Capability Catalog
The WCP capability catalog defines 245 entities across 5 entity types. All entities are in the cap.*, ctrl.*, wrk.*, prof.*, or pol.* WCP-reserved namespaces.
Entities fall into five types:
| Type | Count | Description |
|---|---|---|
capability | 127 | Capabilities that agents can request (cap.*) |
worker_species | 48 | Worker species that fulfill capabilities (wrk.*) |
control | 33 | Governance controls declared by workers (ctrl.*) |
profile | 33 | Recommended control bundles for common postures (prof.*) |
policy | 4 | Hall-level policies (pol.*) |
Using the Interactive Catalog
The Playground at pyhall.dev lets you filter and search all 245 entities by:
- Domain
- Entity type (capability, worker, control, profile, policy)
- Risk tier (low, medium, high, critical)
- Free text search
The playground also has a live routing simulator where you can test capability requests against the catalog.
Domain Summary
All 48 worker species domains:
| Domain | Entities | Types | Description |
|---|---|---|---|
audit | 1 | 1 capability | Audit log read access for compliance and forensics |
blast-radius-scoring | 1 | 1 control | Blast score computation and gating control |
chaos | 7 | 4 capability, 1 profile, 2 worker_species | Controlled fault injection for resilience testing |
cost | 8 | 5 capability, 1 control, 2 worker_species | Token budget tracking, enforcement, and cost reporting |
credential | 1 | 1 capability | Credential rotation |
data | 4 | 4 capability | Data classification, redaction, routing, and deletion |
db | 9 | 5 capability, 2 profile, 2 worker_species | Database read/write, migrations, reconciliation, and backfills |
default-deny | 1 | 1 policy | Default-deny policy for unmatched capabilities |
deploy | 8 | 5 capability, 1 control, 2 worker_species | Canary deployments, rollbacks, and feature flags |
dlq | 5 | 3 capability, 1 control, 1 worker_species | Dead letter queue inspection, replay, and purge |
doc | 14 | 7 capability, 3 profile, 4 worker_species | Document ingestion, OCR, classification, redaction, signing |
edge | 10 | 5 capability, 2 profile, 3 worker_species | Edge device storage, sync, inference, and updates |
egress-allowlist-policy | 1 | 1 policy | Egress allowlist enforcement policy |
exec | 2 | 2 capability | Container and VM execution with restricted privileges |
fed | 8 | 4 capability, 2 profile, 2 worker_species | Federated identity, token exchange, and partner isolation |
fs | 2 | 2 capability | Filesystem access controls (readonly, workspace-write) |
idempotency | 7 | 4 capability, 1 control, 2 worker_species | Idempotency key management and atomic writes |
identity | 1 | 1 capability | Cryptographic workload identity assertion |
inbox | 1 | 1 capability | Inbound message deduplication |
int | 9 | 5 capability, 2 profile, 2 worker_species | Third-party API adapters, webhooks, and data contracts |
ledger | 1 | 1 capability | Immutable audit ledger writes |
mem | 12 | 6 capability, 3 profile, 3 worker_species | Memory artifact storage, retrieval, RAG, and summarization |
model | 10 | 5 capability, 2 profile, 3 worker_species | Model evaluation, prompt management, drift detection |
mount | 1 | 1 capability | Workspace directory mounting |
net | 2 | 2 capability | Network egress controls (allowlisted and denied) |
notify | 8 | 4 capability, 2 profile, 2 worker_species | Email, SMS, push notifications with suppression |
obs | 7 | 7 control | Observability controls: logging, metrics, tracing, SLOs |
ops | 8 | 4 capability, 2 profile, 2 worker_species | Human approvals, break-glass, runbooks, postmortems |
os | 20 | 8 capability, 7 control, 2 profile, 3 worker_species | Workforce OS: routing, registry, policies, cost, kill switches |
outbox | 1 | 1 capability | Transactional outbox message publishing |
pol | 6 | 4 control, 1 profile, 1 worker_species | Policy engine controls, versioning, audit, default-deny |
policy | 3 | 3 capability | Policy evaluation, canary rollout, and update |
privilege-envelopes-required | 1 | 1 control | Privilege envelope declaration requirement |
projection | 1 | 1 capability | Read-model projection rebuilds via event replay |
prov | 9 | 5 capability, 1 profile, 3 worker_species | Artifact signing, attestation, provenance chain assembly |
repair | 3 | 2 capability, 1 worker_species | State reconciliation and compensating transactions |
replay-safety-policy | 1 | 1 policy | Replay safety policy for nondeterministic workers |
