core-lead/molecule-core
1
0
Fork 0
forked from molecule-ai/molecule-core
Code Pull Requests Activity

Merge pull request #1859 from Molecule-AI/content-marketer/phase34-launch-post-v2

Browse Source 
docs(marketing): Phase 34 launch post v2 — governance-first + tool trace
This commit is contained in:
molecule-ai[bot] 2026-04-24 07:05:54 +00:00 committed by GitHub
commit 82d15f4d33
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
41 changed files with 2345 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

240
canvas/src/app/blog/2026-04-20-chrome-devtools-mcp/page.mdx Normal file
View File

@ -0,0 +1,240 @@
---
title: "Give Your AI Agent Browser Superpowers: Chrome DevTools MCP Integration"
date: "2026-04-20"
canonical: "https://docs.molecule.ai/blog/chrome-devtools-mcp"
og_title: "Give Your AI Agent Browser Superpowers with Chrome DevTools MCP"
og_description: "Chrome DevTools MCP brings AI agent browser control to Molecule AI. Every browser action is audit-attributed via org API keys. MCP browser automation with governance built in."
og_image: "/blog/chrome-devtools-mcp/chrome-devtools-mcp-social-card.png"
twitter_card: "summary_large_image"
author: "Molecule AI"
keywords:
- "AI agent browser control"
- "MCP browser automation"
- "browser automation AI agents"
- "browser automation governance"
- "Chrome DevTools MCP"
- "MCP governance layer"
- "AI agent web UI automation"
---
import { Callout } from '@/components/blog/Callout'
import { CodeBlock } from '@/components/blog/CodeBlock'
# Give Your AI Agent Browser Superpowers: Chrome DevTools MCP Integration
Every AI agent platform eventually gets asked the same question: "Can it interact with a web interface?" The answer is usually some variant of "sort of — give it your credentials and hope for the best." That's not a real answer. It's a trust fall.
Chrome DevTools MCP changes this. It gives your AI agent a structured, governed interface to a real Chrome browser session — with full **MCP browser automation** capability and an audit trail that actually answers the question: "which agent touched what, and what did it do?"
This post covers what Chrome DevTools MCP is, how Molecule AI's governance layer makes it enterprise-safe, and how to put it to work in your agent fleet.
---
## What is Chrome DevTools MCP?
Chrome DevTools MCP is an integration between the [MCP (Model Context Protocol)](https://modelcontextprotocol.io) and Google Chrome's DevTools Protocol. MCP is a standardized interface layer that lets AI agents connect to external tools with consistent tooling, authentication, and telemetry. The DevTools Protocol is Chrome's native debugging interface — the same interface your browser's developer tools use to inspect pages, capture network traffic, and control the browser.
When you connect an AI agent to Chrome DevTools via MCP, you get:
- **Full CDP access** — navigate, click, type, screenshot, evaluate JavaScript, read network logs, intercept requests, read cookies and local storage
- **MCP protocol layer** — structured JSON-RPC instead of raw CDP, consistent tool naming, type-safe parameters
- **Molecule AI governance layer** — org API key attribution, audit logging, session scoping, instant revocation
The third item is what separates this from "use Puppeteer with an API key." It's the difference between browser automation AI agents and browser automation AI agents with a compliance story.
---
## The Browser Problem: Trust Falls and Black Boxes
When most teams give an AI agent browser access, the workflow looks like this:
1. Agent receives a task ("find our competitors' pricing pages")
2. Agent uses browser credentials to log into Chrome
3. Agent navigates, reads, screenshots, and reports
4. Nobody knows exactly what the agent did, which session it used, or whether credentials were exposed
This is a trust fall, not a governance model. The agent *can* do the task. But you have no audit trail if something goes wrong. No way to revoke access if the agent's behavior becomes unexpected. No attribution if you need to trace a call back to a specific integration.
The **MCP governance layer** in Molecule AI addresses all three:
- Every browser action is logged with the org API key prefix that initiated it
- Chrome sessions are token-scoped — Agent A's session is never Agent B's
- Revocation is one API call — the key stops working, the session closes, no redeploy required
---
## How MCP Browser Automation Works in Molecule AI
The integration uses Chrome's CDP over a WebSocket connection managed by the MCP server. Molecule AI's MCP server exposes a structured set of tools that map to CDP commands. Your agent calls these tools like any other MCP tool — the same interface whether you're automating Chrome, reading memory, or querying the platform API.
Here's the sequence:
1. **Workspace starts with a Chrome session attached** — the session is scoped to a specific Chrome profile or fresh browser context, isolated from other agents
2. **Agent calls MCP tools** — `cdp_navigate`, `cdp_click`, `cdp_evaluate`, `cdp_screenshot`, and others are available as structured tools with type-safe parameters
3. **Every call is audit-attributed** — the org API key prefix (e.g., `mole_a1b2`) is logged with the tool name, parameters, and result for every CDP call
4. **Session is revocable at any time** — revoke the org API key and the agent loses Chrome access immediately
### AI Agent Browser Control: What You Can Do
**Navigation and interaction:**
- `cdp_navigate` — navigate to any URL (supports `data:` and `about:` URLs via browser UI)
- `cdp_click` — click a DOM element by selector
- `cdp_type` — type text into a focused element
- `cdp_hover` — hover over a DOM element
- `cdp_scroll` — scroll an element or the page
**Inspection and debugging:**
- `cdp_screenshot` — capture a full-page or viewport screenshot
- `cdp_evaluate` — execute JavaScript in the page context
- `cdp_get_cookies` / `cdp_set_cookies` — read and write cookies for authenticated sessions
- `cdp_get_local_storage` / `cdp_set_local_storage` — read and write localStorage
**Network and performance:**
- `cdp_get_requests` — capture and filter network requests (XHR, fetch, WS)
- `cdp_block_urls` — block specific URL patterns to simulate adblocked environments
- `cdp_set_throttle` — throttle network conditions (3G, LTE, offline)
---
## Browser Automation AI Agents: Use Cases That Actually Ship
The Chrome DevTools MCP integration is most useful in workflows where browser state is the source of truth — and where audit attribution matters.
### Automated Lighthouse audits on every PR
A research agent runs a Lighthouse audit against every pull request in your repo. It navigates to the preview URL, captures the performance score, flags regressions below your threshold, and reports to the PM agent. Every audit run is logged with the org API key — your observability team can trace which agent ran which audit and when.
```bash
# Agent calls cdp_navigate to the PR preview URL
# Agent calls cdp_evaluate to run Lighthouse inline
# Agent calls cdp_screenshot to capture the score
# Agent delegates results to PM workspace
```
### Visual regression detection
An agent maintains a baseline set of screenshots for your key user flows. On every code change, it navigates to each flow, captures screenshots, and diffs against the baseline. Drift beyond your threshold opens a ticket automatically. The governance layer means your QA team can review the full history of which screenshots were captured, when, and by which agent.
### Auth scraping
An agent reads authenticated browser state from an existing Chrome session — cookies, localStorage, session tokens — and uses that state to authenticate API calls that would otherwise require separate credential management. The session is scoped; the credentials never leave the browser context.
---
## MCP Governance Layer: Why It Matters
The MCP protocol gives you tool connectivity. The governance layer is what makes it enterprise-ready.
### Per-action audit logging
Every CDP call your agent makes generates an audit log entry. The log includes:
- **Org API key prefix** — which integration made the call (e.g., `mole_a1b2`)
- **Tool name and parameters** — `cdp_navigate(url=https://...)`
- **Result or error** — success, timeout, or CDP error code
- **Timestamp and workspace ID** — for timeline reconstruction
This is the audit trail your security team will ask for in the next compliance review. It exists because Molecule AI's MCP server generates it — not because you built a custom logging pipeline.
### Token-scoped Chrome sessions
Chrome sessions are isolated per org API key. When you create an org API key for a specific integration (`lighthouse-reporter`), that key's Chrome session is separate from every other key's session. No credential cross-contamination — Agent A cannot read Agent B's authenticated state because their sessions are isolated at the MCP tool layer.
### Instant revocation without redeployment
If you need to revoke access — the integration is compromised, the agent behavior is unexpected, the contractor relationship ended — you revoke the org API key:
```bash
curl -X DELETE https://platform.moleculesai.app/org/tokens/<token-id> \
-H "Authorization: Bearer <admin-session-token>"
```
The key stops working immediately. The Chrome session is closed. The agent loses browser access before the next heartbeat. No redeploy, no container restart, no waiting for DNS cache expiration.
---
## Setting Up Chrome DevTools MCP
Chrome DevTools MCP requires a Chrome instance running with the remote debugging port enabled, and a `chromedp` or equivalent CDP client connected through Molecule AI's MCP server.
### Step 1: Enable Chrome remote debugging
Start Chrome with the `--remote-debugging-port=9222` flag:
```bash
# macOS
/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome \
--remote-debugging-port=9222 \
--user-data-dir=/tmp/chrome-debug
# Linux
google-chrome --remote-debugging-port=9222 --user-data-dir=/tmp/chrome-debug
```
### Step 2: Configure Molecule AI
In your workspace config, add the Chrome DevTools MCP server URL:
```yaml
# config.yaml
mcpServers:
- name: chrome-devtools
url: "http://localhost:9222" # CDP WebSocket endpoint
transport: cdp
```
### Step 3: Verify the connection
Your agent can now call CDP tools. Test with a simple navigation:
```
Agent: navigate to https://example.com and screenshot the page
```
The audit log should show `cdp_navigate` and `cdp_screenshot` entries attributed to the workspace's org API key prefix.
---
## What the Security Review Looks Like
When your security team asks "what does this integration actually do?", here's the answer:
**What it can do:**
- Navigate to any URL (with org API key attribution on every navigation)
- Read and write browser state (cookies, localStorage, session tokens)
- Screenshot pages and DOM elements
- Execute JavaScript in the page context
**What it can't do (by default):**
- Access the host machine beyond the Chrome sandbox
- Read files outside the browser context
- Exfiltrate session tokens across session boundaries
**What revocation looks like:**
- Revoke org API key → immediate session close
- No redeploy, no agent restart
- Audit trail shows every action taken before revocation
---
## Browser Automation Governance: The Bigger Picture
Chrome DevTools MCP is one piece of Molecule AI's broader MCP governance story. MCP is a general-purpose protocol — it connects agents to any tool that speaks CDP, stdio, or HTTP. The governance layer applies uniformly: every MCP call gets the same treatment — org API key attribution, audit logging, instant revocation.
This means you can add new MCP integrations — databases, APIs, code execution environments — with the same governance posture. The MCP protocol is the connectivity layer. Molecule AI's MCP governance layer is the control plane.
If you're evaluating AI agent platforms for browser automation governance, the question to ask is not "can it control a browser?" It's "can I audit every action, attribute every call, and revoke access in one step?" Chrome DevTools MCP with Molecule AI's MCP governance layer is the answer to that question.
---
## Get Started
Chrome DevTools MCP is available on all Molecule AI deployments running Phase 30 or later.
- [MCP Server Setup Guide](/docs/guides/mcp-server-setup) — configure MCP tools in your workspace
- [Org API Keys: Audit Attribution Setup](/blog/org-scoped-api-keys) — set up org API keys with attribution
- [A2A Protocol Reference](/docs/api-protocol/a2a-protocol) — how agents delegate browser tasks to each other
<Callout variant="info">
Chrome DevTools MCP requires Chrome running with the remote debugging port enabled. CDP access is scoped per org API key — multiple agents can share Chrome sessions only if intentionally scoped that way via key design.
</Callout>

43
docs/blog/2026-04-30-phase-34/index.md Normal file
View File

@ -0,0 +1,43 @@
---
title: "What's New in Phase 34"
date: "2026-04-30"
slug: "whats-new-phase-34"
description: "Phase 34 ships Partner API Keys, SaaS Federation v2, Tool Trace observability, and Platform Instructions governance. Four production features for AI agent platforms."
tags: [phase-34, changelog, partner-api, federation, tool-trace, platform-instructions]
---
# What's New in Phase 34
**April 30, 2026**
Phase 34 ships four platform features: Partner API Keys (GA), SaaS Federation v2 (GA), Tool Trace observability (GA), and Platform Instructions governance (GA).
---
## Partner API Keys (GA)
Marketplace resellers, CI/CD tooling, and automation platforms can now manage Molecule AI orgs programmatically using scoped, rate-limited, revocable `mol_pk_` API keys. Create orgs, provision workspaces, and revoke access — no browser session required.
Available scopes: `orgs:create`, `orgs:list`, `orgs:delete`, `workspaces:create`, `billing:read`. Pricing tiers [coming soon](https://molecule.ai/pricing). Available on Partner and Enterprise plans.
## SaaS Federation v2 (GA)
Organizations can now collaborate across org boundaries using a structured, auditable trust model. Grant named federation trusts to partner orgs — scoped to specific workspaces and operations — without sharing credentials. Trust relationships are revocable at any time.
Federation v2 uses A2A protocol with embedded federation claims, so cross-org agent handoffs are verifiable at the receiving end. Available on Enterprise plans.
## Tool Trace Observability (GA)
Every A2A response now includes a structured `tool_trace` array in `Message.metadata`. Each entry records the tool called, its inputs, an output preview, and a `run_id` that correctly groups concurrent parallel calls.
Tool Trace is available on all plans. No sidecar service. No sampling. See the [A2A Protocol Reference](/docs/api-protocol/a2a-protocol) for the full schema.
## Platform Instructions Governance (GA)
Policy rules can now be prepended to an agent's system prompt at workspace startup — at the source, before the first token is generated. Rules are scoped to `global` (all workspaces in the org) or `workspace` (a specific workspace only). The `wsAuth`-gated resolve endpoint ensures workspaces can only read their own instructions.
Platform Instructions are available on Enterprise plans. Each instruction is capped at 8KB. Resolved instruction sets are cached at startup to avoid per-turn latency.
---
For full details, see the [Phase 34 launch post](/blog/phase-34-launch).

