Governed execution console

Run powerful coding-agent lanes inside governed execution chambers.

The chamber is where governed execution, browser traces, sandboxes, terminals, diffs, and evaluations become one reviewable operating surface with leases, receipts, approval gates, and rollback anchors.

Inspect execution docs Open delivery graph

execution-chamber://run/verified-pr

11:45:02objective.boundcontrol-plane

failed build mapped to repo/path lease

11:45:18runtime.attachexecution-host

workspace mounted read/write inside branch authority

11:45:31tool.callimplementation-lane

npm test plan emitted; destructive commands denied

warn

11:46:04browser.captureexecution-chamber

console screenshot + network trace stored as artifact

11:46:40quality.gatequality-lab

typecheck, lint, build, and verification queued as required review

hold

11:47:12approval.waitgovernance-core

sensitive action blocked until human accepts Proof Report

blocked

graphgoverned

WorkGraph rail

Engineering Agent, task, permission, receipt, review, rollback, and approval nodes stay visible while runtimes work.

apps/repo-workgraph · apps/workforce-memory · apps/pilot-lane

terminalgoverned

Runtime terminal

Terminal-like execution streams are shown as governed receipts, not raw vendor sessions.

Execution Host · Operator Lane · Implementation Lane

editorgoverned

Diff / artifact editor

Messages, generated artifacts, owner notes, and risk annotations sit beside the run trace.

diff, artifact, and review surfaces

sandboxgoverned

Browser + sandbox trace

Screenshots, DOM actions, command logs, side effects, and egress policy become review evidence.

browser, sandbox, and evidence surfaces

delivery graph surface

Graph, terminal, editor, and review panes share one run state.

WorkGraph railRuntime terminalDiff / artifact editorBrowser + sandbox trace

diff / artifact editor

Reviewer-ready artifact rail

@@ governed-run.patch
+ runtime: governed execution lane
+ chamber: sandbox_required
+ review_refs: [trace, tests, rollback]
- ungoverned execution
+ AgentFoundry receipt

governed capabilities

Tools are policy-bound capabilities, not loose plugins.

GitHubread/write gated — issues, refs, checks, sensitive actionapproval_required

Shellsandboxed — commands emit receipts, logs, artifacts, side effectsleased

Browserobserved — browser traces become review evidenceleased

Protected resourcescapability contract — resource scopes, denial receipts, review refsreview

Evalsquality gate — verifiers, guardrails, replay, risk scoringapproval_required

rollback inspector

Every material action carries a rollback anchor.

rb-00baselineorigin/main before runtime leaseanchor

rb-01patch draftgenerated diff and artifacts are reversibleready

rb-02test evidencefailed checks keep the run in retry/narrow statereview

rb-03handoffapproval creates PR-ready packet; rejection marks supersededblocked

Quality lane

Review evidence is compiled from live chamber records.

AgentFoundry promotes receipts, traces, artifacts, policy decisions, risk notes, and rollback refs to the human reviewer instead of exposing raw execution internals.

quality gate

Static gates

typecheck · lint · build

required before Proof Report can be proof-ready

quality gate

Runtime gates

terminal receipt · browser trace · sandbox egress

proves execution chamber behavior, not just final output

quality gate

Policy gates

lease state · approval class · denial records

prevents raw runtime power from leaking into customer workflow

quality gate

Evidence gates

logs · screenshots · artifacts · rollback refs

lets the reviewer approve, retry, narrow, or stop with context