Full Feature Reference

Architecture that defines
the features.

Not features that require sandboxes. Everything the runtime can do — governance, inline agents, live materializations, world model, missions, knowledge graphs, multi-agent teams, voice, browser automation, connectors, and more.

Explore Below Back to Overview
10
AI Providers
12
App Tabs
62+
MCP Connectors
19
World Model Sources
9
Context Layers
84
Autonomy Tools
Infrastructure Built In Partnership With
Capstone IT Solutions & Sharp
Governed, Not Restricted
Full system access.
Cryptographic accountability.
Every agent action passes through a four-layer preflight before it executes. Every decision is signed with Ed25519 keys and stored immutably for seven years. You get power without giving up accountability.

Four-Layer Preflight

Before any action runs, it passes through four sequential gates — all fail-closed. If any gate denies, the action never executes. Not filtered after the fact. Prevented before it happens.

1
Rate Limiting — Redis sliding window per user, per role
2
PACT Policy — credential scope and budget enforcement
3
OPA Egress — vendor allowlisting and domain control
4
Budget Solver — token and cost limits per operation

LiveGuard Content Scanning

During generation — not after — the system scans for XSS, script injection, prompt injection, path traversal, PII patterns (email, phone, SSN, credit card), SQL injection, and command injection. Violations trigger filtering, termination, or escalation in real time.

REAL-TIME

Three-Tier Consent

Tier 0 (read-only) flows through. Tier 1 (reversible writes) needs a tap. Tier 2 (system-level) gets a full consent modal with a 60-second auto-deny countdown. Four governance profiles — Relaxed, Balanced, Strict, Paranoid — let you set exactly where you want the line.

USER CONTROL

Ed25519 Signed Receipts

Every governance decision is cryptographically signed — not logged, signed. Receipts are chainable, third-party verifiable, and support key rotation without losing history. This is the audit trail that holds up to scrutiny.

CRYPTOGRAPHIC

Immutable WORM Storage

Signed receipts are written once to storage with immutability locks. Cannot be deleted or modified after upload. Seven-year retention enforced by the storage layer, not application logic.

COMPLIANCE

Zero-Trust Service Mesh

22 microservices communicate via Istio mutual TLS. Every cross-service call is validated. JWT tokens required on all user-facing endpoints. No service trusts another by default.

INFRASTRUCTURE
Agent Intelligence
9 context layers.
Your agent knows what matters.
Before every response, a 9-layer context pipeline assembles everything your agent knows — your identity, the current surface, governance rules, active connections, persistent memory, knowledge graph entities, cross-tab activity, and retrieved knowledge. The agent adapts to who you are and what you're doing.

Persistent Memory

Three tiers: semantic facts (what it knows about you), procedural rules (how it should behave), and episodic summaries (what happened in past sessions). The top 5 highest-confidence facts are always injected, regardless of relevance. Your name, role, and primary project are the baseline guarantee.

DEEP INK

Automatic Entity Extraction

People, projects, topics, documents, and data sources are extracted from conversations and added to your knowledge graph automatically. Over weeks of use, the agent builds a structured map of your work — who you collaborate with, what depends on what, and where to find things.

GRAPH

Cross-Tab Awareness

The agent sees what you were doing in other tabs in the last 5 minutes. If you just created a workspace, edited a mission, or ran a browser automation, it knows — without you having to mention it.

CONTEXT

Adaptive Communication

Your user profile shapes every response. A senior engineer with "concise" preference gets terse, jargon-appropriate answers. A student with "detailed" preference gets longer explanations with analogies. Set your role, expertise, technical level, tone, and output format once — the agent remembers.

  • Expertise-aware: beginner through expert
  • Style control: concise, balanced, detailed
  • Tone: formal, casual, neutral
  • Output format: markdown, plain, structured

84 Autonomy Tools

Your agent has governed access to its own interface. It can navigate tabs, open panels, scroll to content, highlight elements, control the knowledge graph, manage the whiteboard, and run desktop automation — all under the same governance layer that governs everything else.

AGENT AUTONOMY
Inline Agents
Spawn workers mid-conversation.
Watch them work on their own graphs.
Your agent can create independent child workers — each with its own execution graph, budget, tool access, and supervision lifecycle. Workers run bounded tasks in parallel: research, verification, code review, report packaging. Results flow back as verified artifacts and confidence-scored claims.