sandbox | 13 | 9 control, 1 policy, 3 profile | Sandbox controls: egress deny, readonly rootfs, syscall filtering |
scan | 4 | 4 capability | SAST, DAST, dependency scanning, SBOM generation |
sched | 6 | 4 capability, 1 profile, 1 worker_species | Job scheduling: priority, preemption, rate limiting, capacity |
sec | 5 | 2 profile, 3 worker_species | Security worker species: SAST scanner, deps scanner, artifact verifier |
secrets | 1 | 1 capability | Secrets vault read access |
side-effect | 1 | 1 capability | Declared external write side effects |
stream | 3 | 3 capability | Streaming topic consumption, production, and replay |
token | 1 | 1 capability | Short-lived access token minting |
ui | 8 | 5 capability, 1 profile, 2 worker_species | Human review queues, forms, feedback collection, diff display |
verify | 1 | 1 capability | Build artifact integrity verification |
wf | 8 | 5 capability, 1 profile, 2 worker_species | Workflow DAGs, checkpoints, saga compensation, fan-out/in |
Full Catalog
All 245 entities, sorted by ID:
| Capability ID | Type | Description | Risk Tier |
|---|---|---|---|
cap.audit.read | capability | Read audit log entries for compliance review and forensic analysis. | medium |
cap.chaos.disable-dependency | capability | Temporarily disable or throttle an upstream dependency to test degraded-mode behavior. | high |
cap.chaos.inject-errors | capability | Inject controlled error responses into service paths for failure mode testing. | high |
cap.chaos.inject-latency | capability | Inject artificial latency into specified service paths for resilience testing. | high |
cap.chaos.poison-messages | capability | Inject malformed or poison-pill messages into a queue to test DLQ and error handling. | high |
cap.cost.check-budget | capability | Check current spend against allocated budget before executing a cost-incurring operation. | low |
cap.cost.enforce-cap | capability | Hard-block a worker dispatch when accumulated spend exceeds the configured cap. | medium |
cap.cost.estimate-job | capability | Produce a pre-execution cost estimate (tokens, compute, storage) for a job. | low |
cap.cost.generate-report | capability | Generate a cost usage report for a tenant, project, or time period. | low |
cap.cost.track-token-usage | capability | Record token consumption per worker call into the billing datastore. | low |
cap.credential.rotate | capability | Rotate a credential (API key, certificate, secret) and update all references. | high |
cap.data.classify | capability | Classify data by sensitivity label (e.g., public, internal, restricted, top-secret). | medium |
cap.data.delete | capability | Permanently delete data records in compliance with retention policies (e.g., GDPR right-to-erasure). | high |
cap.data.redact | capability | Redact sensitive fields (PII, PCI, PHI) from data artifacts before downstream processing. | high |
cap.data.route.by-sensitivity | capability | Route data to appropriate storage or processing tier based on sensitivity classification. | high |
cap.db.backfill | capability | Backfill existing records with new computed fields using throttled, resumable batch processing. | high |
cap.db.migrate | capability | Apply a versioned schema migration with dry-run, canary, and rollback support. | critical |
cap.db.read | capability | Read data from a database within scope and tenant isolation boundaries. | low |
cap.db.reconcile | capability | Compare source-of-truth against derived projections and repair inconsistencies. | high |
cap.db.write | capability | Write or update data in a database with transaction and audit guarantees. | medium |
cap.deploy.canary-shift | capability | Shift a percentage of traffic to a new worker version for canary evaluation. | high |
cap.deploy.drain-worker | capability | Gracefully drain in-flight work from a worker before shutdown or version change. | medium |
cap.deploy.feature-flag | capability | Enable or disable a feature flag to control worker behavior without redeployment. | medium |
cap.deploy.promote-canary | capability | Promote a validated canary version to receive 100% of production traffic. | high |
cap.deploy.rollback | capability | Roll back a worker to the previous stable version immediately. | high |
cap.dlq.inspect | capability | Read and classify messages in the dead letter queue for triage. | low |
cap.dlq.purge | capability | Permanently discard messages from the dead letter queue after review. | medium |
cap.dlq.replay | capability | Re-enqueue a dead letter message for re-processing with replay controls. | medium |
