Tools are not authority.
A connected API, MCP server, browser page, or local command does not automatically become executable authority. Cuttlefish classifies capabilities before they become available to work.
Governed environment runtime for AI work
Turn real environments into governed AI work surfaces.
Cuttlefish lets technical operators and enterprises expose real systems through manifests, compile them into governed capabilities, execute with approval and evidence, preserve receipts and operational state, and turn repeated work into reusable surfaces.
Models reason. Cuttlefish owns the work: authority, context, evidence, receipts, memory, graph, world state, and continuity across model replacement.
The missing layer
Agents can reach tools. Real work needs custody.
MCP servers, sandboxes, browser sessions, APIs, files, and shell commands are not enough. Once AI touches real environments, the hard questions change.
What is the agent allowed to see? What can it prepare but not execute? What requires approval? What must be blocked? What evidence proves the result? What becomes durable state after the action?
Cuttlefish is built for that custody layer.
Execution is not proof.
Tool output is not enough. Cuttlefish captures evidence, verification state, receipts, approvals, denials, and run history so action can be inspected later.
Models are not the durable layer.
Claude, OpenAI, Gemini, local models, private endpoints, and future models can all reason. Cuttlefish keeps the memory, graph, world state, receipts, continuity, and operating history outside the model.
How Cuttlefish works
From environment to governed action.
Cuttlefish converts real environments into governed runtime objects. It discovers what exists, compiles what is safe, prepares work before execution, asks when authority is required, records evidence, and turns repeated work into reusable surfaces.
Connect or invoke
Register an enterprise environment, connect a personal source, speak a command, invoke Ambient, or start from Home.
Resolve context
Cuttlefish identifies the environment, source, surface, model route, current state, and authority boundary.
Compile capabilities
Available systems become governed capabilities - not raw unrestricted tools.
Prepare safely
Cuttlefish can inspect, draft, summarize, plan, and prepare reversible work without crossing execution boundaries.
Approve and execute
Consequential actions route through policy, approval, grants, and runtime execution.
Prove and reconcile
Evidence, receipts, run history, world state, graph links, and memory candidates preserve what happened.
The result is not an agent transcript. It is operational state.
Enterprise Environment Connector Runtime
Connect an environment, not a raw toolbox.
Cuttlefish connects to enterprise environments through governed manifests. A manifest describes what the environment exposes: capabilities, OpenAPI contracts, browser-operable targets, health checks, evidence routes, receipt routes, context resolvers, and optional RAG, graph, memory, and attention surfaces.
Once registered, Cuttlefish imports the environment and compiles approved operations into governed semantic capabilities. The model does not receive a raw API toolbox. Every capability is classified, risk-tiered, approval-aware, evidence-backed, and routed through the Cuttlefish runtime.
Discover
Register and validate the manifest.
Cuttlefish starts with the manifest URL and validates the environment contract before any operation becomes usable.
Manifest URLContract validationOrigin and health checks
Compile
Build the capability map.
OpenAPI operations, browser targets, context routes, evidence routes, and connector actions are normalized into runtime capabilities.
Capability compilationContext and evidence routesRegistered browser targets
Classify
Assign authority boundaries.
Every capability receives a state before use, so the model sees governed affordances instead of raw tools.
Read-onlyPrepare-onlyApproval-required or blocked
Operate
Execute only through the runtime.
Approved work routes through governance, captures proof, and becomes durable operational state.
Governed executionEvidence + receiptRun history + reusable surface
Discovery and compilation do not execute work. Execution starts only after the capability state, approval boundary, and runtime route are known.
Discover without granting control
Cuttlefish can inspect what an environment exposes without treating every endpoint, browser target, or tool as executable authority.
Compile capabilities, not raw tools
OpenAPI operations, browser targets, context routes, evidence routes, and connector actions are normalized into governed capabilities with risk and policy metadata.
Fail closed by default
Unknown authority, missing credentials, incomplete metadata, unregistered targets, unsafe routes, or blocked risk classes prevent execution.
Audit the work
Cuttlefish records what was approved, denied, executed, verified, and receipted so operators can inspect the full trail.
First beachhead
Built for the people responsible for real environments.
Cuttlefish is broad because real work spans apps, files, browsers, systems, devices, models, automations, and teams. But the first wedge is precise: IT operators, MSPs, platform engineers, DevOps and GitOps leads, security-minded infrastructure teams, and technical service firms.
