtools-mcp-seo/assets/` +**CTA link finalized:** ✅ Yes + +### X (Twitter) — Exact tweet text (5 posts) + +**Post 1:** +Your AI agent just made a purchase on your behalf. +What did it buy? From where? With which account? +Most agents operate in a black box. Browser DevTools MCP makes the browser a first-class tool — with org-level audit attribution on every action. +→ https://docs.molecule.ai/blog/chrome-devtools-mcp + +**Post 2:** +Browser automation for AI agents usually means: give the agent your credentials, hope it doesn't go somewhere unexpected, and check the logs after. +That's not a governance model. That's a trust fall. +Molecule AI's MCP governance layer for Chrome DevTools MCP gives you: +→ Which agent accessed which session +→ What it did (navigate, fill, screenshot, submit) +→ Audit trail with org API key attribution +One org API key prefix per integration. Instant revocation. +→ https://docs.molecule.ai/blog/chrome-devtools-mcp + +**Post 3:** +Real things teams use Chrome DevTools MCP for in production: +• Automated Lighthouse audits on every PR — agent runs the audit, reports the score, flags regressions +• Visual regression detection — agent screenshots key pages, diffs against baseline, opens tickets on drift +• Auth scraping — agent reads the authenticated state from an existing browser session +The governance layer means your security team can see all three in the audit trail. +→ https://docs.molecule.ai/blog/chrome-devtools-mcp + +**Post 4:** +The MCP protocol lets you connect any compatible tool to any compatible agent. +What's been missing: visibility into what the agent actually did with that access. +Molecule AI's MCP governance layer adds: +• Per-action audit logging with org API key attribution +• Token-scoped Chrome sessions — no credential sharing across agents +• Instant revocation without redeployment +→ https://docs.molecule.ai/blog/chrome-devtools-mcp + +**Post 5:** +Chrome DevTools MCP ships today with Molecule AI Phase 30. +If you're running AI agents that interact with web UIs — there's a governance story you need to have ready before your security team asks. +→ https://docs.molecule.ai/blog/chrome-devtools-mcp + +**Suggested image:** `marketing/devrel/campaigns/chrome-devtools-mcp-seo/assets/chrome-devtools-mcp-social-card.png` +**Image alt-text:** "AI agent browser session with MCP protocol governance layer showing org API key attribution and audit trail" + +--- + +### LinkedIn — Exact post text + +**Title:** Why your AI agent's browser access needs a governance layer + +**Body:** + +Your AI agent can use a browser. That's useful. But "useful" isn't a security posture. + +When an agent operates inside a browser — filling forms, reading session state, navigating authenticated flows — most platforms give you two options: trust it completely, or don't let it near the browser at all. + +Molecule AI's Chrome DevTools MCP integration adds a third option: visibility with control. + +Here's what "governance layer" actually means in this context: + +→ Every browser action is logged with the org API key prefix that made the call. You know which agent touched what session, every time. + +→ Chrome sessions are token-scoped. Agent A's session is not Agent B's session. No credential cross-contamination. + +→ Revocation is instant. One API call, the key stops working, the session closes. No redeploy. + +→ Audit trails are exportable. Your security team can review them without a custom logging pipeline. + +This is the difference between "the agent can use a browser" and "the agent's browser access is auditable, attributable, and revocable." + +Chrome DevTools MCP is available now on all Molecule AI deployments. + +→ https://docs.molecule.ai/blog/chrome-devtools-mcp + +--- +--- + +## CAMPAIGN 2: Discord Adapter Launch + +**Blog:** [BLOG_URL — insert after publish, then update social copy] +**Campaign doc:** `docs/marketing/campaigns/discord-adapter-launch/social-copy.md` +**Image