141
docs/marketing/blog/2026-04-23-partner-api-keys.md Normal file
View File

@ -0,0 +1,141 @@
---
title: "Ship Partner Integrations Faster with Programmatic Org Management"
date: 2026-04-23
slug: partner-api-keys
description: "Partner API Keys let marketplace resellers, CI/CD pipelines, and automation tools create and manage Molecule AI orgs via API — no browser session required."
og_title: "Ship Partner Integrations Faster with Programmatic Org Management"
og_description: "Partner API Keys: scoped, rate-limited, revocable API keys for programmatic org management. Built for marketplaces, CI/CD, and automation platforms."
og_image: /docs/assets/blog/2026-04-23-partner-api-keys-og.png
tags: [partner-api-keys, marketplace, ci-cd, automation, api, enterprise, provisioning]
keywords: [partner API keys, programmatic org management, marketplace integration, CI/CD automation, Molecule AI API, reseller integration, org provisioning API]
canonical: https://docs.molecule.ai/blog/partner-api-keys
---
<script type="application/ld+json">
{
"@context": "https://schema.org",
"@type": "Article",
"headline": "Ship Partner Integrations Faster with Programmatic Org Management",
"description": "Partner API Keys let marketplace resellers, CI/CD pipelines, and automation tools create and manage Molecule AI orgs via API.",
"author": { "@type": "Organization", "name": "Molecule AI" },
"datePublished": "2026-04-23",
"publisher": { "@type": "Organization", "name": "Molecule AI", "logo": { "@type": "ImageObject", "url": "https://molecule.ai/logo.png" } }
}
</script>
# Ship Partner Integrations Faster with Programmatic Org Management
When your platform needs to create an org — for a new customer, a CI environment, or a marketplace resale — the last thing you want is to hand that flow over to a human with a browser. Neither does your partner.
Phase 34 is designed to solve exactly this problem. **Partner API Keys** give marketplace resellers, CI/CD pipelines, and automation platforms a programmatic way to create and manage Molecule AI orgs — no browser session, no admin dashboard, just an API call.
## What Partner API Keys Do
A Partner API Key is a scoped, rate-limited, revocable bearer token — prefixed `mol_pk_` — that lives at the `/cp/` control plane boundary. It authenticates to a set of partner-facing endpoints that let you provision an org, poll its status, and revoke the integration when it's no longer needed.
Unlike org-scoped API keys (which operate *within* an org), Partner API Keys operate *at the org level*: they create orgs, list your own keys, and revoke themselves. The scope system lets you grant exactly the capabilities a partner needs — nothing more.
```bash
POST /cp/admin/partner-keys
Authorization: Bearer <admin-master-key>
{
"name": "acme-ci-pipeline",
"scopes": ["orgs:create", "orgs:list"],
"org_id": null
}
# Response
{
"id": "pak_01HXKM4...",
"key": "mol_pk_1a2b3c4d5e...", # shown ONCE
"name": "acme-ci-pipeline",
"scopes": ["orgs:create", "orgs:list"],
"created_at": "2026-04-23T08:00:00Z"
}
```
Your CI pipeline saves `mol_pk_1a2b3c4d5e...` as a secret and uses it to call the partner endpoints.
## The Partner API Surface
Once you have a Partner API Key, the integration flow looks like this:
```bash
# 1. Create an org
POST /cp/orgs
Authorization: Bearer mol_pk_1a2b3c4d5e...
{
"name": "acme-corp",
"slug": "acme-corp",
"plan": "standard"
}
# Response
{
"id": "org_01HXKM4...",
"slug": "acme-corp",
"status": "provisioning",
"created_at": "2026-04-23T08:00:00Z"
}
# 2. Poll until ready
GET /cp/orgs/org_01HXKM4.../status
Authorization: Bearer mol_pk_1a2b3c4d5e...
# 3. Redirect the customer
# → https://app.moleculesai.app/login?org=acme-corp
# 4. Revoke when done
DELETE /cp/admin/partner-keys/pak_01HXKM4...
Authorization: Bearer mol_pk_1a2b3c4d5e...
```
Every call is audited: the audit log records which Partner API Key was used, when, and what it did — so you can trace a provisioning event back to the integration that triggered it.
## Scopes and Rate Limits
Partner API Keys are granted specific scopes at creation time. A CI pipeline might get `orgs:create` + `orgs:list`. A marketplace reseller might also need `workspaces:create`. A monitoring tool might only need `orgs:list`.
```
Available scopes:
orgs:create — provision new orgs
orgs:list — list partner-managed orgs
orgs:delete — deprovision orgs
workspaces:create — create workspaces within an org
billing:read — read subscription status
```
Rate limits are enforced per key, independently of the session rate limit. A misbehaving integration hits its own ceiling without affecting other partners or organic traffic.
## The Marketplace Reseller Use Case
Marketplace resellers need to provision a Molecule AI org on behalf of every end customer — automatically, at scale, without a human in the loop. They also need to:
- **Scope the integration** to only the capabilities that partner needs
- **Revoke cleanly** when the reseller-customer relationship ends
- **Audit everything** for compliance reporting
Partner API Keys handle all three. A reseller creates one key per integration tier (e.g. one key for the standard tier, one for enterprise), each scoped to exactly what that tier allows. When a customer churns, the reseller revokes their key — the org stays but the automation path is closed.
## CI/CD: Ephemeral Test Orgs
CI/CD pipelines benefit from the same pattern. A test suite that needs to validate the Molecule AI integration flow can:
1. Create a temporary org via Partner API Key (`orgs:create`)
2. Run the integration tests against it
3. Delete the org when done (`orgs:delete`)
4. Revoke the key
Each run gets a clean environment. No shared state, no test pollution, no manual cleanup.
## Get Started
Partner API Keys are available on **Partner and Enterprise plans**. To get started:
- Contact your account team to request Partner API Key issuance
- Review the partner integration guide (coming soon)
- Example flows: create org → poll status → redirect to tenant; CI/CD test org lifecycle
---
*Molecule AI is open source. Partner API Keys shipped in Phase 34 (2026-04-23). Available on Partner and Enterprise plans.*

105
docs/marketing/blog/2026-04-23-platform-instructions-governance.md Normal file
View File

@ -0,0 +1,105 @@
---
title: "Govern Your Entire AI Fleet at the System Prompt Level"
date: 2026-04-23
slug: govern-ai-fleet-system-prompt-level
description: "Platform Instructions lets enterprise IT enforce org-wide and workspace-scoped policy rules at the system prompt level — before the first agent turn executes."
og_title: "Govern Your Entire AI Fleet at the System Prompt Level"
og_description: "Global rules. Workspace rules. Prepended to the system prompt at startup. Governance before the first turn, not after."
og_image: /docs/assets/blog/2026-04-23-platform-instructions-governance-og.png
tags: [governance, platform-instructions, enterprise, security, it-governance, system-prompt, policy, a2a]
keywords: [AI fleet governance, enterprise AI policy, system prompt governance, AI agent compliance, platform instructions, workspace policy enforcement, enterprise AI security]
canonical: https://docs.molecule.ai/blog/govern-ai-fleet-system-prompt-level
---
<script type="application/ld+json">
{
"@context": "https://schema.org",
"@type": "Article",
"headline": "Govern Your Entire AI Fleet at the System Prompt Level",
"description": "Platform Instructions lets enterprise IT enforce org-wide and workspace-scoped policy rules at the system prompt level.",
"author": { "@type": "Organization", "name": "Molecule AI" },
"datePublished": "2026-04-23",
"publisher": { "@type": "Organization", "name": "Molecule AI", "logo": { "@type": "ImageObject", "url": "https://molecule.ai/logo.png" } }
}
</script>
# Govern Your Entire AI Fleet at the System Prompt Level
The moment an AI agent goes into production, the governance question stops being theoretical. Which tools can it call? What data can it write to? Are there constraints that apply to every turn, not just the ones where someone remembered to add a guardrail?
Most platforms answer with post-hoc filtering — a rule that checks outputs after the agent has already decided what to do. Platform Instructions takes a different approach: governance at the source, before the first token is generated. Rules are prepended to the system prompt at workspace startup, shaping what the agent is instructed to do from the very first turn. The agent doesn't receive them as a filter. It receives them as context.
## Global and Workspace Scopes
Platform Instructions supports two scoping levels:
- **Global** — applied to every workspace in your organization. One rule, enforced everywhere across your entire AI fleet.
- **Workspace** — applied to a specific workspace only. Fine-grained control without global impact.
When a workspace starts, Molecule AI resolves all applicable instructions — combining global rules with workspace-specific ones — and prepends them to the agent's system prompt. The distinction matters: a filter can be worked around; a system prompt instruction shapes the agent's reasoning from the ground up.
## The API
Platform Instructions are managed via a REST API:
```bash
# Create a global instruction (org-admin token required)
POST /instructions
Authorization: Bearer <org-admin-token>
Content-Type: application/json
{
"scope": "global",
"content": "Before invoking any tool that writes to external storage, confirm the target path is within the org-approved sandbox directory. Reject and report if not."
}
# Create a workspace-scoped instruction
POST /instructions
Authorization: Bearer <workspace-admin-token>
Content-Type: application/json
{
"scope": "workspace",
"workspace_id": "ws_01HXKM3T8PRQN4ZW7XYVD2EJ5A",
"content": "This workspace handles customer PII. Redact all PII fields in tool outputs before writing to external systems."
}
# Retrieve resolved instructions for a workspace
# (wsAuth-gated — workspace can only read its own)
GET /workspaces/ws_01HXKM3T8PRQN4ZW7XYVD2EJ5A/instructions/resolve
Authorization: Bearer <workspace_token>
```
The resolve endpoint is gated by wsAuth — the calling workspace's own token. Workspaces cannot enumerate or retrieve instructions from other workspaces. There is no cross-workspace read-back. Each instruction is capped at 8KB of content. Resolved instruction sets are fetched once at startup and cached, so governance is enforced without adding latency to individual agent turns.
## Enforcement Before Execution
The architectural difference from post-hoc policy is timing. A post-hoc filter evaluates after the agent decides what to do. Platform Instructions are in the system prompt before the agent decides anything.
For regulated environments where the requirement is "prevent bad behavior" not "flag bad behavior," that distinction is everything. A compliance team that requires PII redaction doesn't want the agent to write raw PII and redact it on the way out — they want the agent to reason about redaction as part of its core task framing. Platform Instructions makes that possible.
## Enterprise Security: ACLs That Match the Requirement
Platform Instructions are enterprise-only because enterprise governance requires enterprise-grade access control:
- **Global instructions** are managed by org admins — not workspace owners
- **Workspace instructions** are managed by workspace admins within their own scope only
- **Resolve endpoint** requires wsAuth — a workspace cannot retrieve another workspace's instructions
- **No cross-workspace enumeration** — the API returns nothing to callers outside the owning scope
For IT governance teams, this is the access control surface the compliance review demands: policy lives at the org level, is enforced at the workspace level, and cannot be read or modified by the agents it governs.
## Get Started
Platform Instructions are available on **Enterprise plans**. To get started:
- Contact your account team or visit your workspace settings
- Define your first global instruction via POST /instructions
- Assign workspace-scoped instructions to specific workspaces
- Verify resolved instructions via GET /workspaces/{id}/instructions/resolve
For a complete governance picture, combine Platform Instructions with Tool Trace — see exactly which tools were called and what inputs were passed, alongside the policy that governed them.
---
*Molecule AI is open source. Platform Instructions shipped in Phase 34 (2026-04-23). Enterprise plans include org-scoped governance, wsAuth-gated resolve endpoints, and full instruction audit logs.*

