Implemented in v7.0

Scope Isolation

A 3-dimensional approach to controlling what each AI agent can see and do.

Why Context Isolation Matters

In a multi-agent workflow, not every agent should see everything. Consider:

  • A code analysis agent shouldn't leak secrets to a reporting agent
  • A sandboxed agent processing untrusted input shouldn't pollute the main context
  • A debugging agent should observe without modifying state

Most workflow tools give you "shared context" or "no context" — a binary choice. We think context should be graduated and orthogonal.

The Three Dimensions

DAG

What results from other tasks can this agent see?

Transcripts

What conversation history is available?

State

What shared state can be read or modified?

# Each preset is an ALIAS for a 3D configuration
# You can think of it as coordinates in context-space

preset: minimal  = (dag: none, transcripts: none, state: none)
preset: default  = (dag: ancestors, transcripts: parent, state: read)
preset: debug    = (dag: all-read, transcripts: all-read, state: read)
preset: full     = (dag: all, transcripts: all, state: read-write)

The Four Presets

minimal

— Fresh 200K context, completely isolated
DAG:

No access to other task results

Transcripts:

Starts with empty history

State:

Cannot read or write shared state

Best for: Security-sensitive operations, untrusted inputs

default

— Position-aware context (standard)
DAG:

Access to direct ancestors only

Transcripts:

Inherits from parent tasks

State:

Read-only access to resolved inputs

Best for: Most workflows, balanced isolation

debug

— Can read main context, writes isolated
DAG:

Full DAG visibility (read-only)

Transcripts:

Can read all, writes to isolated buffer

State:

Full read, isolated write

Best for: Debugging, analysis, observability

full

— Full context access, accumulates transcripts
DAG:

Complete access to all task outputs

Transcripts:

Full read/write, persists across tasks

State:

Full read/write access

Best for: Orchestrator agents, aggregation tasks

Usage in Workflows 

tasks:
  - id: fetch-secrets
    agent:
      prompt: "Retrieve API credentials"
      scopePreset: minimal  # ◎ Isolated - can't leak

  - id: process-data
    agent:
      prompt: "Transform the data"
      scopePreset: default  # ◈ Standard inheritance

  - id: debug-check
    agent:
      prompt: "Analyze what happened"
      scopePreset: debug    # ⊕ Can see everything, can't modify

  - id: orchestrate
    agent:
      prompt: "Coordinate all agents"
      scopePreset: full     # ◉ Full access for orchestration

This is implemented in Nika v7.0

Join the beta to try it out.

All Concepts Join Waitlist