Operator ConsoleWorld-Class Operator Surface
Every operator screen rebuilt to a calm Focus + Summon architecture and wired to the spine: Customers, Members with email-invite onboarding and no operator passwords, Connections, Runtime, Capabilities, Procedures, Fabric, MSP management, and System > Configuration, on a reusable CRUD kit in Apple Liquid Glass. Remaining per-screen mutations are still being migrated onto the governed door.
ActiveAgent Foundation 3Situational Awareness
Read models for what needs attention (/me/attention), per-entity status, and a per-customer operator view, plus a two-plane tenancy and responsibility model, give every screen one honest answer to is this OK, what needs me, and what can I do.
CompleteAgent Foundation 2The Governed Door
One door (POST /actions/{id}/invoke) now executes low-risk record/state mutations with Stripe-style idempotency keys, Terraform-style plan/apply change-sets for risky actions, Google AIP-151 long-running operations, and an event stream. Medium, high, and destructive actions stay refused behind dedicated confirmation.
CompleteAgent Foundation 1Entitlement Keystone
A capability/action registry, can_user_perform, the GET /me/entitlements keystone, and a role matrix make what a user may actually do a single authoritative answer that the UI and future agents both read.
CompletePhase R27Operational Alerting (record-first)
Added record-first outbound operational alerting off the governance queues; external delivery channels remain intentionally narrow.
CompletePhase R26ServiceBinding-Scoped Dispatch
Activated the built-but-dormant service-scoped routing branch by creating ServiceBindings and passing service scope through execution dispatch.
CompletePhase R25Dependency / Blast-Radius Model
Added a CMDB dependency edge model and impact service so the platform can answer what depends on a given host, provider, or runtime at the data layer instead of faking it in the UI.
CompletePhase R24Host-Key Observation Producer
Fed host keys observed during live SSH access tests into the trust recorder (trust-on-first-use), so the host-key review surface is populated from real evidence instead of staying empty.
CompletePhase R23Fail-Safe RBAC
Made MSP-viewer read-only a first-class default-deny policy for non-admin MSP users instead of enforcement-by-omission, so a mutating endpoint cannot accidentally grant a viewer write access.
CompletePhase R22Deploy-Path Safety Invariant
Resolved the deploy contradiction an independent audit flagged: teardown is reversible-only (docker compose down, no -v, never rm -rf) and control-push refuses once a host has a live agent, restoring the rule that the agent executes deployment.
CompletePhase R21Governed Worker Execution Edge
Activated the previously test-only worker execution machinery against real reach in stub/dry-run: promote-to-worker, an MSP worker roster, operator dispatch with a scoped credential-grant stub, worker job claim, and result relay — driven end to end against the live dev API. Live worker SSH stays flag-blocked.
CompletePhase G9-W1Gateway Workflow Cognition
Turns access gateway work into a coherent operational lifecycle with setup drafts, profile handoff, guided editing, revalidation, evidence workspace, operator timeline, and read-only validation evidence while preserving no-execution boundaries.
CompletePhase G8-H1STAGING Environment Doctrine
Normalizes TEST, hosted STAGING at staging.anthropy.works, and future PRODUCTION doctrine with isolation, rollback, host-collision, credential, and access-control boundaries.
CompletePhase G8-F1Shared Alpha Walkthrough Fixes
Fixed the first walkthrough blockers by keeping console-started gateway setup inside deterministic setup-session steering and aligning documented setup-field commands with the grammar.
CompletePhase G8Shared Operational Alpha Readiness
Prepared the internal alpha for coherent evaluation with readiness inventory, isolation coverage, readiness UI/runbook, walkthrough guidance, Kitsune stabilization, and preserved MSP/Org/User/RBAC boundaries.
CompletePhase G7GTEST Internal Alpha Environment
Documented and validated the trusted local/LAN TEST alpha environment, including restart discipline, Redis sessions, Postgres setup persistence, multi-user sanity, isolation, backup basics, and walkthrough readiness.
CompletePhase G7FConsole-Guided Setup Sessions
Completed console-guided setup-session steering for list, inspect, resume, non-secret field updates, and deterministic state advancement while setup-flow APIs remain canonical.
CompletePhase G7EIntrospection-Aware Command Grammar
Replaced one-off phrase growth with registry-backed deterministic command grammar for pages, panels, UI actions, setup flows, setup fields, and setup-session commands.
CompletePhase G7DDeterministic Operator Console Shell
Added a bounded Operator Console shell that steers registered UI actions and setup-flow session starts without becoming a chatbot or execution terminal.
CompletePhase G7CDeterministic Setup-Flow Sessions
Added persisted SetupFlowSession records and deterministic setup-flow state machines with audited lifecycle events, redaction, and user/org isolation.