cap.doc.classify | capability | Classify a document by type, sensitivity, and routing category. | medium |
cap.doc.hash-artifact | capability | Compute and record the cryptographic hash of a document artifact for integrity verification. | medium |
cap.doc.ingest | capability | Ingest a document artifact into the pipeline, validate format, and register provenance. | medium |
cap.doc.ocr | capability | Extract text and layout from a document using optical character recognition. | medium |
cap.doc.redact | capability | Apply PII/PHI/PCI redactions to a document using rule or ML-based detection. | high |
cap.doc.sign | capability | Apply a cryptographic digital signature to a document artifact using an isolated key. | critical |
cap.doc.stamp | capability | Apply a visible or invisible processing stamp (watermark, classification label) to a document. | medium |
cap.edge.device-attest | capability | Attest the integrity and identity of an edge device using TPM or hardware root of trust. | high |
cap.edge.local-inference | capability | Run ML inference locally on the edge device without cloud connectivity. | medium |
cap.edge.local-store | capability | Write data to local edge storage with TTL, size limits, and sync markers. | medium |
cap.edge.sync | capability | Sync local edge events and artifacts to cloud with conflict resolution. | medium |
cap.edge.update-agent | capability | Apply a signed software update to an edge agent in a ring-based rollout. | critical |
cap.exec.container | capability | Execute artifact within a container boundary with restricted privileges. | medium |
cap.exec.vm | capability | Execute artifact within a VM boundary (stronger isolation than containers). | medium |
cap.fed.accept-external-identity | capability | Accept and validate an identity token from a trusted external organization. | high |
cap.fed.enforce-data-contract | capability | Validate inbound/outbound data against the partner data contract before processing. | high |
cap.fed.exchange-tokens | capability | Exchange a partner token for a scoped local token via federation handshake. | high |
cap.fed.isolate-guest-workers | capability | Run partner/guest workers in isolated execution pools with default-deny capabilities. | high |
cap.fs.readonly | capability | Execution environment filesystem is read-only except for mounted workspace. | low |
cap.fs.workspace.write | capability | Write and modify files only within the mounted workspace boundary. | medium |
cap.idempotency.atomic-write | capability | Write a value atomically using check-and-set semantics tied to an idempotency key. | medium |
cap.idempotency.check-key | capability | Check whether an idempotency key has been seen and return cached result if present. | low |
cap.idempotency.expire-key | capability | Force-expire an idempotency key before its TTL for maintenance purposes. | low |
cap.idempotency.register-key | capability | Register a new idempotency key and bind it to the current execution result. | low |
cap.identity.workload | capability | Assert a cryptographic workload identity bound to the execution context. | high |
cap.inbox.dedup | capability | Deduplicate incoming messages using idempotency keys before processing. | low |
cap.int.api.call | capability | Call a third-party API with backoff, circuit breakers, and rate limiting. | medium |
cap.int.contract.validate | capability | Validate a data payload against a versioned data contract schema. | medium |
cap.int.replay-webhook | capability | Replay a previously received webhook event for recovery or re-processing. | medium |
cap.int.rotate-credentials | capability | Rotate API keys, OAuth tokens, or other credentials for a third-party integration. | high |
cap.int.webhook.verify | capability | Verify the signature and authenticity of an inbound webhook before processing. | medium |
cap.ledger.write | capability | Append an immutable entry to the audit ledger. | high |
cap.mem.delete | capability | Delete one or more memory artifacts; emit deletion audit record. | high |
cap.mem.embed | capability | Convert text to a vector embedding using a configured embedding model. | low |
cap.mem.read | capability | Retrieve a memory artifact by key or query within scope and access controls. | low |
cap.mem.retrieve.rag | capability | Retrieve relevant memory chunks via hybrid vector + keyword search for RAG pipelines. | low |
cap.mem.summarize | capability | Summarize a long context window to a bounded token representation preserving provenance. | low |