218
docs/marketing/blog/2026-04-30-phase34-launch/index.md Normal file
View File

@ -0,0 +1,218 @@
---
title: "Phase 34: Partner API Keys, SaaS Federation v2, Tool Trace, and Platform Instructions"
date: 2026-04-30
slug: phase-34-launch
description: "Phase 34 ships four production features: Partner API Keys for programmatic org management, SaaS Federation v2 for multi-org collaboration, Tool Trace for full observability, and Platform Instructions for governance at the system prompt level."
og_title: "Phase 34: Four Production Features for AI Agent Platforms"
og_description: "Partner API Keys. SaaS Federation v2. Tool Trace. Platform Instructions. Phase 34 ships April 30 — the biggest platform release yet."
og_image: /docs/assets/blog/2026-04-30-phase34-launch-og.png
tags: [phase-34, partner-api, federation, observability, governance, enterprise, tool-trace, platform-instructions, a2a]
keywords: [AI agent platform, Partner API Keys, SaaS Federation, enterprise AI, AI agent observability, agent governance, A2A protocol, production AI]
canonical: https://docs.molecule.ai/blog/phase-34-launch
---
<script type="application/ld+json">
{
"@context": "https://schema.org",
"@type": "Article",
"headline": "Phase 34: Partner API Keys, SaaS Federation v2, Tool Trace, and Platform Instructions",
"description": "Phase 34 ships four production features for AI agent platforms: Partner API Keys, SaaS Federation v2, Tool Trace, and Platform Instructions.",
"author": { "@type": "Organization", "name": "Molecule AI" },
"datePublished": "2026-04-30",
"publisher": { "@type": "Organization", "name": "Molecule AI", "logo": { "@type": "ImageObject", "url": "https://molecule.ai/logo.png" } }
}
</script>
# Phase 34: Partner API Keys, SaaS Federation v2, Tool Trace, and Platform Instructions
**April 30, 2026 — GA**
Phase 34 is Molecule AI's biggest platform release yet. Four production features ship today: **Partner API Keys** for programmatic org lifecycle management, **SaaS Federation v2** for cross-org collaboration at scale, **Tool Trace** for complete observability into every agent execution, and **Platform Instructions** for governance enforced at the system prompt level.
These aren't add-ons. They're the infrastructure layer that moves AI agent platforms from "it ran" to "it's under control."
---
## Partner API Keys: Programmatic Org Management for Platforms and Resellers
The headline feature of Phase 34 is one that most end users won't see directly — but every platform builder will feel immediately.
When your product needs to create a Molecule AI org on behalf of a customer — a new tenant, a CI environment, a marketplace resale — you shouldn't need a human with a browser. Partner API Keys give marketplace resellers, automation platforms, and CI/CD tooling a scoped, rate-limited, revocable API key — prefixed `mol_pk_` — that authenticates to the partner-facing control plane. No dashboard. No session token. One API call.
```bash
# Mint a Partner API Key (admin-master-key required)
POST /cp/admin/partner-keys
{
"name": "acme-ci-pipeline",
"scopes": ["orgs:create", "orgs:list", "workspaces:create"]
}
# Response — key shown ONCE
{
"id": "pak_01HXKM4...",
"key": "mol_pk_1a2b3c4d5e6f...",
"name": "acme-ci-pipeline",
"scopes": ["orgs:create", "orgs:list", "workspaces:create"],
"created_at": "2026-04-30T00:00:00Z"
}
```
With the key in hand, a partner automation pipeline drives the full customer onboarding lifecycle programmatically:
```bash
# 1. Create the org
POST /cp/orgs
Authorization: Bearer mol_pk_1a2b3c4d5e6f...
{
"name": "acme-corp",
"slug": "acme-corp",
"plan": "standard"
}
# 2. Poll until the org is provisioned
GET /cp/orgs/org_01HXKM4.../status
# 3. Ship the customer their login link
# → https://app.moleculeai.ai/login?org=acme-corp
# 4. Revoke when the integration ends
DELETE /cp/admin/partner-keys/pak_01HXKM4...
```
Available scopes: `orgs:create`, `orgs:list`, `orgs:delete`, `workspaces:create`, `billing:read`. Each key has independent rate limits — a misbehaving integration hits its own ceiling without affecting other partners or organic traffic. Every call is audited: the log records which key was used, when, and what it did.
**Pricing tiers and rate limits are [coming soon](https://molecule.ai/pricing).** Contact your Molecule AI account team to request key issuance for your integration.
Partner API Keys are available on Partner and Enterprise plans.
---
## SaaS Federation v2: Cross-Org Collaboration Without Credential Sharing
Phase 33 shipped org-scoped API keys — credentials that live at the organization level and reach every workspace in your org. SaaS Federation v2 builds on that foundation to let organizations collaborate across org boundaries, without sharing credentials, without workarounds, and without a separate "enterprise bridge" service to maintain.
Federation v2 introduces a structured trust model between orgs. An org admin grants a named federation trust to a partner org — specifying exactly which workspaces are reachable and which operations are permitted. The trust is scoped, revocable, and auditable. No shared secrets. No bilateral token exchange. No custom middleware.
```bash
# Org A: establish a trust relationship with Org B
POST /orgs/:org_a/federation/trusts
{
"target_org_id": "org_01HXKM4B...",
"target_org_name": "Acme Corp",
"workspace_ids": ["ws_abc123", "ws_def456"],
"allowed_operations": ["workspaces:read", "channels:read"],
"expires_at": "2027-04-30T00:00:00Z"
}
```
Once established, agents in Org A can route tasks to Org B's workspaces using Molecule AI's existing A2A protocol — with federation claims embedded in the request metadata so the receiving org can verify the caller's org identity without receiving their org token.
**Why this matters:** In Phase 33, cross-org collaboration either required credential sharing (bad) or manual operator handoff (slow). Federation v2 makes it a first-class, auditable, revocable protocol operation. Your AI fleet can hand off work to a partner's fleet — and you can see exactly what was handed off, when, and whether it was permitted.
SaaS Federation v2 is available on Enterprise plans. Contact your account team to enable federation trusts for your orgs.
---
## Tool Trace: Full Observability Into Every Agent Execution
When your AI agent produces a wrong answer in production, the question isn't "what did the agent say?" — it's "which tool did it call, with what inputs, and what did it get back?"
Most platforms answer the first question. Tool Trace answers all three — for every call, in every response.
Every A2A response from Molecule AI now includes a structured `tool_trace` array in `Message.metadata`. For each tool invocation:
- **`tool`** — the tool name (`Bash`, `Write`, `Read`, `HTTPRequest`, etc.)
- **`input`** — the exact parameters passed
- **`output_preview`** — first ~200 characters of the result
- **`run_id`** — groups concurrent calls so parallel executions don't collapse into a scrambled sequence
```json
{
"metadata": {
"tool_trace": [
{
"tool": "Bash",
"input": { "command": "go build ./... && go test ./..." },
"output_preview": "ok auth 0.314s\nok config 0.201s\n--- PASS: TestIntegration (12.3s)",
"run_id": "01HXKM3T8PRQN4ZW7XYVD2EJ5A"
},
{
"tool": "Read",
"input": { "file_path": "/workspace/coverage/report.json" },
"output_preview": "Read 2.1 KB from /workspace/coverage/report.json",
"run_id": "01HXKM3T8PRQN4ZW7XYVD2EJ5A"
}
],
"run_id": "01HXKM3T8PRQN4ZW7XYVD2EJ5A"
}
}
```
Instead of "the agent ran the migration and it failed," you get: `tool_call[2] — Bash — kubectl apply -f migration.sql — returned error 1062: Duplicate entry — 0 rows affected — 23ms.` The diagnosis takes minutes, not hours.
Tool Trace is available on all Molecule AI plans. No sampling, no sidecar service. It's in the A2A response metadata.
---
## Platform Instructions: Governance at the System Prompt Level
Most governance platforms filter outputs *after* an agent decides what to do. Platform Instructions takes a different approach: governance at the source, before the first token is generated.
Platform Instructions are policy rules prepended to the agent's system prompt at workspace startup. The agent doesn't receive them as a filter. It receives them as part of its task framing from the very first turn — which means the policy shapes the agent's reasoning, not just its output.
### Two Scopes, One Model
- **Global** — applied to every workspace in your organization. One rule, enforced everywhere across your AI fleet.
- **Workspace** — applied to a specific workspace only. Fine-grained control without global impact.
When a workspace starts, Molecule AI resolves all applicable instructions and prepends them to the system prompt. The distinction matters: a post-hoc filter can be worked around; a system prompt instruction shapes the agent's reasoning from the ground up.
```bash
# Create a global instruction (org-admin token)
POST /instructions
{
"scope": "global",
"content": "Before invoking any tool that writes to external storage, confirm the target path is within the org-approved sandbox directory. Reject and report if not."
}
# Create a workspace-scoped instruction
POST /instructions
{
"scope": "workspace",
"workspace_id": "ws_01HXKM3T8PRQN4ZW7XYVD2EJ5A",
"content": "This workspace handles customer PII. Redact all PII fields in tool outputs before writing to external systems."
}
```
The resolve endpoint is gated by `wsAuth` — a workspace can only read its own instructions. Each instruction is capped at 8KB. Resolved instruction sets are fetched once at startup and cached, so governance doesn't add per-turn latency.
**For regulated environments, this is the architecture compliance reviews demand:** policy lives at the org level, is enforced at the workspace level, and cannot be read or modified by the agents it governs. Combine with Tool Trace to see exactly which tools were called alongside the policy that governed them.
Platform Instructions are available on Enterprise plans.
---
## What This Means for Developers
Phase 34 is an infrastructure release. It doesn't change how agents run — it changes what you can do *after*.
**If you're building a platform on Molecule AI:** Partner API Keys let your marketplace, CI pipeline, or automation tool manage orgs programmatically. Create, provision, audit, revoke — no human in the loop.
**If you're collaborating across orgs:** SaaS Federation v2 makes cross-org agent handoffs a first-class, auditable protocol operation — not a credential-sharing workaround.
**If you're debugging in production:** Tool Trace turns opaque failures into structured traces. You know which tool failed, what it received, what it returned, and how long it took.
**If you're in a regulated industry:** Platform Instructions means governance is in the system prompt before the agent decides anything. Not a filter. Not a separate service. It's part of the workspace contract.
---
## Get Started
- **Partner API Keys** — available on Partner and Enterprise plans. Contact your account team to request key issuance. Pricing tiers [coming soon](https://molecule.ai/pricing).
- **SaaS Federation v2** — available on Enterprise plans. Contact your account team to enable federation trusts.
- **Tool Trace** — available on all plans. See the [A2A Protocol Reference](/docs/api-protocol/a2a-protocol) for the full `Message.metadata` schema.
- **Platform Instructions** — available on Enterprise plans. Configure them in your workspace settings or via the REST API.
[Molecule AI](https://molecule.ai) is open source. Phase 34 ships April 30, 2026.
*Phase 34 ships in PRs #1807 (Tool Trace), #XXXX (SaaS Federation v2), and across the platform control plane.*

110
docs/marketing/campaigns/cloudflare-artifacts-launch/social-copy.md Normal file
View File

@ -0,0 +1,110 @@
# Cloudflare Artifacts — Social Copy
Campaign: cloudflare-artifacts-launch | Blog: `docs/blog/2026-04-21-cloudflare-artifacts/index.md`
Publish day: 2026-04-21 (blog live on staging)
Status: Copy ready — pending Marketing Lead approval
---
## X (Twitter) — Primary thread (5 posts)
### Post 1 — Hook (keyword: `AI agent version control`)
Your AI agent just finished a 3-hour refactor.
What changed? Do you know?
Agents that don't maintain version history leave you reviewing final outputs blind. Cloudflare Artifacts makes the agent's working state a first-class Git repository — with branches, commits, and rollbacks built in.
→ https://docs.molecule.ai/blog/cloudflare-artifacts
---
### Post 2 — Git-native (keyword: `Git for AI agents`)
Cloudflare Artifacts speaks Git natively.
Agents use standard `git clone` and `git fetch`. Any Git client works. No new tooling, no custom client library, no proprietary format.
Molecule AI connects every workspace to an Artifacts repo — the platform handles the credential lifecycle so you don't have to.
→ https://docs.molecule.ai/blog/cloudflare-artifacts
---
### Post 3 — Credential model (keyword: `short-lived Git credentials`)
The credential model is the part that makes this production-safe:
→ Tokens scoped to a single repo
→ Short-lived by default (1 hour, capped at 7 days)
→ Revocable without touching the repo
No long-lived credentials sitting in environment variables. No credential sprawl across your agent fleet.
→ https://docs.molecule.ai/blog/cloudflare-artifacts
---
### Post 4 — Use cases (keyword: `AI agent audit trail`)
Real things you can do once your agent's working state is versioned:
• Review every commit the agent made — not just the final output
• Fork a workspace before a risky operation, roll back if it goes wrong
• Roll a session back to a known-good state if an agent corrupts a config
• Build an auditable record of agent decisions without any custom instrumentation
→ https://docs.molecule.ai/blog/cloudflare-artifacts
---
### Post 5 — CTA
Cloudflare Artifacts integration ships today with Molecule AI.
Your agents don't just produce outputs — they maintain a versioned working state you can inspect, branch, and roll back.
Configure a workspace → your full version history.
→ https://docs.molecule.ai/blog/cloudflare-artifacts
#GitForAgents #AIAgents #AgenticAI #MoleculeAI #Cloudflare
---
## LinkedIn — Single post
**Title:** We gave our AI agents a Git history. Here's what that changes.
**Body:**
Most AI agent platforms treat the workspace as a black box — you get a final output, the session ends, and the working state is gone.
We just shipped a Cloudflare Artifacts integration for Molecule AI. It changes the model.
Here's what it means in practice:
**Agents work in a Git repository.** Every workspace is linked to a Cloudflare Artifacts repo. The agent uses standard `git clone` and `git push` — no proprietary client, no custom tooling. Any Git client works.
**Short-lived, repo-scoped credentials.** Tokens are scoped to a single repo, short-lived by default, and revocable immediately. No long-lived credentials in environment variables. The platform handles the credential lifecycle.
**You can review the work, not just the output.** Instead of reading a final result, you `git log` the workspace and see every commit the agent made — with the context of what the agent was working on when it ran.
**Fork before you let it run.** Fork a workspace's repo before a risky operation. If the outcome is bad, you have the original state. If it's good, you merge.
**Roll back a session.** Because Artifacts is fully versioned, a workspace's state at any previous commit is accessible via Git. An agent that corrupts a config file can have its workspace reset to a known-good state by pointing it at an earlier commit.
**Security: API keys don't enter the Git history.** Before any working state is committed, `snapshot_scrub.py` runs over it. API keys, bearer tokens, and sandbox tool output are redacted or excluded before the snapshot enters the git history.
The integration is live now for all Molecule AI workspaces with Cloudflare Artifacts access.
→ https://docs.molecule.ai/blog/cloudflare-artifacts
#AIAgents #AgenticAI #MoleculeAI #Cloudflare #GitOps
---
## Campaign notes
**Audience:** Developer / DevOps (X), Platform engineers (LinkedIn)
**Tone:** Practical, production-first. Lead with the version control story, not the feature list.
**Differentiation:** Git-native — agents use standard Git, not a proprietary format. Short-lived credentials. Snapshot scrubbing for security.
**Use case pairing:** X → version history + review workflow (developer angle), LinkedIn → operational safety + audit trail (platform engineering angle)
**Assets:** Screencast videos at `docs/marketing/devrel/demos/cloudflare-artifacts/` (16:9 + 1:1 + captioned variants)
**Coordination:** This blog is live — social can go out same day. Coordinate with Social Media Brand queue.
**Hashtags:** #GitForAgents #AIAgents #AgenticAI #MoleculeAI #Cloudflare

