The delegation workstation for autonomous coding

Delegate real coding work.
Review evidence.

GlyphSpek is a VS Code-compatible workstation for teams that want agents to do more than chat without turning developers into full-time supervisors. Low-authority work stays fast. Real actions are brokered, sandboxed, policy-controlled, traced, and checked by an evidence-first verifier.

See the trust model What other IDEs miss
Less supervision burdenSummaries surface what changed, what was blocked, and what proved clean.
Use preferred CLIsCodex and Claude Code run as supervised actors, not ambient terminals.
No magic verifier claimsActor self-reports stay separate from deterministic checks and signed evidence.
GlyphSpekpayments-api
Claude
Ask Inline Governed Sensitive Sovereign
egress: deny verifier: pass
redirect.ts
verifier.log
Governed Chat
payments-api / auth / redirect.ts / resolveRedirect
1
2
3
4
5
6
7
8
9
10
import { parseReturnTo } from "./url";
import { isSameOrigin } from "./origin";
// Agent edit is amber until the verifier signs.
const target = parseReturnTo(req.query.returnTo);
if (!target || !isSameOrigin(target, req.host)) {
return "/dashboard";
}
return target;
}
Ask does not grant authority Reason about code quickly. Promote only when the agent needs files, commands, network, secrets, CI/CD, or deploy-impacting authority.
PROBLEMSOUTPUTBROKER TRACEVERIFIER
ALLOW command npm test
ASK write auth/redirect.ts
DENY read .env from tool output
TRACE root 7f9c...a21d
PASS tests rerun clean
PASS signature valid
OBSERVED CLI chat
EXPORT evidence bundle
authority: governed runsandboxed worktree42 traced events
policy: .glyphspek/policy.yml
Bounded autonomy model

Two questions keep autonomy useful: authority and assurance.

GlyphSpek separates what an agent is allowed to do from how strongly its result has been verified. Low-authority questions stay fast. Work that touches files, commands, network, secrets, CI/CD, infrastructure, or deploy paths moves into governed execution.

Authority

Friction follows authority

Ask and explanation stay light. Governed runs add policy, sandboxing, trace, and approval prompts only when the agent gains power to act.

Assurance

Evidence replaces assertion

Actor claims are useful context, but they are not proof. The Trust Panel separates self-reported results from reproducible checks and signed verdicts.

CLI

Preferred tools stay usable

Claude Code and Codex can remain part of the workflow while GlyphSpek labels the assurance level and routes real work through the host trust path.

How GlyphSpek clears the execution bar

Less supervision burden, not more prompts.

The hard part is not adding another permission dialog. The hard part is letting agents finish useful work while the workstation captures enough evidence for a developer, security reviewer, or CIO to accept the result with confidence.

Flow

Approval noise is treated as product failure.

GlyphSpek keeps questions, explanations, and read-only review lightweight. It asks for attention when authority increases: file mutation, network, secrets, destructive commands, migrations, infra, CI/CD, policy edits, or deploy-impacting work.

Fast laneAsk, summarize, explain, inspect, and propose without execution authority.
Governed laneAct in an isolated worktree with policy decisions, trace, and verifier-ready evidence.
Sensitive laneRequire explicit human approval for actions that can damage code, data, infra, or trust policy.
Verifier

Evidence-first, not omniscient.

The verifier is not marketed as a magic codebase judge. It checks concrete evidence: policy path, command transcript, test replay, diff, trace root, signature, skipped checks, and reproducible results.

Policy

Start from presets.

Teams should not hand-author granular YAML on day one. GlyphSpek starts with repo profiles, then lets platform and security teams refine what agents may read, write, execute, contact, and verify.

Frontend Backend API Regulated repo
What other IDEs do not make central

The product is the governed work unit, not another chat sidebar.

Many AI IDEs now ship permissions, hooks, sandboxing, and audit features. GlyphSpek's differentiation is the full delegation loop: bounded authority, useful evidence capture, independent verification, and a review surface that reduces transcript-reading.