cap.mem.write | capability | Store a memory artifact (embedding, document, structured record) under a scoped key. | medium |
cap.model.drift.detect | capability | Detect statistical drift in model output quality, safety, or cost over time. | medium |
cap.model.eval.run | capability | Execute an evaluation suite against a model, prompt, or tool version and publish scores. | medium |
cap.model.prompt-injection-test | capability | Run prompt injection attack vectors against a model to validate safety guardrails. | medium |
cap.model.prompts.update | capability | Update versioned prompt templates after safety eval and approval gate. | high |
cap.model.tools.update | capability | Update versioned tool definitions (function specs, schemas) after QA gate. | high |
cap.mount.workspace | capability | Mount a dedicated workspace directory into the execution environment. | medium |
cap.net.egress.allowlisted | capability | Outbound network access limited to allowlisted destinations via controlled proxy. | high |
cap.net.egress.denied | capability | Outbound network access disabled (default deny). | low |
cap.notify.manage-suppression | capability | Add, remove, or query suppression list entries (unsubscribes, bounces, complaints). | medium |
cap.notify.send-email | capability | Send a transactional or notification email via configured email provider. | medium |
cap.notify.send-push | capability | Send a push notification to a mobile/web device via push provider. | low |
cap.notify.send-sms | capability | Send an SMS notification via configured telephony provider. | medium |
cap.ops.approve | capability | Collect and record a human approval decision for a proposed change or action. | high |
cap.ops.break-glass | capability | Invoke emergency break-glass access with mandatory audit logging and time-limited elevation. | critical |
cap.ops.execute-runbook | capability | Execute a named operational runbook with step-level audit and rollback checkpoints. | high |
cap.ops.postmortem | capability | Generate a structured postmortem report from incident timeline and evidence. | low |
cap.os.compose-workflow | capability | Compose multi-worker workflows with policy gates, cost controls, and provenance. | high |
cap.os.emergency-controls | capability | Activate global or per-worker kill switches for emergency shutdown or quarantine. | critical |
cap.os.enforce-policies | capability | Enforce workforce-wide policies (budget, data label, QoS, privileges) at every routing step. | critical |
cap.os.govern-worker-lifecycle | capability | Manage worker enrollment, suspension, retirement, and version transitions. | high |
cap.os.memory-and-context-service | capability | Provide memory and context services to workers (scoped retrieval, embedding, summarization). | medium |
cap.os.observe-end-to-end | capability | Collect end-to-end telemetry with correlation_id across all workers in a request. | medium |
cap.os.register-worker | capability | Enroll a worker into the workforce registry with validated controls and provenance. | high |
cap.os.route-task | capability | Route a task to the appropriate worker using deterministic routing rules. | high |
cap.outbox.publish | capability | Publish a message via transactional outbox pattern ensuring at-least-once delivery. | medium |
cap.policy.canary | capability | Activate a new policy version for a canary percentage of traffic before full rollout. | high |
cap.policy.evaluate | capability | Evaluate an action against loaded policy rules and return allow/deny with rationale. | high |
cap.policy.update | capability | Publish a new versioned policy to the policy engine for enforcement. | high |
cap.projection.rebuild | capability | Rebuild a read-model projection by replaying events from source stream. | medium |
cap.prov.generate-provenance-chain | capability | Assemble complete provenance chain: source → build → scan → SBOM → signatures. | high |
cap.prov.issue-attestation | capability | Issue a signed attestation statement (e.g., SLSA provenance, SBOM attestation). | critical |
cap.prov.sign-artifact | capability | Apply a cryptographic signature to a build or data artifact using a managed key. | critical |
cap.prov.verify-attestation | capability | Verify a signed attestation statement before trusting an artifact. | high |
cap.prov.verify-signature | capability | Verify the cryptographic signature of an artifact against known public keys. | high |
cap.repair.compensate-transaction | capability | Execute a compensating transaction to undo a previously committed action. | high |
