1. The execution core comes before features
Every feature is a dispatch. If the dispatch model is wrong, every feature built on it is wrong. So the isolated, runtime-spawned, generic-agent execution core is built and proven before piling on capabilities.We learned this the hard way: early slices ran the agent in the control plane (no container) and
baked domain objects (a mailbox) into the backend. Both violated the model. They were reverted and the
core re-grounded — see the model and the principle isolation is the
enforcement.
2. De-risk in dependency order
Build the thing everything else depends on, prove it, then build on it:- Execution core — Runtime + generic Agent runner + Workspace mount + Stream. Prove: one dispatch = one short-lived, isolated container, resuming from a session file.
- Trust — Identity: SPIFFE workload identity + Keycloak token exchange + the MCP Gateway. Prove: every action is attributable + scoped.
- Triggers — the Scheduler (time + event) and Integrations. Prove: a non-human launcher dispatches under a signed grant.
- Capabilities — chat, routines, integrations, live meetings, org knowledge — each a thin composition.
- Enterprise — SSO/SCIM, full air-gap, org-graph triage.
3. Every stage is proven, not declared
A stage is done only when it works end-to-end (backend + a real browser test against the live stack) and its claim is proven by a test at the altitude of the claim. “Done” is never a status we assign ourselves; it is a demo.Where we are now
Current state, honestly — what’s built, what’s mid-rebuild, what’s next.