molecule-ai/docs
47
0
Fork 0
Code Issues Pull Requests 11 Actions Packages Projects Releases Wiki Activity

docs(architecture): reconcile prose to corrected CP/tenant split #73

Merged
documentation-specialist merged 1 commits from docs/architecture-cp-tenant-prose into main 2026-06-02 17:06:44 +00:00
Conversation 1 Commits 1 Files Changed 1
+15 -5
1 changed files with 15 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files
content/docs/architecture.mdx
+15 -5
View File
@@ -32,7 +32,7 @@ Canvas (Next.js :3000) <--WebSocket--> Platform (Go :8080) <--HTTP--> Postgres +
+------ Platform ----+
```
The Canvas provides the visual interface, the Platform acts as the control plane, and Workspaces are isolated containers running AI agent runtimes. All inter-agent communication is mediated by the Platform via the A2A proxy, which enforces hierarchical access control.
This is the **per-tenant** view: the Canvas provides the visual interface, the Platform (the tenant's `workspace-server`) is the tenant's control core, and Workspaces are isolated machines running AI agent runtimes. All inter-agent communication is mediated by the Platform via the A2A proxy, which enforces hierarchical access control. Above all tenants sits the central control plane (`api.moleculesai.app`), which provisions tenants and handles orgs and billing.
---
@@ -69,9 +69,11 @@ The Canvas is the browser-based visual workspace graph. It provides:
### Platform
**Stack:** Go / Gin
**Stack:** Go / Gin (`workspace-server`)
The Platform is the central control plane responsible for:
The Platform is the **per-tenant control core** — one instance runs on each org's
tenant (a `*.moleculesai.app` instance in SaaS, or your own host when self-hosted)
and owns everything for that org's workspaces:
- **Workspace CRUD** -- create, read, update, delete workspaces
- **Registry** -- workspace registration, heartbeat tracking, agent card management
@@ -79,10 +81,18 @@ The Platform is the central control plane responsible for:
- **WebSocket hub** -- real-time event broadcasting to Canvas clients
- **Liveness monitoring** -- three-layer container health detection
- **A2A proxy** -- routes inter-agent messages with hierarchical access control
- **Docker provisioner** -- container lifecycle management with tier-based resource limits
- **Provisioner** -- workspace machine/container lifecycle with tier-based resource limits
- **Scheduler** -- cron-based scheduled tasks per workspace
- **Channel adapters** -- social integrations (Telegram, Slack, etc.)
It is **not** the central SaaS control plane. A separate
[central control plane](#subdomain-architecture) (`api.moleculesai.app`,
`molecule-controlplane`) handles org & member management, billing & credits, the
LLM proxy, the provider registry, and **tenant provisioning** — it spins up each
org's tenant, and that tenant then runs its own Platform instance above. The
Platform's Postgres and Redis (below) are the **tenant's own**, not shared
across orgs.
**Key environment variables:**
| Variable | Default | Purpose |
@@ -321,7 +331,7 @@ Hosted at `moleculesai.app` with per-tenant isolation. Each tenant gets a dedica
|-----------|---------|---------|
| `moleculesai.app` | Landing page | Marketing site |
| `app.moleculesai.app` | SaaS dashboard | Tenant management UI |
| `api.moleculesai.app` | Control plane API | Platform REST + WebSocket |
| `api.moleculesai.app` | Central control plane (`molecule-controlplane`) | Orgs, members, billing/credits, tenant provisioning, LLM proxy, provider registry (`/cp/*`) |
| `doc.moleculesai.app` | Documentation | This documentation site |
| `status.moleculesai.app` | Status page | Uptime and incident tracking |
| `*.moleculesai.app` | Tenant instances | Per-org isolated platform instances |