Run execution controls
Directed-graph workflows support retries, checkpoint capture, replay, and explicit run states (running, waiting approval, failed, cancelled, completed).
SyndicateClaw product platform
SyndicateClaw is a self-hosted execution system for policy-gated workflows. Operators run it in their own environment with PostgreSQL and Redis, and use it to enforce decision logging, approval controls, and replayable execution records.
Scope note: current deployment assumptions are single-domain environments (one trust boundary). Multi-tenant isolation is not provided.
Policy & approvals
Tool execution is policy-gated with fail-closed defaults. Approval gates support authority-based assignee resolution and self-approval prevention.
Audit evidence
Append-only audit events, mandatory decision records for tool execution, and evidence export. Integrity signing is configurable.
Inference & tools
Provider routing and catalog controls are available for inference. Tools are explicitly registered and executed through policy and sandbox checks.
Agent mesh
Agent registration and messaging APIs support direct and topic routing with workflow integration points.
Operations and observability
Prometheus metrics, OpenTelemetry integration, and documented failure behavior support operator observability and incident analysis.
What the platform includes
- Workflow and run APIs with versioning and HMAC-signed checkpoints
- Tool framework with mandatory decision ledger and SSRF protection
- API-first runtime with documented endpoints and OpenAPI
- Memory service with namespaces, lineage, and schema validation
- Inference layer with provider catalog, routing, and idempotency
- Agent registry, messaging, and workflow coordination
- Schedules for cron, interval, and one-time triggers
- JWT (EdDSA) and API key lifecycle with hashing and revocation
- Prometheus metrics and OpenTelemetry tracing
Frequently asked questions
How does policy enforcement work in SyndicateClaw?
Policy decisions are evaluated in the execution path so blocked actions fail closed before they reach sensitive systems. Every evaluation is recorded in a mandatory decision ledger.
Can approvals be required for selected actions?
SyndicateClaw supports approval gates for sensitive operations, ensuring human authorization before execution continues, with authority resolution that excludes the requester.
Does SyndicateClaw support multiple model providers?
Yes. SyndicateClaw includes provider routing, catalog controls, and idempotency so teams can enforce approved model usage across workflows.
What is included in the evidence chain?
The evidence chain includes HMAC-signed checkpoints, Ed25519-signed audit events, mandatory tool decision records, and content-hashed input snapshots.
Can workflows run on a schedule?
Yes. Schedules support cron expressions, interval durations, and one-time runs, with distributed locking to ensure high-availability without duplication.