molecule-ai/molecule-core
35
0
Fork 2
Code Issues 16 Pull Requests 2 Actions 49 Packages Projects Releases Wiki Activity
9ad803a802
molecule-core/docs/api-protocol/communication-rules.md
Hongming Wang 24fec62d7f initial commit — Molecule AI platform 
Forked clean from public hackathon repo (Starfire-AgentTeam, BSL 1.1)
with full rebrand to Molecule AI under github.com/Molecule-AI/molecule-monorepo.

Brand: Starfire → Molecule AI.
Slug: starfire / agent-molecule → molecule.
Env vars: STARFIRE_* → MOLECULE_*.
Go module: github.com/agent-molecule/platform → github.com/Molecule-AI/molecule-monorepo/platform.
Python packages: starfire_plugin → molecule_plugin, starfire_agent → molecule_agent.
DB: agentmolecule → molecule.

History truncated; see public repo for prior commits and contributor
attribution. Verified green: go test -race ./... (platform), pytest
(workspace-template 1129 + sdk 132), vitest (canvas 352), build (mcp).

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-13 11:55:37 -07:00

4.4 KiB
Raw Blame History

Communication Rules

The hierarchy IS the topology. There is no manual connection wiring — communication is derived automatically from the parent/child structure.

The Rules

Direction Allowed? Example
Sibling <-> sibling Yes Marketing <-> Developer PM
Parent -> child (PM delegates down) Yes Developer PM -> Frontend Agent
Child -> parent (report up to PM) Yes Frontend Agent -> Developer PM
Skip levels (grandchild -> grandparent) No Frontend Agent -> Business Core
Cross-team (different parents) No Frontend Agent -> Operations

Visual Example

Business Core
+-- Marketing          <--can talk--> Developer PM
+-- Developer PM       <--can talk--> Operations
|   +-- Frontend       <--can talk--> Backend
|   +-- Backend        <--can talk--> QA PM
|   +-- QA PM
|       +-- Auto Test  <--can talk--> Manual Review
|       +-- Manual Review
+-- Operations
  • Developer PM can talk to Marketing and Operations (siblings) AND down to Frontend, Backend, QA PM (its children)
  • Frontend can only talk to Backend and QA PM (siblings) and up to Developer PM (its parent)
  • Frontend cannot talk to Marketing, Business Core, or Operations
  • Auto Test can only talk to Manual Review (sibling) and up to QA PM (its parent)

Access Check

The platform validates every discovery request with a hierarchy check:

func CanCommunicate(callerID, targetID string) bool {
    caller := db.GetWorkspace(callerID)
    target := db.GetWorkspace(targetID)

    // siblings — same parent (including root-level where both have no parent)
    if caller.ParentID != nil && target.ParentID != nil &&
       *caller.ParentID == *target.ParentID {
        return true
    }
    // root-level siblings — both have no parent
    if caller.ParentID == nil && target.ParentID == nil {
        return true
    }

    // parent talking to child
    if caller.ID == target.ParentID {
        return true
    }

    // child talking up to parent
    if target.ID == caller.ParentID {
        return true
    }

    return false
}

GET /registry/discover/:id reads the caller's identity from the X-Workspace-ID header, runs CanCommunicate(), and returns 403 Forbidden if the caller isn't allowed.

Peer Discovery

Instead of a connections table, the platform derives reachable workspaces from the hierarchy:

GET /registry/:id/peers

Returns: siblings + children + parent (all workspaces this one can communicate with).

async def get_reachable_workspaces(workspace_id: str) -> list:
    ws = db.GetWorkspace(workspace_id)
    reachable = []

    # siblings — same parent
    if ws.parent_id:
        siblings = db.GetChildren(ws.parent_id)
        reachable += [s for s in siblings if s.id != workspace_id]

    # children — own sub-workspaces
    children = db.GetChildren(workspace_id)
    reachable += children

    # parent — can talk up
    if ws.parent_id:
        parent = db.GetWorkspace(ws.parent_id)
        reachable.append(parent)

    return reachable

What This Replaces

The hierarchy-based model removes several components:

Removed Replaced by
workspace_connections table parent_id on workspaces table
CONNECTION_CREATED / CONNECTION_REMOVED events WORKSPACE_EXPANDED / WORKSPACE_COLLAPSED events
/topology/connect endpoint Nesting via drag-into on canvas
Canvas edge drawing UI Edges auto-rendered from hierarchy
Workspace whitelist table CanCommunicate() hierarchy check
Bundle connection definitions Bundle sub_workspaces array

Canvas Behavior

  • No edge drawing. Users don't wire workspaces — they nest them
  • Edges render automatically from parent/child relationships
  • The visual is a true org chart, not a flowchart
  • Dragging a workspace inside another workspace nests it as a sub-workspace

Why This Is Better

The org chart IS the access control policy. Simpler schema, simpler security, simpler canvas. No configuration drift between "who should talk to whom" and "who can talk to whom."

Related Docs