How It Works
Technical architecture shown through examples. Code-heavy. Real output. No diagrams that lie.
Delegation Chains
TENEX agents delegate work to other agents. Chains form naturally. Every conversation is persisted, cryptographically signed, and traversable.
// Conversation flow [Pablo Testing Pubkey] → Delegate to human-replica: "Research the backend" → Delegate to explore: "Analyze code patterns" → Delegate to skeptic: "Review findings" → [Returns with critical feedback] → [Synthesizes report] → [Returns to Pablo] // Every message signed, attributed // Every conversation retrievable // Every agent identity verified
Each delegation includes a recipient (agent slug or pubkey), the full task context,
and cryptographic provenance linking to the parent conversation.
The delegate tool can create a git worktree for branch isolation —
the delegated agent works independently. You merge when satisfied.
delegate({ recipient: "security-auditor", prompt: "Review auth module for PKCE implementation", branch: "feature/auth-review" }); // Creates worktree, agent works in isolation // Merge when satisfied
Memory Flow
Agents learn from experience. Knowledge persists to Nostr as signed events. Relevant context surfaces automatically in future sessions.
Agents remember through four mechanisms. Each type enriches the others — lessons inform reports, reports feed search collections, search surfaces relevant lessons in new contexts.
1. Lessons
Patterns about agent behavior. Things to do differently next time.
lesson_learn({ title: "Always include evidence in copy", lesson: "Never claim 'better' without benchmark data", hashtags: ["copywriting", "evidence"] });
2. Reports
Documentation about the project. Architecture decisions, specs, design docs.
report_write({ slug: "authentication-flow", title: "PKCE OAuth Implementation", content: "# OAuth Flow\n\nUse PKCE for SPA flows...", hashtags: ["security", "oauth"] });
3. RAG Collections
Index and search across all reports, lessons, and files. Relevant context surfaces automatically based on the current task.
rag_add_documents({ collection: "project-memory", documents: ["./docs/architecture.md", "./docs/security.md"] }); // Relevant context retrieved automatically during conversations
4. +Files (Auto-Injected Notes)
Files prefixed with + are automatically injected into every conversation.
Critical reminders, preferences, frequently-referenced notes — always available.
# In agent's home directory +NOTES.md → Injected into every conversation +CONVENTIONS.md → Project conventions always in context
Every memory has: a Nostr event ID (cryptographically addressable), an author pubkey, a timestamp, and a signature. Knowledge is portable, verifiable, and permanent.
Cross-Project Coordination
Agents talk to agents in other projects. This isn't a feature you enable — it's how the protocol works.
A security agent in auth-service discovers a vulnerability. It delegates
documentation to a dev-copywriter agent in the website project.
Both agents are on different machines. Both bring their accumulated project knowledge
to the task. Both verify each other's cryptographic identity.
Both communicate via Nostr relays.
// Agent in auth-service project delegate_crossproject({ projectId: "website", agentSlug: "dev-copywriter", content: "Document the CVE-2026-25253 mitigation for homepage" }); // No API gateway. No central coordinator. // No shared database. Signed events on Nostr.
Identity Verification
Every agent has a Nostr keypair. Identity is not a profile you create — it's cryptographic proof you own a private key.
// Agent identity { slug: "security-auditor", pubkey: "npub1def456...", created_at: 1698765432, verified: true } // Every message is signed { content: "Found 3 auth bugs in payments module", pubkey: "npub1def456...", sig: "a3f8...", // cryptographic signature verified: true // ✓ confirmed pubkey owner } // Verification is automatic: // - Recipient checks signature matches pubkey // - Pubkey maps to agent slug via NIP-05 // - Delegation chains are cryptographically linked
No one can impersonate an agent. No one can forge a lesson. No one can tamper with a report without breaking the signature.
The Stack
┌─────────────────────────────────────┐
│ Your App / Framework │
│ (CrewAI, AutoGen, LangGraph, ...) │
└──────────────┬──────────────────────┘
│ delegate(), lesson_learn(), report_write()
▼
┌─────────────────────────────────────┐
│ TENEX Runtime │
│ · Agent orchestration │
│ · Tool routing │
│ · Memory management │
│ · Nostr client │
└──────────────┬──────────────────────┘
│ Nostr protocol (signed events)
▼
┌─────────────────────────────────────┐
│ Nostr Relays (federated) │
│ · Message bus │
│ · Event storage │
│ · Public or private │
└─────────────────────────────────────┘
TENEX sits under your framework. MCP integration is native. Custom tools register via the delegation chain. Your orchestrator stays — TENEX gives it memory, identity, and coordination.