agentplane is the execution control plane for the SocioProphet AI+HW+State stack.
It takes a validated Bundle, selects an executor, runs the bundle, and emits tamper-evident evidence artifacts (Validation, Placement, Run, Replay) that support deterministic replay and governed benchmarking.
License: MIT
Bundle → Validate → Place → Run → Evidence → Replay
- Validate —
scripts/validate_bundle.pychecks the bundle against the JSON Schema and emits aValidationArtifact. - Place —
scripts/select-executor.pyconsultsfleet/inventory.jsonand picks a reachable executor; emits aPlacementDecision. - Run —
runners/qemu-local.shexecutes the bundle on the chosen executor (today: Lima process or QEMU VM); emits aRunArtifact. - Evidence —
scripts/emit_run_artifact.pyandscripts/emit_replay_artifact.pyseal the evidence record. - Replay — The
ReplayArtifactrecords all inputs needed for a deterministic re-run.
Evidence artifacts are written to spec.artifacts.outDir inside the bundle.
| Tool | Purpose |
|---|---|
| Nix (≥ 2.18) | VM builds (nix build) |
| Python 3 (≥ 3.9) | Validation and artifact scripts |
Lima + lima-nixbuilder VM |
Default local executor |
rsync |
Syncing repo and artifacts to/from Lima |
ssh (BatchMode capable) |
Executor reachability probes |
gh CLI |
Creating pull requests via scripts/pr.sh |
macOS + Linux targets: Building NixOS VMs requires a remote Linux builder
(nix.builders = ssh-ng://lima-nixbuilder …). Runscripts/doctor.shto verify.
# 1. Preflight: verify Nix builders and Python
scripts/doctor.sh
# 2. Verify the default executor is reachable
scripts/doctor-executor.sh
# 3. Run the full demo (validate → place → run → emit artifacts)
scripts/demo.shAfter a successful run, artifacts appear under artifacts/example-agent/:
| File | Artifact kind |
|---|---|
validation-artifact.json |
ValidationArtifact |
placement-decision.json |
PlacementDecision |
placement-receipt.json |
PlacementReceipt |
run-artifact.json |
RunArtifact |
replay-artifact.json |
ReplayArtifact |
agentplane/
├── bundles/ # Bundle definitions (bundle.json + vm.nix + smoke.sh)
│ └── example-agent/ # Reference bundle
├── docs/ # Architecture, ADRs, integration guides, lifecycle docs
│ ├── adr/ # Architecture Decision Records
│ ├── integration/ # Per-system integration guides
│ ├── instrumentation/ # Receipt and instrumentation plans
│ └── runtime-governance/ # Control matrix integration
├── examples/ # Annotated example traces and reference assembler
│ └── receipts/
├── fleet/ # Executor inventory (fleet/inventory.json)
├── monitors/ # Generated control-matrix monitor bundles (reserved)
├── policy/ # Policy import lane + control-matrix bundles (reserved)
├── runners/ # Runner backends (qemu-local today; fleet later)
├── schemas/ # JSON Schemas for Bundle and all artifact kinds
├── scripts/ # CLI tools: validate, select-executor, emit artifacts
├── state/pointers/ # Current/previous bundle pointers (gitignored at runtime)
├── tests/ # Generated control-matrix test bundles (reserved)
└── tools/ # Developer utilities (receipt smoke test)
- Bundle — The unit of deployment. Contains a VM module, rendered config, policy intent, smoke tests, and metadata. Defined by schemas/bundle.schema.v0.1.json.
- Executor — A reachable Linux host (Lima VM today, fleet node later) listed in fleet/inventory.json.
- Evidence artifacts — JSON files written to
spec.artifacts.outDirproving the run happened and can be replayed. - Receipt — A MAIPJ run receipt assembled from the normalized event stream produced across the full stack. See docs/receipt-lifecycle.md.
| Topic | File |
|---|---|
| Architecture overview | ARCHITECTURE.md |
| Bundle schema | schemas/README.md |
| Executor selection | docs/executors.md |
| System space / deployment topology | docs/system-space.md |
| Receipt lifecycle | docs/receipt-lifecycle.md |
| Sociosphere integration | docs/integration/sociosphere.md |
| State pointer model | docs/state-pointers.md |
| Control matrix import | policy/imports/control-matrix/README.md |
| Architecture Decision Records | docs/adr/README.md |
| Contributing | CONTRIBUTING.md |
- No AGPL dependencies. Every bundle must declare
metadata.licensePolicy.allowAGPL: false. See ADR-0001. - Evidence-forward execution. Every run emits Validation, Placement, Run, and Replay artifacts.
