HomeDevelopersOrchestrator
ORCH

The decision engine for your AI

How much can your AI agents do on their own.
You decide.

Set autonomy levels for every agent, per team. Advise a human. Assist a human. Act with review. Act on its own. Set it once, audit every decision, change it when your risk appetite changes.

See the agent registry Read the MCP methods
Advise
AI suggests, a human acts
Draft work, legal review
Assist
AI drafts, a human signs
Customer emails, memos
Review
AI acts, a human approves
Refunds under a set cap, policy updates
Automate
AI acts, every action auditable
Ticket triage, data labeling

Plan before dispatch

Every request runs on a plan your team can read

Orchestrator resolves the applicable policy, builds a DAG of specialist calls with parallel and serial edges, and stamps a stable request id. Human owners inspect and approve the plan before anything dispatches.

plan.jsondispatch.logaudit.checkpointtrace.timeline
// Orchestrator plan for "assess hiring-copilot-v4 before promotion"
{
  "req_id": "req_9f3a2c",
  "tenant":  "acme",
  "tier":    "assist",
  "dag": [
    { step: "intake",       agent: "Policy Router",         parallel: false },
    { step: "classify",     agent: "Risk Assessor",         parallel: true  },
    { step: "pii",          agent: "PII Sentinel",           parallel: true  },
    { step: "bias",         agent: "Bias Watchdog",          parallel: true  },
    { step: "hallucination",agent: "Hallucination Auditor",  parallel: true  },
    { step: "reconcile",    agent: "Policy Router",         parallel: false },
    { step: "pack",         agent: "Evidence Packer",       parallel: false }
  ],
  "audit": { checkpoint_every: "60s", merkle: "a8f3c2e1d4…" }
}

Where your approvals actually happen

Plan. Review. Run. Record.

Every request moves through the same checkpoints. Click a step to see what your team controls there, and the latency budget attached to it.

PlanIntake + DAG
Classify, load policy, produce a human-readable DAG.

Orchestrator reads tenant, tier claim, target system. Policy router resolves the applicable Rego pack, produces a DAG of agent calls with parallel and serial edges, and stamps req_id. The plan is available at plan.get() before any agent dispatches; human owners can inspect and approve for assist-tier requests.

Latency
low p50, tight p99
Policy
Rego, hot-reload
Plan
JSON, signed, readable
Req id
issued here
DispatchRight agent, right time
Parallel where safe, serial where dependent.

Independent tasks (PII, bias, hallucination, cost, vendor) dispatch in parallel. Serial where a downstream needs an upstream finding (policy reconciliation after collect). Circuit breakers apply at the request level, not the agent level. One breaker open trips the whole request, not just the agent.

Parallel
many agents
Dispatch
sub-second
Breaker
request-level
Budget
tokens and dollar caps
CollectPublish, do not chain
Findings land on the plan; router reconciles.

Agents do not call each other. Each publishes a typed Finding to the shared plan. Policy router reads the findings once all contributors ack, applies conflict rules (deny beats allow, higher severity on ties, tier downgrade on PII escalation), and emits the resolved plan state.

Finding type
typed, signed
Conflict
deny beats allow
Tier guard
auto-downgrade
Confidence
per-finding score
AuditAppend-only, one id
Every hop writes with a stable req_id.

Gateway, orchestrator, agent, and database share one request id. Writes fsynced and replicated across availability zones before ack. Merkle checkpoint on a cadence; tampering breaks the chain. Multi-year WORM retention with offline verifiable Merkle root.

Checkpoint
Merkle
Replication
multi-zone, fsync
Retention
multi-year WORM
Verify
offline, signed

Autonomy tiers

Advise. Assist. Review. Automate.

Pick the level of autonomy you are comfortable with for each agent, on each team. The router enforces it on every request. Conflicts resolve to the lower tier, and no agent silently promotes itself.

A
Advise
The AI suggests. A human reviews and acts.
read-only, cited

Read-only. Zero direct action, no mutating tool calls, no outbound writes. Default for novel or high-risk EU AI Act Annex III contexts. Findings render with knowledge-graph citations and a confidence band.

Actions
read-only
Latency
tight p99
Citations
required
Confidence
banded
B
Assist
The AI drafts. A human edits. A human signs.
dual-control

Action waits for a human yes via webhook, console, or email. Audit entry on every approval and rejection with RFC 7807 reason. Dual-control ready for SR 11-7 model risk shops. Approver identity, timestamp, and reason capture inline.

Gate
human approval
Reject
RFC 7807
SLA
gated by human
Capture
identity + reason
C
Review
The AI acts. A human approves before the action goes live.
Rego scope, sampled

Tenant-defined Rego scope. Human review sampled at a configurable rate or exception-based when grounding drops below the floor or cost thresholds trip. Router auto-downgrades on PII class changes, payment verbs, or model deploy actions.

Scope
Rego, hot-reload
Sample
configurable
Grounding
floor enforced
Downgrade
PII, payment triggers
D
Automate
The AI acts on its own. Every action logged, recoverable, auditable.
break-glass audited

Human only on policy violation, breaker open, or explicit break-glass. Break-glass captures identity, reason, and the downstream action that ran. Retained in WORM with offline-verifiable Merkle checkpoint. Default tier for idempotent, policy-bounded sweeps.

Intervention
policy-break only
Break-glass
identity + reason
Retention
multi-year WORM
Verify
Merkle offline

RACI at a glance

Who owns what, when

Role by phase

Plan
Review
Run
Record
Orchestrator
R
R
C
R
Guardian Agents
C
R
R
C
Policy Router
A
C
A
C
Human owner
I
I
A
A

What your auditor asks about first

Why one conductor beats agents calling each other

Mesh of agents
Looks flexible, fails audits
  • Hard to enforce autonomy tiers uniformly
  • Policy conflicts resolved ad-hoc
  • Audit trail splinters across agent logs
  • No single plan a human can reason about
  • Breakers apply per-agent, not per-request
Orchestrator
One router. One plan. One audit.
  • Tiers enforced at the router, not per agent
  • Policy router reconciles conflicts before action
  • One trace per request, threaded everywhere
  • Plans are human-readable and reviewable
  • Breakers and budgets applied at the request level