Autonomous coding agents, inside a workstation you can verify.

GlyphSpek is a VS Code-compatible engineering workstation where agent actions are brokered, sandboxed, policy-governed, traced, and checked by an independent verifier.

See the Trust Panel What makes it different
Brokered execution Commands, files, and network requests pass through governed paths.
Trace evidence Runs produce hash-chained events for review and incident analysis.
Verifier verdict The actor agent does not grade its own work.
GlyphSpek: review run gs-run-1042
policy.ts
trace.jsonl
trust.review
glyph-spek / src / policy.ts / evaluateCommand
42
43
44
45
46
47
48
49
50
51
52
export function evaluateCommand(request) {
const source = request.provenance;
if (source === "tool-output") {
trace.policy("force-ask", request);
}
if (request.path === ".env") {
return decision("deny");
}
// verifier scope is locked from repo policy
return decision("allow");
}
PROBLEMSOUTPUTTERMINALBROKER TRACEVERIFIER
ALLOW command npm test
ASK write src/policy.ts
DENY read .env from untrusted output
ALLOW verifier clean run
TRACE root 7f9c...a21d
PASS tests rerun in clean container
PASS signature valid
REVIEW policy file changed
EXPORT bundle ready
GlyphSpek Safe RunWorktree isolatedNetwork default-deny
trace 7f9c...a21dverifier signed
Trust-first workflow

The Trust Panel replaces raw transcript archaeology.

GlyphSpek separates what the agent claims from what the workstation can prove. Reviewers see the diff, commands, test output, network requests, policy decisions, and verifier verdict in one surface.

1

Actor works in isolationThe run starts in an ephemeral worktree and sandboxed execution plane.

2

Broker records every sensitive actionFile, command, and network requests emit policy and trace events.

3

Verifier signs the resultA separate trust domain reruns checks and binds the verdict to the trace root.

Review agent run: diff, evidence, verifier verdict
policy.ts diff
verifier.log
evidence
Before
function evaluate(request) {
if (request.command) {
- return allow(request)
}
- if (request.source) return ask()
}
After
function evaluate(request) {
if (request.command) {
+ requireBrokerPath(request)
+ enforceProvenance(request)
}
+ if (request.path === ".env") deny()
}
EVIDENCE LINKSCOMMENTSEXPORT
EVENT 14 policy decision generated
EVENT 19 policy edit requires human review
EVENT 25 secret read blocked
EVENT 37 verifier test run pass
EVENT 42 verdict signed
Review mode3 changed files1 required approval
verdict signed
Agent Run Analytics

Measure delegated work from evidence, not chat volume.

GlyphSpek's trace is not only security evidence. It becomes the data layer for understanding which agent workflows completed, passed independent verification, earned human trust, or needed correction.

1

Completion is not acceptanceA run can finish, fail verification, or get rewritten by the reviewer. GlyphSpek keeps those states separate.

2

Corrections become product signalDenied approvals, interrupts, retries, and edits show where the agent needs better boundaries or better context.

3

Autonomy has a readiness scoreTeams can see which workflows are safe to automate further and which still require careful review.

Run analytics: policy-fix workflow
derived from 184 signed traces
82% runs completed
76% verifier passed
68% human accepted
21% needed correction

Workflow health

Completed
82%
Verifier passed
76%
Human accepted
68%
Corrected
21%
Approval denied
9%

Signals

PASSVerifier clean runSigned verdict matched trace root.
EDITReviewer corrected outputAccepted after policy-copy change.
DENYRisky action blockedProduction credential read rejected.
COST$0.42 accepted runCost measured after verifier pass.
What GlyphSpek does

Control surfaces built for autonomous agents.

The product thesis is trust infrastructure, not AI IDE feature parity. These are the controls that make agentic coding reviewable near sensitive code.

01

Unified broker below tools

Commands, file actions, and network requests are routed through governed paths instead of per-tool promises.

02

Sandboxed worktrees

Agents operate in isolated workspaces and containers, not directly across the developer's machine.

