document · 004 · federationmadarX OS · company agent network

AI generates. Humans approve. Departments collaborate.

From one AI assistant to a governed company-wide AI workforce.

madarX OS can become the operating layer where every employee and every department has its own team of agents — while cross-department work moves through policies, approvals, queues, memory boundaries, and audit trails.

Current operating modelFederated organization

Departments collaborate through a broker, policy engine, approvals, events, and audit trails — not uncontrolled agent-to-agent calls.

request brokerpolicy engineevent busapproval ledger

One-line product claimpositioning

madarX OS turns individual AI agents into an approval-first, audit-friendly operating system for entire companies.

Department agent networkclick a department

Financedepartment tenant

manager: Finance Controller Agent
memory: budgets · revenue · forecasts
tools: supabase_read · sheet_export · finance_api
approval: Restricted financial data

Budget AnalystRevenue ReporterForecast AgentApproval Controller

Cross-department communication simulatormarketing asks finance, legal asks engineering, support asks ops

Source departmentTarget departmentActor roleRequest typeData sensitivityTrust mode

approval-required

Marketing → Finance

Risk tier: high. Approver: Finance manager.

cross-department boundary
confidential sensitivity

Records createdcross_department_requestsactivity_logapproval_requestsaudit_logsdepartment_queue_jobs

Request flowbrokered, not free-for-all

01Request created

Source agent submits intent, business reason, target department, requested fields, sensitivity, and urgency.

02Broker normalizes

Request Broker attaches tenant_id, department_id, actor_id, task_id, correlation_id, and target queue.

03RBAC + policy

Policy engine checks role, department, data owner, scope, risk tier, rate limits, and active approvals.

04Approval decision

Low-risk can auto-approve by policy; sensitive finance/legal/customer/tool actions pause for manager approval.

05Target agent executes

Target department manager assigns a specialist agent with scoped memory and tool permissions.

06Result returned

Only approved fields or artifact links are returned. Raw restricted data can stay inside the owning department.

07Audit + replay

activity_log, audit_logs, approval_requests, tool_egress, and task events preserve the full chain.

Why this is saferboundary design

Agents do not directly scrape another department’s memory or tools. They request work through a broker. The owning department decides what can be returned.

Raw finance data can remain inside Finance.
Marketing receives approved summaries, not unrestricted tables.
Legal opinions require Legal manager approval.
External sends and destructive tool calls remain irreversible_external.

Federation architecturesix-layer model

01People + departmentsemployees · department heads · executives · contractors

02Department tenancytenant_id · department_id · workspace_id · memory namespace · budget profile

03Governance planeRBAC · policies · approval rules · rate limits · audit rules

04Coordination planerequest broker · task router · event bus · queues · heartbeat worker

05Intelligence planemanager agents · specialist agents · Hermes · Claude Code · Codex · Ollama

06Data + toolsSQLite/Postgres-ready store · vector memory · files · GitHub · Supabase · email · terminal

Performance simulatorqueues · workers · audit volume

Task load: 1,000 / hourWorkers: 16

1,440task/hour capacity

69%worker utilization

8mest. queue wait

5,400audit events/hour

Scalability ruleskeep it fast and inspectable

Every request carries tenant_id, department_id, actor_id, task_id, correlation_id.
Hot permissions, tool manifests and rate counters can be cached.
Long work moves to department queues with leases, retries and dead-letter handling.
Vector memory retrieval is scoped by tenant, department, role, task and policy.
Audit logs are append-only and can be partitioned by company/department/time.

Advantage matrixHermes · Paperclip · madarX OS

Dimension	Hermes Agent	Paperclip	madarX OS advantage
Primary shape	Personal runtime for one operator/session.	Company/work control plane and artifacts.	Federated AI workforce: employees, departments, agents, approvals, tools, queues, audit.
Department ownership	Not modeled as departments by default.	Can model org work, but runtime is external.	Each department owns agents, memory namespace, tools, queue, policies and approval manager.
Cross-team work	delegate_task spawns subagents, not company-governed departments.	Tasks/governance exist, but not necessarily local execution.	Brokered cross-department requests with RBAC, policy, manager approval and audit lineage.
Approval strength	Strong command approvals for personal execution.	Governance workflows in control plane.	Approval-first at company boundary: cross-department data, tool scopes, external sends, deploys, finance/legal restrictions.
Execution engines	Hermes itself runs tools and providers.	Adapters phone home; plane can stay separate.	Claude Code, Codex, Hermes, Anthropic, Ollama and future MCP tools behind a single governance layer.
Scalability path	Great single-user/gateway scale.	Org data model scale.	Department queues, worker pools, event bus, policy cache, memory scopes, audit partitions, multi-tenant cloud path.
Business moat	Operator productivity.	Structured autonomous company records.	Accountable AI labor market inside the company: everyone gets agents, and agents can collaborate safely.

Department war-room demolaunch a campaign across six departments

Finance · approval.required

Finance Controller allows summarized campaign budget but blocks raw revenue exports.

Every handoff creates durable task, activity, approval, and audit context. This is the difference between “agents chatting” and an accountable AI organization.

Dimension

Hermes Agent

Paperclip

madarX OS advantage

Primary shape

Personal runtime for one operator/session.

Company/work control plane and artifacts.

Federated AI workforce: employees, departments, agents, approvals, tools, queues, audit.

Department ownership

Not modeled as departments by default.

Can model org work, but runtime is external.

Each department owns agents, memory namespace, tools, queue, policies and approval manager.

Cross-team work

delegate_task spawns subagents, not company-governed departments.

Tasks/governance exist, but not necessarily local execution.

Brokered cross-department requests with RBAC, policy, manager approval and audit lineage.

Approval strength

Strong command approvals for personal execution.

Governance workflows in control plane.

Approval-first at company boundary: cross-department data, tool scopes, external sends, deploys, finance/legal restrictions.

Execution engines

Hermes itself runs tools and providers.

Adapters phone home; plane can stay separate.

Claude Code, Codex, Hermes, Anthropic, Ollama and future MCP tools behind a single governance layer.

Scalability path

Great single-user/gateway scale.

Org data model scale.

Department queues, worker pools, event bus, policy cache, memory scopes, audit partitions, multi-tenant cloud path.

Business moat

Operator productivity.

Structured autonomous company records.

Accountable AI labor market inside the company: everyone gets agents, and agents can collaborate safely.