Controlled reviewer surface

Agent execution governance for private and hybrid compute

This is a claim-bounded reviewer surface. The cockpit is driven by generated artifacts: request, provider inventory, placement, policy, approval, run result, receipt, and audit events.

Workflow Proof Live request to receipt
Policy Data-backed allow, approval, deny
VCF/vSphere Connector lab validation needed
Claims Gated no production claims yet

Demo mission

What Cory can sell

Reviewer build
Agent intent Provider fit Policy envelope Approval Execution log Receipt Audit

Safe claim

What we can say now

  • Demonstrates the governed execution workflow end to end.
  • Includes a read-only vSphere artifact generator path for lab inventory.
  • Shows approval, denial, receipt, and audit as first-class product primitives.
  • Frames VMware as an anchor ecosystem, not a replacement target.

Unsafe claim

What we should not say yet

  • Integrates with VCF/vSphere in production today.
  • Enforces enterprise security today.
  • Already has defensible IP proven by implementation.
  • Replaces vCenter, VCF Automation, Aria, Tanzu, or Private AI Services.

What is real now

Data-backed proof

Artifacts request, provider, placement, policy, approval, run, receipt, audit Policy deterministic allow, approval-required, deny, expired approval checks UI cockpit renders from `/demo/bundle.json`, not hidden in-file demo copy vSphere env-driven read-only inventory connector for generated artifacts Checks artifact consistency, blocked runner, approval receipt, audit chain

What is simulated

Claim boundary

Hosted provider simulator fixture unless lab credentials generate live artifacts Runner simulated diagnostic output, not real shell execution yet Security security model and policy checks, not production enforcement yet Moat path execution graph, provider normalization, scoped approvals, receipts

Cory talk track

Five-minute flow

Run Dashboard Demo
1. Agent asks to diagnose 2. Placement picks target 3. Policy gates scope 4. Human approves 5. Receipt proves result 6. Ask for pilot feedback

Next proof gate

One backend, one real runner, one durable receipt

Pilot path
Validate vSphere inventory Scoped approval object Constrained diagnostic runner Redacted logs Persisted receipt JSON Append-only audit