No-scratch runtime cockpit

Run powerful agent engines inside governed execution chambers.

The chamber is where OpenClaw, Hermes, OpenCode, browser automation, sandboxes, terminals, diffs, and evals become one reviewable operating surface with leases, receipts, approval gates, and rollback lineage.

Inspect Runtime Fabric Open WorkGraph Ledger

execution-chamber://run/verified-pr

11:45:02objective.boundcontrol-plane

failed build mapped to repo/path lease

11:45:18runtime.attachopenclaw

workspace mounted read/write inside branch authority

11:45:31tool.callopencode

npm test plan emitted; destructive commands denied

warn

11:46:04browser.captureexecution-chamber

console screenshot + network trace stored as artifact

11:46:40quality.gatequality-lab

typecheck/lint/build/API pytest queued as required proof

hold

11:47:12approval.waitgovernance-core

PR handoff blocked until human accepts Proof Packet

blocked

graphwrapped

WorkGraph rail

Objective, task, lease, receipt, proof, rollback, and approval nodes stay visible while runtimes work.

apps/gitclaw · apps/gitwork · apps/gitpilot

terminalwrapped

Runtime terminal

Terminal-like execution streams are shown as governed receipts, not raw vendor sessions.

OpenClaw · Hermes Agent · OpenCode

editorwrapped

Diff / artifact editor

Changed files, generated artifacts, reviewer notes, and risk annotations sit beside the run trace.

code-server · Monaco · PR trust assets

sandboxwrapped

Browser + sandbox trace

Screenshots, DOM actions, command logs, side effects, and egress policy become proof evidence.

Playwright · browser-use · E2B · open-shell

WorkGraph Studio surface

Graph, terminal, editor, and proof panes share one run state.

WorkGraph railRuntime terminalDiff / artifact editorBrowser + sandbox trace

diff / artifact editor

Reviewer-ready artifact rail

@@ governed-run.patch
+ runtime: OpenClaw
+ chamber: sandbox_required
+ proof_refs: [trace, tests, rollback]
- raw vendor session
+ AgentFoundry receipt

ToolMesh capabilities

Tools are policy-bound capabilities, not loose plugins.

GitHubread/write gated — issues, refs, checks, PR handoffapproval_required

Shellsandboxed — commands emit receipts, logs, artifacts, side effectsleased

Browserobserved — Playwright/browser-use traces become review evidenceleased

MCP + skillscapability contract — OAuth/resource scopes, denial receipts, proof refsreview

Evalsquality gate — verifiers, guardrails, replay, risk scoringapproval_required

rollback inspector

Every material action carries a rollback anchor.

rb-00baselineorigin/main before runtime leaseanchor

rb-01patch draftgenerated diff and artifacts are reversibleready

rb-02test evidencefailed checks keep the run in retry/narrow statereview

rb-03handoffapproval creates PR-ready packet; rejection marks supersededblocked

Quality Lab

Proof review is compiled from live chamber evidence.

AgentFoundry keeps vendor runtimes underneath the contract and promotes only receipts, traces, artifacts, policy decisions, risk notes, and rollback refs to the human reviewer.

quality gate

Static gates

typecheck · lint · build

required before Proof Packet can be review-ready

quality gate

Runtime gates

terminal receipt · browser trace · sandbox egress

proves execution chamber behavior, not just final output

quality gate

Policy gates

OPA/OpenFGA decision · lease state · approval class

prevents raw runtime power from leaking into customer workflow

quality gate

Evidence gates

logs · screenshots · artifacts · rollback refs

lets the reviewer approve, retry, narrow, or stop with context