Spaces:
Sleeping
Sleeping
| # Multi-Agent Architecture for HuggingClaw World | |
| ## Overview | |
| The HuggingClaw World multi-agent system enables coordinated operation of multiple specialized agents (Adam, Eve, Cain) with role-based access control (RBAC) and inter-agent communication via A2A protocol. | |
| ## Architecture | |
| ### Agent Roles | |
| | Agent | Role | Responsibilities | | |
| |-------|------|-------------------| | |
| | **Adam** | Infrastructure | System-level operations, deployment, monitoring, HuggingFace Space management | | |
| | **Eve** | UI Logic | Frontend rendering, display management, user interface | | |
| | **Cain** | Interaction | User message processing, conversation handling, memory management | | |
| ### File Structure | |
| ``` | |
| .openclaw/ | |
| ├── agents/ | |
| │ ├── registry.json # Agent registry with capabilities and status | |
| │ ├── rbac.py # Role-based access control implementation | |
| │ └── main/ | |
| │ └── sessions/ # Agent session data | |
| ├── workspace/ | |
| │ ├── state.json # Workspace state with multi-agent configuration | |
| │ └── MULTI_AGENT.md # This documentation | |
| ├── cron/ | |
| │ ├── executor.py # Cron job executor with tool registry | |
| │ └── jobs.json # Job configurations | |
| └── openclaw.json # OpenClaw configuration | |
| ``` | |
| ## State Management | |
| ### workspace/state.json | |
| The workspace state file tracks: | |
| - **Multi-agent mode**: Enable/disable multi-agent operation | |
| - **Agent states**: Current status of each agent (active, idle, offline, error) | |
| - **Active agent**: Which agent is currently running | |
| - **Agent communication**: A2A peer endpoints | |
| - **Permissions**: Role-based access control settings | |
| ### agents/registry.json | |
| The agent registry tracks: | |
| - **Agent metadata**: Name, role, workspace, description | |
| - **Capabilities**: Allowed and forbidden tools per agent | |
| - **Health status**: Last check time, status, failure count | |
| - **Communication endpoints**: A2A JSON-RPC endpoints | |
| ## Role-Based Access Control | |
| ### TOOL_REGISTRY | |
| The central `TOOL_REGISTRY` in `rbac.py` defines: | |
| - **Tool metadata**: Description, required authentication level | |
| - **Role mapping**: Which roles can use each tool | |
| - **Permission level**: ALLOWED, FORBIDDEN, or ROLE_SPECIFIC | |
| ### Tool Categories | |
| #### Infrastructure Tools (Adam only) | |
| - `hf_space_status` - Check HuggingFace Space status | |
| - `hf_restart_space` - Restart a HuggingFace Space | |
| - `hf_create_space` - Create a new Space | |
| - `hf_delete_space` - Delete a Space | |
| - `deploy_agent` - Deploy a new agent instance | |
| - `system_monitor` - Monitor system health | |
| - `log_viewer` - View system logs | |
| #### UI Tools (Eve only) | |
| - `ui_render` - Render UI components | |
| - `frontend_update` - Update frontend content | |
| - `bubble_set` - Set speech bubble text | |
| - `chatlog_post` - Post chat log entries | |
| - `display_manage` - Manage display settings | |
| - `theme_update` - Update UI theme | |
| #### Interaction Tools (Cain only) | |
| - `message_send` - Send messages via A2A | |
| - `conversation_process` - Process conversation input | |
| - `memory_read` - Read from agent memory | |
| - `memory_write` - Write to agent memory | |
| - `session_archive` - Archive old sessions | |
| - `context_manage` - Manage conversation context | |
| #### Shared Tools (All agents) | |
| - `health_check` - Perform health check | |
| - `get_status` - Get agent status | |
| - `agent_ping` - Ping another agent | |
| ## Usage | |
| ### Initialize the RBAC System | |
| ```python | |
| from .openclaw.agents.rbac import MultiAgentSystem, check_permission, filter_tools_for_agent | |
| # Get the RBAC system instance | |
| rbac = MultiAgentSystem() | |
| # Check if current agent can use a tool | |
| if rbac.check_tool_permission("hf_restart_space"): | |
| # Execute the tool | |
| pass | |
| # Get allowed tools for current agent | |
| allowed_tools = rbac.get_allowed_tools() | |
| # Get peer agents for A2A communication | |
| peers = rbac.get_peers() | |
| ``` | |
| ### Permission Checking | |
| ```python | |
| # Check permission for a specific agent | |
| from .openclaw.agents.rbac import check_permission | |
| # Check if Cain can use a tool | |
| can_use = check_permission("message_send", "cain") | |
