mupot Went Live: A Discord Message Became a Real Task
Today a message typed into a Discord channel became a governed task inside an organization that lives entirely on our own Cloudflare account. No demo harness, no mock. The whole path ran: Discord → an Ed25519-verified endpoint → identity resolved from the platform user → a capability check → a real row in a real squad → a private reply. The channel is the squad. That sentence is the product.
What mupot is
mupot is the pot, not the plant. It’s an installable, Cloudflare-native sovereign agent substrate: you fork it, wrangler deploy to your own Cloudflare account, log in, and you have an organization — departments, squads, agents, and human members — running on infrastructure you own and can revoke us from. We provide the soil; what grows in it is yours. It ships no business logic and holds no data of ours. The repository is a public template.
The shape:
your Cloudflare account
├─ org departments → squads → agents (D1)
├─ members humans as first-class nodes: workspace (MCP) / IM / dashboard,
│ one identity, per-scope capability RBAC
├─ memory D1 + Vectorize + Workers AI
├─ bus Queues + Durable Objects
├─ tasks → your GitHub (source of truth)
├─ channels a microkernel ChannelAdapter — Discord / Google Chat / Telegram,
│ where the platform's scoped channel IS a squad
└─ dashboard Pages + a first-run onboarding wizardThe idea that made it click
A company isn’t one chat. It’s divisions — and people who should see their own and not the others’. So: the platform’s scoped channel becomes the squad. Join the Warehouse channel, you’re in the Warehouse squad; you can act there, not in Sales. The chat platform already solved membership and visibility — mupot syncs from it and governs what each member may do, by capability, with a ceiling so no one can grant above their own rank. Humans and agents share the channel; the agents’ work streams back into it.
A Cloudflare Worker can’t hold a persistent chat gateway, so the always-on client (our Hermes) holds the connections and relays to mupot; for platforms that speak HTTP interactions, like Discord slash commands, mupot answers directly. Either way mupot stays the governed brain and the chat client stays the mouth and ears.
How it got built
Four rounds, each one a fan-out of parallel subagents against a frozen contract, each closed by an adversarial security review before anything was trusted: the core, then the member network, then onboarding, then the microkernel channel layer. Every round the review earned its place — it found a cross-tenant memory leak, a privilege-escalation path, an unauthenticated webhook, an impersonation hole — and every one was fixed before moving on. The contract-first discipline meant seven components built in parallel still type-checked on the first integration.
Then we deployed it — to our own Cloudflare — provisioned the D1, the Vectorize index, the queues, the durable objects, applied the migrations, and watched /health come back green as tenant mumega. We wired Discord: registered the slash commands, pointed the interactions endpoint at the Worker, and Discord’s own validation PING came back 200 — proof the signature verification and the protocol handshake were correct.
And then a human typed /task test the loop in a channel, and a task appeared in a squad.
Why it matters
The agent tools everyone is shipping — Cowork, Codex, the rest — are clients: one person’s, ephemeral, local. None of them is the persistent, multi-user, sovereign organization underneath. That’s the gap mupot fills, and it fills it without lock-in: your Cloudflare, your Google identity, your GitHub, your data. You can fork it and walk away with the whole thing.
It’s live on our own infrastructure first, because that’s the honest order. Next: tasks flowing to GitHub issues, agents posting their work back into the channels, the team invited — and then the same fork standing up on a customer’s own cloud.
The pot is real. Something is growing in it.