cap.repair.reconcile-state | capability | Detect and repair inconsistent state by comparing source-of-truth with derived state. | high |
cap.scan.dast | capability | Run dynamic application security testing against a live endpoint. | high |
cap.scan.deps | capability | Scan project dependencies for known CVEs and risky licenses. | medium |
cap.scan.sast | capability | Run static application security testing scan on source code or compiled artifacts. | medium |
cap.scan.sbom.generate | capability | Generate a Software Bill of Materials (SBOM) in SPDX or CycloneDX format. | low |
cap.sched.preempt | capability | Preempt a lower-priority job to make capacity available for a higher-priority one. | medium |
cap.sched.rate-limit-tenant | capability | Apply per-tenant rate limiting to prevent one tenant from starving shared resources. | medium |
cap.sched.reserve-capacity | capability | Reserve compute capacity for a tenant or workload class ahead of scheduled execution. | medium |
cap.sched.set-priority | capability | Assign or update the scheduling priority of a job in the dispatch queue. | medium |
cap.secrets.read | capability | Read secrets from a secrets vault scoped to the workload identity. | high |
cap.side-effect.write-external | capability | Perform a write to an external system (database, API, filesystem) as a declared side effect. | high |
cap.stream.consume | capability | Consume messages from a streaming topic with configurable delivery semantics (at-least-once, exac… | medium |
cap.stream.produce | capability | Publish messages to a streaming topic with idempotency and ordering guarantees. | medium |
cap.stream.replay | capability | Replay a stream from a specified offset or timestamp for reprocessing or recovery. | high |
cap.token.mint.shortlived | capability | Mint a short-lived access token (TTL <= 1 hour) scoped to specific resources. | high |
cap.ui.capture-feedback | capability | Collect structured feedback (thumbs, ratings, corrections) from a human user. | low |
cap.ui.escalate-to-human | capability | Interrupt automated processing and escalate to a human operator with full context. | medium |
cap.ui.form.collect | capability | Present a structured form to a human user and collect validated input. | low |
cap.ui.review.queue | capability | Route a task or decision to a human review queue with explainability bundles. | medium |
cap.ui.show-diff | capability | Display a structured diff of proposed changes to a human reviewer. | low |
cap.verify.artifact-integrity | capability | Verify cryptographic digest and/or signature of a build artifact before execution. | high |
cap.wf.checkpoint | capability | Persist workflow execution state at a checkpoint for durable resumption. | medium |
cap.wf.compensate | capability | Execute compensation steps to undo committed actions in a failed saga. | high |
cap.wf.define-dag | capability | Define a directed acyclic graph of workflow steps with dependencies and data flows. | medium |
cap.wf.fanout-fanin | capability | Parallelize workflow steps across multiple workers and aggregate results. | medium |
cap.wf.replay-deterministic | capability | Replay a workflow from a checkpoint with deterministic step execution for recovery. | medium |
ctrl.blast-radius-scoring | control | Compute blast score (0-100) from env, data_label, QoS, and request hints; gate actions with score… | |
ctrl.cost.monthly-token-budget | control | Policy control: maximum token spend per tenant per calendar month before hard cap triggers. | |
ctrl.deploy.canary-error-threshold | control | Policy control: maximum allowable error rate (%) for a canary before automatic rollback triggers. | |
ctrl.dlq.max-replay-attempts | control | Policy control: maximum number of times a DLQ message may be replayed before permanent discard. | |
ctrl.idempotency.key-ttl-seconds | control | Policy control: time-to-live in seconds for idempotency keys in the dedup store. | |
ctrl.obs.audit-log-append-only | control | Audit entries must be written to an append-only log; modifications forbidden. | |
ctrl.obs.flight-recorder-bundle | control | Collect and retain full flight recorder bundle (all events, tool calls, inputs/outputs) for foren… | |
ctrl.obs.metrics-core | control | Workers must emit core metrics (latency, error rate, throughput). | |
ctrl.obs.run-metadata-store | control | Store run metadata (inputs, outputs, timing, worker version) per execution. | |