Immutable Spawn Contracts

Every child is bound by a contract that defines the task, objective, success criteria, expected outputs, allowed tools, token budget (default 64K), wall-clock limit (default 30 minutes), max tool loops (default 48), and escalation policy. The parent defines it. The child cannot modify it.

Task & Objective Success Criteria Tool Allowlist Token Budget Time Limit Escalation Policy

Live Execution Graph

9 node types (agent, task, artifact, claim, blocker, approval, target, summary, run) connected by 10 typed edges. The parent can inspect the graph to see what every worker is doing, what it produced, what's blocking it, and what needs approval.

QUERYABLE

Parent Supervision

10 supervision tools: spawn, list, inspect, cancel, retry, reroute, approve, promote, compact graph. Children can request capability leases — time-bounded access to files, directories, workspaces, or browser targets — that the parent grants or denies. Heartbeats every 10 seconds.

GOVERNANCE

Worker Status Cards

Each worker renders as a live card: running (teal), completed (green), failed (red), blocked (amber), awaiting approval (purple). Token count, elapsed time, progress percentage, and relative timestamp — updating every second. Click to open the detail drawer with full timeline, outputs, and budget.

LIVE UI

Artifacts & Claims

Workers report typed artifacts (files, code, reports) and confidence-scored claims (0.0–1.0 with evidence references). Artifacts go through verification before promotion to the parent context. Claims can be revised and re-verified.

VERIFIABLE

Concurrency & Recovery

Up to 12 active workers, 48 queued, 64 total spawns per run. Retries create new attempts under the same logical worker identity. Failed attempts are superseded, not hidden. The UI groups retries and shows only the latest active attempt.

RESILIENT
Inline Materializations
Visual output, right inside
the conversation.
Ask for a chart, a dashboard, an interactive calculator, or a data visualization. The agent generates the content and renders it live — inline, in the chat flow. Seven surface types, each with its own security model and promotion path.

Views and Apps

Inline Views render sanitized HTML and SVG — charts, tables, comparison boards, formatted reports. Inline Apps render full interactive JavaScript applications in a sandboxed iframe — calculators, sortable tables, animated dashboards. The agent auto-upgrades a view to an app when it detects interactive elements. Content streams in progressively, section by section.

Inline Views (HTML/SVG) Inline Apps (JS) Spawn Groups Artifact Cards Runtime Canvas Workspace Refs Team Refs

Sandboxed & Recoverable

Interactive apps run in a strict Content Security Policy sandbox. If JavaScript errors occur, the system automatically strips scripts and shows the visual layout as safe static HTML with an amber warning. If the agent outputs markdown code fences instead of calling the tool, the system detects and recovers them automatically.

FAIL-SAFE

Promote Anywhere

Every surface can be promoted to a Workspace (canvas editor), linked to a Run (artifact), attached to a Life mission, or added to the Entity Graph as a node. Export as HTML, copy to clipboard, or expand to fullscreen. One action from inline to first-class.

WORKFLOW
World Model
A distributed reasoning layer
across everything you do.

The World Model connects your conversations, missions, workspaces, teams, graphs, and automations through a shared fabric of structured facts. It tracks what depends on what, what's predicted to happen next, and where reality has diverged from earlier assumptions.

19 source families feed the engine — 13 backend-authority sources and 6 local sources, each with dedicated consumers, backfill workers, and hash-based deduplication. The attention resolver ranks dependencies by strength, predictions by confidence, outcomes by freshness, and contradictions by severity, then returns what matters for your current context.

When sources disagree, the system records the contradiction and flags it rather than silently picking a side. Predictions carry confidence scores with a full lifecycle — open, confirmed, partial, diverged, contradicted, expired. When outcomes arrive, reconciliation computes the delta and extracts lessons learned.

Fail-open by design. If the backend can't resolve attention within the time budget (750ms for realtime surfaces, 2 seconds for everything else), the runtime still functions with the other 9 context layers. The World Model enriches — it never blocks.

Appears across 10 surfaces: Inbox, Life, Workspaces, Runs, Teams, Graph, Memory, Quick Input, Universal Composer, and Mobile. Each surface gets context-appropriate attention — mission-scoped, entity-scoped, or conversation-scoped.

Missions
Persistent, intentional work
that survives across sessions.

The Life tab treats your work as missions — persistent units of intentional work with objectives, success signals, wake patterns, and trust levels. Define a multi-week goal. The runtime surfaces it when it needs attention, stays quiet when it doesn't, and remembers where you left off.