| # Check if Adam can use a tool | |
| can_restart = check_permission("hf_restart_space", "adam") | |
| ``` | |
| ### Filter Tools for Agent | |
| ```python | |
| from .openclaw.agents.rbac import filter_tools_for_agent | |
| all_tools = ["hf_restart_space", "ui_render", "message_send"] | |
| # Filter for Cain | |
| cain_tools = filter_tools_for_agent(all_tools, "cain") | |
| # Returns: ["message_send"] | |
| # Filter for Eve | |
| eve_tools = filter_tools_for_agent(all_tools, "eve") | |
| # Returns: ["ui_render"] | |
| ``` | |
| ## A2A Communication | |
| Agents communicate via A2A (Agent-to-Agent) JSON-RPC protocol: | |
| ```python | |
| import requests | |
| def send_a2a_message(agent_url, message): | |
| """Send message to another agent via A2A""" | |
| payload = { | |
| "jsonrpc": "2.0", | |
| "id": f"msg-{int(time.time())}", | |
| "method": "message/send", | |
| "params": { | |
| "message": { | |
| "messageId": f"msg-{int(time.time())}", | |
| "role": "user", | |
| "parts": [{"type": "text", "text": message}] | |
| } | |
| } | |
| } | |
| response = requests.post(f"{agent_url}/a2a/jsonrpc", json=payload, timeout=90) | |
| return response.json() | |
| ``` | |
| ## Backward Compatibility | |
| The system maintains full backward compatibility with single-agent workflows: | |
| ### Legacy Mode | |
| ```python | |
| # Enable legacy mode for single-agent operation | |
| rbac = MultiAgentSystem(legacy_mode=True) | |
| # In legacy mode, all tools are available | |
| allowed_tools = rbac.get_allowed_tools() # Returns all tools | |
| ``` | |
| ### Convenience Functions | |
| ```python | |
| from .openclaw.agents.rbac import can_use_tool, get_available_tools | |
| # Single-agent compatible API | |
| if can_use_tool("some_tool"): | |
| # Execute tool | |
| pass | |
| # Get all available tools for current agent | |
| tools = get_available_tools() | |
| ``` | |
| ## Configuration | |
| ### Environment Variables | |
| - `AGENT_NAME` - Name of the current agent (adam, eve, cain) | |
| - `SPACE_ID` - HuggingFace Space ID (used for auto-detection) | |
| - `A2A_PEERS` - Comma-separated list of peer agent URLs | |
| ### Multi-Agent Enable/Disable | |
| Set in `workspace/state.json`: | |
| ```json | |
| { | |
| "multi_agent_enabled": true, | |
| "legacy_mode": false | |
| } | |
| ``` | |
| ## Agent Detection | |
| The system auto-detects the current agent based on: | |
| 1. `AGENT_NAME` environment variable | |
| 2. `SPACE_ID` environment variable | |
| 3. Defaults to "cain" if not found | |
| ## Health Monitoring | |
| Agent health is tracked in the registry: | |
| ```json | |
| { | |
| "health": { | |
| "last_check": "2026-03-14T00:00:00Z", | |
| "status": "healthy", | |
| "failures": 0 | |
| } | |
| } | |
| ``` | |
| Status values: `healthy`, `degraded`, `error`, `unknown` | |
| ## Error Handling | |
| - Permission denied: Tool execution is blocked with log message | |
| - Unknown tool: Warning logged, execution blocked | |
| - Agent not found: Returns empty info dict | |
| - Invalid role: Defaults to INTERACTION role | |
| ## Security | |
| - Infrastructure tools require authentication | |
| - Dangerous tools (restart, delete) marked in registry | |
| - Role-based isolation prevents cross-role tool access | |
| - A2A communication uses token-based auth | |
| ## Future Extensions | |
| Potential additions: | |
| - Dynamic tool registration | |
| - Agent capability discovery | |
| - Load balancing across agents | |
| - Agent migration and failover | |
| - Resource quota management | |
| - Audit logging | |
| ## Migration Guide | |
| To migrate from single-agent to multi-agent: | |
| 1. Create `workspace/state.json` with multi-agent configuration | |
| 2. Create `agents/registry.json` with agent definitions | |
| 3. Update code to use `rbac.py` for permission checks | |
| 4. Add A2A communication for inter-agent messages | |
| 5. Test in legacy mode first, then enable multi-agent | |
| ## Troubleshooting | |
| ### Agent not detected | |
| Check environment variables: | |
| ```bash | |
| echo $AGENT_NAME | |
| echo $SPACE_ID | |
| ``` | |
| ### Permission denied | |
| Verify tool is in agent's allowed list in `registry.json` | |
| ### A2A communication fails | |
| Check peer endpoints are reachable: | |
| ```bash | |
| curl https://peer-agent.hf.space/a2a/jsonrpc | |
| ``` | |
| ### Multi-agent mode not working | |
| Verify `multi_agent_enabled: true` in `workspace/state.json` | |