Question
Typical AI IDE
GlyphSpek
What is the unit of work?
Chat session, edit, terminal command, or PR.
A governed run with actor, policy, runtime posture, trace, verifier, and exportable evidence.
Can the user tell what authority the agent has?
Often hidden in settings or prompts.
Authority Ladder and halo make current power visible at all times.
Who grades the agent's result?
The agent often summarizes its own outcome.
A separate verifier reruns declared checks, records skipped scope, and signs a verdict bound to the trace root.
Does safety create review noise?
Often yes: prompts, transcripts, and tool logs pile up.
The Trust Panel summarizes risk boundaries first, with the raw trace available as audit evidence.
What about Claude Code and Codex subscriptions?
Usually treated as raw terminal or API-backed product usage.
Supervised actor adapters with honest labels: low-authority Ask, boundary-observed context, or verifier-backed governed runs.
Remote management for governed work

The iOS app is a control plane, not a remote shell.

GlyphSpek Remote lets a developer or reviewer inspect host-side runs, approve policy asks, send Ask or Act intents to supervised actors, and accept or reject agent patches without moving execution authority onto the phone.

Review from anywhereSee host status, verifier state, policy decisions, trace events, and pending approvals while the workstation or self-hosted runtime keeps execution authority.
Signed mobile decisionsApprove, deny, cancel, start, and diff-review actions are explicit, device-authorized, and designed to become trace events.
No raw shell on the phoneAsk stays low-friction. Act sends governed instructions to the host supervisor, where policy, sandboxing, trace, and verifier controls still apply.
9:41Remote
GlyphSpek
Remote Trust Panel
Control governed runs without opening a raw shell.
GlyphSpek Mac
Local gateway / paired
Ready
Fix login redirect
run r-8f3c / Claude
Ask
4files changed
1needs approval
Trace Stream
command allowed
npm test / 31s
approval requested
write auth/redirect.ts
egress denied
registry access blocked
Dashboard view: host state, approvals, governed runs, and trace stream.
9:41Code
Code
AI coding remote
Ask questions or send governed work to the host actor.
Ask
Act
Questions, summaries, and review do not create execution authority.
Route instruction to
Codex
Claude
Native
Review the current diff for security and architecture risk.
No shell authority granted. The redirect patch touches auth flow and needs verifier rerun before acceptance.
Ask about the run...
Code view: Ask stays low-authority; Act becomes a signed governed instruction.
9:41Changes
Changes
Review agent patches
Inspect files, risk, and patch excerpts before sending a signed decision.
Fix login redirect regression
run r-8f3c / Claude
Waiting
High risk 2 files
+ if (!target || !isSameOrigin(target, req.host)) { return "/dashboard"; }
Decision
Decision binds review id, linked run id, and note digest into the signed action envelope.
Reject
Accept
Verifier rerun required
Accepted patches return to host-side verification.
Changes view: patch review and signed accept/reject decisions.
Architecture promise

A trust kernel under the IDE.

GlyphSpek wraps a clean Code-OSS distribution around a supervisor-owned trust kernel. The editor is the workstation shell; the moat is brokered execution, isolation, trace, verifier separation, and sovereignty-grade packaging.

Brokered execution

Agent-controlled file, command, model, and network actions pass through governed paths instead of ambient terminal authority.

Sandboxed worktrees

Agents act in isolated workspaces with constrained egress and explicit environment.

Policy-as-code

Teams start with policy profiles, then review what agents may read, write, execute, contact, and verify in repo policy.

Tamper-evident trace

Runs emit hash-chained evidence for prompts, commands, diffs, outputs, denials, and verifier results.

Independent verifier

The actor cannot forge the verdict. A separate trust domain signs evidence-backed checks against the trace root.

Trust Panel

Reviewers see claims, verdict, policy decisions, network activity, diffs, and trace export in one surface.

Remote approvals

Mobile and remote control can approve, deny, and inspect runs without exposing a raw shell.

Sovereign distribution

No Microsoft Marketplace dependency, no proprietary Microsoft extension bundle, and a clean Code-OSS path for regulated buyers.

Pilot-ready thesis

Bring one repo, one task you hesitate to delegate, and one skeptical reviewer.

Judge GlyphSpek by the only outcome that matters: did the agent finish useful work, did authority stay bounded, and did the evidence make review faster than reading a raw transcript?

Back to workbench