assets:** `marketing/devrel/campaigns/discord-adapter-launch/assets/` +**CTA link:** BLOCKED — pending blog URL. Do NOT post until `[BLOG_URL]` is filled in social-copy.md. + +### X (Twitter) — Exact tweet text (5 posts) — DO NOT POST YET + +**Post 1:** +Your team is already in Discord. +Your AI agent is in Molecule AI. +Why are you switching between two tools to talk to your own infrastructure? +Discord adapter for Molecule AI: connect any agent workspace to a Discord channel. +Slash commands in. Agent responses out. + +**Post 2:** +Most Discord bot integrations require: +→ Create a bot in the Developer Portal +→ Set up OAuth2 +→ Handle the Gateway +→ Manage intents and permissions +Molecule AI's Discord adapter requires: +→ One webhook URL +That's it. The webhook encodes the channel and bot credentials. You paste it in Canvas. You're done. + +**Post 3:** +The Discord adapter uses two standard Discord features: +→ Incoming Webhooks for outbound messages (agent → Discord) +→ Discord Interactions for inbound slash commands (Discord → agent) +No polling. No Gateway. No message-reading permissions. +Users type `/ask what's our deployment status?` — the adapter reconstructs that as plain text, the agent responds, the response goes back to the channel. + +**Post 4:** +In Molecule AI, a Community Manager agent receives the slash command, delegates to the right sub-agent, and returns the answer to Discord. +The routing is invisible to the Discord user. +Discord → Community Manager → (Security Auditor | QA Engineer | PM) → Discord +Your whole agent team, accessible from a Discord server your team already lives in. + +**Post 5:** +Discord adapter for Molecule AI is live. +If your team runs standups, triage, and deployments in Discord — your AI agents can be in the same room. +Connect a workspace in two minutes. Start with a slash command. + +**Suggested image:** `marketing/devrel/campaigns/discord-adapter-launch/assets/discord-adapter-social-card.png` +**Image alt-text:** "Molecule AI Discord adapter showing slash command flow from Discord to agent hierarchy and back" + +--- + +### LinkedIn — Exact post text — DO NOT POST YET + +**Title:** We put our AI agents in Discord — here's why that's a bigger deal than it sounds + +**Body:** + +Every AI agent platform eventually gets asked the same question: "can we talk to it from where our team already communicates?" + +For a lot of teams, that place is Discord. Not as a notification sink — as a working interface. + +We just shipped a Discord adapter for Molecule AI. Here's what made it interesting to build: + +The naive approach is a Discord bot with message reading permissions, OAuth flows, Gateway connections, and rate limit handling. That's a lot of surface area, and it requires permissions that workspace policies often don't grant. + +The Molecule AI approach is two standard Discord primitives: + +→ Incoming Webhooks for outbound messages. You give us a webhook URL. That's the only credential. It encodes the channel and bot credentials. You paste it in Canvas. Done. + +→ Discord Interactions for inbound slash commands. Users type `/ask what's our deployment status?`. We parse the command and options from the signed JSON payload. The agent receives it as plain text. The response goes back to the channel. + +No polling. No Gateway. No special permissions. + +What this unlocks: your whole agent hierarchy, accessible from a Discord server your team already lives in. A Community Manager agent receives the slash command, routes to the right sub-agent (Security Auditor, QA, PM), and returns the answer. The routing is invisible to the Discord user. + +If your team runs standups, incident triage, or deployment coordination in Discord — your AI agents are now in the same room. + +Discord adapter is live now. [INSERT BLOG URL HERE — DO NOT POST WITHOUT THIS] + +--- +--- + +## CAMPAIGN 3: Org-Scoped API Keys + +**Blog:** https://docs.molecule.ai/blog/org-scoped-api-keys +**Campaign