CompletePhase G7BSystem Introspection Registries
Added deterministic registries for backend actions, operational objects, capability lifecycle vocabulary, setup flows, pages, panels, and UI actions without exposing secrets.
CompletePhase G6DRuntime Observation + Object Inspection
Stabilized the initial gateway, node, and job operational object vocabulary and added the first lightweight read-only access gateway inspection flow.
CompletePhase G6COperational Trust Validation
Added deterministic local/dev walkthrough scenarios and reviewer guidance so humans could evaluate ambiguity handling, safe stops, escalation clarity, and Governance Mainstage coherence.
CompletePhase G6BGovernance Review Memory
Added durable informational review memory with source fingerprints and stale/historical states while preserving source conditions, risk, escalation, and delegate-back boundaries.
CompletePhase G6A.1Integration Branch CI Protection
Protects Governance OS integration discipline with branch/status validation and no added runtime authority.
CompletePhase G6AGovernance OS Stabilization
Stabilizes Governance OS v1 after independent review while keeping execution, remediation, provider operations, production worker SSH, and OpenClaw deployment disabled.
CompletePhase G5Escalation + Delegation Semantics
Adds read-only escalation and delegation semantics that explain why Anthropy stopped, who must decide, what safe options remain, what is unsafe, and what would be required before future bounded remediation could be considered.
CompletePhase G4Operational Intelligence Read Model
Adds computed, read-only operational intelligence that correlates governance items with safe evidence, provenance, confidence, and unresolved uncertainty while keeping structured records as source of truth.
CompletePhase G3Operational Narrative Layer
Adds plain-language governance narratives grounded in existing queue, job, workflow, audit, and access evidence so operators can understand where Anthropy stopped, why it matters, and what human input is needed.
CompletePhase G2Governance Mainstage Read UI
Adds a read-only Governance/Mainstage surface for MSP operators to inspect governance queues, status, and alert integration contracts without enabling acknowledgement, remediation, alert delivery, production SSH, or OpenClaw deployment.
CompletePhase G1Operational Governance Surface
Adds MSP-facing governance status and queue APIs for worker health, host-key review, transcript quarantine, failed or blocked execution, provider and lease failures, rollback attention, emergency-disable visibility, live SSH gate status, and audit-only acknowledgement while production worker SSH remains disabled.
CompletePhase C1Post-Remediation Critical Cleanup
Closes bounded follow-up findings by binding default local Postgres/Redis ports to loopback, scoping worker transcript read routes by job org/private scope, adding worker-authenticated transcript event ingest through the existing relay validator, and documenting human-approved git-history purge requirements.
CompletePhase R20Readiness Review + Rollback Drill
Completes the constrained operational readiness drill for reconnect-style transcript polling, replay resilience, emergency disable during transcript flow, feature-flag disable, provider disable, worker revoke, host-key invalidation, lease revocation, operator narratives, and no-secret-leak checks while production live SSH remains blocked.
CompletePhase R19Non-Production SSH Pilot + Transcript Soak
Completes the first constrained non-production worker SSH pilot shape and transcript soak for read-only commands, timeout/disconnect handling, emergency disable, host-key behavior, provider/lease validation, replay quarantine, and no-secret-leak checks while production live SSH remains blocked.
CompletePhase R18Non-Production Live SSH Harness
Adds a feature-flagged worker_ssh_live_nonproduction harness for narrow read-only validation after worker, scope, host-key, route, command, grant, lease, provider, and emergency-disable gates pass; production live SSH remains blocked.
CompletePhase R17Live SSH Guardrails
Adds explicit live worker SSH feature flags, environment/scope/worker gates, emergency disable guardrails, safe status/read models, and runbook/audit scaffolding while live worker SSH remains disabled by default.
CompletePhase R16Transcript + Preflight Read Models
Hardens DB-backed worker transcript read models, MSP-gated operator/technical/quarantine access, replay/out-of-order/post-terminal quarantine rules, and safe worker_ssh_preflight evidence summaries while live worker SSH remains disabled.
CompletePhase R15Host-Key Review API
Adds MSP-only host-key trust list/detail read models, safe operator status/risk/next-action text, audit summaries, and verify/reject/disable review actions while live worker SSH remains disabled.
CompletePhase R14Host-Key Trust Persistence
Persists host-key trust evidence, enforces review transitions, audits observed/verified/changed/rejected/disabled/preflight-blocked events, and feeds durable trust evidence into worker_ssh_preflight.
CompletePhase R13Worker SSH Preflight Boundary
Added worker_ssh_preflight with host-key trust states, target route gating, command allowlist checks, lease evidence checks, and live-mode rejection while keeping worker-side SSH disabled.