These teams already manage systems, permissions, approvals, client boundaries, change control, and evidence. Cuttlefish gives them a governed way to bring AI into that work without giving models unrestricted access.
MSP and Managed IT
Operate across client environments with manifest-driven boundaries, evidence packs, approval paths, and reusable operator workflows.
Platform Engineering
Expose internal systems through governed capability maps instead of raw model tools.
DevOps and GitOps
Use manifest-driven configuration, approval gates, evidence, and receipt trails around operational change.
Enterprise AI Operations
Deploy AI work execution with tenant policy, role surfaces, audit trails, and model-independent continuity.
5-surface shell
Simple surface. Deep runtime underneath.
Cuttlefish now uses a focused 5-surface shell: Home, Workspace, Browser, Apps, and Settings. The runtime underneath is deeper than ever, but users do not need to navigate a wall of subsystem tabs to get work done.
Home
Home
Conversation, current work, approvals, results, Ambient handoffs, recent evidence, and the left-side outcome drawer.
Workspace
Workspace
Create, inspect, validate, version, and promote generated artifacts, workflows, and installable workspace apps.
Browser
Browser
Operate and verify web apps, pages, generated surfaces, localhost projects, and browser-bound workflows with evidence.
Apps
Apps
Open installed workspace apps, connected apps, generated operator surfaces, companion windows, app permissions, and app health.
Settings
Settings
Manage connections, governance, privacy, model routes, Ambient controls, Bridge grants, memory policy, enterprise settings, and advanced diagnostics.
Hidden engines remain runtime layers. They appear as cards, receipts, apps, companion windows, approval surfaces, evidence drawers, and advanced views only when useful.
Ambient + Speak
Invoke Cuttlefish where the work is.
Cuttlefish Ambient lets users invoke Cuttlefish from selected text, files, folders, browser pages, screen regions, hotkeys, command palette actions, result cards, and mobile continuation surfaces.
Cuttlefish Speak turns voice into governed work: dictation, implementation prompts, runtime commands, workspace artifacts, app creation, memory proposals, browser verification, and approval-routed actions.
Explicit invocation
Ambient is not silent monitoring. The user invokes Cuttlefish at the point of work.
Local-first capture
Context is minimized, previewed, redacted, and routed through the right runtime boundary.
Voice-to-work
Speak can draft, command, build, route, verify, or prepare work without bypassing approval.
No shortcut around governance
Consequential work still routes through policy, approval, evidence, and receipts.
Workspace App Foundry
Turn repeated work into governed apps and surfaces.
Cuttlefish does not only generate output. When work repeats, Workspace can turn it into a governed app or operator surface with a manifest, permissions, data bindings, host-mediated actions, verification, receipts, rollback, and install targets.
Define
Describe the repeatable work.
The user names the workflow, expected outcome, inputs, and where the finished surface should live.
Describe workflowIdentify operator roleSet success criteria
Generate
Create the surface and bind data.
Workspace generates the UI, wires state, and binds it to approved runtime objects instead of placeholder data.
Generate surfaceBind runtime dataConnect evidence and artifacts
Govern
Declare permissions and verify behavior.
The app declares host-mediated actions, permission needs, rollback paths, and checks before it becomes installable.
Declare permissionsVerify behaviorCheck policy fit
Install
Promote it into the shell.
Useful surfaces become installed apps, companion windows, role surfaces, or enterprise pack projections.
Install into AppsOpen in Home, Browser, or WorkspaceLaunch as Companion Window
Generated surfaces are not granted raw host power. They request Cuttlefish-mediated actions, and consequential work still routes through policy, evidence, and receipts.
Runtime-bound, not fake data
Generated surfaces can bind to Cuttlefish runtime objects, environment capabilities, evidence, runs, graph, memory proposals, and workspace artifacts.
Manifest-backed permissions
Apps declare what they need. Host actions are mediated by Cuttlefish, not granted directly to generated UI.
Verified before install
Surfaces can be checked for render behavior, action wiring, accessibility, security posture, and policy fit.
Apps, not throwaway artifacts
Useful surfaces can become installed apps, companion windows, role surfaces, or enterprise pack projections.
Browser Runtime
Operate and verify web work with evidence.
Cuttlefish includes a governed browser runtime for web workflows, generated app previews, localhost verification, browser targets from enterprise environment manifests, and evidence capture. It can inspect page structure, execute approved actions, verify outcomes, and preserve artifacts for review.
Web and app verification
Open web targets, generated apps, and local builds in the same governed verification surface.
