Autonomous coding agents, inside a workstation you can verify.

GlyphSpek is a VS Code-compatible engineering workstation where agent actions are brokered, sandboxed, policy-governed, traced, and checked by an independent verifier.

See the Trust Panel What makes it different

Brokered execution Commands, files, and network requests pass through governed paths.

Trace evidence Runs produce hash-chained events for review and incident analysis.

Verifier verdict The actor agent does not grade its own work.

GlyphSpek: review run gs-run-1042

policy.ts

trace.jsonl

trust.review

glyph-spek / src / policy.ts / evaluateCommand

export function evaluateCommand(request) {

const source = request.provenance;

if (source === "tool-output") {

trace.policy("force-ask", request);

}

if (request.path === ".env") {

return decision("deny");

}

// verifier scope is locked from repo policy

return decision("allow");

}

PROBLEMSOUTPUTTERMINALBROKER TRACEVERIFIER

ALLOW command npm test

ASK write src/policy.ts

DENY read .env from untrusted output

ALLOW verifier clean run

TRACE root 7f9c...a21d

PASS tests rerun in clean container

PASS signature valid

REVIEW policy file changed

EXPORT bundle ready

TRUST PANEL

Verifier passed Signature valid. Trace root matched. Clean run completed in 31s.

Policy decisions

command npm testallow

write src/policy.tsask

read .envdeny

Network

Outbound destinations0

DNS requestsblocked

Registry accessnot used

Trust-first workflow

The Trust Panel replaces raw transcript archaeology.

GlyphSpek separates what the agent claims from what the workstation can prove. Reviewers see the diff, commands, test output, network requests, policy decisions, and verifier verdict in one surface.

Actor works in isolationThe run starts in an ephemeral worktree and sandboxed execution plane.

Broker records every sensitive actionFile, command, and network requests emit policy and trace events.

Verifier signs the resultA separate trust domain reruns checks and binds the verdict to the trace root.

Review agent run: diff, evidence, verifier verdict

policy.ts diff

verifier.log

evidence

Before

function evaluate(request) {

if (request.command) {

- return allow(request)

}

- if (request.source) return ask()

}

After

function evaluate(request) {

if (request.command) {

+ requireBrokerPath(request)

+ enforceProvenance(request)

}

+ if (request.path === ".env") deny()

}

EVIDENCE LINKSCOMMENTSEXPORT

EVENT 14 policy decision generated

EVENT 19 policy edit requires human review

EVENT 25 secret read blocked

EVENT 37 verifier test run pass

EVENT 42 verdict signed

What GlyphSpek does

Control surfaces built for autonomous agents.

The product thesis is trust infrastructure, not AI IDE feature parity. These are the controls that make agentic coding reviewable near sensitive code.

Unified broker below tools

Commands, file actions, and network requests are routed through governed paths instead of per-tool promises.

Sandboxed worktrees

Agents operate in isolated workspaces and containers, not directly across the developer's machine.

Policy-as-code

Teams review what agents may read, write, execute, contact, and verify in versioned repo policy.

Tamper-evident trace

Runs emit hash-chained events for prompts, commands, diffs, outputs, policy decisions, and verifier results.

Independent verification

The actor agent does not grade itself. A separate verifier reruns checks and signs the result.

Sovereign execution path

GlyphSpek is designed for local, self-hosted, auditable, and model-neutral agent workflows.

Why it is different

Most AI IDEs help agents act. GlyphSpek helps teams trust the action.

This is the high-level marketing distinction. Competitive claims should stay careful: many tools have permissions or sandboxing, but GlyphSpek makes enforcement, evidence, and verification the core product.

Question

Typical AI IDE focus

GlyphSpek focus

Can the agent write code?

Autocomplete, chat, edits, terminal assistance.

Useful, but secondary to governed execution and review evidence.

Can the agent touch sensitive files?

Often managed by prompt, UI permission, or tool-level setting.

Brokered through policy with sandbox and trace events.

Can a shell bypass policy?

Terminal access can become the broadest authority in the system.

Command execution is designed as a brokered choke point.

Who verifies the result?

The agent usually summarizes what it did and what passed.

A separate verifier reruns checks and signs a verdict.

Can the run be audited?

Transcript or tool history, depending on the product.

Hash-chained trace, policy decisions, verifier result, and export controls.

Architecture promise

A local trust kernel for agentic development.

GlyphSpek starts extension and supervisor first. The moat is not a fork. The moat is the enforcement and verification engine that decides whether a fork is even necessary.

Agent Supervisor

Owns run lifecycle, worktree setup, sandbox startup, broker calls, trace emission, and review object creation.

Policy Engine

Evaluates file, command, network, verifier-scope, and future MCP requests against repo and org policy.

Sandbox Runtime

Runs each agent task inside an isolated container with synthetic home, explicit environment, and constrained egress.

Trace Store

Records append-only, hash-chained evidence with redaction before denied secret content can become an export leak.

Independent Verifier

Runs outside the actor trust domain, uses repo policy for checks, and signs the verdict against the trace root.

Trust Panel

Shows actor claims, verifier verdicts, diffs, commands, network activity, policy decisions, and trace export.

Policy engine: current run capability map

capability map

egress

verifier scope

Requests

Run commandnpm test from trusted user goal

Read file.env from tool-output context

NetworkDNS lookup for unknown host

Modify policy.glyphspek/policy.yml

Broker Flow

Agent Supervisor
normalizes tool calls and provenance labels

Policy Engine
allow / deny / ask / force-review

Trace Store
hash-chained evidence written before review

Decisions

ALLOWnpm test in isolated worktree

DENY.env cannot be read from untrusted content

BLOCKnetwork egress has no allowlisted target

REVIEWpolicy change needs human approval

TRACE INTEGRITYEXPORTKEYS

ROOT 7f9c0fb...a21d

CHAIN 42 events intact

SIGN verifier key unavailable to actor

REDACT denied secret content excluded

Pilot-ready thesis

Bring one repo, one bounded task, and one skeptical reviewer.

GlyphSpek should be judged like infrastructure: did it constrain the agent, preserve evidence, verify the result, and make review easier than reading a raw transcript?

Back to workstation