ctrl.obs.slo-alerting | control | Alert when SLO thresholds are breached (error budget, latency p99). | |
ctrl.obs.structured-logging | control | All worker output must use structured (JSON) logging with correlation_id and tenant_id. | |
ctrl.obs.tracing-distributed | control | Workers must emit distributed trace spans with correlation_id propagation. | |
ctrl.os.budget-and-cost-enforcement | control | Enforce per-agent, per-tenant cost caps and budgets. | |
ctrl.os.end-to-end-correlation | control | Propagate correlation_id across every worker call, tool call, and telemetry event. | |
ctrl.os.global-kill-switches | control | Global and per-worker kill switches for emergency shutdown. | |
ctrl.os.policy-gate-every-step | control | Apply policy gate at every routing step, not just pre-run. | |
ctrl.os.provenance-requirements | control | Require signed provenance for all production worker executions. | |
ctrl.os.routing-rules | control | Enforce deterministic, versioned routing rules (first-match-wins). | |
ctrl.os.worker-registry | control | Maintain an enrolled worker registry; deny execution for unregistered workers. | |
ctrl.pol.audit-policy-decisions | control | Log every policy allow/deny decision to the append-only audit ledger. | |
ctrl.pol.default-deny | control | Deny any capability not explicitly allowed by policy. | |
ctrl.pol.policy-engine-runtime | control | Policy engine must be running and reachable before any guarded action executes. | |
ctrl.pol.policy-versioning | control | Policies must be versioned artifacts; unversioned policies cannot be enforced. | |
ctrl.privilege-envelopes-required | control | Workers must declare a privilege envelope (secrets, egress, writes, tools) before execution. | |
ctrl.sandbox.flight-recorder | control | Record all tool calls and file activity for audit purposes. | |
ctrl.sandbox.no-egress-default-deny | control | Disable all outbound network by default; egress requires explicit allowlist. | |
ctrl.sandbox.no-privileged-containers | control | Container execution must not use privileged mode. | |
ctrl.sandbox.path-allowlists | control | Deny access to sensitive filesystem paths not in the allowlist. | |
ctrl.sandbox.readonly-rootfs | control | Root filesystem is read-only; only workspace mount is writable. | |
ctrl.sandbox.resource-limits-strict | control | Enforce CPU, RAM, and time limits on worker execution. | |
ctrl.sandbox.secrets-denied-by-default | control | No secrets injected into workers unless explicitly granted. | |
ctrl.sandbox.syscall-filtering | control | Apply seccomp/AppArmor profiles to restrict permitted system calls. | |
ctrl.sandbox.workspace-mounts-only | control | Only workspace path may be mounted; all other mounts denied. | |
pol.default-deny | policy | Policy engine must default-deny all capability requests not covered by explicit policy. | |
pol.egress-allowlist-policy | policy | In prod/edge with RESTRICTED data, any egress destinations must be explicitly allowlisted. | |
pol.replay-safety-policy | policy | Nondeterministic workers require checkpoints and approvals before replay. | |
pol.sandbox.default-deny | policy | All workers must operate in sandbox default-deny posture unless explicitly exempted. | |
prof.chaos.canary-scoped | profile | Chaos experiments scoped strictly to canary traffic with SLO guardrails. | |
prof.db.migration-safe | profile | Safe migration posture: dry-run first, canary rollout, full audit, rollback checkpoint. | |
prof.db.reconciliation-strict | profile | Strict reconciliation posture: continuous drift detection, repair-on-detect, full audit. | |
prof.doc.restricted-redaction | profile | Process documents with restricted data requiring redaction before sharing. | |
prof.doc.signed-highrisk | profile | Process high-risk documents with mandatory signing, audit, and isolation. | |
prof.doc.untrusted-sandboxed | profile | Process untrusted/external documents in strict sandboxed environment. | |
prof.edge.offline-strict | profile | Strict offline-capable edge posture: local store, device attestation, no cloud dependency. | |
prof.edge.update-rings | profile | Ring-based update posture: signed updates, ring rollout, integrity verification, audit trail. | |
prof.fed.guest-isolated | profile | Guest workload isolation posture: sandboxed execution, no egress, workspace-only access. | |
prof.fed.partner-strict | profile | Strict federation posture: validated identity, scoped tokens, data contract enforcement, full audit. | |
