Sheet 02 · Layer M2–M6 · Drawn by the-metafactory · Living document

Myelin

The seven-layer protocol stack for the agentic nervous system. One schema for all signals; sovereignty travels with the message.

Source on GitHub ↗ Architecture spec ↗

Why a stack and not a thing

Multi-agent systems start point-to-point and end up impossible. Discord glue here, ad-hoc webhooks there, an undocumented JSON shape one team agreed on six months ago. The problem isn't any single connection — it's that everything is a single connection.

Myelin imports the OSI discipline. Narrow inter-layer contracts. Swappable implementations. Cross-layer concerns named explicitly. The model that kept TCP/IP coherent for forty years applies without modification to the protocol stack agents need.

The seven layers

┌─────────────────────────────────────────────────────────────┐ │ M7 SURFACES cortex · pilot · signal-collector │ per app ├─────────────────────────────────────────────────────────────┤ │ M6 COMPOSITION pipeline · fan-out/fan-in · │ myelin │ request/reply · negotiation │ ├─────────────────────────────────────────────────────────────┤ │ M5 DISCOVERY capability registry · │ myelin │ manifest queries · type matching │ ├─────────────────────────────────────────────────────────────┤ │ M4 IDENTITY signed_by chain · principal verify · │ myelin │ sovereignty attestation │ ├─────────────────────────────────────────────────────────────┤ │ M3 ENVELOPE schema · canonical form · │ myelin │ sovereignty metadata · namespace │ ├─────────────────────────────────────────────────────────────┤ │ M2 TRANSPORT abstract bus · pub/sub · req/reply · │ myelin │ delivery guarantees · subjects │ ├─────────────────────────────────────────────────────────────┤ │ M1 CONNECTIVITY TCP · TLS · NATS leaf-node topology │ upstream │ (out of scope) │ └─────────────────────────────────────────────────────────────┘

M1 — Connectivity out of scope

Internet plumbing. TCP, TLS, NATS server topology, leaf nodes, federation links. Myelin assumes M1 provides authenticated, encrypted, ordered byte streams. We name it so the dependency is visible; we do not define it.

M2 — Transport shipped

An abstract bus with pub/sub and request/reply semantics, subject-based addressing, and explicit delivery guarantees. Higher layers compose against the Transport interface — they do not import NATS directly. NATS is the production implementation; an in-memory implementation drives tests.

M3 — Envelope shipped

The wire format every message uses: canonical schema, ID conventions, timestamp rules, sovereignty metadata, NATS subject namespace, and the boundary between signable and mutable fields. The envelope is the unit of sovereignty travel — sovereignty travels with the message is an M3 invariant.

{
  "id":             "01H8XJ9VYK…",
  "source":         "org.agent.instance",
  "type":           "domain.entity.action",
  "timestamp":      "2026-05-11T14:33:00Z",
  "correlation_id": "01H8XJ…",
  "sovereignty": {
    "classification": "internal",
    "residency":      "EU",
    "model_class":    "frontier-ok"
  },
  "payload":    { … },
  "extensions": { … }
}

M4 — Identity shipped (single-stamp)

Verifiable principal per envelope. A signed signed_by chain that crosses transports — the receiver knows who sent this even if the message traversed a hub, a leaf node, and a webhook bridge on the way. Single-stamp landed (MY-400 / myelin#8). Chain-of-stamps proposal is open at myelin#31.

M5 — Discovery spec pending

Runtime "what's out there?" — capability registry, manifest queries, type matching. The reason an agent can ask the network "who can OCR an invoice for a German vendor under EU residency?" and get a list back. Tracked at myelin#9.

M6 — Composition spec pending

Patterns above the single message: pipeline, fan-out / fan-in, request/reply with timeout, negotiation. Think middleware, not transport. Tracked at myelin#10.

M7 — Surfaces external — per app

Applications that consume M2–M6. Cortex is one. Pilot is another. Signal-collector a third. Each is its own repo, its own contract, its own deploy. M7 is plural by design.

Sovereignty as a first-class field

Most messaging systems attach policy outside the message — an external ACL, a policy server, a sidecar. Myelin disagrees. Each envelope carries the classification, residency, and model constraints directly inside it.

Sovereignty travels with the message.

Two consequences. First, a single envelope can be evaluated for compliance without a database round-trip — any layer above M3 reads the same field. Second, when the envelope is archived, replayed, or forwarded, the policy moves with it. There is no separate "what was allowed at the time" lookup, because the answer is in the envelope.

The NATS namespace

Three subject prefixes determine reach:

local.{org}.{domain}.{entity}.{action}     # never leaves org boundary
federated.{org}.{domain}.{entity}.{action} # cross-org, sovereignty-gated
public.{domain}.{entity}.{action}          # unrestricted

The prefix is structural, not advisory. A subscriber on the public.* wildcard cannot accidentally see local.* traffic, because the leaf-node topology never forwards it.

Status & roadmap

M2 Transport — implemented (NATS + InMemory). Closed at myelin#12.
M3 Envelope — implemented. Schema at schemas/envelope.schema.json; namespace at specs/namespace.md.
M4 Identity — single-stamp shipped (MY-400). Chain proposal open at myelin#31.
M5 Discovery — spec in flight (myelin#9).
M6 Composition — spec in flight (myelin#10).
Cross-layer — sovereignty enforcement protocol cuts M2 / M3 / M4 (myelin#11).

How to read this

The architecture document in the repo is the source of truth. This page is the entry ramp. Every spec change that adds, removes, or alters a layer's contract updates the architecture document in the same PR — a layered architecture only stays coherent if the doc and the code change together.

Open the myelin repo ↗ Next: cortex →