How It Works

Start with the workflow creating the most drag.

Most teams start with a Workflow Mapping Session. Narrow, low-risk workflows may qualify for a constrained MCP Hub pilot. Policy OS begins when approvals, blocked states, and ongoing oversight matter.

Governed Execution

Where Policy OS fits

The mapping session defines the trust boundary first. If the workflow is narrow enough, a qualified pilot can prove the wedge. Policy OS decides what runs automatically, what needs review, and what stops.

Client LLM
Ops Inbox
Background Agent
Routes
Hub MCP Tenant, host, session
Decides
Policy OS Reason-coded governance
Auto-allowApprovalBlock
CRM
ERP
Workflow System

Safe actions run fast. Risky actions route to approval. Disallowed actions stop with a reason.

The Reliability Stack

Connectivity
Model Context Protocol
Compute
Cloudflare Workers
Persistence
Cloudflare D1
Intelligence
Anthropic Claude
State Coordination
Durable Objects
Client Runtime
SvelteKit
Safety
TypeScript
Operating Interface
Notion API
Offer Ladder

Start with diagnosis. Add governance when the workflow earns it.

Most teams should start with a mapping session. Qualified pilots stay narrow on purpose. Policy OS becomes the product once the workflow starts touching revenue, compliance, or customer trust.

Fix first

Map the trust boundary before deciding whether the workflow needs a pilot or governed execution.

Keep pilots narrow

Qualified pilots only make sense when the owner is clear, the risk is low, and the checkpoint is explicit.

Govern when stakes rise

Policy OS exists for approval paths, blocked states, release checks, and reliable recovery.

01
Default start

Workflow Mapping Session

Best for ambiguous, high-pressure, or multi-stakeholder workflows that need the trust boundary mapped before build approval.

  • Workflow and handoff map
  • Approval boundary recommendation
  • 30-day implementation direction
02
Qualified path

Qualified Pilot

Available when the workflow is narrow, the owner is clear, and the risk can be contained responsibly.

  • Single workflow wedge
  • Scoped host and integration setup
  • Checkpoint before expansion
03
Core product Policy OS is the product

Policy OS

The governed execution layer that makes Skills + MCP safe to run faster in production.

  • Approval and block boundaries
  • Reason-coded access and blocked states
  • Evals, release gates, and incident loops
04
High-stakes scale

Enterprise Extension

Apply when several systems, teams, or compliance requirements have to stay aligned.

  • Custom trust boundaries
  • Cross-system orchestration
  • Deterministic retries and auditability
Operating Artifacts

What ships with every governed engagement

Every governed engagement ships as artifacts your team can inspect, run, inherit, and operate.

Connectivity

mcp_contract.yaml

Tools, resources, auth scope, and transport boundaries.

Behavior

agent_contract.yaml

Allowed actions, approvals, escalation triggers, and operating limits.

Outcome

outcome_contract.md

Success metrics, fallback triggers, and ownership boundaries.

Operations

runbook.md

Recovery steps, operator lanes, and rollback expectations.

Proof

golden-task checks

Regression evidence that keeps releases tied to real workflow behavior.

How the Engagement Expands

Phase 1

Workflow Mapping Session

Map handoffs, approval rules, and the boundary between auto-allow, review, and block.

Phase 2

Pilot qualification

Decide whether the workflow is narrow and low-risk enough for a constrained pilot.

Phase 3

Policy OS

Add approvals, blocked states, release checks, and incident loops to the live workflow.

Phase 4

Enterprise Extension

Extend into custom orchestration when several systems, teams, or compliance rules need one operating model.

Questions

What is your primary service?

Policy OS is the core product. Most teams start with a Workflow Mapping Session so the trust boundary is clear first. Narrow, low-risk workflows may qualify for a constrained pilot.

Do you build full business systems and run onboarding?

When full system development and team onboarding are the primary need, I provide a direct referral path to Half Dozen.

What does .agency own?

.agency owns the rules, approvals, handoffs, release controls, and operating artifacts around the workflow.

When should we add Policy OS?

Add it when failures become expensive or the workflow touches revenue, customer trust, compliance, or several systems that must stay in sync.

When do we need Enterprise Extension?

Use Enterprise Extension when several systems, teams, or compliance requirements must stay aligned and recover cleanly from failure.

Do qualified pilots still exist?

Yes. Qualified pilots are still available for narrow, low-risk workflows. They are intentionally constrained and are not a substitute for Policy OS.

Do clients own the implementation?

Yes. Clients retain ownership of code, workflows, and operating documentation. We optimize for portability and long-term control.

Why the phrase Skills + MCP?

Client-facing delivery is Skills + MCP. MCP handles trust and connectivity. Skills carry behavior and workflow intent.

Map the workflow that's creating the most drag.

We’ll define the handoffs, approvals, failure modes, and escalation path before implementation. If the workflow is a genuine fit for a pilot, that will be clear in the map.

Book a Mapping Session
See if your workflow qualifies for a pilot →