- Timeouts are bundle-owned policy. Set via
spec.policy.maxRunSeconds(5–3600 s).
agentplane is the execution control plane within a multi-repo stack:
sociosphere → agentplane → RunArtifact / ReplayArtifact / Receipt
slash-topics → agentplane (context pack event stream)
human-digital-twin → agentplane (policy/approval event stream)
TriTRPC → agentplane (deterministic transport metadata)
See docs/integration/sociosphere.md and docs/sociosphere-bridge.md for the integration seam.
Agentplane is an execution control plane for governed bundle runs.
The public contract is deliberately simple and evidence-forward:
- Bundle — the deployment unit in
bundles/. - Validate —
scripts/validate_bundle.pyenforces the minimum contract and compliance gates. - Place —
scripts/select-executor.pyselects an executor and emits aPlacementDecision. - Run — a runner backend executes the bundle and emits a
RunArtifact. - Replay —
scripts/emit_replay_artifact.pyrecords the minimum replay inputs. - Lifecycle — promotion, reversal, and session artifacts extend the execution story.
bundles/— example deployment bundles.docs/system-space.md— system-space strategy and execution model.docs/sociosphere-bridge.md— seam betweensociosphereandagentplane.docs/runtime-governance/control-matrix-integration.md— governance/control-loop integration plan.docs/replay-boundary.md— replay scope, non-goals, and side-effect rules.examples/receipts/— receipt-oriented examples and trace assembly reference.schemas/— JSON Schemas for Bundle, RunArtifact, ReplayArtifact, PromotionArtifact, ReversalArtifact, SessionArtifact, plus the missing ValidationArtifact and PlacementDecision contracts added in this patch.scripts/— validation, placement, artifact emission, demo, and hygiene tooling.runners/— backend contract surface.
Agentplane already treats execution as evidence-producing work. The current public evidence types are:
ValidationArtifactPlacementDecisionRunArtifactReplayArtifactPromotionArtifactReversalArtifactSessionArtifact
The repo also carries receipt-oriented examples under examples/receipts/ and runtime-governance planning under docs/runtime-governance/.
Publicly, Agentplane is best described as workflow orchestration / execution control rather than an agent gateway.
The repo is centered on bundle validation, executor selection, run artifacts, replay inputs, lifecycle artifacts, and governance-linked evidence. That is why the current external listing recommendation is Workflow Orchestration.
Two concepts are already present in behavior and docs but were not yet first-class public schema files on main when this patch was prepared:
ValidationArtifactPlacementDecision
This patch adds schemas for both and adds a concise replay-boundary document so the repo root is no longer just a file tree plus About text.
Agentplane is the tenant-side control and execution plane for local-first and hybrid agents.
This repository is not the local supervisor and it is not the canonical wire-spec repository. Instead, it is the remote control-plane and worker-plane complement to the device-local runtime.
The current repository already contains useful runtime artifact scaffolds and local-state conventions:
schemas/session-artifact.schema.v0.1.jsonschemas/promotion-artifact.schema.v0.1.jsonschemas/reversal-artifact.schema.v0.1.jsonschemas/bundle.schema.patch.jsonstate/pointers/.keep.gitignorerules for localartifacts/and machine-local pointer state
Those files tell us two important things:
- Agentplane already assumes evidence-bearing runtime artifacts.
- Agentplane already assumes machine-local pointer state should not be committed.
Agentplane owns the tenant-side parts of the first local-hybrid slice:
- gateway and ingress policy handoff for remote-eligible tasks
- capability resolution from logical capability ID to worker binding
- worker runtime envelopes for remote execution
- promotion and reversal semantics for future side-effecting flows
- tenant-side evidence handoff hooks
Agentplane does not own:
- the local supervisor runtime (
sociosphere) - the canonical deterministic transport and fixtures (
TriTRPC) - the shared cross-repo contract canon (
socioprophet-standards-storage)
docs/— architecture notes, slice definitions, repo mapgateway/— tenant ingress and policy-gated dispatch adapterscapability-registry/— logical capability descriptors and bindingsworker-runtime/— tenant execution wrappers and runtime contractsschemas/— artifact schemas and patch fragments used by runtime flows
The first slice is deliberately narrow:
- local-first planning and retrieval
- optional tenant execution only after policy approval
- typed capability resolution
- evidence append and replay/cairn materialization
- no public-provider egress by default
- no generic multi-agent prompt soup
See docs/local_hybrid_slice_v0.md for the execution slice and docs/repository_map.md for cross-repo boundaries.