Cuttlefish
Environment Runtime

Enterprise environments become governed capability domains.

Cuttlefish does not connect enterprise systems as raw tools. It connects environments through manifests, validates what they expose, compiles approved operations into governed capabilities, and routes execution through policy, approval, evidence, receipts, and run history.

Representative manifest pattern
environment:
  id: capstone-client-ops
  name: Client Operations Environment
  owner: Capstone IT Solutions
  type: msp_client_environment

systems:
  - id: ticketing
    name: Ticketing System
    type: service_api
    openapi: https://example.com/openapi.json
    health: https://example.com/health
    capabilities:
      - id: read_ticket
        class: read_only
        evidence: optional
      - id: draft_ticket_update
        class: prepare_only
        evidence: required
      - id: update_ticket
        class: approval_required
        evidence: required
        receipt: required
      - id: delete_ticket
        class: blocked

browserTargets:
  - id: admin_console
    name: Admin Console
    allowedOrigins:
      - https://admin.example.com
    actions:
      inspect: read_only
      change_setting: approval_required
      delete_resource: blocked

evidence:
  routes:
    - id: ticket_snapshot
      type: api_readback
    - id: browser_screenshot
      type: browser_artifact

receipts:
  mode: cuttlefish_canonical

policy:
  defaultUnknownCapability: blocked
  mutatingActions: approval_required
  destructiveActions: blocked

This example is representative. Production manifests are validated against the active Cuttlefish environment manifest schema and tenant policy.

Governed capability states

StateMeaning
Read-onlyCuttlefish can inspect or query with valid authority.
Prepare-onlyCuttlefish can draft, plan, summarize, or stage work without executing it.
Approval-requiredCuttlefish must pause for user or tenant approval before execution.
BlockedThe capability is visible only as unavailable or not exposed at all.
RevokedPreviously available authority has been removed.
Needs setupCredentials, manifest metadata, health, or policy is incomplete.

Execution boundary

Discovery is not execution. Compilation is not execution. Preparation is not execution. Approval is scoped.

Execution requires the correct runtime boundary. Evidence proves the result. Receipts preserve the audit trail.