prof.int.resilient-adapter | profile | Resilient API adapter posture: circuit breakers, backoff, rate limits, metrics. | |
prof.int.webhook-strict | profile | Strict webhook posture: signature verification, contract validation, replay idempotency. | |
prof.mem.budgeted-summaries | profile | Cost-conscious memory posture: summarization-first, token budget enforcement. | |
prof.mem.privacy-conservative | profile | Privacy-conservative memory posture: minimal retention, aggressive TTLs, deletion audit. | |
prof.mem.rag-strict-scoped | profile | Strict RAG posture: scoped retrieval, token budget enforcement, no cross-tenant leakage. | |
prof.model.drift-strict | profile | Strict drift monitoring posture: continuous SLO-based alerting and automated remediation triggers. | |
prof.model.release-gated | profile | Release gate posture: mandatory eval, safety tests, and approval before model/prompt/tool promotion. | |
prof.notify.compliance-strict | profile | Strict notification posture for regulated channels: audit, suppression, and consent enforcement. | |
prof.notify.standard | profile | Standard notification posture with deliverability logging and suppression checks. | |
prof.ops.approval-strict | profile | Strict change control posture: mandatory human approval, two-person rule, full audit trail. | |
prof.ops.incident-mode | profile | Incident response posture: flight recorder, kill switches, runbook execution, break-glass controls. | |
prof.os.incident-mode | profile | Incident mode workforce OS posture: kill switches active, forensic logging, restricted routing. | |
prof.os.production-control-plane | profile | Production workforce OS posture: registry, routing, policy gates, cost enforcement, provenance. | |
prof.pol.default-deny-strict | profile | Strict policy posture: default-deny everything, versioned policies, full audit trail. | |
prof.prov.prod-strict | profile | Strict production provenance posture: mandatory signing, attestation, and full provenance chain. | |
prof.sandbox.allowlisted-egress | profile | Sandbox posture allowing egress only to explicitly allowlisted destinations. | |
prof.sandbox.no-egress | profile | No-egress sandbox posture: all outbound network disabled, workspace-only writes. | |
prof.sandbox.vm-strict | profile | VM-isolated strict sandbox posture: full VM isolation, no privileged access. | |
prof.sched.critical-protected | profile | Protected scheduling posture for critical workloads: reserved capacity, preemption rights, SLO al… | |
prof.sec.artifact-strict | profile | Strict artifact security posture: mandatory signature verification and full audit trail before ex… | |
prof.sec.ci-gated | profile | CI pipeline security posture: SAST, dependency scan, and SBOM on every build. | |
prof.ui.review-strict | profile | Strict review queue posture: mandatory human review for all high-stakes decisions, SLA tracking. | |
prof.wf.durable-saga | profile | Durable saga posture: checkpoints, compensations, exactly-once semantics, distributed tracing. | |
wrk.chaos.injector | worker_species | Apply controlled fault injection per experiment plans and guardrails. | high |
wrk.chaos.observer | worker_species | Collect metrics during experiments; generate reports vs SLO criteria. | medium |
wrk.cost.budget-enforcer | worker_species | Policy gate worker that intercepts dispatches and denies jobs when cost budgets would be exceeded. | medium |
wrk.cost.usage-aggregator | worker_species | Collects token/compute usage events from workers and aggregates into the billing data store. | low |
wrk.db.migration.worker | worker_species | Schema migrations/backfills with canary, throttling, and checkpoints. | critical |
wrk.db.reconciler | worker_species | Compare source-of-truth vs derived projections; repair drift with audit. | medium |
wrk.deploy.canary-controller | worker_species | Manages canary deployments — traffic splitting, health evaluation, auto-promote or auto-rollback. | high |
wrk.deploy.rollback-guard | worker_species | Monitors error rates and latency for new worker versions and triggers automatic rollback on thres… | high |
wrk.dlq.janitor | worker_species | Periodic worker that inspects, classifies, and routes DLQ messages — retry, escalate, or purge. | medium |
wrk.doc.ocr.worker | worker_species | Run OCR and return text and layout with confidence metrics. | medium |
wrk.doc.pipeline.orchestrator | worker_species | Orchestrate multi-step document pipeline with resumability and audit. | high |
wrk.doc.redaction.worker | worker_species | Apply redactions using templates/rules; emit redaction report. | high |