Page-aware operation
Use page structure, accessibility, DOM signals, screenshots, and runtime evidence where available.
Operator handoff
Pause automation, hand the session to the operator, and resume without losing run state.
Enterprise browser targets
Environment manifests can declare registered browser targets with allowed origins and selector policy.
Evidence capture
Screenshots, page state, artifacts, and outcome checks can attach to Runs and receipts.
My Environment
Your personal setup, governed.
For personal users, Cuttlefish can understand apps, folders, browser pages, local services, smart devices, local/private model endpoints, generated apps, and recurring workflows as a governed personal environment.
Connected does not mean unrestricted. Discovery is not execution. Local models are cognition engines, not policy owners. Generated apps request host-mediated actions instead of receiving raw power.
Apps and folders
Point Cuttlefish at approved files, folders, and app contexts without turning the whole machine into open access.
Local services and models
Register local endpoints, private models, and local services with health, privacy, and routing metadata.
Devices and workflows
Discover useful environment signals while keeping control, approval, and revocation visible.
Personal apps
Turn repeated personal workflows into installed Cuttlefish apps with permissions and receipts.
Governance and proof
Policy before action. Evidence after. No raw authority.
Cuttlefish does not rely on a model promising to behave. Actions route through capability classification, policy checks, consent, approval, runtime execution boundaries, evidence capture, and receipts.
Unknown capabilities fail closed. Generated UI is never sovereign. Prepared work is not execution. Connected systems do not become unrestricted tools.
Capability classificationEvery capability is classified by risk, side effect, source, authority, and execution boundary.
Approval where it mattersRead-only work, drafting, preparation, external commits, privileged actions, and destructive work are treated differently.
Evidence-backed outcomesCuttlefish records what was used, what changed, what was denied, and what proved the result.
Receipts and RunsConsequential work links to receipts, run history, approval state, evidence, and verification records.
RevocationGrants, connections, bridge permissions, and environment capabilities can be revoked.
No generated-UI authorityGenerated apps request host-mediated actions. They do not receive raw shell, file, browser, desktop, memory, graph, or governance power.
Model-independent intelligence
Models reason. Cuttlefish owns the work.
Use Claude, OpenAI, Gemini, Azure OpenAI, xAI, DeepSeek, Mistral, Groq, Ollama, private endpoints, or OpenAI-compatible models. Cuttlefish can route cognition across approved models, but the durable intelligence does not live inside any one provider.
Memory, graph, world state, receipts, runs, approvals, evidence, workflow history, evaluation assets, and operational learning remain Cuttlefish-owned and deployment-owned.
Replace the model without losing the work
Switch cognition engines while keeping continuity, receipts, memory, graph, world state, and run history intact.
Local and private models are first-class
Use local, LAN, private-cloud, sovereign-cloud, or external providers according to user or tenant policy.
Providers contribute cognition, not authority
A model can reason, draft, verify, critique, and propose. Cuttlefish decides what is exposed, executable, remembered, or receipted.
Enterprise
One runtime. Tenant-controlled environments. Role-native surfaces.
Cuttlefish enterprise mode lets organizations connect environments through manifests, control access through tenant policy, project role-native surfaces through Enterprise Surface Packs, route work through approval and evidence paths, and preserve durable intelligence inside the organization's governance boundary.
Environment manifests
Expose systems, APIs, browser targets, evidence routes, and context resolvers without exposing everything.
Surface Packs
Project the same runtime as role-native experiences for IT, support, compliance, platform, operations, and executive teams.
Private and hybrid model modes
Use tenant-approved providers, local/private endpoints, or zero-frontier deployment patterns where required.
Audit and control
Approvals, receipts, runs, evidence, revocation, and tenant boundaries remain first-class.
Start now
Start with the environment you already operate.
Install Cuttlefish for personal work, or start an environment pilot for IT, MSP, platform, and enterprise teams that need AI to operate safely across real systems.
Personal
Install Cuttlefish.
Install Cuttlefish, connect approved models, and build your personal environment with local-first controls, Ambient invocation, Workspace apps, Browser verification, and receipts.
Operator Pilot
Map one environment.
Map one real environment, compile governed capabilities, test approval boundaries, capture evidence, and turn a repeated workflow into a reusable surface.
Enterprise
Bring it under tenant control.
Bring Cuttlefish under tenant identity, policy, role surfaces, environment manifests, private model routes, evidence, receipts, and deployment controls.