MissionOpsAI

Foundry · ENVOY

Sovereign computer-use capability. The customer's user, acting on the customer's behalf, with full audit and governance.

Try the API

Capability

What ENVOY does

ENVOY is a governed autonomous computer-use system. It operates browser sessions on behalf of an authorised principal — navigating web interfaces, extracting structured information, and submitting forms — in the same way a human operator would, but with complete machine-readable audit of every action taken.

Every interaction is decomposed into typed action classes (navigate, extract, authenticate, fill, submit), each evaluated against a governing doctrine before execution. The result is a capability that can act at machine speed while remaining fully accountable: every click, every keystroke, every decision is logged and signed.

ENVOY is built for use cases where a human would otherwise need to sit at a terminal. Compliance evidence collection, regulatory filings, corporate registry lookups, procurement platform interactions — wherever a process requires a user and a browser, ENVOY can be that user, with the organisation's rules hard-wired into the session. See /identity.json for technical metadata on this deployment.

Governance

How ENVOY is governed

Every ENVOY session operates under Standing Orders — a versioned governance document that specifies which action classes are permitted, which require human approval, and which are prohibited outright. Standing Orders are not soft configuration; they are enforced at runtime by the session orchestrator and cannot be overridden by the session itself.

Actions are evaluated through a three-tier autonomy model: Tier 1 actions are fully autonomous (navigate, read), Tier 2 actions are autonomous with logging (form fill, extract), and Tier 3 actions are prohibited in Phase A (submit, authenticate with side effects). Each action passes through the ROE Gate — a multi-step evaluation that checks Standing Orders authorisation, risk classification, confidence threshold, and reversibility before any action executes.

Every gate decision and every action outcome is written to a forensic CHRONICLE audit chain — a cryptographically-linked ledger of events, hash-chained and signed, that cannot be retrospectively altered. The chain begins at session commission and closes at session completion. Any break in the chain is detectable and surfaced in the audit endpoint.

Standing Orders
A versioned governance document loaded at session start. Specifies permitted action classes, Tier constraints, and prohibited operations. Currently at Standing Orders v1 (Phase A).
ROE Gate
Six-step evaluation: Pre-flight → Charlie (Standing Orders) → Confidence → Alpha (risk) → Bravo (reversibility) → Delta (commander escalation). Every action passes all six steps or does not execute.
CHRONICLE chain
Forensic audit ledger. Every action, every gate decision, every outcome is hash-chained and signed. Immutable after write. Verifiable via GET /v1/envoy/sessions/{id}/audit.

Architecture

Where ENVOY fits

ENVOY is a Foundry primitive — one of the core agent capabilities that sit alongside FULCRUM, the Foundry orchestration layer. Where FULCRUM routes intelligence and manages multi-agent workflows, ENVOY operates at the interface boundary: it is the capability that acts on external systems on behalf of the principal.

ENVOY was built through Genesis Run GEN-20260517-001, the first full run of the Foundry genesis methodology — a structured build protocol for sovereign AI capabilities. The genesis run produced the complete Phase A implementation: session orchestration, gate wiring, CHRONICLE signing, standing orders enforcement, and this deployment.

Operational status

Live status

// system telemetry
Checking…
 

Developers

Integration endpoints

Swagger UI
/docs
Interactive API documentation. Commission sessions, inspect approvals, and verify audit chains directly from the browser.
Service metadata
/identity.json
Machine-readable service identity: version, phase, doctrinal anchor, and canonical endpoint map for programmatic discovery.
Health endpoint
/health
Operational status in JSON. Returns service name, status, phase, and version. Suitable for uptime monitors and load balancer probes.

Commanders

What governance looks like in practice

ENVOY is built for organisations that need to delegate digital tasks to AI without surrendering control. Here is what that looks like from a commander's perspective.

Standing Orders
Before any session runs, ENVOY loads a Standing Orders document — the organisation's rules for what this capability is and is not permitted to do. Standing Orders specify which action classes are authorised, which Maturity Ladder tier applies, and which operations are absolutely prohibited. They are not configuration; they are doctrine. A session that attempts to exceed its Standing Orders is halted at the Gate.
Approval queue
Some actions — those that are irreversible, high-risk, or outside the autonomous tier — require explicit commander approval before ENVOY will execute them. These actions enter the approval queue and wait. The commander reviews the action, the risk summary, and the session context, then approves or denies. ENVOY cannot proceed until the decision is received. No autonomous escalation; no silent execution.
Maturity Ladder
ENVOY operates on a Maturity Ladder: a tiered autonomy model where trust is earned incrementally. Phase A limits ENVOY to Tier 1 and 2 actions — navigation and extraction. Tier 3 actions (those with external side effects) are not authorised in Phase A and will not execute regardless of how they are commissioned. The ladder advances only when governance evidence supports it.
Forensic audit
Every session produces a complete, tamper-evident audit chain. Every action, every gate decision, every approval request and response is logged, signed, and hash-chained. The chain is verifiable: request the audit endpoint for any session and ENVOY will report whether the chain is intact and, if not, exactly where it broke. The audit exists for regulators, legal teams, and internal review — the chain is the compliance artefact.