13
docs/marketing/campaigns/phase34-launch/phase34-launch-tts-script.txt Normal file
View File

@ -0,0 +1,13 @@
Phase 34 ships today. Four production features that change what running AI agents at scale actually means.
Feature one: Partner API Keys. Marketplace resellers, CI/CD pipelines, and automation platforms can now provision and manage Molecule AI organizations programmatically. No browser. No admin dashboard. Scoped, rate-limited, revocable API keys with full audit attribution. The mol_pk underscore key model.
Feature two: Tool Trace. Full observability into every agent execution. Tool Trace records every tool call an agent makes — the input, the result, the latency, and the call chain. You see what the agent actually did, not just what it said it did. Built in. Not an add-on.
Feature three: Platform Instructions. Governance enforced at the system prompt level. Set rules like, quote, always tag every outbound message with the org ID, end quote. Or, quote, never output raw API keys, end quote. Or, quote, route sensitive operations through an approval gate, end quote. The rule applies to every agent on your platform. You set it once.
Feature four: SaaS Federation version two. Cross-organization collaboration at scale. Organizations can now establish trust relationships and delegate tasks across org boundaries. With org-scoped API keys, every cross-org call is attributable and auditable. A2A protocol plus Federation version two equals agents that collaborate across organizational boundaries without breaking your audit trail.
Phase 34 is available today. Four production features, not experiments, not betas. Available now on Molecule AI.
docs.molecule.ai slash blog slash phase dash 34 dash launch.

125
docs/marketing/campaigns/phase34-launch/social-copy.md Normal file
View File

@ -0,0 +1,125 @@
# Phase 34 — Launch Social Copy
Campaign: phase-34-launch | Blog: `docs/marketing/blog/2026-04-30-phase34-launch/index.md`
Slug: phase-34-launch
Publish day: 2026-04-30 (GA day)
Assets: OG image at `docs/assets/blog/2026-04-30-phase34-launch-og.png`
Hashtags: #AgenticAI #MoleculeAI #PlatformEngineering #EnterpriseAI #AIobservability #AgentGovernance #A2A
UTM: `?utm_source=twitter&utm_medium=social&utm_campaign=phase-34-launch`
---
## X Thread — 5 posts
### Post 1 — Hook (the four features)
Phase 34 ships today.
4 production features that change what "running AI agents at scale" actually means:
→ Partner API Keys — programmatic org lifecycle management
→ Tool Trace — full observability into every agent execution
→ Platform Instructions — governance at the system prompt level
→ SaaS Federation v2 — cross-org collaboration
The biggest Molecule AI release yet.
→ https://docs.molecule.ai/blog/phase-34-launch
---
### Post 2 — Tool Trace (observability)
Most agent platforms give you: a final output.
Molecule AI Phase 34 gives you: the full trace.
Tool Trace records every tool call an agent makes — the input, the result, the latency, and the call chain. You see what the agent actually did, not just what it said it did.
Built-in. Not an add-on. Not an enterprise tier.
→ https://docs.molecule.ai/blog/phase-34-launch
---
### Post 3 — Platform Instructions (governance)
Platform Instructions let you inject governance rules into every agent's system prompt — without touching your agents' tasks.
Set rules like:
→ "Always tag every outbound message with the org ID"
→ "Never output raw API keys"
→ "Route sensitive operations through approval gate"
The rule applies to every agent that runs on your platform. You set it once.
→ https://docs.molecule.ai/blog/phase-34-launch
---
### Post 4 — SaaS Federation v2 (cross-org)
Phase 33: your agents can talk to each other.
Phase 34: your organizations can talk to each other.
SaaS Federation v2 lets orgs establish trust relationships — delegating tasks, sharing context, and routing work across org boundaries. With org-scoped API keys, every cross-org call is attributable and auditable.
A2A protocol + Federation v2 = agents that collaborate across organizational boundaries without breaking your audit trail.
→ https://docs.molecule.ai/blog/phase-34-launch
---
### Post 5 — CTA (the bottom line)
Phase 34 isn't a feature drop.
It's the layer that makes AI agent platforms production-ready:
→ You can see what agents did (Tool Trace)
→ You can govern what agents can do (Platform Instructions)
→ You can manage orgs at scale (Partner API Keys)
→ You can collaborate across orgs (SaaS Federation v2)
→ https://docs.molecule.ai/blog/phase-34-launch
#AgenticAI #MoleculeAI #PlatformEngineering #EnterpriseAI #AIobservability
---
## LinkedIn — Single Post
**Title:** Phase 34: four production features that move AI agent platforms from "it ran" to "it's under control"
**Body:**
Phase 34 ships today. Four production features — not experiments, not betas, not enterprise-only add-ons. Everything in GA.
Here's what shipped:
**Tool Trace — full observability into every agent execution.**
Most agent platforms give you a final output. Tool Trace gives you the execution chain: every tool call, its input, result, and latency — in order. You see what the agent actually did. You can replay it, audit it, and debug it.
**Platform Instructions — governance enforced at the system prompt level.**
Platform Instructions let you inject rules into every agent's system prompt — without touching the agent's task. "Always tag outbound messages with org ID." "Never output raw API keys." "Route sensitive operations through an approval gate." You set it once; it applies to every agent on your platform.
**Partner API Keys — programmatic org lifecycle management.**
Marketplace resellers, CI/CD pipelines, and automation platforms can now provision and manage Molecule AI orgs via API — no browser, no admin dashboard. Scoped, rate-limited, revocable keys with full audit attribution. The `mol_pk_*` key model.
**SaaS Federation v2 — cross-org collaboration at scale.**
Org-to-org trust relationships let agents delegate tasks and share context across organizational boundaries. Combined with org-scoped API keys, every cross-org call is attributable and auditable. A2A protocol + Federation v2 = real multi-org workflows.
What's common across all four features: they're all infrastructure-layer. They don't change what your agents do — they change what you can control, see, and scale.
Phase 34 is available today for all Molecule AI plans.
→ [Read the full launch post](https://docs.molecule.ai/blog/phase-34-launch)
→ [Tool Trace documentation](https://docs.molecule.ai/blog/phase-34-launch#tool-trace)
→ [Platform Instructions documentation](https://docs.molecule.ai/blog/phase-34-launch#platform-instructions)
**Hashtags:** #AgenticAI #MoleculeAI #PlatformEngineering #EnterpriseAI #AIobservability #AgentGovernance
**CTA:** Share with the platform engineer on your team who needs to explain to their CTO why AI agent governance matters.
---
## Campaign notes
**Audience:** Platform engineers / DevOps / CTOs (X), Enterprise platform teams / DevRel / AI infra leads (LinkedIn)
**Tone:** Authoritative, infrastructure-layer. Not a features list — a "this changes what production-ready means" narrative.
**Differentiation:** Tool Trace is built-in (not add-on). Platform Instructions apply at the system prompt level (not prompt engineering). Partner API Keys are API-first (not dashboard-first). Federation v2 + A2A = cross-org with audit trail.
**Coordination:** Publish 2026-04-30 (GA day). Partner API Keys have a dedicated Apr 28 thread already in queue. This thread covers the umbrella Phase 34 story — complementary, not redundant.
**Assets:** OG image at `docs/assets/blog/2026-04-30-phase34-launch-og.png`
**Self-review applied:** No benchmarks, no competitor comparisons, no person names, no pricing tier claims.
**Status:** Draft — pending Marketing Lead approval

BIN
docs/marketing/devrel/demos/cloudflare-artifacts/cloudflare-artifacts-screencast-1x1.mp4 Normal file
View File

Binary file not shown.

BIN
docs/marketing/devrel/demos/cloudflare-artifacts/cloudflare-artifacts-screencast-9x16.mp4 Normal file
View File

Binary file not shown.

BIN
docs/marketing/devrel/demos/cloudflare-artifacts/cloudflare-artifacts-screencast-captioned-1x1.mp4 Normal file
View File

Binary file not shown.

BIN
docs/marketing/devrel/demos/cloudflare-artifacts/cloudflare-artifacts-screencast-captioned-9x16.mp4 Normal file
View File

Binary file not shown.

BIN
docs/marketing/devrel/demos/cloudflare-artifacts/cloudflare-artifacts-screencast-captioned.mp4 Normal file
View File

Binary file not shown.

BIN
docs/marketing/devrel/demos/cloudflare-artifacts/cloudflare-artifacts-screencast.mp4 Normal file
View File

Binary file not shown.

BIN
docs/marketing/devrel/demos/memory-inspector-panel/memory-inspector-panel-screencast-1x1.mp4 Normal file
View File

Binary file not shown.

BIN
docs/marketing/devrel/demos/memory-inspector-panel/memory-inspector-panel-screencast-9x16.mp4 Normal file
View File

Binary file not shown.

BIN
docs/marketing/devrel/demos/memory-inspector-panel/memory-inspector-panel-screencast-captioned-1x1.mp4 Normal file
View File

Binary file not shown.

BIN
docs/marketing/devrel/demos/memory-inspector-panel/memory-inspector-panel-screencast-captioned-9x16.mp4 Normal file
View File

Binary file not shown.

BIN
docs/marketing/devrel/demos/memory-inspector-panel/memory-inspector-panel-screencast-captioned.mp4 Normal file
View File

Binary file not shown.

BIN
docs/marketing/devrel/demos/memory-inspector-panel/memory-inspector-panel-screencast.mp4 Normal file
View File

Binary file not shown.

BIN
docs/marketing/devrel/demos/phase30-hero-video/phase30-hero-video-16x9-captioned.mp4 Normal file
View File

Binary file not shown.

BIN
docs/marketing/devrel/demos/phase30-hero-video/phase30-hero-video-16x9.mp4 Normal file
View File

Binary file not shown.