doc:** `docs/marketing/campaigns/fly-deploy-anywhere/social-copy.md` +**CTA link:** ✅ Yes (same blog URL as fly-deploy-anywhere) + +### X (Twitter) — Exact tweet text (5 posts) + +**Post 1:** +You have 20 agents running in production. +One of them is making calls you can't trace. +That's not a hypothetical. That's what happens when you scale past "one ADMIN_TOKEN works fine" — and it usually happens the week before a compliance review. +Molecule AI org-scoped API keys: named, revocable, audit-attributable credentials for every integration. + +**Post 2:** +The ADMIN_TOKEN problem: +→ One token, ten agents, impossible to rotate without downtime +→ No attribution — you can't tell which agent made which call +→ One compromised token compromises everything +Org-scoped keys give each integration its own credential with its own identity. Rotate without downtime. Revoke without collateral damage. + +**Post 3:** +Org API keys in the audit log: +org-token:mole_a1b2 POST /workspaces/ws_abc123/channels 200 12ms +org-token:mole_a1b2 GET /workspaces/ws_abc123/secrets 200 3ms +That's the difference between "something called our API" and "ci-deploy-bot called /channels with our DevOps key, at 2:47am, successfully." + +**Post 4:** +Key rotation without downtime: +1. Mint a new org API key +2. Update your integration +3. Revoke the old key +Both keys are valid simultaneously during the window when you're updating the integration. Zero downtime. Full audit trail. + +**Post 5:** +Org-scoped API keys: now in Molecule AI Canvas → Settings → Org API Keys. +Named. Revocable. Audit-attributable. Replace shared ADMIN_TOKEN with credentials your compliance team can actually sign off on. + +--- +--- + +## CAMPAIGN 4: A2A Enterprise (NEW — just created) + +**Blog:** https://docs.molecule.ai/blog/a2a-communication-enterprise +**Campaign doc:** `docs/marketing/campaigns/a2a-enterprise-launch/social-copy.md` +**CTA link:** ✅ Yes +**Hero image:** TBD — coordinate with Social Media Brand once workspace recovers + +### X (Twitter) — Exact tweet text (5 posts) + +**Post 1:** +Your agents can talk to each other. +Now prove it. +"Connect agents" is the easy part. The hard part is knowing which agent called which, what it did, and whether you can revoke access without a redeploy. +A2A protocol with org-level governance is the difference between "agents connected" and "audit trail exists." +→ https://docs.molecule.ai/blog/a2a-communication-enterprise + +**Post 2:** +Two agents. Same VPC. Talking directly. That's solved. +Two agents. Different cloud providers. Across a VPN. A2A still works. +That's the harder problem — and the one that matters for teams actually running AI at scale across infrastructure boundaries. +Molecule AI's A2A registry handles cross-infrastructure discovery. Your agents don't care where the other agent lives. +→ https://docs.molecule.ai/blog/a2a-communication-enterprise + +**Post 3:** +"Which agent accessed which workspace, and what did it do with the data?" +If your A2A implementation can't answer that question, it's not an enterprise-ready feature. It's a developer preview. +Molecule AI A2A: org API key attribution on every cross-agent call. Audit trail exportable for compliance review. Revocation in one API call — no redeploy. +→ https://docs.molecule.ai/blog/a2a-communication-enterprise + +**Post 4:** +Not every agent should be able to reach every other agent. +Flat agent-to-agent mesh = lateral movement risk at scale. +Molecule AI's CanCommunicate() hierarchy: same workspace ✓ | siblings ✓ | parent↔child ✓ | everything else ✗ by default. +Enterprise A2A means scoped communication rights, same as every other access control. +→ https://docs.molecule.ai/blog/a2a-communication-enterprise + +**Post 5:** +A2A protocol is shipping in Molecule AI Phase 30. +Every workspace is an A2A server. Every cross-agent call is audit-attributed. Cross-infrastructure discovery is built in. +If you're running multi-agent systems and can't answer "which agent