Download all docs

Federation

Federation is how circles relate across the airtight boundary without breaking it. Two circles are two separate Postgres schemas with no sanctioned JOIN between them, so relating them cannot mean “reach into the other’s tables” — it has to be a pointer plus an explicit, gated channel. This page is the runtime’s reference entry; the concept that teaches the model is federation.

The primitive: circle-ref

A circle-ref is a foundation element that lets a parent circle see a nested child without entering it. It is system-managed (the parent’s add_subcircle op creates it), and its single resolve operation returns the child’s public metadata — name, type, encryption mode, created-at — never the child’s contents. It is a pointer across the boundary, not a hole in it: you gain a name and a door, not a window into the child’s data.

Recording a peer: external-agent

Where circle-ref points at another Triform circle, external-agent records a peer that is not a circle — an outside agent (a Claude Code instance, an MCP server, anything speaking a peer-to-peer agent protocol). It stores the peer’s decentralized identifier (DID), where the peer publishes its agent card, and the scopes the circle will accept from it. This DID-resolution-and-agent-card layer is the model the platform is building toward, not a frozen contract — confirm specifics against the live element before depending on them.

Trust is per-scope and revocable

A peer is never trusted wholesale. Low-risk scopes may be auto-accepted (admitted silently, recorded in the cross-circle audit trail); higher-risk scopes are queued for the circle owner’s approval; a peer can be disabled so its messages are rejected even with otherwise-valid grants. This is the cross-circle counterpart to in-capability access control — the same instinct as an auth-policy gating a door, applied to traffic that originates outside the tenancy boundary. The durable shape is the principle: explicit, per-scope, revocable grants, default-deny for anything not granted.

Related

  • Concept: federation — the full model (the teaching home)
  • Concept: tenancy-airtight — the boundary federation must not break
  • Pillar: Capabilities — the access-edge model, of which a peer grant is one edge
  • Element: circle-ref, external-agent