Collaboration

AgentHub collaboration turns a local agent run into a visible team workflow. This page describes the intended product boundary for shared sessions, reviews, approvals, and integration entries.

Collaboration Surfaces

Surface	Role	Current wording
Desktop	Local operator control and approval	Preview-ready local path
Web	Hub-backed team workbench	Preview/development path
Hub Server	Sessions, projects, devices, routing, audit	In progress
Feishu/Lark	Bot, cards, H5/workbench entry	In development
Remote/Cloud Edge	Authorized non-local execution target	In development

Public docs should not imply that a team can use every surface in production until runtime evidence exists. The correct claim is that the architecture and local preview path are shaped, while full Web + Hub + Edge collaboration is still being completed.

Shared Session Model

A collaborative session should have:

a TokenDance ID subject and product session;
project or workspace context;
a selected Agent Profile and runtime adapter;
a target Edge and workspace policy;
transcript, tool events, diff, artifacts, and approval history;
audit events for routing, permission, and final state.

Desktop may host the local execution view. Web may host the Hub-backed shared view. Hub should be the source for team-visible state and authorization.

Review And Approval Flow

AgentHub should make review steps explicit:

A user or integration creates a task.
Hub records the task and resolves project authorization.
Hub routes to an authorized Edge target.
Edge starts the runtime adapter and streams normalized events.
Desktop/Web renders transcript, tool state, diff, and artifacts.
The user approves or rejects writes, commands, or publish actions.
Hub records the final state and audit events.

If any step is missing, the UI should show a specific blocked state rather than pretending the run is still active.

Team Roles

Use simple role language until a more formal permission model is published:

Role	Typical ability
Owner	Manage project settings, members, devices, and release gates
Maintainer	Start runs, review diffs, approve normal writes
Reviewer	Inspect transcript, diff, and artifacts; comment or request changes
Operator	Run assigned tasks on an authorized Edge
Viewer	Read shared state without approving actions

Authorization remains product-local after TokenDance ID authentication. TokenDance ID tells AgentHub who the user is; AgentHub decides what that user can do.

Integration Entries

External entries should create Hub tasks, not bypass Hub:

Entry	Required boundary
Feishu/Lark bot	Verify event signature, resolve account binding, queue slow work
Feishu/Lark card	Respond within 3 seconds and continue asynchronously
Web request	Use a Hub session and product authorization
Automation	Use a scoped service identity and audit trail
Remote Edge route	Require target authorization and device proof

Feishu OAuth, GitHub OAuth, and Google OAuth belong in TokenDance ID. Product-side integrations should consume TokenDance ID identity and product-local permissions.

Evidence For A Collaboration Claim

Before docs or marketing claim a collaboration capability as live, collect:

Claim	Evidence
Shared transcript	Two authenticated clients see the same run state
Team approval	An approval action records actor, action, target, and result
Web routing	Web creates a task through Hub, not a direct Local Edge
Feishu task	An event verifies signature, resolves binding, creates a Hub task, responds fast
Remote Edge	Hub authorizes target, Edge enforces workspace policy, audit captures route

If evidence is missing, use "in progress" or "in development" wording.

Failure States

Collaboration UI should expose blocked states:

user not authenticated through TokenDance ID;
project membership missing;
Edge unavailable;
runtime adapter unavailable;
workspace policy blocked;
approval required;
integration binding missing;
event queue delayed;
route denied.

Related pages: Hub And Edge, Workflows, Feishu/Lark Integration, and Security.