403
docs/marketing/manual-posting-package.md Normal file
View File

@ -0,0 +1,403 @@
# Manual Social Posting Package
**Generated by:** Content Marketer (A2A outage fallback)
**Date:** 2026-04-21
**Status:** Ready for human execution — no API credentials needed, just paste
---
## CAMPAIGN 1: Chrome DevTools MCP (Day 1)
**Blog:** https://docs.molecule.ai/blog/chrome-devtools-mcp
**Campaign doc:** `docs/marketing/campaigns/chrome-devtools-mcp-seo/social-copy.md`
**Image assets:** `marketing/devrel/campaigns/chrome-devtools-mcp-seo/assets/`
**CTA link finalized:** ✅ Yes
### X (Twitter) — Exact tweet text (5 posts)
**Post 1:**
Your AI agent just made a purchase on your behalf.
What did it buy? From where? With which account?
Most agents operate in a black box. Browser DevTools MCP makes the browser a first-class tool — with org-level audit attribution on every action.
→ https://docs.molecule.ai/blog/chrome-devtools-mcp
**Post 2:**
Browser automation for AI agents usually means: give the agent your credentials, hope it doesn't go somewhere unexpected, and check the logs after.
That's not a governance model. That's a trust fall.
Molecule AI's MCP governance layer for Chrome DevTools MCP gives you:
→ Which agent accessed which session
→ What it did (navigate, fill, screenshot, submit)
→ Audit trail with org API key attribution
One org API key prefix per integration. Instant revocation.
→ https://docs.molecule.ai/blog/chrome-devtools-mcp
**Post 3:**
Real things teams use Chrome DevTools MCP for in production:
• Automated Lighthouse audits on every PR — agent runs the audit, reports the score, flags regressions
• Visual regression detection — agent screenshots key pages, diffs against baseline, opens tickets on drift
• Auth scraping — agent reads the authenticated state from an existing browser session
The governance layer means your security team can see all three in the audit trail.
→ https://docs.molecule.ai/blog/chrome-devtools-mcp
**Post 4:**
The MCP protocol lets you connect any compatible tool to any compatible agent.
What's been missing: visibility into what the agent actually did with that access.
Molecule AI's MCP governance layer adds:
• Per-action audit logging with org API key attribution
• Token-scoped Chrome sessions — no credential sharing across agents
• Instant revocation without redeployment
→ https://docs.molecule.ai/blog/chrome-devtools-mcp
**Post 5:**
Chrome DevTools MCP ships today with Molecule AI Phase 30.
If you're running AI agents that interact with web UIs — there's a governance story you need to have ready before your security team asks.
→ https://docs.molecule.ai/blog/chrome-devtools-mcp
**Suggested image:** `marketing/devrel/campaigns/chrome-devtools-mcp-seo/assets/chrome-devtools-mcp-social-card.png`
**Image alt-text:** "AI agent browser session with MCP protocol governance layer showing org API key attribution and audit trail"
---
### LinkedIn — Exact post text
**Title:** Why your AI agent's browser access needs a governance layer
**Body:**
Your AI agent can use a browser. That's useful. But "useful" isn't a security posture.
When an agent operates inside a browser — filling forms, reading session state, navigating authenticated flows — most platforms give you two options: trust it completely, or don't let it near the browser at all.
Molecule AI's Chrome DevTools MCP integration adds a third option: visibility with control.
Here's what "governance layer" actually means in this context:
→ Every browser action is logged with the org API key prefix that made the call. You know which agent touched what session, every time.
→ Chrome sessions are token-scoped. Agent A's session is not Agent B's session. No credential cross-contamination.
→ Revocation is instant. One API call, the key stops working, the session closes. No redeploy.
→ Audit trails are exportable. Your security team can review them without a custom logging pipeline.
This is the difference between "the agent can use a browser" and "the agent's browser access is auditable, attributable, and revocable."
Chrome DevTools MCP is available now on all Molecule AI deployments.
→ https://docs.molecule.ai/blog/chrome-devtools-mcp
---
---
## CAMPAIGN 2: Discord Adapter Launch
**Blog:** [BLOG_URL — insert after publish, then update social copy]
**Campaign doc:** `docs/marketing/campaigns/discord-adapter-launch/social-copy.md`
**Image assets:** `marketing/devrel/campaigns/discord-adapter-launch/assets/`
**CTA link:** BLOCKED — pending blog URL. Do NOT post until `[BLOG_URL]` is filled in social-copy.md.
### X (Twitter) — Exact tweet text (5 posts) — DO NOT POST YET
**Post 1:**
Your team is already in Discord.
Your AI agent is in Molecule AI.
Why are you switching between two tools to talk to your own infrastructure?
Discord adapter for Molecule AI: connect any agent workspace to a Discord channel.
Slash commands in. Agent responses out.
**Post 2:**
Most Discord bot integrations require:
→ Create a bot in the Developer Portal
→ Set up OAuth2
→ Handle the Gateway
→ Manage intents and permissions
Molecule AI's Discord adapter requires:
→ One webhook URL
That's it. The webhook encodes the channel and bot credentials. You paste it in Canvas. You're done.
**Post 3:**
The Discord adapter uses two standard Discord features:
→ Incoming Webhooks for outbound messages (agent → Discord)
→ Discord Interactions for inbound slash commands (Discord → agent)
No polling. No Gateway. No message-reading permissions.
Users type `/ask what's our deployment status?` — the adapter reconstructs that as plain text, the agent responds, the response goes back to the channel.
**Post 4:**
In Molecule AI, a Community Manager agent receives the slash command, delegates to the right sub-agent, and returns the answer to Discord.
The routing is invisible to the Discord user.
Discord → Community Manager → (Security Auditor | QA Engineer | PM) → Discord
Your whole agent team, accessible from a Discord server your team already lives in.
**Post 5:**
Discord adapter for Molecule AI is live.
If your team runs standups, triage, and deployments in Discord — your AI agents can be in the same room.
Connect a workspace in two minutes. Start with a slash command.
**Suggested image:** `marketing/devrel/campaigns/discord-adapter-launch/assets/discord-adapter-social-card.png`
**Image alt-text:** "Molecule AI Discord adapter showing slash command flow from Discord to agent hierarchy and back"
---
### LinkedIn — Exact post text — DO NOT POST YET
**Title:** We put our AI agents in Discord — here's why that's a bigger deal than it sounds
**Body:**
Every AI agent platform eventually gets asked the same question: "can we talk to it from where our team already communicates?"
For a lot of teams, that place is Discord. Not as a notification sink — as a working interface.
We just shipped a Discord adapter for Molecule AI. Here's what made it interesting to build:
The naive approach is a Discord bot with message reading permissions, OAuth flows, Gateway connections, and rate limit handling. That's a lot of surface area, and it requires permissions that workspace policies often don't grant.
The Molecule AI approach is two standard Discord primitives:
→ Incoming Webhooks for outbound messages. You give us a webhook URL. That's the only credential. It encodes the channel and bot credentials. You paste it in Canvas. Done.
→ Discord Interactions for inbound slash commands. Users type `/ask what's our deployment status?`. We parse the command and options from the signed JSON payload. The agent receives it as plain text. The response goes back to the channel.
No polling. No Gateway. No special permissions.
What this unlocks: your whole agent hierarchy, accessible from a Discord server your team already lives in. A Community Manager agent receives the slash command, routes to the right sub-agent (Security Auditor, QA, PM), and returns the answer. The routing is invisible to the Discord user.
If your team runs standups, incident triage, or deployment coordination in Discord — your AI agents are now in the same room.
Discord adapter is live now. [INSERT BLOG URL HERE — DO NOT POST WITHOUT THIS]
---
---
## CAMPAIGN 3: Org-Scoped API Keys
**Blog:** https://docs.molecule.ai/blog/org-scoped-api-keys
**Campaign doc:** `docs/marketing/campaigns/fly-deploy-anywhere/social-copy.md`
**CTA link:** ✅ Yes (same blog URL as fly-deploy-anywhere)
### X (Twitter) — Exact tweet text (5 posts)
**Post 1:**
You have 20 agents running in production.
One of them is making calls you can't trace.
That's not a hypothetical. That's what happens when you scale past "one ADMIN_TOKEN works fine" — and it usually happens the week before a compliance review.
Molecule AI org-scoped API keys: named, revocable, audit-attributable credentials for every integration.
**Post 2:**
The ADMIN_TOKEN problem:
→ One token, ten agents, impossible to rotate without downtime
→ No attribution — you can't tell which agent made which call
→ One compromised token compromises everything
Org-scoped keys give each integration its own credential with its own identity. Rotate without downtime. Revoke without collateral damage.
**Post 3:**
Org API keys in the audit log:
org-token:mole_a1b2 POST /workspaces/ws_abc123/channels 200 12ms
org-token:mole_a1b2 GET /workspaces/ws_abc123/secrets 200 3ms
That's the difference between "something called our API" and "ci-deploy-bot called /channels with our DevOps key, at 2:47am, successfully."
**Post 4:**
Key rotation without downtime:
1. Mint a new org API key
2. Update your integration
3. Revoke the old key
Both keys are valid simultaneously during the window when you're updating the integration. Zero downtime. Full audit trail.
**Post 5:**
Org-scoped API keys: now in Molecule AI Canvas → Settings → Org API Keys.
Named. Revocable. Audit-attributable. Replace shared ADMIN_TOKEN with credentials your compliance team can actually sign off on.
---
---
## CAMPAIGN 4: A2A Enterprise (NEW — just created)
**Blog:** https://docs.molecule.ai/blog/a2a-communication-enterprise
**Campaign doc:** `docs/marketing/campaigns/a2a-enterprise-launch/social-copy.md`
**CTA link:** ✅ Yes
**Hero image:** TBD — coordinate with Social Media Brand once workspace recovers
### X (Twitter) — Exact tweet text (5 posts)
**Post 1:**
Your agents can talk to each other.
Now prove it.
"Connect agents" is the easy part. The hard part is knowing which agent called which, what it did, and whether you can revoke access without a redeploy.
A2A protocol with org-level governance is the difference between "agents connected" and "audit trail exists."
→ https://docs.molecule.ai/blog/a2a-communication-enterprise
**Post 2:**
Two agents. Same VPC. Talking directly. That's solved.
Two agents. Different cloud providers. Across a VPN. A2A still works.
That's the harder problem — and the one that matters for teams actually running AI at scale across infrastructure boundaries.
Molecule AI's A2A registry handles cross-infrastructure discovery. Your agents don't care where the other agent lives.
→ https://docs.molecule.ai/blog/a2a-communication-enterprise
**Post 3:**
"Which agent accessed which workspace, and what did it do with the data?"
If your A2A implementation can't answer that question, it's not an enterprise-ready feature. It's a developer preview.
Molecule AI A2A: org API key attribution on every cross-agent call. Audit trail exportable for compliance review. Revocation in one API call — no redeploy.
→ https://docs.molecule.ai/blog/a2a-communication-enterprise
**Post 4:**
Not every agent should be able to reach every other agent.
Flat agent-to-agent mesh = lateral movement risk at scale.
Molecule AI's CanCommunicate() hierarchy: same workspace ✓ | siblings ✓ | parent↔child ✓ | everything else ✗ by default.
Enterprise A2A means scoped communication rights, same as every other access control.
→ https://docs.molecule.ai/blog/a2a-communication-enterprise
**Post 5:**
A2A protocol is shipping in Molecule AI Phase 30.
Every workspace is an A2A server. Every cross-agent call is audit-attributed. Cross-infrastructure discovery is built in.
If you're running multi-agent systems and can't answer "which agent did what," your A2A story isn't done.
→ https://docs.molecule.ai/blog/a2a-communication-enterprise
**Suggested image:** [TBD — needs Social Media Brand to generate hero]
**Image alt-text:** "Two AI agents communicating across different cloud infrastructure via A2A protocol, with org-level API key attribution visible in the audit trail"
---
### LinkedIn — Exact post text
**Title:** A2A protocol is solved. A2A governance is not.
**Body:**
Every major AI agent platform is adding A2A support this quarter. "Agents can talk to each other" is no longer a differentiator — it's table stakes.
What's still differentiating: whether your A2A implementation includes a governance layer.
Specifically: when your compliance team asks "which agent accessed which workspace, and what did it do with the data?", can you answer?
Most implementations cannot. They connect agents without logging the calls. They support JSON-RPC 2.0 and SSE streaming but skip the audit trail. They work great in demos and fall apart in enterprise review.
The A2A governance gap looks like this:
- Connect agents? ✅ (most platforms)
- Audit trail on every call? ❌ (most platforms)
- Attribution per call? ❌ (most platforms)
- Instant revocation? ❌ (most platforms)
- Cross-infrastructure discovery? ❌ (many platforms)
- Compliance-ready? ✅ (only platforms with a real governance layer)
LangGraph shipped A2A client (inbound + outbound) in PRs #6645 and #7113. The implementation is technically solid. There's no audit trail, no org-level attribution, and no revocation model.
Molecule AI's A2A implementation includes org API key attribution on every cross-agent call. The audit log shows which key prefix made which request, when, and with what result. Revocation is one API call — the key stops working immediately, and the trail shows exactly what it did before revocation.
The difference between "agents connected" and "agents accountable."
A2A protocol ships in Phase 30. Cross-infrastructure discovery and org API key attribution are available on all production deployments.
→ [Read the full breakdown](https://docs.molecule.ai/blog/a2a-communication-enterprise)
→ [A2A Protocol Reference](https://docs.molecule.ai/docs/api-protocol/a2a-protocol)
→ [Org API Keys: Audit Attribution Setup](https://docs.molecule.ai/blog/org-scoped-api-keys)
---
---
## EXECUTION NOTES
**Campaigns ready to post immediately:**
1. Chrome DevTools MCP ✅ (all links finalized)
2. Org-Scoped API Keys ✅ (all links finalized)
3. A2A Enterprise ✅ (all links finalized, hero pending Social Media Brand recovery)
**Campaigns BLOCKED until blog URL is confirmed:**
4. Discord Adapter Launch ❌ (blog not yet published — do NOT post without blog URL in Post 5)
**Image alt-text guide for social posts:**
- Chrome DevTools MCP: "AI agent browser session with MCP protocol governance layer showing org API key attribution and audit trail"
- A2A Enterprise: "Two AI agents communicating across different cloud infrastructure via A2A protocol, with org-level API key attribution visible in the audit trail"
- Discord Adapter: "Molecule AI Discord adapter showing slash command flow from Discord to agent hierarchy and back"
**Suggested posting order:**
1. Chrome DevTools MCP (Day 1 of launch week)
2. A2A Enterprise (Day 1 or 2 — coordinate with Marketing Lead on timing)
3. Org-Scoped API Keys (Day 3-5 — avoid same day as Fly Deploy Anywhere)
4. Discord Adapter (Day TBD — publish after blog goes live)
**Hashtags (append to all posts):**
X: #MCP #AIAgents #AgenticAI #MoleculeAI #PlatformEngineering
LinkedIn: #A2A #AIAgents #AgenticAI #MoleculeAI #EnterpriseAI #PlatformEngineering
---
---
## CAMPAIGN 1 ADDENDUM: Chrome DevTools MCP — Day 2 (2026-04-22)
**Status:** ✅ COPY READY — manual execution required (API credentials blocked)
**Executed by:** Human — copy below is canonical
**Image:** `marketing/devrel/campaigns/chrome-devtools-mcp-seo/assets/chrome-devtools-mcp-social-card.png`
**Image alt-text:** "AI agent browser session with MCP protocol governance layer showing org API key attribution and audit trail"
### X Post C — Governance framing | POST AT 09:00 PT
```
Chrome DevTools MCP: browser automation as a first-class MCP tool.
For prototypes: great. For production: you need something between no browser and full admin. That's the gap Molecule AI's MCP governance fills.
#MCP #AIAgents #MoleculeAI
```
**Attach image:** `chrome-devtools-mcp-social-card.png`
**No image alt-text needed for this post**
---
### LinkedIn — Governance / enterprise audience | POST AT 10:00 PT window
**Title:** Why your AI agent's browser access needs a governance layer
**Body:**
Your AI agent can use a browser. That's useful. But "useful" isn't a security posture.
When an agent operates inside a browser — filling forms, reading session state, navigating authenticated flows — most platforms give you two options: trust it completely, or don't let it near the browser at all.
Molecule AI's Chrome DevTools MCP integration adds a third option: visibility with control.
Here's what "governance layer" actually means in this context:
→ Every browser action is logged with the org API key prefix that made the call. You know which agent touched what session, every time.
→ Chrome sessions are token-scoped. Agent A's session is not Agent B's session. No credential cross-contamination.
→ Revocation is instant. One API call, the key stops working, the session closes. No redeploy.
→ Audit trails are exportable. Your security team can review them without a custom logging pipeline.
This is the difference between "the agent can use a browser" and "the agent's browser access is auditable, attributable, and revocable."
Chrome DevTools MCP is available now on all Molecule AI deployments.
→ https://docs.molecule.ai/blog/chrome-devtools-mcp
**Attach image:** `chrome-devtools-mcp-social-card.png`
**Image alt-text:** "AI agent browser session with MCP protocol governance layer showing org API key attribution and audit trail"
---
### X Post B (repeat / Lighthouse framing) | POST AT 12:00 PT
```
Three things you couldn't automate before Chrome DevTools MCP + Molecule AI governance:
1. Lighthouse CI/CD audits — agent opens Chrome, runs Lighthouse, posts score to PR
2. Visual regression testing — screenshot diffs across agent workflow runs
3. Authenticated session scraping — agent behind a login with managed cookies
All with org API key audit trail.
#MCP #BrowserAutomation #AIAgents #MoleculeAI #CI
```
---
## API CREDENTIAL STATUS (as of 2026-04-22 08:00 PT)
| Platform | Credentials Present | Working | Action Required |
|---|---|---|---|
| X (Twitter) | `X_ACCESS_TOKEN` + `X_ACCESS_TOKEN_SECRET` | ❌ 401 Unauthorized | Manual paste-only today |
| LinkedIn | `LINKEDIN_CLIENT_ID` + `LINKEDIN_CLIENT_SECRET` | ❌ No access token | Manual paste-only today |
| Social Media Brand workspace | — | ❌ Unreachable (A2A_ERROR) | Escalate when peer recovers |
**Verdict:** All three Day 2 posts are copy-ready for manual execution. No social API is reachable from any agent workspace today.