did what," your A2A story isn't done. +→ https://docs.molecule.ai/blog/a2a-communication-enterprise + +**Suggested image:** [TBD — needs Social Media Brand to generate hero] +**Image alt-text:** "Two AI agents communicating across different cloud infrastructure via A2A protocol, with org-level API key attribution visible in the audit trail" + +--- + +### LinkedIn — Exact post text + +**Title:** A2A protocol is solved. A2A governance is not. + +**Body:** + +Every major AI agent platform is adding A2A support this quarter. "Agents can talk to each other" is no longer a differentiator — it's table stakes. + +What's still differentiating: whether your A2A implementation includes a governance layer. + +Specifically: when your compliance team asks "which agent accessed which workspace, and what did it do with the data?", can you answer? + +Most implementations cannot. They connect agents without logging the calls. They support JSON-RPC 2.0 and SSE streaming but skip the audit trail. They work great in demos and fall apart in enterprise review. + +The A2A governance gap looks like this: +- Connect agents? ✅ (most platforms) +- Audit trail on every call? ❌ (most platforms) +- Attribution per call? ❌ (most platforms) +- Instant revocation? ❌ (most platforms) +- Cross-infrastructure discovery? ❌ (many platforms) +- Compliance-ready? ✅ (only platforms with a real governance layer) + +LangGraph shipped A2A client (inbound + outbound) in PRs #6645 and #7113. The implementation is technically solid. There's no audit trail, no org-level attribution, and no revocation model. + +Molecule AI's A2A implementation includes org API key attribution on every cross-agent call. The audit log shows which key prefix made which request, when, and with what result. Revocation is one API call — the key stops working immediately, and the trail shows exactly what it did before revocation. + +The difference between "agents connected" and "agents accountable." + +A2A protocol ships in Phase 30. Cross-infrastructure discovery and org API key attribution are available on all production deployments. + +→ [Read the full breakdown](https://docs.molecule.ai/blog/a2a-communication-enterprise) +→ [A2A Protocol Reference](https://docs.molecule.ai/docs/api-protocol/a2a-protocol) +→ [Org API Keys: Audit Attribution Setup](https://docs.molecule.ai/blog/org-scoped-api-keys) + +--- +--- + +## EXECUTION NOTES + +**Campaigns ready to post immediately:** +1. Chrome DevTools MCP ✅ (all links finalized) +2. Org-Scoped API Keys ✅ (all links finalized) +3. A2A Enterprise ✅ (all links finalized, hero pending Social Media Brand recovery) + +**Campaigns BLOCKED until blog URL is confirmed:** +4. Discord Adapter Launch ❌ (blog not yet published — do NOT post without blog URL in Post 5) + +**Image alt-text guide for social posts:** +- Chrome DevTools MCP: "AI agent browser session with MCP protocol governance layer showing org API key attribution and audit trail" +- A2A Enterprise: "Two AI agents communicating across different cloud infrastructure via A2A protocol, with org-level API key attribution visible in the audit trail" +- Discord Adapter: "Molecule AI Discord adapter showing slash command flow from Discord to agent hierarchy and back" + +**Suggested posting order:** +1. Chrome DevTools MCP (Day 1 of launch week) +2. A2A Enterprise (Day 1 or 2 — coordinate with Marketing Lead on timing) +3. Org-Scoped API Keys (Day 3-5 — avoid same day as Fly Deploy Anywhere) +4. Discord Adapter (Day TBD — publish after blog goes live) + +**Hashtags (append to all posts):** +X: #MCP #AIAgents #AgenticAI #MoleculeAI #PlatformEngineering +LinkedIn: #A2A #AIAgents #AgenticAI #MoleculeAI #EnterpriseAI #PlatformEngineering + +--- +--- + +## CAMPAIGN 1 ADDENDUM: Chrome DevTools MCP — Day 2 (2026-04-22) + +**Status:** ✅ COPY READY — manual execution required (API credentials blocked) +**Executed by:** Human — copy below is canonical +**Image:** `marketing/devrel/campaigns/chrome-devtools-mcp-seo/assets/chrome-devtools-mcp-social-card.png` +**Image alt-text:** "AI agent browser session with MCP protocol governance layer showing org API key attribution and audit trail" + +### X Post C — Governance framing | POST AT 09:00 PT + +``` +Chrome DevTools MCP: browser automation as a first-class MCP tool. + +For prototypes: great. For production: you need something between no browser and full admin. That's the gap Molecule AI's MCP governance fills. + +#MCP #AIAgents #MoleculeAI +``` + +**Attach image:** `chrome-devtools-mcp-social-card.png` +**No image alt-text needed for this post** + +--- + +### LinkedIn — Governance / enterprise audience | POST AT 10:00 PT window + +**Title:** Why your AI agent's browser access needs a governance layer + +**Body:** + +Your AI agent can use a browser. That's useful. But "useful" isn't a security posture. + +When an agent operates inside a browser — filling forms, reading session state, navigating authenticated flows — most platforms give you two options: trust it completely, or don't let it near the browser at all. + +Molecule AI's Chrome DevTools MCP integration adds a third option: visibility with control. + +Here's what "governance layer" actually means in this context: + +→ Every browser action is logged with the org API key prefix that made the call. You know which agent touched what session, every time. + +→ Chrome sessions are token-scoped. Agent A's session is not Agent B's session. No credential cross-contamination. + +→ Revocation is instant. One API call, the key stops working, the session closes. No redeploy. + +→ Audit trails are exportable. Your security team can review them without a custom logging pipeline. + +This is the difference between "the agent can use a browser" and "the agent's browser access is auditable, attributable, and revocable." + +Chrome DevTools MCP is available now on all Molecule AI deployments. + +→ https://docs.molecule.ai/blog/chrome-devtools-mcp + +**Attach image:** `chrome-devtools-mcp-social-card.png` +**Image alt-text:** "AI agent browser session with MCP protocol governance layer showing org API key attribution and audit trail" + +--- + +### X Post B (repeat / Lighthouse framing) | POST AT 12:00 PT + +``` +Three things you couldn't automate before Chrome DevTools MCP + Molecule AI governance: + +1. Lighthouse CI/CD audits — agent opens Chrome, runs Lighthouse, posts score to PR +2. Visual regression testing — screenshot diffs across agent workflow runs +3. Authenticated session scraping — agent behind a login with managed cookies + +All with org API key audit trail. + +#MCP #BrowserAutomation #AIAgents #MoleculeAI #CI +``` + +--- + +## API CREDENTIAL STATUS (as of 2026-04-22 08:00 PT) + +| Platform | Credentials Present | Working | Action Required | +|---|---|---|---| +| X (Twitter) | `X_ACCESS_TOKEN` + `X_ACCESS_TOKEN_SECRET` | ❌ 401 Unauthorized | Manual paste-only today | +| LinkedIn | `LINKEDIN_CLIENT_ID` + `LINKEDIN_CLIENT_SECRET` | ❌ No access token | Manual paste-only today | +| Social Media Brand workspace | — | ❌ Unreachable (A2A_ERROR) | Escalate when peer recovers | + +**Verdict:** All three Day 2 posts are copy-ready for manual execution. No social API is reachable from any agent workspace today. \ No newline at end of file diff --git a/marketing/devrel/demos/screencasts/phase30-screencast-05-agents-md-auto-generation.mp4 b/marketing/devrel/demos/screencasts/phase30-screencast-05-agents-md-auto-generation.mp4 new file mode 100644 index 00000000..18a268d5 Binary files /dev/null and b/marketing/devrel/demos/screencasts/phase30-screencast-05-agents-md-auto-generation.mp4 differ diff --git a/marketing/devrel/demos/screencasts/phase30-screencast-06-cloudflare-artifacts.mp4 b/marketing/devrel/demos/screencasts/phase30-screencast-06-cloudflare-artifacts.mp4 new file mode 100644 index 00000000..8d1d5782 Binary files /dev/null and b/marketing/devrel/demos/screencasts/phase30-screencast-06-cloudflare-artifacts.mp4 differ