Missions are organized into four stacks. The Attention Stack holds work needing action or tighter oversight. The Decision Rail queues approval packets and contradictions needing explicit calls. The Dormant Reserve keeps healthy missions quiet until a wake condition fires. The Completed Archive stores finished work for replay, clone, or reopen. Five time lenses — Now, Today, This Week, Quiet Only, Waiting On Me — filter by urgency.

Four trust levels per mission: Always Ask, Draft For Me, Auto Routine, Handle All. Six archetypes — Sentinel, Steward, Pursuit, Builder, Concierge, Recovery — shape how the runtime engages. Grant or revoke capabilities per mission. The intelligence adapts its posture to the trust you've established.

The mission cockpit shows a story rail (narrative timeline with tone indicators), judgment rail (decisions, commitments, contradictions, autonomy grants), mechanics drawer (wake patterns, trust level, budget posture), and World Model focus scoped to the selected mission.

Knowledge Graph
A first-class working surface
for everything you know.
The graph is not a visualization of something else. It's a working surface where you and the agent inspect, annotate, package, and promote graph intelligence into other surfaces. 12 entity types, 10 relationship edges, live analytics, and 43 dedicated graph tools.

Live Graph Analytics

PageRank computes entity influence as relationships change. Louvain detects natural communities with modularity scoring. Blended similarity (cosine + Jaccard) finds related entities across categorical and numerical dimensions. Results update live, not in batch.

REAL-TIME

Four Graph Lenses

Neighborhood (local subgraph around a node). Path (shortest route between two entities). Community (Louvain clusters with convex hulls). Compare (multi-criteria compatibility). Switch lenses to see different analytical perspectives on the same data.

ANALYTICS

Whiteboard & Scenes

Draw annotations, boxes, arrows, and community hulls directly on the canvas — whiteboard items never modify the underlying entities. Save named views. Build scene decks for presentation-mode walkthroughs. 43 dedicated graph tools available to the agent.

INTERACTIVE
Bring Your Own AI
Any model. Any provider.
Your API key. Your keychain.
Connect to the AI you already pay for. Cuttlefish routes through your key — we never see it, store it, or bill for tokens. Keys live in your OS keychain: macOS Keychain, Windows Credential Manager, or Linux Secret Service. Hardware-backed encryption where supported.

10 Providers, One Interface

OpenAI (GPT-5.4, 5.4 Pro/Mini/Nano, 5.3 Instant, 5.2, o3/o4), Anthropic (Claude Opus 4.6, Sonnet 4.6, Haiku 4.5), Google (Gemini 3.1 Pro, 3 Flash, 2.5 Pro/Flash), Azure OpenAI, xAI (Grok 4.20 Reasoning, 4.1 Fast, Grok Code), DeepSeek (V3.2 Chat & Reasoner), Mistral (Large, Magistral, Codestral, Devstral), Groq (ultra-fast inference), Ollama (local), or any OpenAI-compatible endpoint. Add connections in seconds, test instantly, switch mid-session. Multi-provider failover with circuit breakers.

OpenAIAnthropicGoogleAzurexAIDeepSeekMistralGroqOllamaCustom

Extended Thinking

Toggle extended reasoning for complex tasks. The thinking process unfolds in collapsible blocks with a bioluminescent animation. Budget-controlled token allocation. Transparent chain-of-thought for every response.

AI CAPABILITIES

File & Image Attachments

Drag images, PDFs, code files, and CSV data directly into chat. Inline encoding with multimodal support across providers. Your agent can see what you see.

CHAT
Multi-Agent Teams
Five strategies. Structured rooms.
Real orchestration.
Build teams of specialized agents that coordinate across providers. The Dialogue Mesh enforces turn order, role-based phases, and message validation. Every message is governed before broadcast. Watch the team deliberate in the War Room.

5 Orchestration Strategies

Sequential chains outputs. Parallel races for speed. Pipeline passes results step-by-step with checkpoint recovery. Consensus runs agents in parallel, then coordinates a vote (majority, unanimous, weighted, judge override). Round Robin rotates per message. Mix providers — Claude writes, GPT reviews, Gemini summarizes.

SequentialParallelPipelineConsensusRound Robin

War Room

Live grid with one column per agent. Streaming text, token counters, tool call indicators, and status badges — all updating in real time. Turn timeline at the bottom. Consensus voting panel with approve, reject, and abstain per output.