128
docs/marketing/social/2026-04-26.md Normal file
View File

@ -0,0 +1,128 @@
# Social Queue — 2026-04-26
**Status:** DRAFT — gap-fill, Phase 34 feature post
**Source:** `docs/blog/2026-04-23-tool-trace-observability/index.md`
**Slug:** `ai-agent-observability-without-overhead`
**Publish day:** 2026-04-26 (Day 6, Phase 34)
**Assets:** None required — code/output-first posts
**Hashtags:** #A2A #MCP #AIAgents #AgenticAI #MoleculeAI #Observability
**UTM:** `?utm_source=twitter&utm_medium=social&utm_campaign=tool-trace-observability`
---
## X Thread — 5 posts
### Post 1 — Hook (observability gap)
Your AI agent just spent 3 hours running.
It finished. The output looks wrong.
Which tool call caused it?
If you don't have a trace, you're debugging blind.
Tool Trace: every tool call, every input, every output — in the A2A response.
→ https://docs.molecule.ai/blog/ai-agent-observability-without-overhead
---
### Post 2 — What you actually get
Most agent platforms give you a result.
Molecule AI A2A with Tool Trace gives you this in the response body:
```
tool_trace: [
{
call_id: "call_01hx...",
tool: "bash",
input: { command: "kubectl get pods" },
output_preview: "NAME READY STATUS ...",
started_at: "2026-04-23T10:00:01Z",
duration_ms: 340
},
...
]
```
Parallel calls are grouped by run_id. You see the full picture.
→ https://docs.molecule.ai/blog/ai-agent-observability-without-overhead
---
### Post 3 — What goes wrong without it
No trace:
"the agent ran the migration and something broke"
With trace:
"tool_calls[2]: bash — kubectl apply -f migration.sql — returned error 1062: Duplicate entry 'usr_01hx' — 0 rows affected"
Tool Trace turns "something broke" into "this tool, these inputs, this error."
→ https://docs.molecule.ai/blog/ai-agent-observability-without-overhead
---
### Post 4 — Parallel traces handled correctly
Parallel tool calls are the hardest case for agent observability.
Most platforms flatten them. Molecule AI groups parallel calls by run_id:
```
run_id: "run_01hx..."
├── call_01: bash (kubectl get pods) — 340ms
└── call_02: bash (kubectl get svc) — 180ms
run_id: "run_01hx...B"
└── call_03: http_request (status check) — 2100ms
```
Each run is independent. Each trace is complete.
→ https://docs.molecule.ai/blog/ai-agent-observability-without-overhead
---
### Post 5 — CTA
Tool Trace is now available on all Molecule AI plans.
Every A2A response can carry the full tool call record — no sampling, no sidecar, no guesswork.
Debug with the same fidelity you'd expect from a real distributed system trace.
→ https://docs.molecule.ai/blog/ai-agent-observability-without-overhead
---
## LinkedIn — Single Post
**Title:** Most AI agent platforms give you a result. This one gives you a trace.
**Body:**
When an AI agent produces a wrong answer, the question isn't "what did the agent say?" — it's "which tool did the agent call, with what inputs, and what did it get back?"
Most agent platforms answer the first question. Few answer the second.
Molecule AI's Tool Trace feature adds a structured tool call record to every A2A response. For each tool invocation:
→ The call ID and run ID (for grouping parallel calls)
→ The input parameters
→ An output preview (first 512 chars)
→ Timing metadata (started_at, duration_ms)
What this changes in practice:
**Debugging**: Instead of "the agent ran the migration and it failed," you get "tool_call[2] — bash — kubectl apply -f migration.sql — returned error 1062: Duplicate entry." The diagnosis takes minutes, not hours.
**Audit trails**: Every tool call that touched production infrastructure is in the response. No custom instrumentation required.
**Parallel call clarity**: When an agent fires multiple tool calls at once, Molecule AI groups them by run_id — so you see the concurrent calls as a structured tree, not a flattened list.
Tool Trace is available on all plans. No sampling. No sidecar service. It's in the A2A response.
→ [Read the full breakdown](https://docs.molecule.ai/blog/ai-agent-observability-without-overhead)
→ [A2A Protocol Reference](https://docs.molecule.ai/docs/api-protocol/a2a-protocol)
**Hashtags:** #A2A #AIAgents #AgenticAI #MoleculeAI #PlatformEngineering #AIInfrastructure #Observability
**CTA:** Bookmark for when your agent does something unexpected — Tool Trace is how you find out why.

132
docs/marketing/social/2026-04-27.md Normal file
View File

@ -0,0 +1,132 @@
# Social Queue — 2026-04-27
**Status:** DRAFT — A2A Enterprise second wave
**Source:** `docs/marketing/campaigns/a2a-enterprise-launch/social-copy.md` (canonical copy)
**Blog:** `docs/blog/2026-04-22-a2a-v1-agent-platform/`
**Slug:** `a2a-enterprise-any-agent-any-infrastructure`
**Publish day:** 2026-04-27 (Day 7, Phase 34 — A2A Enterprise second wave)
**Assets:** OG image at `docs/assets/blog/2026-04-22-a2a-enterprise-og.png` (1200x630, 22KB)
**Hashtags:** #A2A #AIAgents #AgenticAI #MoleculeAI #EnterpriseAI #PlatformEngineering
**UTM:** `?utm_source=twitter&utm_medium=social&utm_campaign=a2a-enterprise-launch`
---
## X Thread — 5 posts
### Post 1 — Hook (A2A governance gap)
Your agents can talk to each other.
Now prove it.
"Connect agents" is the easy part. The hard part is knowing which agent called which,
what it did, and whether you can revoke access without a redeploy.
A2A protocol with org-level governance is the difference between "agents connected"
and "audit trail exists."
→ https://docs.molecule.ai/blog/a2a-enterprise-any-agent-any-infrastructure
---
### Post 2 — Infrastructure agnostic
Two agents. Same VPC. Talking directly. That's solved.
Two agents. Different cloud providers. Across a VPN. A2A still works.
That's the harder problem — and the one that matters for teams actually running
AI at scale across infrastructure boundaries.
Molecule AI's A2A registry handles cross-infrastructure discovery. Your agents
don't care where the other agent lives.
→ https://docs.molecule.ai/blog/a2a-enterprise-any-agent-any-infrastructure
---
### Post 3 — The compliance question
"Which agent accessed which workspace, and what did it do with the data?"
If your A2A implementation can't answer that question, it's not an enterprise-ready
feature. It's a developer preview.
Molecule AI A2A: org API key attribution on every cross-agent call. Audit trail
exportable for compliance review. Revocation in one API call — no redeploy.
→ https://docs.molecule.ai/blog/a2a-enterprise-any-agent-any-infrastructure
---
### Post 4 — Hierarchy model
Not every agent should be able to reach every other agent.
Flat agent-to-agent mesh = lateral movement risk at scale.
Molecule AI's CanCommunicate() hierarchy: same workspace ✓ | siblings ✓ | parent↔child ✓ |
everything else ✗ by default.
Enterprise A2A means scoped communication rights, same as every other access control.
→ https://docs.molecule.ai/blog/a2a-enterprise-any-agent-any-infrastructure
---
### Post 5 — CTA
A2A protocol ships in Molecule AI Phase 30.
Every workspace is an A2A server. Every cross-agent call is audit-attributed.
Cross-infrastructure discovery is built in.
If you're running multi-agent systems and can't answer "which agent did what,"
your A2A story isn't done.
→ https://docs.molecule.ai/blog/a2a-enterprise-any-agent-any-infrastructure
---
## LinkedIn — Single Post
**Title:** A2A protocol is solved. A2A governance is not.
**Body:**
Every major AI agent platform is adding A2A support this quarter. "Agents can talk to each other" is no longer a differentiator — it's table stakes.
What's still differentiating: whether your A2A implementation includes a governance layer.
Specifically: when your compliance team asks "which agent accessed which workspace, and what did it do with the data?", can you answer?
Most implementations cannot. They connect agents without logging the calls. They support JSON-RPC 2.0 and SSE streaming but skip the audit trail. They work great in demos and fall apart in enterprise review.
The A2A governance gap looks like this:
- Connect agents? ✅ (most platforms)
- Audit trail on every call? ❌ (most platforms)
- Attribution per call? ❌ (most platforms)
- Instant revocation? ❌ (most platforms)
- Cross-infrastructure discovery? ❌ (many platforms)
- Compliance-ready? ✅ (only platforms with a real governance layer)
LangGraph shipped A2A client (inbound + outbound) in PRs #6645 and #7113. The implementation is technically solid. There's no audit trail, no org-level attribution, and no revocation model.
Molecule AI's A2A implementation includes org API key attribution on every cross-agent call. The audit log shows which key prefix made which request, when, and with what result. Revocation is one API call — the key stops working immediately, and the trail shows exactly what it did before revocation.
The difference between "agents connected" and "agents accountable."
A2A protocol ships in Phase 30. Cross-infrastructure discovery and org API key attribution are available on all production deployments.
→ [Read the full breakdown](https://docs.molecule.ai/blog/a2a-enterprise-any-agent-any-infrastructure)
→ [A2A Protocol Reference](https://docs.molecule.ai/docs/api-protocol/a2a-protocol)
→ [Org API Keys: Audit Attribution Setup](https://docs.molecule.ai/blog/org-scoped-api-keys)
**Hashtags:** #A2A #AIAgents #AgenticAI #MoleculeAI #EnterpriseAI #PlatformEngineering
**CTA:** Bookmark for when you're evaluating agent frameworks — the protocol explainer covers what the spec doesn't.
---
## Campaign notes
**Audience:** Platform engineers (X), Enterprise AI leads / CTOs (LinkedIn)
**Tone:** Direct, confident. Don't over-explain the protocol — lead with the governance gap.
**Differentiation:** "A2A is solved. A2A governance is not." is the frame. LangGraph comparison is factual (PRs cited) and not disparaging — they're a legitimate competitor doing a solid thing incompletely.
**Suggested image:** Cross-infrastructure diagram showing two agent nodes in different cloud environments communicating via the A2A protocol with org API key attribution in the audit log.
**Coordination:** Publish after blog goes live. A2A v1 Deep-Dive social went Apr 22 — this is the enterprise/governance second wave.
**Status:** Canonical copy from `a2a-enterprise-launch/social-copy.md` — ready for Social Media Brand execution.

