Named services give an agent one small grammar — list, search, get, act — and let every domain teach its own vocabulary at runtime. A domain models itself once, as a realm : typed objects, self-contained refs, its own search questions, and role-guarded use cases. Any operator — the chat agent, an external agent over MCP, a UI — works every realm through t...
An app creates a ReAct agent mostly by declaring it: one config surface defines the agent's teaching, its tools/skills inventory, and its allowed models; the user tunes within it from the chat composer; and the platform keeps the result never wider than granted — with every customization's prompt-cache cost named honestly.
A signed-in KDCube user can now mint a short-lived bearer token for their own automation, scoped server-side by resource_grants ( resource → grants[] ) plus selected operations. The token is only a handle — the guard loads the server-side grant record and enforces resource-grant matching per call. Grants never union across resources: {A: read, B: write} c...
KDCube can turn a browser user into a platform user through Cognito, multiple Cognito pools, a local SimpleIDP, or an application-hosted login. These are not interchangeable — they differ in who proves the user, which credential is written, and which verifier accepts it. This overview puts all methods side by side, anchored on one contract: Connection Hub...
Sometimes the product already has a login page, a branded sign-in, or an upstream proof like Google. An application can host the platform login and consent screens while Connection Hub owns the authority registry and KDCube still verifies a standard platform session. This piece walks the split: the app hosts the door, Connection Hub registers what the doo...
Accepted external events are kept in an ordered lane keyed by the full id_card : tenant, project, user, conversation, and agent. A turn is a consumer that briefly owns that lane. The hard part is not delivery — it is ownership when turns overlap, and guaranteeing a stale turn can never commit. This piece walks the path from client action to folded block t...
An external client speaks MCP and wants a KDCube service. The lazy answer — a shared secret — fails the moment you ask whose data it acts on, what it may do, who pays, and how to turn one connection off. KDCube's answer is a delegated credential : a bearer KDCube issues, scopes to one resource, narrows to consented tools and grants, and records back to th...
A user's memory here is not one store but three folds , each a different aspect: mem holds curated durable entities (what is true), conv records the temporal stream with its production context (what happened, when & where), and cnv gathers cross-world references on a focus board (what is kept at hand). Formed differently, meaning different things, designe...
Your MCP handler should never see an unauthorized call. A managed surface declares its auth in descriptors; one shared Connection Hub guard then runs a fixed sequence of fail-closed checks — credential valid → authority → resource (exact) → tool allowed → grants present → tool consented — before the bundle handler is ever called. This Deep piece walks the...
You have an external app and you want it to reach one KDCube service. Connecting it issues a delegated credential — carrying only the resource grants and selected operations/tools you approved, recorded as a durable consent edge that keeps the app as its own actor and you as the grantor. This Deep piece walks the connect → consent → delegated-credential f...