M+C
Nervous-system stack · №01 myelin + cortex
SHEET 02 / 04 · MYELIN FIG. M.0 — STACK OVERVIEW SOVEREIGNTY · M3 NATS · M1–M2 MMXXVI

Sheet 02 · Layer M2–M6 · Drawn by the-metafactory · Living document

Myelin

The seven-layer protocol stack for the agentic nervous system. One schema for all signals; sovereignty travels with the message.

Source on GitHub ↗ Architecture spec ↗

Why a stack and not a thing

Multi-agent systems start point-to-point and end up impossible. Discord glue here, ad-hoc webhooks there, an undocumented JSON shape one team agreed on six months ago. The problem isn't any single connection — it's that everything is a single connection.

Myelin imports the OSI discipline. Narrow inter-layer contracts. Swappable implementations. Cross-layer concerns named explicitly. The model that kept TCP/IP coherent for forty years applies without modification to the protocol stack agents need.

The seven layers

The myelin protocol stack drawn as seven horizontal layers, M7 SURFACES on top through M1 CONNECTIVITY on the bottom. M3 ENVELOPE highlighted in accent red. Right-side ownership column marks layers as 'per app', 'myelin', or 'upstream'.
FIG. M.0 — Protocol stack section · M7 down to M1

M1 — Connectivity out of scope

Internet plumbing. TCP, TLS, NATS server topology, leaf nodes, federation links. Myelin assumes M1 provides authenticated, encrypted, ordered byte streams. We name it so the dependency is visible; we do not define it.

M2 — Transport shipped

An abstract bus with pub/sub and request/reply semantics, subject-based addressing, and explicit delivery guarantees. Higher layers compose against the Transport interface — they do not import NATS directly. NATS is the production implementation; an in-memory implementation drives tests.

M3 — Envelope shipped

The wire format every message uses: canonical schema, ID conventions, timestamp rules, sovereignty metadata, NATS subject namespace, and the boundary between signable and mutable fields. The envelope is the unit of sovereignty travel — sovereignty travels with the message is an M3 invariant. Full spec: docs/envelope.md ↗.

Exploded technical drawing of a myelin envelope. Leader lines call out each field — id, source, type, timestamp, correlation_id, payload, extensions. The sovereignty field is drawn in accent red with a separate callout box listing classification, residency, model_class, ttl_seconds.
FIG. M.3 — Envelope anatomy · the sovereignty field highlighted in red
{
  "id":             "01H8XJ9VYK…",
  "source":         "org.agent.instance",
  "type":           "domain.entity.action",
  "timestamp":      "2026-05-11T14:33:00Z",
  "correlation_id": "01H8XJ…",
  "sovereignty": {
    "classification": "internal",
    "residency":      "EU",
    "model_class":    "frontier-ok"
  },
  "payload":    { … },
  "extensions": { … }
}

M4 — Identity shipped

Verifiable principal per envelope. A signed signed_by chain that crosses transports — the receiver knows who sent this even if the message traversed a hub, a leaf node, and a webhook bridge on the way. Each stamp commits to the prior chain, so tampering with any earlier stamp invalidates every downstream signature. Full spec: docs/identity.md ↗.

M5 — Discovery shipped

Runtime "what's out there?" — capability registry, manifest queries, type matching. The reason an agent can ask the network "who can OCR an invoice for a German vendor under EU residency?" and get a list back.

A KV-backed signed registry. Agents self-advertise their capabilities with their own Ed25519 key over JCS-canonicalised advertisements; a 60-second TTL with 30-second renewal turns a missed heartbeat into a clean disappearance. Consumers query, filter, and dispatch — no static manifest, no out-of-band coordination. Full spec: docs/discovery.md ↗.

M6 — Composition spec pending

Patterns above the single message: pipeline, fan-out / fan-in, request/reply with timeout, negotiation. Think middleware, not transport.

M7 — Surfaces external — per app

Applications that consume M2–M6. Cortex is one. Pilot is another. Signal-collector a third. Each is its own repo, its own contract, its own deploy. M7 is plural by design.

Sovereignty as a first-class field

Most messaging systems attach policy outside the message — an external ACL, a policy server, a sidecar. Myelin disagrees. Each envelope carries the classification, residency, and model constraints directly inside it.

Sovereignty travels with the message.

Two consequences. First, a single envelope can be evaluated for compliance without a database round-trip — any layer above M3 reads the same field. Second, when the envelope is archived, replayed, or forwarded, the policy moves with it. There is no separate "what was allowed at the time" lookup, because the answer is in the envelope.

The NATS namespace

Three subject prefixes determine reach:

Plan-view diagram of two organisations. The local.* route stays inside ORG-A as a closed loop. The federated.* route crosses between ORG-A and ORG-B through a sovereignty gate drawn in accent red. The public.* route runs unrestricted along the bottom.
FIG. M.3a — Namespace plan view · three prefixes, one gate
local.{org}.{domain}.{entity}.{action}     # never leaves org boundary
federated.{org}.{domain}.{entity}.{action} # cross-org, sovereignty-gated
public.{domain}.{entity}.{action}          # unrestricted

The prefix is structural, not advisory. A subscriber on the public.* wildcard cannot accidentally see local.* traffic, because the leaf-node topology never forwards it.

Status & roadmap

How to read this

The architecture document in the repo is the source of truth. This page is the entry ramp. Every spec change that adds, removes, or alters a layer's contract updates the architecture document in the same PR — a layered architecture only stays coherent if the doc and the code change together.

Open the myelin repo ↗ Next: cortex →