138
docs/marketing/social/2026-04-28-partner-api-keys/social-copy.md Normal file
View File

@ -0,0 +1,138 @@
# Phase 34 — Partner API Keys Social Copy
Campaign: partner-api-keys | Blog: `docs/marketing/blog/2026-04-23-partner-api-keys/index.md`
Slug: partner-api-keys
Publish day: 2026-04-28 (Day 8, Phase 34)
Assets: OG image at `docs/assets/blog/2026-04-23-partner-api-keys-og.png`
Hashtags: #AgenticAI #MoleculeAI #PlatformEngineering #Marketplace #CI/CD #API
UTM: `?utm_source=twitter&utm_medium=social&utm_campaign=partner-api-keys`
---
## X Thread — 5 posts
### Post 1 — Hook (programmatic org management gap)
Your marketplace needs to provision a new customer org.
Your CI pipeline needs a clean test environment.
Your partner portal needs to spin up agent infrastructure.
None of them should need a human with a browser.
Partner API Keys: programmatic org management via `mol_pk_*`.
→ https://docs.molecule.ai/blog/partner-api-keys
---
### Post 2 — What it actually does (the API surface)
`mol_pk_*` keys let you:
`POST /cp/orgs` — provision an org
`GET /cp/orgs/:id/status` — poll until ready
`DELETE /cp/admin/partner-keys/:id` — revoke cleanly
No browser. No admin dashboard. Just the API.
Scoped to exactly what each integration needs.
→ https://docs.molecule.ai/blog/partner-api-keys
---
### Post 3 — CI/CD use case
Your test suite needs a clean Molecule AI org per run.
Old flow: spin up a test environment → pray nothing's shared → manual cleanup.
New flow:
1. `POST /cp/orgs` (via `mol_pk_*` key)
2. Run integration tests
3. `DELETE /cp/admin/partner-keys/:id`
4. Org is gone. Run is clean.
No shared state. No test pollution. No manual cleanup.
→ https://docs.molecule.ai/blog/partner-api-keys
---
### Post 4 — Marketplace reseller angle
You run a marketplace. You resell AI agent infrastructure to your customers.
Your customer signs up on your platform.
You call `POST /cp/orgs` with their details.
They're redirected to their Molecule AI tenant.
The reseller controls the billing relationship.
Molecule AI handles the infrastructure.
You never hand a credential to a human.
→ https://docs.molecule.ai/blog/partner-api-keys
---
### Post 5 — Scoping + revocation story
A partner key is only as powerful as you make it.
`orgs:create` → can create orgs, nothing else
`orgs:list` → can read org status, nothing else
`billing:read` → can see subscription, nothing else
Revoke a key → the integration stops working immediately.
The org stays. The path closes.
That's the security model.
→ https://docs.molecule.ai/blog/partner-api-keys
---
## LinkedIn — Single Post
**Title:** The difference between "agents can talk to each other" and "your platform can own the agent infrastructure your customers use"
**Body:**
When you're building on top of an AI agent platform, the last thing you want is for every customer onboarding to go through a human with an admin dashboard.
That's the problem Partner API Keys solve.
`mol_pk_*` keys let marketplace resellers, CI/CD pipelines, and automation platforms create and manage Molecule AI orgs programmatically — no browser, no admin session, just an API call.
Here's what a customer onboarding flow looks like:
1. Customer signs up on your marketplace
2. You call `POST /cp/orgs` with their details
3. You poll `GET /cp/orgs/:id/status` until provisioning completes
4. You redirect the customer to their Molecule AI tenant
Your customer gets their agent infrastructure. You control the billing relationship. Molecule AI handles the platform.
The same pattern works for CI/CD: create a temporary org per test run, run integration tests, delete the org and revoke the key. Each run is fully isolated. No shared state. No manual cleanup.
What makes this production-ready versus a prototype:
**Scoped by default** — a CI pipeline key gets `orgs:create` + `orgs:list`. A marketplace key gets `orgs:create` + `orgs:delete` + `workspaces:create`. Each key does exactly what its integration needs.
**Immediate revocation**`DELETE /cp/admin/partner-keys/:id` closes the integration path instantly. The org stays; the automation is dead.
**Full audit trail** — every API call attributed to the key that made it. You can trace a provisioning event back to the integration that triggered it.
**Rate-limited per key** — a misbehaving integration hits its own ceiling without affecting other partners or organic traffic.
Partner API Keys are available on Partner and Enterprise plans. Programmatic org management — not a browser dependency in sight.
→ [Read the integration guide](https://docs.molecule.ai/blog/partner-api-keys)
→ [Phase 34 Plan](https://docs.molecule.ai/blog/molecule-ai-build-plan) — all eight steps shipped
**Hashtags:** #AgenticAI #MoleculeAI #PlatformEngineering #Marketplace #CICDPipeline #API
**CTA:** Bookmark for your next platform integration build. Programmatic org management is live.
---
## Campaign notes
**Audience:** Platform engineers / API-first builders (X), Marketplace operators / CI/CD teams / enterprise DevOps (LinkedIn)
**Tone:** Concrete and API-first. Show the flow, not the concept. The CI/CD ephemeral org use case is the most visceral example — use it.
**Differentiation:** No browser dependency is the core differentiator vs. every other org management flow in the market today.
**Coordination:** Publish Day 8 (2026-04-28). No same-day conflicts identified in the current queue.
**Status:** Draft — pending PM confirmation of pricing tier language (Partner/Enterprise plans vs. open beta)
**Self-review applied:** No timeline claims, no person names, no benchmarks. Pricing tier language flagged above.

BIN
marketing/demos/memory-inspector-panel/narration.mp3 Normal file
View File

Binary file not shown.

232
marketing/demos/memory-inspector-panel/storyboard.md Normal file
View File

@ -0,0 +1,232 @@
# Screencast Storyboard — MemoryInspectorPanel
> **Feature:** `canvas/src/components/MemoryInspectorPanel.tsx` | **Duration:** 60 seconds
> **Format:** Canvas-led with API/terminal overlay cuts
---
## Pre-roll (0:000:04)
**Canvas — full screen**
Single workspace card in Canvas: `data-agent [ONLINE]`. Active tab: `Memory`.
Memory panel visible in right sidebar with an empty state: `◇ No memory entries yet`.
Narration (0:000:04):
> "This agent has been running for an hour. It's stored task results, intermediate findings, and context across its sessions. Now there's a way to inspect it."
**Camera:** Static Canvas frame. 4-second hold. No cursor.
---
## Moment 1 — Agent writes memory entries (0:040:18)
**Cut to:** Terminal window, dark theme.
Prompt: `agent@data-agent:~$`
```bash
# Agent writes to its KV memory store
curl -s -X POST \
"https://acme.moleculesai.app/workspaces/ws-data-agent-001/memory" \
-H "Authorization: Bearer ws-token-xxx" \
-H "Content-Type: application/json" \
-d '{
"key": "pipeline/Q1-revenue-findings",
"value": {
"region": "APAC",
"delta": -0.073,
"contributors": ["enterprise-churn", "demo-loss"],
"confidence": 0.91
}
}' | jq
```
**Terminal output:**
```json
{
"status": "ok",
"key": "pipeline/Q1-revenue-findings",
"version": 1
}
```
**Camera:** Brief type-in. Cursor moves. JSON response hold on `version: 1` — 1.5s.
Narration (0:060:14):
> "One API call writes a memory entry. Structured data — a key, a value, a version counter. The agent stores what it learns, not just what it's told."
**Second entry:**
```bash
curl -s -X POST \
"https://acme.moleculesai.app/workspaces/ws-data-agent-001/memory" \
-H "Authorization: Bearer ws-token-xxx" \
-H "Content-Type: application/json" \
-d '{
"key": "pipeline/anomalies-detected",
"value": ["deals-84-day-stale", "renewal-risk-enterprise-3"]
}' | jq
```
```json
{
"status": "ok",
"key": "pipeline/anomalies-detected",
"version": 1
}
```
**Camera:** Quick follow. Clean output. Clean finish.
Narration (0:140:18):
> "Version one. Each write is tracked. The agent has a memory — observable, queryable, inspectable."
---
## Moment 2 — Canvas Memory panel shows the entries (0:180:32)
**Cut to:** Canvas — data-agent workspace, Memory tab active.
Two entry rows visible:
- `pipeline/Q1-revenue-findings``v1``2m ago` — right chevron
- `pipeline/anomalies-detected``v1``1m ago` — right chevron
Entry count badge: `2 entries` in toolbar.
**Camera:** Slow scroll through the two entries. Hold on first row. Highlight `v1` badge and `2m ago` timestamp.
Narration (0:200:28):
> "Back in Canvas. The Memory tab shows every entry — key, version, how long ago it was written. Click any row to see the full value."
**Expand first entry:**
Click on `pipeline/Q1-revenue-findings` row.
Row expands: JSON body shows `delta: -0.073`, `confidence: 0.91`, `contributors: [...]`.
Below JSON: `Updated: Apr 21, 12:34 PM``Edit` button — `Delete` button.
**Camera:** Full expand animation. Hold on JSON body. Press Edit.
Narration (0:280:32):
> "One click expands the entry. JSON in view. Edit inline. Version conflict detection built in. That's the Memory Inspector — read, write, version-tracked."
---
## Moment 3 — Semantic search with similarity scores (0:320:46)
**Canvas continues:** memory panel still open.
Search bar focused. Type: `revenue trends`
**Camera:** Cursor to search bar. Type animation (playback speed 2x). 300ms debounce, then request fires.
**Terminal overlay (brief):**
```bash
# Semantic query — pgvector backend
curl -s "https://acme.moleculesai.app/workspaces/ws-data-agent-001/memory?q=revenue%20trends" \
-H "Authorization: Bearer ws-token-xxx" | jq '.'
```
**Canvas updates:** entries re-sort. Similarity badges appear:
- `pipeline/Q1-revenue-findings``v2``91%` — blue badge
- `pipeline/anomalies-detected``v1``~34%` — italic dim badge
Top result highlighted with blue ring for 1.5s.
**Camera:** Smooth re-sort. Badge fade-in. Hold on `91%` badge. Brief highlight pulse.
Narration (0:340:44):
> "Type a semantic query — 'revenue trends'. The pgvector backend ranks entries by similarity. 91% match on top. Clearest result surfaces first."
**Callout text (bottom-left):**
`Vector search — find related entries without exact key matches.`
**Camera:** Clear search — click × button. Entries return to default order. Similarity badges disappear.
Narration (0:440:46):
> "Clear the search — entries return to recency order. Every query, every ranking, visible."
---
## Moment 4 — Edit and version bump (0:460:54)
**Canvas:** `pipeline/Q1-revenue-findings` entry expanded.
Click `Edit`. JSON textarea appears in expanded body.
Update `delta` from `-0.073` to `-0.068` — slightly revise the finding.
Click `Save`.
**Terminal overlay:**
```bash
# Edit with optimistic locking
curl -s -X POST \
"https://acme.moleculesai.app/workspaces/ws-data-agent-001/memory" \
-H "Authorization: Bearer ws-token-xxx" \
-H "Content-Type: application/json" \
-d '{
"key": "pipeline/Q1-revenue-findings",
"value": {
"region": "APAC",
"delta": -0.068,
"contributors": ["enterprise-churn", "demo-loss"],
"confidence": 0.91
},
"if_match_version": 2
}' | jq
```
**Terminal output:**
```json
{
"status": "ok",
"key": "pipeline/Q1-revenue-findings",
"version": 3
}
```
**Canvas:** Entry version badge updates: `v3` (yellow pulse on number change).
Narration (0:470:52):
> "Save with `if_match_version: 2`. The entry bumps to version 3. If another agent updated it in the meantime, you'd see a conflict — not a silent overwrite. That's optimistic locking on every write."
---
## Close (0:541:00)
**Canvas — full frame.** Memory panel open. Entries visible. Clean state.
Narration (0:540:58):
> "Every agent has memory. Every memory entry is versioned, searchable, editable. The Memory Inspector — in Canvas, built into every workspace."
**End card:**
```
MemoryInspectorPanel
canvas/src/components/MemoryInspectorPanel.tsx — molecule-core
```
**Fade to black.**
---
## Production Notes
- **Canvas cutaways (pre-roll + moments 24):** Use dev canvas with one workspace in active state and at least 2 pre-populated memory entries. Pre-record before the session. When recording Moment 4, seed `pipeline/Q1-revenue-findings` with version 2 so the edit goes to version 3.
- **Semantic search (Moment 3):** Requires pgvector backend deployed (issue #776). If pgvector is not available in the demo environment, show the empty-state search result ("No memories match your search") and narrate it as: "Without pgvector deployed, semantic search shows a clean empty state — the UI degrades gracefully without errors."
- **Terminal theme:** Same as AGENTS.md + CF Artifacts storyboards — dark zinc, JetBrains Mono 14pt.
- **Camera:** Screenflow / Camtasia. 1440×900 record → 1080p export.
- **Callout text:** Amber ring `#E8A000`, 1s fade-in/out, bottom-left at 90% opacity.
- **Version badge highlight:** On Moment 4 version bump, briefly pulse `v3` badge with blue ring `#3B82F6` — 1s hold.
- **Similarity badges:** Blue `#3B82F6` for ≥80%, gray for 5079%, italic gray for <50%. 1px rounded pill shape.
- **VO recording:** Consistent pacing with other Phase 30 screencasts. Match voice talent.
- **Music:** No music. Consider a subtle single-tone click at 0:04 (first memory write) and 0:54 (end card).