VISUALIZATION

CRDT Context Fabric

Teams share state via conflict-free CRDTs with version vector causality tracking. No merge conflicts. Works offline. Desktop and mobile sync automatically when connectivity restores. Governance receipts are CRDT operations — decisions sync between every surface.

ARCHITECTURE
Voice
Talk to it.
It talks back.

Push-to-Talk — hold Space to record, release to transcribe. Deliberate, controlled input.

Continuous — always-listening with auto-respond on silence. 64-bar FFT visualization. Interrupt support — speak while the agent is responding to take over.

Realtime API — bidirectional WebSocket, sub-second latency. Native function calling. Configurable VAD. Real-time token tracking. Say "hey cuttlefish" to wake it up.

Governance applies to voice the same as everything else. Sensitive actions still require consent.

Channels
14 platforms.
One inbox.

YouTube, TikTok, Instagram, Twitter, Twitch, Discord, Slack, Telegram, WhatsApp, Reddit, LinkedIn, Signal, Matrix, Email. All threads merge into a searchable inbox with priority triage and bulk actions.

Three routing modes — Auto (responds immediately), Manual (review first), Handoff (drafts for your approval). Priority classification with urgency-based sort.

OAuth PKCE for social platforms, token adapters for messaging services. SSE-first sync with polling fallback.

Add-ons
62+ connectors. 11 skills.
8 trigger templates.
Browse the catalog. Install MCP connectors with one click. Add skill manifests from GitHub. Set up automated triggers. Five sub-tabs: Featured, Connectors, Skills, Triggers, Mine. Every tool reviewed before it touches your agent.

62+ Certified MCP Connectors

Notion, GitHub, Slack, Google Drive, Spotify, YouTube, Discord, Telegram, Todoist, Linear, Stripe, MongoDB, Redis, PostgreSQL, Jira, Sentry, HubSpot, Salesforce, Airtable, Home Assistant, and dozens more. Per-tool consent review, 60-second health polling, auto-reconnect, OS keychain credential storage, and OAuth PKCE for services that need it.

NotionGitHubSlackGoogle DriveSpotifyDiscordStripeMongoDBHome Assistant+52 more

Per-Tool Consent Review

Before enabling a connector, review every tool it exposes. Whitelist individual tools, deny the rest. Tool names SHA-256 namespaced to prevent collisions across connectors. You control exactly what your agent can access.

GOVERNANCE

Skills & Triggers

11 installable skills with Ed25519 signature verification. 8 trigger templates (daily summary, file organizer, code review reminder, meeting prep, email digest, system health, news briefing, screenshot notes). Custom MCP servers via stdio or HTTP.

EXTENSIBILITY
Workspaces
Generative canvas.
Iterative output.
Describe what you want. The agent generates full HTML/CSS/JS rendered live in a sandboxed preview. Specialist agents (code-gen, governance-judge, security-adversary) collaborate via streaming, with signed receipts at every step.

Live Preview

Generated code streams into a sandboxed iframe as it's written. Error reporter captures runtime issues via PostMessage. Debounced updates during streaming prevent flickering. Truncation detection auto-seeds the next generation from partial output.

STREAMING

Specialist Pipeline

Code-gen writes. Governance-judge validates compliance. Security-adversary red-teams for vulnerabilities. Each specialist's progress streams in real time. Provenance chain tracks every step with signed receipts.

PIPELINE

Version History

Refine workspaces iteratively. Code history for rollback. Export as HTML, copy code, or download ZIP. Workspace duplication, search, and template gallery.

PRODUCTIVITY
Automations & Runs
Set it. Trigger it.
See everything that happened.
Schedule tasks, react to OS events, accept webhooks. Every execution — from chat to automation to browser — is tracked in a unified Runs dashboard with governance receipts and Ed25519 signature verification.

Scheduled Triggers

Cron expressions, fixed intervals, or daily schedules. Persistent across restarts. Fire count tracking and last-fired timestamps. Overnight autonomy orchestrator runs multi-step missions while you sleep.

AUTOMATION

Reactive Triggers

Five OS event types: filesystem changes, clipboard updates, power state, process lifecycle, and network transitions. The agent acts when your system state changes — governed at every step.

AUTOMATION

Unified Runs Dashboard

Every agent action from every source — chat, teams, automation, browser, voice, remote — in one feed. Filter by source, risk tier, governance decision, or time range. Token cost tracking per run. Ed25519 signature trust indicators on every receipt.

