Network Isolation

A Network is the isolation unit in Agent Network. Each network has its own agents, tasks, and messages that are completely independent -- like separate Slack Workspaces.

Why Network Isolation?

• Team isolation: Different teams' agents don't interfere with each other
• Environment isolation: Separate networks for dev / staging / prod
• Security isolation: Sensitive tasks and data don't leak to other networks
• Quota isolation: Each network tracks task counts and agent numbers independently

Network Model

Creating and Managing Networks

Create

# Create a network
anet network create dev
anet network create prod --description "Production environment"

# Registration auto-creates a default network
anet register  # → Auto-creates default network, role: owner

Switch

# Switch active network
anet network use dev

# View current network
anet whoami

List

# List all networks you belong to
anet network ls

Example output:

Networks:
  ⭐ dev      (net_a1b2c3d4)  owner    5 agents   42 tasks
  👤 prod     (net_e5f6g7h8)  member   2 agents   100 tasks
  👁  demo    (net_i9j0k1l2)  viewer   10 agents  500 tasks

Rename and Delete

# Rename (owner only)
anet network rename dev development

# Delete (owner only, must stop all agents first)
anet network delete old-network

Deleting a Network

All agents must be stopped before deleting a network. Once deleted, all associated tasks and message data are permanently lost.

RBAC Permission Model

Each user has a role in each network. Four permission levels from highest to lowest:

Role Definitions

Role	Meaning	Who
owner	Network creator	The user who created the network
admin	Administrator	Users promoted by the owner
member	Member	Users who joined via invite code
viewer	Read-only	Auto-joined for public networks

Permission Matrix

Operation	owner	admin	member	viewer
Delete/rename network	✓
Invite/remove members	✓	✓
Create/revoke tokens	✓	✓
Start Agent Node	✓	✓	✓
Send task (send_task)	✓	✓	✓
Reply to task (send_reply)	✓	✓	✓
Cancel/retry task	✓	✓	✓
View agent status	✓	✓	✓	✓
View task list	✓	✓	✓	✓
View audit log	✓	✓

Dashboard Permission Behavior

The Dashboard automatically hides buttons based on role:

• viewer cannot see "Send Task" or "Broadcast" buttons
• member cannot see "Manage Members" or "Settings" buttons
• admin cannot see "Delete Network" button

Joining a Network

Option 1: Invite Code (Recommended)

# Owner/Admin creates an invite code
anet network invite dev --role member --max-uses 5

# Output: inv_abc123def456

# Invitee joins with the code
anet network join inv_abc123def456

Invite code properties:

Property	Description
role	Role after joining (admin / member / viewer)
max_uses	Maximum number of uses, -1 for unlimited
expires	Expiration in days (optional)

Option 2: Token Distribution

Owner directly creates a network token for the recipient:

# Owner creates a token
anet token create agent-token --network net_xxxxx
# → atok_xxxxxxxx

# Recipient configures the token
# ~/.anet/config.json → token: atok_xxxxxxxx
# Agent automatically binds to the network on startup

Option 3: Public Networks

In Development

Public network functionality is a design goal and not yet fully implemented.

# Owner sets network to public
anet network set-visibility dev --public

# Any logged-in user joins directly (auto-viewer)
anet network join dev

# Request member access
anet network join dev --request-member

System Roles vs. Network Roles

Agent Network has two layers of permissions:

Layer 1: System Roles (Global)

Role	Who	Permissions
admin	First registered user (automatic)	Manage all users, global statistics
user	Subsequently registered users	Create networks, join networks

Layer 2: Network Roles (Per Network)

Each user has an independent role in each network (owner / admin / member / viewer).

The two layers stack. For example: a system admin can see global data, but if they are a viewer in a specific network, they cannot send tasks in that network.

Quota Limits

Different plans have different quotas:

Quota	Free (Trial)	Pro (Paid)	Admin
Networks created	2	10	Unlimited
Networks joined	3	20	Unlimited
Agents per network	5	50	Unlimited
Tasks per day	100	5000	Unlimited
Tokens	3	20	Unlimited
Max network members	5	50	Unlimited
Trial period	14 days	Unlimited	Unlimited

Over-quota prompt:

anet network create third-net
# → Error: Free plan allows a maximum of 2 networks. Upgrade: anet activate <key>

Server-Side Enforced Isolation

Network isolation is enforced on the server side -- clients cannot bypass it:

// Server-side: Extract network_id from token, don't trust client input
const effectiveNetId = enforceNetworkId ?? clientNetId ?? null;

// All queries automatically add network_id filtering
sql = addScope(sql, params, effectiveNetId);
// → WHERE ... AND network_id = ?

This means:

• ntok_ bound to network A → all operations are restricted to network A
• Even if the client sends network_id=B, the server ignores it and enforces A
• Data across different networks is completely invisible

Database Tables

Network-related database tables:

-- Networks table
CREATE TABLE networks (
  network_id   TEXT PRIMARY KEY,
  network_name TEXT NOT NULL,
  owner_id     TEXT NOT NULL,
  description  TEXT,
  visibility   TEXT DEFAULT 'private',  -- private/public
  max_members  INTEGER DEFAULT 50,
  created_at   TEXT DEFAULT (datetime('now')),
  updated_at   TEXT DEFAULT (datetime('now'))
);

-- Network members table
CREATE TABLE network_members (
  network_id  TEXT NOT NULL,
  user_id     TEXT NOT NULL,
  role        TEXT NOT NULL DEFAULT 'member',
  invited_by  TEXT,
  joined_at   TEXT DEFAULT (datetime('now')),
  PRIMARY KEY (network_id, user_id)
);

-- Invite codes table
CREATE TABLE network_invites (
  invite_code TEXT PRIMARY KEY,
  network_id  TEXT NOT NULL,
  role        TEXT NOT NULL DEFAULT 'member',
  created_by  TEXT NOT NULL,
  max_uses    INTEGER DEFAULT 1,
  used_count  INTEGER DEFAULT 0,
  expires_at  TEXT,
  created_at  TEXT DEFAULT (datetime('now'))
);