wrk.doc.signing.worker | worker_species | Apply digital signatures using isolated keys; verify signatures. | critical |
wrk.edge.local-inference.worker | worker_species | Run local inference under constrained compute with strict sandboxing. | medium |
wrk.edge.sync.agent | worker_species | Sync local events/artifacts to cloud with conflict resolution and bandwidth budgets. | medium |
wrk.edge.update.manager | worker_species | Apply signed updates in rings; verify integrity; rollback on failures. | critical |
wrk.fed.gateway | worker_species | Front-door for partner integrations; validate identity; issue scoped tokens. | high |
wrk.fed.guest-pool.worker | worker_species | Execute partner workloads in isolated pools with default-deny capabilities. | high |
wrk.idempotency.dedup-sweeper | worker_species | Periodic worker that removes expired idempotency keys from the store to control storage growth. | low |
wrk.idempotency.guard | worker_species | Middleware worker that intercepts job submissions, checks/registers idempotency keys, and short-c… | low |
wrk.int.api-adapter | worker_species | Call external APIs with backoff, circuit breakers, rate limits, and idempotency. | medium |
wrk.int.webhook-ingest | worker_species | Ingest external webhooks; verify signatures; validate contracts; enqueue. | medium |
wrk.mem.curator | worker_species | Decide what gets stored; apply redaction, TTL, provenance; prevent poisoning. | high |
wrk.mem.retriever | worker_species | Retrieve memory/document chunks under scope filters and token budgets. | low |
wrk.mem.summarizer | worker_species | Summarize long context to bounded tokens preserving provenance. | low |
wrk.model.drift.monitor | worker_species | Monitor production for drift in quality/safety/cost; trigger alerts. | medium |
wrk.model.eval.runner | worker_species | Run eval suites against model/prompt/tool versions; publish scores. | medium |
wrk.model.prompt-qa.gate | worker_species | Gate prompt/tool changes via safety evals, approvals, and canary rollout. | high |
wrk.notify.delivery.worker | worker_species | Send email/SMS/push with deliverability controls and idempotency. | medium |
wrk.notify.webhook.ingest | worker_species | Ingest provider webhooks (bounces/complaints), update suppression. | medium |
wrk.ops.approval.coordinator | worker_species | Route approval requests; enforce two-person rule; track decisions. | high |
wrk.ops.oncall.supervisor | worker_species | Coordinate incident response; enforce kill switches and runbooks. | critical |
wrk.os.incident-commander | worker_species | Coordinate incident mode: kill switches, quarantine, runbooks, evidence bundles. | critical |
wrk.os.registry-manager | worker_species | Maintain worker registry; enroll/retire; validate controls and provenance. | high |
wrk.os.workforce-router | worker_species | Route, compose, and govern across all workers; enforce policies, budgets, QoS, and provenance. | critical |
wrk.pol.policy-gate | worker_species | Evaluate actions against policy; emit allow/deny decisions and audit trail. | high |
wrk.prov.provenance-assembler | worker_species | Assemble provenance chain (source, build, scan, SBOM, signatures). | high |
wrk.prov.signer | worker_species | Sign build artifacts; emit signature and provenance metadata. | critical |
wrk.prov.verifier | worker_species | Verify signatures and attestations; enforce fail-closed semantics. | high |
wrk.repair.state-reconciler | worker_species | Scans entity state periodically, detects drift from authoritative source, and triggers repair. | medium |
wrk.sched.dispatcher | worker_species | Select from priority queues, enforce fairness/QoS, dispatch to pools. | medium |
wrk.sec.artifact.verifier | worker_species | Verify artifact digests/signatures before execution. | high |
wrk.sec.deps.scanner | worker_species | Scan dependencies for CVEs and risky licenses; generate SBOM. | medium |
wrk.sec.sast.scanner | worker_species | Run static code scans; normalize findings; gate build. | medium |
wrk.ui.feedback-collector | worker_species | Collect structured human feedback tied to outcomes. | low |
wrk.ui.review-router | worker_species | Route tasks to review queues with explainability bundles and SLAs. | medium |
wrk.wf.orchestrator | worker_species | Execute durable workflows: schedule steps, checkpoint, retry, compensate. | high |
wrk.wf.step.executor | worker_species | Execute a single workflow step under idempotency keys. | medium |