AUDIT TRAIL
Browser & Desktop
Automate the browser.
See what the agent sees.
CDP-powered browser automation with live screenshots, step-by-step progress, and AI vision analysis. Three surfaces: browser, desktop, and shell. Human takeover bar for high-risk actions.

Live Execution View

Watch the browser in real time as the agent navigates, clicks, types, and extracts. Screenshots update after each step. Step timeline shows progress. Confidence indicator per action. Artifacts captured in a gallery view.

VISUALIZATION

Desktop Input Simulation

Native mouse movement, keyboard input, and application control through Tauri IPC. Screen watcher captures visual state. The agent operates your desktop applications the way you would — under governance.

AUTONOMY

AI Vision Analysis

Feed screenshots back to the AI for visual understanding. The agent describes page content, locates UI elements, and makes decisions based on what it sees. Governed at every step. Human takeover always available.

INTELLIGENCE
Desktop Native
Four window modes. 12 tabs.
Always one keystroke away.
Built with Tauri (Rust + WebView) — not Electron, not a browser extension, not a server process. Native on Windows, macOS, and Linux. ~10 MB install. From download to your first conversation in under 2 minutes.
Full App
1200 × 800
All 12 tabs. Resizable, multi-monitor. Universal Agent Composer contextualizes per tab.
Quick Input
600 × 56
Spotlight-style overlay with World Model context. Type, Enter, gone.
Mascot
120 × 120
WebGL cuttlefish with GLSL shaders, ink particles, bioluminescent glow. Click to open. Double-click for voice.
Notification
COMPACT
Desktop cards for alerts, completions, and remote commands. Inline surface previews.

Keyboard First

Full keyboard navigation. Command palette, tab switching, new chat, search, settings — all without the mouse.

Ctrl+K Commands
Ctrl+N New chat
Ctrl+1-9 Switch tabs

Mobile Remote Control

PWA at app.getcuttlefish.app. QR scan pairing (15 seconds) or manual code entry. HMAC-SHA256 signed commands. Up to 3 paired devices. Offline queue with auto-send on reconnect. High-risk actions require desktop approval. Your phone is a first-class interface.

REMOTE

Emotional Tone Detection

The agent reads the emotional tone of your messages and adapts its communication style. Detected tones shape the warmth, directness, and formality of responses. Transparent, visible in the UI, and configurable.

ADAPTIVE
How It Compares
Built to be governed.
Not patched to be less dangerous.
Governance isn't a feature that was added. It's the architecture everything else sits on.
CuttlefishOthers
Credential storage OS Keychain (hardware-backed) Flat files / env vars / localStorage
Action governance 4-layer preflight + LiveGuard + receipt Consent prompts or none
Audit trail Ed25519 signed, WORM, 7-year retention Console logs or not captured
Sandbox required? No — governance is the architecture Required — or nothing at all
World model 19-source distributed reasoning layer N/A
Knowledge graph PageRank + Louvain + similarity N/A
Inline spawned agents Contract-bound workers + execution graphs N/A
Inline materializations 7 surface types in chat Markdown only
Mission management Durable missions with trust + autonomy N/A
Agent context 9-layer pipeline + world model~ System prompt + RAG
Multi-agent orchestration 5 strategies + governed dialogue mesh~ Basic agent teams
Voice 3 modes + Realtime API~ Text or basic TTS
MCP ecosystem 62+ certified, per-tool governed~ MCP support or unverified skills
Process isolation Tauri (Rust, no Node in renderer) Electron (full Node) or browser-only
Bundle size ~10 MB~ 200 MB+
Get Started
Download to agent
in under 2 minutes.
Five-step guided onboarding. No account required. No signup. No email. Add your API key, set capabilities, configure allowed directories, and start working. Skip any step and come back to it later from Settings.

Welcome

Meet the mascot. Understand the mission. Get started — or skip straight into the app.

Connect Your AI

Pick a provider, paste your key, test the connection. Key goes straight to your OS keychain. 10 providers from day one.

Set Capabilities

Choose which tools your agent is allowed to use: file access, shell commands, clipboard, connectors. Each one is a conscious choice with a risk explanation.

Allowed Directories

Choose where the agent operates. Home, Documents, Desktop — or any custom path. Read-only and read-write per directory.

Ready to take control?

No account required. Download, add your API key, and go.

Download Cuttlefish