03

Policy-as-code

Teams review what agents may read, write, execute, contact, and verify in versioned repo policy.

04

Tamper-evident trace

Runs emit hash-chained events for prompts, commands, diffs, outputs, policy decisions, and verifier results.

05

Independent verification

The actor agent does not grade itself. A separate verifier reruns checks and signs the result.

06

Sovereign execution path

GlyphSpek is designed for local, self-hosted, auditable, and model-neutral agent workflows.

07

Agent-run analytics

Teams can measure completion, verifier pass rate, human acceptance, corrections, and cost per accepted run.

08

Claude and Codex ready

Claude Code and Codex should run as supervised actor adapters, not raw terminals with ambient authority.

Why it is different

Most AI IDEs help agents act. GlyphSpek helps teams trust the action.

This is the high-level marketing distinction. Competitive claims should stay careful: many tools have permissions or sandboxing, but GlyphSpek makes enforcement, evidence, and verification the core product.

Question
Typical AI IDE focus
GlyphSpek focus
Can the agent write code?
Autocomplete, chat, edits, terminal assistance.
Useful, but secondary to governed execution and review evidence.
Can the agent touch sensitive files?
Often managed by prompt, UI permission, or tool-level setting.
Brokered through policy with sandbox and trace events.
Can a shell bypass policy?
Terminal access can become the broadest authority in the system.
Command execution is designed as a brokered choke point.
Who verifies the result?
The agent usually summarizes what it did and what passed.
A separate verifier reruns checks and signs a verdict.
Can the run be audited?
Transcript or tool history, depending on the product.
Hash-chained trace, policy decisions, verifier result, and export controls.
Can teams improve autonomy safely?
Chat volume, session length, or generic observability signals.
Run analytics from brokered traces: completion, verifier pass, acceptance, corrections, and denied approvals.
Architecture promise

A local trust kernel for agentic development.

GlyphSpek starts extension and supervisor first. The moat is not a fork. The moat is the enforcement and verification engine that decides whether a fork is even necessary.

Agent Supervisor

Owns run lifecycle, worktree setup, sandbox startup, broker calls, trace emission, and review object creation.

Policy Engine

Evaluates file, command, network, verifier-scope, and future MCP requests against repo and org policy.

Sandbox Runtime

Runs each agent task inside an isolated container with synthetic home, explicit environment, and constrained egress.

Trace Store

Records append-only, hash-chained evidence with redaction before denied secret content can become an export leak.

Independent Verifier

Runs outside the actor trust domain, uses repo policy for checks, and signs the verdict against the trace root.

Trust Panel

Shows actor claims, verifier verdicts, diffs, commands, network activity, policy decisions, and trace export.

CLI Actor Adapters

Supervises Claude Code, Codex, and future agents through the same brokered execution boundary.

Agent Run Analytics

Aggregates trustworthy run evidence into workflow health, acceptance, correction, cost, and autonomy-readiness signals.

Policy engine: current run capability map
capability map
egress
verifier scope

Requests

Run commandnpm test from trusted user goal
Read file.env from tool-output context
NetworkDNS lookup for unknown host
Modify policy.glyphspek/policy.yml

Broker Flow

Agent Supervisor
normalizes tool calls and provenance labels
Policy Engine
allow / deny / ask / force-review
Trace Store
hash-chained evidence written before review

Decisions

ALLOWnpm test in isolated worktree
DENY.env cannot be read from untrusted content
BLOCKnetwork egress has no allowlisted target
REVIEWpolicy change needs human approval
TRACE INTEGRITYEXPORTKEYS
ROOT 7f9c0fb...a21d
CHAIN 42 events intact
SIGN verifier key unavailable to actor
REDACT denied secret content excluded
Policy engine activeDefault-deny egressContext firewall enforced
clean Code-OSS path
Pilot-ready thesis

Bring one repo, one bounded task, and one skeptical reviewer.

GlyphSpek should be judged like infrastructure: did it constrain the agent, preserve evidence, verify the result, and make review easier than reading a raw transcript?

Back to workstation