docs: add Federation Architecture design document

Captures: - Peer-to-peer federation model (master/spoke) - Agent Federation Protocol (CONNECT, QUERY, COMMAND, EVENT, DISCONNECT) - Authentik integration for enterprise SSO and RBAC - Data sovereignty principles (query, don't replicate) - RBAC model with workspace/team hierarchy - Implementation phases targeting 0.1.0 MVP - Versioning policy (0.0.x dev, 0.1.0 MVP, 1.0.0 stable)
2026-01-29 17:25:57 -06:00
parent a5b984c7fd
commit 82a09373e0
2 changed files with 888 additions and 0 deletions
--- a/docs/design/README.md
+++ b/docs/design/README.md
@@ -70,4 +70,44 @@ When creating a new design document:

 ---

+### [Federation Architecture](./federation-architecture.md)
+
+**Status:** Design Phase  
+**Version:** 0.0.1  
+**Date:** 2025-01-29
+
+Multi-instance federation enabling cross-organization collaboration, work/personal separation, and enterprise control with data sovereignty.
+
+**Key Features:**
+- Peer-to-peer federation (every instance can be master and/or spoke)
+- Authentik integration for enterprise SSO and RBAC
+- Agent Federation Protocol for cross-instance queries and commands
+- Data sovereignty (query in place, never replicate)
+- Single pane of glass aggregating multiple instances
+
+---
+
+### [Multi-Tenant RLS](./multi-tenant-rls.md)
+
+**Status:** Implemented  
+**Version:** 1.0  
+**Date:** 2025-01-29
+
+PostgreSQL Row-Level Security for workspace isolation and defense-in-depth multi-tenancy.
+
+---
+
+## Contributing
+
+When creating a new design document:
+
+1. Copy the structure from an existing document
+2. Use ASCII diagrams for architecture (keep them simple)
+3. Include code examples in TypeScript
+4. Specify database schema in SQL (PostgreSQL dialect)
+5. Add implementation phases with clear milestones
+6. Update this README with a summary
+
+---
+
 **Last Updated:** 2025-01-29