Vasuki · Autonomy Control Plane

Bounded autonomy for a living website.

The goal is not a reckless self-running site. The goal is a site that observes, routes, drafts, verifies, and asks approval before anything risky happens.

Read API Plan Decision Evaluation Loop Runbook State Heartbeat Self-check

State console

What Vasuki should do next

A future agent should read the state snapshot before it continues, waits for approval, or refuses a request.

Public read

ready-to-continue

Answer from public site data, then verify.

Inspect state

Owner approval

waiting-owner-approval

Draft the work, attach rollback, wait for Mahesh.

Inspect state

Private data

blocked

Refuse and do not expose or request private facts.

Inspect state

Future readiness

How advanced the system is allowed to become

L1complete

public identity

Human visitors and software can discover Mahesh, the site purpose, and public routes.

api/me /llms.txt /.well-known/agent.json

L2complete

routed assistant

Vasuki can route public questions into the right page, API, or reading path.

/vasuki api/task-router api/task-packet

L3current

approval-gated operator

The site can plan, decide, self-check, and prepare safe next actions without executing risky work.

api/autonomy/state api/autonomy/decision api/autonomy/action-plan api/autonomy/self-check

L4next

monitored routines

Scheduled public-read routines can run with visible heartbeat, receipts, and rollback rules.

api/autonomy/heartbeat api/autonomy/receipts api/autonomy/runbook

L5locked

owner-approved execution

Write, publish, deploy, or outbound actions stay locked until owner controls and durable receipts exist.

/admin api/admin/proposals api/autonomy/receipts

Operating loop

How every public task should move

Observe

public site state, deploy status, available APIs

Surface

Route

safe task destination and confidence

Surface

Packet

schema-shaped public task handoff

Surface

Decide

automation mode and approval boundary

Surface

Guide

human-readable answer, draft, or safe next step

Surface

Approve

owner decision before external side effects

Surface

Routine matrix

What can run, draft, or stop

automatic

Public question answering

public-read

can automate

automatic

Visitor and collaborator routing

human-guided

can automate

automatic

Witness archive discovery

public-read

can automate

draft-only

Website edits, deploys, and publishing

approval-required

approval required

blocked

Private or sensitive requests

blocked-private

approval required

Self-check

The site can inspect its own public contract

ready18/18

readiness signals passing

Open self-check JSON Open evaluation JSON

pass

public contract

pass

self check surface

pass

decision surface

pass

evaluation surface

pass

action plan surface

pass

loop surface

pass

heartbeat surface

pass

receipt contract

pass

recovery runbook

pass

state snapshot

pass

approval boundary

pass

approval proposal queue

pass

vasuki skill registry

pass

vasuki skill api

pass

private data boundary

pass

discoverability

Pulse and receipts

The site can report its pulse and receipt rules

plan

Autonomy action plan

Turn a classified request into an evidence-backed plan with approval, rollback, and verification steps before anything changes.

Open plan

loop

Autonomy loop state

Show the full observe, decide, plan, verify, and receipt loop for a request without executing external side effects.

Open loop

recover

Autonomy recovery runbook

Give Vasuki and future monitors a safe diagnose, contain, recover, verify, and receipt plan without self-deploying or touching secrets.

Open runbook

state

Autonomy state snapshot

Give Vasuki, monitors, and future agents one compact state object before they continue, wait, refuse, or ask for owner approval.

Open state

decision

Autonomy decision

Classify any public request into the safest lane: run, guide, queue for owner approval, or block.

Open decision

heartbeat

Autonomy heartbeat

Let the website emit a safe operating pulse without changing content, sending messages, or touching private data.

Open heartbeat

receipts

Approval receipt ledger

Publish the receipt shape every future approved write must leave behind: intent, evidence, approval, result, and verification.

Open receipts

Guardrails

Advanced means controlled

public only by default

owner approval before external actions

no credential collection

no private fact inference

no unsupervised purchases or messages

audit every future write

Upgrade path

How this becomes more autonomous safely

Keep monitored scheduled routines public-read only and visible through the heartbeat.
Turn the receipt contract into durable owner-visible receipts for every proposed write.
Add rollback and post-action verification before allowing any publish routine.
Keep private data, credentials, payments, login, and outbound messages outside autonomous mode.