BIN
marketing/devrel/campaigns/chrome-devtools-mcp-seo/assets/chrome-devtools-mcp-hero.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 57 KiB

BIN
marketing/devrel/campaigns/chrome-devtools-mcp-seo/assets/chrome-devtools-mcp-social-card.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 65 KiB

BIN
marketing/devrel/campaigns/chrome-devtools-mcp-seo/chrome-devtools-mcp-tts.mp3 Normal file
View File

Binary file not shown.

202
marketing/devrel/campaigns/chrome-devtools-mcp-seo/queue-ready-to-post.md Normal file
View File

@ -0,0 +1,202 @@
# Chrome DevTools MCP — Day 1 Campaign Queue
**Created by:** Content Marketer (2026-04-21, 15:15 UTC)
**Status:** READY TO POST — no social API credentials found in codebase
**Platforms:** X (Twitter) + LinkedIn
**CTA link:** https://docs.molecule.ai/blog/chrome-devtools-mcp
**Assets:** `/workspace/repo/marketing/devrel/campaigns/chrome-devtools-mcp-seo/assets/`
---
## X — 5-Post Thread (Primary, PMM-approved)
### Post 1 of 5 — Hook
```
Your AI agent just made a purchase on your behalf.
What did it buy? From where? With which account?
Most agents operate in a black box. Browser DevTools MCP makes the browser a first-class
tool — with org-level audit attribution on every action.
→ docs.molecule.ai/blog/chrome-devtools-mcp
#MCP #AIAgents #AgenticAI #MoleculeAI
```
### Post 2 of 5 — Problem framing
```
Browser automation for AI agents usually means: give the agent your credentials, hope it
doesn't go somewhere unexpected, and check the logs after.
That's not a governance model. That's a trust fall.
Molecule AI's MCP governance layer for Chrome DevTools MCP gives you:
→ Which agent accessed which session
→ What it did (navigate, fill, screenshot, submit)
→ Audit trail with org API key attribution
One org API key prefix per integration. Instant revocation.
→ docs.molecule.ai/blog/chrome-devtools-mcp
#MCP #AIAgents #AgenticAI #MoleculeAI
```
### Post 3 of 5 — Use case, concrete
```
Real things teams use Chrome DevTools MCP for in production:
• Automated Lighthouse audits on every PR — agent runs the audit, reports the score, flags regressions
• Visual regression detection — agent screenshots key pages, diffs against baseline, opens tickets on drift
• Auth scraping — agent reads the authenticated state from an existing browser session
The governance layer means your security team can see all three in the audit trail.
→ docs.molecule.ai/blog/chrome-devtools-mcp
#MCP #AIAgents #AgenticAI #MoleculeAI
```
### Post 4 of 5 — Competitive / positioning
```
The MCP protocol lets you connect any compatible tool to any compatible agent.
What's been missing: visibility into what the agent actually *did* with that access.
Molecule AI's MCP governance layer adds:
• Per-action audit logging with org API key attribution
• Token-scoped Chrome sessions — no credential sharing across agents
• Instant revocation without redeployment
→ docs.molecule.ai/blog/chrome-devtools-mcp
#MCP #AIAgents #AgenticAI #MoleculeAI
```
### Post 5 of 5 — CTA
```
Chrome DevTools MCP ships today with Molecule AI Phase 30.
If you're running AI agents that interact with web UIs — there's a governance story
you need to have ready before your security team asks.
→ docs.molecule.ai/blog/chrome-devtools-mcp
#MCP #AIAgents #AgenticAI #MoleculeAI
```
---
## LinkedIn — Single post
**Title:** Why your AI agent's browser access needs a governance layer
**Body:**
```
Your AI agent can use a browser. That's useful. But "useful" isn't a security posture.
When an agent operates inside a browser — filling forms, reading session state, navigating
authenticated flows — most platforms give you two options: trust it completely, or don't
let it near the browser at all.
Molecule AI's Chrome DevTools MCP integration adds a third option: visibility with control.
Here's what "governance layer" actually means in this context:
→ Every browser action is logged with the org API key prefix that made the call. You know
which agent touched what session, every time.
→ Chrome sessions are token-scoped. Agent A's session is not Agent B's session. No credential
cross-contamination.
→ Revocation is instant. One API call, the key stops working, the session closes. No redeploy.
→ Audit trails are exportable. Your security team can review them without a custom logging pipeline.
This is the difference between "the agent can use a browser" and "the agent's browser access
is auditable, attributable, and revocable."
Chrome DevTools MCP is available now on all Molecule AI deployments.
→ docs.molecule.ai/blog/chrome-devtools-mcp
#MCP #AIAgents #AgenticAI #MoleculeAI
```
---
## A/B/C Secondary X Copy Variants
*(Source: `/workspace/repo/marketing/devrel/chrome-devtools-mcp-social-copy.md` — file not found in repo.
If variants A/B/C exist elsewhere, use these as thread fillers or Day 2 repeats)*
### Variant A (Technical / developer)
```
Chrome DevTools MCP gives your AI agents a 23-tool browser surface.
23 actions. Every one logged. Every one attributable to an org API key.
This is what "MCP governance layer" means in practice.
→ docs.molecule.ai/blog/chrome-devtools-mcp
#MCP #AIAgents #AgenticAI #MoleculeAI
```
### Variant B (Audit / compliance)
```
Your security team just asked: "Which agent accessed which browser session, and when?"
With Molecule AI's Chrome DevTools MCP governance layer, you have the answer.
Not a custom pipeline. Not a custom log. Just the audit trail.
→ docs.molecule.ai/blog/chrome-devtools-mcp
#MCP #AIAgents #AgenticAI #MoleculeAI
```
### Variant C (Hook variant)
```
"AI agent, go buy me something."
Before you run that — do you know which session it'll use? Which credentials?
What it'll do if the checkout flow changes?
Chrome DevTools MCP + Molecule AI: the browser is a first-class, auditable tool.
→ docs.molecule.ai/blog/chrome-devtools-mcp
#MCP #AIAgents #AgenticAI #MoleculeAI
```
---
## Assets on Disk
```
/workspace/repo/marketing/devrel/campaigns/chrome-devtools-mcp-seo/assets/chrome-devtools-mcp-hero.png
/workspace/repo/marketing/devrel/campaigns/chrome-devtools-mcp-seo/assets/chrome-devtools-mcp-social-card.png
/workspace/repo/marketing/devrel/campaigns/chrome-devtools-mcp-seo/assets/chrome-devtools-mcp-tts.mp3
```
Social card image: `chrome-devtools-mcp-social-card.png`
Hero image: `chrome-devtools-mcp-hero.png`
---
## Campaign Notes (from PMM brief)
- **X audience:** Developer / DevOps — lead with Lighthouse / visual regression use case
- **LinkedIn audience:** Enterprise platform engineers — lead with governance / compliance
- **Differentiation claim:** Org API key audit attribution — competitors can't match
- **Spacing:** Do NOT post same day as fly-deploy-anywhere (suggested: Day 3-5 for Fly)
- **Campaign source doc:** `/workspace/repo/docs/marketing/campaigns/chrome-devtools-mcp-seo/social-copy.md`
---
## Posting Instructions
1. Post X thread in sequence (Posts 15), ~1530 min apart
2. Post LinkedIn as standalone after thread
3. Attach `chrome-devtools-mcp-social-card.png` to Posts 1 and LinkedIn
4. A/B/C variants: use as thread additions (post 1.5, 2.5 etc.) or Day 2 reposts
5. Tag nothing extra — hashtags already in copy

BIN
marketing/devrel/campaigns/discord-adapter-launch/assets/discord-adapter-social-card.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 63 KiB

BIN
marketing/devrel/campaigns/fly-deploy-anywhere/assets/fly-deploy-anywhere-hero.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 52 KiB

BIN
marketing/devrel/campaigns/fly-deploy-anywhere/assets/fly-deploy-anywhere-social-card.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 57 KiB

BIN
marketing/devrel/campaigns/org-api-keys-launch/org-api-keys-audit-log.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 39 KiB

BIN
marketing/devrel/campaigns/org-api-keys-launch/org-api-keys-before-after.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 23 KiB

BIN
marketing/devrel/campaigns/org-api-keys-launch/org-api-keys-canvas-ui.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 34 KiB

115
marketing/devrel/campaigns/org-api-keys-launch/social-copy.md Normal file
View File

@ -0,0 +1,115 @@
# Org-Scoped API Keys — Social Copy
Campaign: org-api-keys | Blog PR: docs#51 | Issue: molecule-ai/internal#6
Publish day: TBD — post Phase 30 blog launch (do not same-day as chrome-devtools-mcp-seo)
Status: Ready for scheduling — post Chrome DevTools MCP launch (Day 2 slot)
---
## X (Twitter) — Primary thread (5 posts)
### Post 1 — Hook
Your CI pipeline calls your agent API.
Your Zapier integration calls your agent API.
Your monitoring tool calls your agent API.
They all use the same token.
That's a problem — before you even ship.
Molecule AI org-scoped API keys: one credential per integration. Named, revocable, audit-attributable.
---
### Post 2 — Problem framing
ADMIN_TOKEN works great — until it doesn't.
→ Can't rotate without downtime (10 agents use it simultaneously)
→ Can't attribute which integration made a call (no prefix in logs)
→ Can't revoke just one (one compromised token compromises everything)
Org-scoped API keys fix all three.
---
### Post 3 — How it works (the product)
Molecule AI org API keys:
→ Mint via Canvas UI or POST /org/tokens
→ sha256 hash stored server-side, plaintext shown once
→ 8-character prefix visible in every audit log line
→ Immediate revocation — next request, key is dead
→ Works across all workspaces AND workspace sub-routes
Rotate without downtime. Attribute every call. Revoke instantly.
---
### Post 4 — Compliance angle
"We need to know which integration called that API endpoint."
Org-scoped API keys: every call tagged with the key's 8-char prefix in the audit log.
Full provenance in `created_by` — which admin minted the key, when, what it's been calling.
That's the answer your compliance team needs.
---
### Post 5 — CTA
Org-scoped API keys ship today on all Molecule AI deployments.
If you're running multi-agent infrastructure and you have a single ADMIN_TOKEN —
today is a good day to fix that.
→ https://docs.moleculeai.ai/blog/org-scoped-api-keys
→ https://canvas.moleculeai.ai (Settings → Org API Keys)
---
## LinkedIn — Single post
**Title:** One ADMIN_TOKEN across your whole agent fleet is a compliance risk, not a convenience
**Body:**
At two agents, one ADMIN_TOKEN feels fine.
At twenty agents, it's a single point of failure that you can't rotate, can't audit,
and can't compartmentalize.
Molecule AI's org-scoped API keys change the model:
→ One credential per integration — "ci-deploy-bot", "devops-rev-proxy", not "the ADMIN_TOKEN"
→ Every API call tagged with the key's prefix in your audit logs
→ Instant revocation — one key compromised, one key revoked, zero downtime for other integrations
`created_by` provenance on every key — which admin created it, when, and what it can reach
The keys work across every workspace in your org — including workspace sub-routes,
not just admin endpoints.
This is the credential model that makes multi-agent infrastructure defensible at scale.
Org-scoped API keys are available now on all Molecule AI deployments.
→ https://docs.moleculeai.ai/blog/org-scoped-api-keys
---
## Campaign notes
**Audience:** Platform engineers / DevOps (X), Security / compliance / engineering leadership (LinkedIn)
**Tone:** Direct problem-solution. No fluff. Platform engineers respond to specificity.
**Differentiation:** The rotation-without-downtime story is the primary hook — it's the most visceral ADMIN_TOKEN pain.
**Use case pairings:** X → rotation + attribution (DevOps pain), LinkedIn → compliance + provenance (security team concern)
**Hashtags:** #AgenticAI #MoleculeAI #DevOps #PlatformEngineering #Security
**Coordination:** Do NOT post on same day as chrome-devtools-mcp-seo. Suggested spacing: Chrome DevTools MCP Day 1, Org API Keys Day 2, Fly Day 35.
**CTA links (confirmed 2026-04-21):**
- Docs: https://docs.moleculeai.ai/blog/org-scoped-api-keys
- Canvas → Org API Keys: https://canvas.moleculeai.ai (Settings → Org API Keys)
**Visual assets (✅ generated 2026-04-21):**
- `org-api-keys-canvas-ui.png` — Canvas Org API Keys UI mockup
- `org-api-keys-before-after.png` — Before/after credential model
- `org-api-keys-audit-log.png` — Audit log terminal output

BIN
marketing/devrel/demos/screencasts/phase30-screencast-05-agents-md-auto-generation.mp4 Normal file
View File

Binary file not shown.

BIN
marketing/devrel/demos/screencasts/phase30-screencast-06-cloudflare-artifacts.mp4 Normal file
View File

Binary file not shown.