CompletePhase R12Vault-Compatible Provider Pilot
Added a Vault-compatible managed provider adapter pilot that validates provider config and vault:// references, resolves scoped leases in dry-run/test mode, captures redaction values, closes leases, and keeps worker-side SSH disabled.
CompletePhase R11Managed Secret Testbed + Lease Retrieval
Added a dev/test-only managed secret provider harness that resolves synthetic in-memory material, captures redaction values, closes the lease, and proves WorkerSecretLease validation without enabling real provider retrieval or worker-side SSH.
CompletePhase R10Managed Provider Adapter + Transcript Transport Prep
Added managed secret provider adapter configuration, provider selection rules, safe not-implemented behavior for real providers, and DB-first transcript transport planning without enabling real provider retrieval or worker-side SSH.
CompletePhase R9Secret Provider Contract
Defined a provider-pluralistic SecretProvider contract and WorkerSecretLease shape so worker dry-runs can validate scoped retrieval rules without enabling real worker-side SSH or production secret delivery.
CompletePhase R8Alembic Drift Cleanup
Aligned historical timestamp nullability, workflow timestamp indexes, and CredentialGrant grant_id uniqueness/index shape so migration validation can fail on future unclassified drift.
CompletePhase R7CI + Deployment Validation
Added GitHub Actions validation scaffolding, phase-oriented validation layers, secret scanning, migration graph/head checks, deployment gates, and explicit reporting for known Alembic drift.
CompletePhase R6Redis Sessions + Rate Limits
Moved API sessions into Redis with TTL records and added Redis-backed rate limits for login and bootstrap agent registration without changing execution architecture.
CompletePhase R5Worker Authentication + Assignment
Hardened ExecutionWorker identity and assignment with registration status, hashed worker secret metadata, explicit scope fields, active/disabled/revoked/heartbeat checks, and scope-aware grant/result/transcript validation.
CompletePhase R4Durable CredentialGrant Persistence
Persisted CredentialGrant as a scoped, temporary, auditable permission record and made worker dry-run result relay validate durable grant status, scope, job, worker, credential reference, and allowed use before accepting evidence.
CompletePhase R3Tenancy + Scope Persistence
Persisted org scope on tenant-sensitive infrastructure, access, execution, and audit records; improved DB-level scope filtering; and added cross-org leakage tests without changing execution architecture.
CompletePhase R2Local Dev SSH Risk Containment
Removed the default host private SSH key mount, kept local demos on saved/uploaded credentials, hardened SSH control sockets, strengthened redaction, and contained password SSH risk without enabling worker SSH.
CompletePhase R1Secret + Production Config Hardening
Hardened production config validation, secure cookie behavior, minimal public status, env-file guidance, and report claims without changing access execution or unblocking deployment.
CompletePhase 29HWorker Assignment Scope + Fallback Policy
Added explicit worker assignment scope, job scope, production fallback decisions, and scope validation for transcript events, credential grants, and worker results without enabling real worker-side SSH.
CompletePhase 29GWorker Transcript Relay
Added validated worker progress events, operator/technical/audit read-model separation, quarantine handling, dry-run event emission, and grant lifecycle audit scaffolding.
CompletePhase 29FScoped Secret Delivery + SSH Dry Run
Defined one-job CredentialGrant scaffolding and worker_ssh_dry_run, proving grant references, allowlists, redaction, and stop-before-network behavior without enabling production worker-side SSH.
CompletePhase 29EWorker Access Executor Stub
Added worker_stub_execution and API result relay validation for worker-style access and discovery results without enabling live worker SSH or raw secret delivery.
CompletePhase 29DWorker-Side Access Dispatch Contract
Defined access_test and host_discovery dispatch through eligible workers, with governed local development fallback, redaction, audit, transcript, and blocked-route behavior.
CompletePhase 29CService Binding Contracts
Defined the binding model that attaches services to workers, runtimes, providers, capabilities, workflows, and assistant surfaces.
CompletePhase 29BEnvironment + Service Topology
Defined environments as business operating spaces and services as customer-facing capabilities across MSP, organization, and user layers.
CompletePhase 29AWorker Capability + Trust Topology
Defined worker capabilities, trust levels, locality, ownership scope, runtime relationships, and execution eligibility checks.
CompletePhase 28Execution Plane
Introduced ExecutionWorker and ExecutionJob records so operational work can be modeled as routed, auditable jobs with worker identity, transcripts, retries, and redaction.
CompletePhase 27Architecture Canon
Established Anthropy as the orchestration layer for identity, policy, object graph, capability graph, workflow truth, narrative history, and portable memory contracts.
Complete