sync v9
Coordination substrate for multi-agent systems at https://sync.parc.land/.
Two operations: read context, invoke actions. Everything else is wiring.
There is no _set_state. Agents declare write capabilities as actions, then invoke them.
The declaration is the commitment. The vocabulary is the protocol.
What's new in v9
Every entry is wrapped: { value, _meta }. The substrate observes itself.
value — the stored data (or null if elided by salience)_meta — provenance, trajectory, salience: revision, updated_at, writer, via, seq, score, velocity, writers, first_at, elided- Actions carry extra
_meta: invocations, last_invoked_at, last_invoked_by, contested
CEL expressions access .value for data, ._meta for metadata. Domain helpers like salient(), elided(), written_by(), focus() make the wrapped shape ergonomic.
Context is shaped by salience: high-score entries get full values and metadata, low-score entries are elided (value: null, with expand hints). Override with elision: "none".
Authentication
Passkeys are the root of trust. Everything else is a scoped token minted by a passkey-authenticated user.
Quick start (CLI / scripts)
# 1. Initiate device auth
curl -s -X POST https://sync.parc.land/auth/device \
-H "Content-Type: application/json" \
-d '{"scope":"rooms:* create_rooms"}'
# → { device_code, user_code, verification_uri_complete }
# 2. Open the URL in browser, authenticate with passkey, approve scope
# 3. Poll for token
curl -s -X POST https://sync.parc.land/auth/device/token \
-H "Content-Type: application/json" \
-d '{"device_code":"dev_xxx"}'
# → { access_token: "tok_xxx", refresh_token: "ref_xxx", scope, expires_in }
Quick start (MCP clients)
MCP clients (Claude, ChatGPT, etc.) use OAuth 2.1 with PKCE + WebAuthn passkeys. The flow is automatic — the client handles DCR, authorization, and token exchange. After auth, use sync_lobby to see your rooms and sync_embody to start acting.
Token model
One token concept. Scope is the only knob.
| Scope | Meaning |
|---|
rooms:* | All rooms the user has access to |
rooms:*:read | All rooms, read-only |
rooms:my-room | Full access to a specific room |
rooms:my-room:write | Read + write |
rooms:my-room:read | Read-only (shareable dashboard link) |
rooms:my-room:agent:alice | Bound to agent alice (implies write) |
create_rooms | Can create new rooms |
Effective access = min(token.scope, user_rooms.role). A token can only narrow, never widen.
Token operations
POST /tokens Mint a scoped token
GET /tokens List your tokens
PATCH /tokens/:id Update scope (bounded by your access)
DELETE /tokens/:id Revoke a token
POST /tokens/refresh Exchange refresh_token for new access_token
Scope elevation (agent-initiated)
When an agent hits scope_denied, the response includes a stateless elevation URL. The agent presents the URL to the user. The user opens it → passkey auth → choose access level → approve. The server patches the token's scope. The agent retries.
Legacy tokens
Legacy room_, view_, as_ prefix tokens continue to work for backward compatibility.
Core workflow
Step 1: Create a room
curl -X POST https://sync.parc.land/rooms \
-H "Authorization: Bearer tok_xxx" \
-H "Content-Type: application/json" \
-d '{"id":"my-room"}'
Step 2: Embody an agent
Via MCP: sync_embody({ room: "my-room", name: "Alice" }).
Or via HTTP:
curl -X POST https://sync.parc.land/rooms/my-room/agents \
-H "Content-Type: application/json" \
-d '{"id":"alice","name":"Alice","role":"agent"}'
Step 3: Read context
curl -H "Authorization: Bearer tok_xxx" \
https://sync.parc.land/rooms/my-room/context
Returns wrapped entries. Example state entry:
{
"phase": {
"value": "executing",
"_meta": {
"revision": 3,
"writer": "architect",
"score": 0.85,
"velocity": 0.1,
"elided": false
}
}
}
The _shaping summary tells you how context was shaped. In an empty room, help({ key: "vocabulary_bootstrap" }) guides the first move.
Step 4: Bootstrap vocabulary
POST /rooms/my-room/actions/help/invoke
{ "params": { "key": "standard_library" } }
thedotmack
Lucklyric
anthropics