Anthropy Works

Progress and Demo Guide

Anthropy Works is an operations center for managed service providers. It helps teams see customer environments, deploy and manage OpenClaw, attach reusable capabilities, and prepare safe connections to business tools.

Phase TimelineWhat Works NowHow To Use ItDemo ScenariosSystem ArchitectureSystem GuaranteesProduction ReadinessKnown LimitationsWhat's Next
Current phasePhase 21.6.1 Live Report Site
Progress27 of 27 planned phases complete
Report statusLive on Cloudflare

System Summary

What Anthropy Works Is

Anthropy Works gives an MSP one place to understand customer organizations, managed machines, OpenClaw instances, reusable AI capabilities, and future SaaS connections. The platform is designed to make every important action visible, approved, and recorded. Workflow approvals now let work pause for a person before sensitive steps continue, and recovery checks help stale work fail safely after restarts.

Phase Timeline

From Empty Repo To Working Platform

Phase 0

Foundation

Created the local app, database, cache, and first login screen.

Complete
Phase 1

Mission Control Login

Added real sign-in, organization records, admin roles, and activity history.

Complete
Phase 2

Nodes

Added the first view of managed machines and their basic status.

Complete
Phase 3

Agent Check-In

Allowed a machine agent to register and send health updates.

Complete
Phase 4

Container Inventory

Added safe reporting of containers running on a managed machine.

Complete
Phase 5

OpenClaw Discovery

Started detecting likely OpenClaw environments without changing them.

Complete
Phase 6

OpenClaw Bundle

Prepared the standard OpenClaw package and readiness checks.

Complete
Phase 7

Deployment Planning

Added safe job requests and typed approval before deployment.

Complete
Phase 8

Lifecycle Actions

Added health checks, log viewing, and controlled gateway restart.

Complete
Phase 9

Safety Rules

Added stronger checks, warnings, and records for blocked actions.

Complete
Phase 10

Agent-Run Operations

Moved operations so the agent performs work on the managed machine.

Complete
Phase 11

Agent Identity

Added per-machine agent credentials and safer job access.

Complete
Phase 12

Real OpenClaw Deployment

Deployed the first controlled OpenClaw instance through the agent.

Complete
Phase 13

OpenClaw Takeover

Added safe promotion of discovered OpenClaw environments into managed records.

Complete
Phase 14

Capabilities

Added the catalog for skills, tools, policies, and reusable capability packs.

Complete
Phase 15

Connections

Added connection records and a safe placeholder for future SaaS integrations.

Complete
Phase 16

Workflows

Added step-by-step workflow definitions and simulated execution logs.

Complete
Phase 17

Workflow Rules

Added checks that stop workflow steps when capabilities or connections are not allowed.

Complete
Phase 17.5

Permission Controls

Added screens for admins to manage which capability actions are allowed.

Complete
Phase 18

First External Action

Added one safe Google Drive file-list action through workflow rules and connection policy.

Complete
Phase 18.6

Architecture Hardening

Documented core guarantees and added regression tests for safety rules.

Complete
Phase 19

Workflow Approvals

Added human confirmation pauses and safe resume for workflow steps.

Complete
Phase 20

Reliability and Recovery

Added safe recovery for stale jobs, stale agents, and interrupted workflows.

Complete
Phase 21

Tenancy and UI Design Lock

Locked tenancy, permissions, UI segmentation, and instance-type direction in docs with small UI clarity updates.

Complete
Phase 21.5

Browser E2E Tests

Added Playwright browser tests for login, core records, workflows, and the report site.

Complete
Phase 21.6

Production Readiness Gate

Added environment definitions, readiness checks, backup and restore scripts, and deployment runbooks.

Complete
Phase 21.61

Live Report Site

Deployed the product-facing status report to Cloudflare Pages with the canonical custom domain.

Complete

What Works Now

  • Team members can sign in to the mission control interface.
  • Admins can create customer organizations.
  • Admins can add and review managed machines.
  • The local agent can register a machine and keep its status fresh.
  • The system can show container inventory from managed machines.
  • The system can detect likely OpenClaw environments without changing them.
  • Admins can deploy a new OpenClaw instance through an approved job.
  • Admins can take over an existing OpenClaw record after confirmation.
  • Admins can run health checks, view logs, and request a controlled gateway restart.
  • Admins can create reusable capability records and capability packs.
  • Admins can create connection records for tools like ServiceTitan, Google Drive, QuickBooks, and Composio.
  • Admins can create workflows, run them step by step in simulation, and review the results.
  • Workflow steps are checked against rules before they run, and unsafe steps are blocked.
  • Admins can manage capability permissions that control allowed actions and risk levels.
  • A workflow can run one approved Google Drive file-list action through a connected record.
  • External action results are labeled as Stub or Live Data so demos stay clear.
  • Workflows can pause for human confirmation and resume after the phrase is typed correctly.
  • Jobs show retry counts, timeout windows, recovery state, and clear failure reasons.
  • Machines with old check-ins are marked stale or offline instead of disappearing.
  • Interrupted workflows fail safely, while workflows waiting for approval stay paused.
  • Browser E2E tests now verify the most important user paths from the running web app.
  • Core architecture rules are documented and covered by backend regression tests.
  • Baseline production checks now verify configuration, database access, service readiness, bundle readiness, and secret redaction.
  • Backup and restore helpers now exist for the local database.
  • A deployment runbook explains startup, verification, restart, rollback, and recovery steps.

How To Use It

  1. Sign in to mission control.
  2. Create a customer organization.
  3. Add a managed machine for that customer or for shared infrastructure.
  4. Register the agent on the machine so it can check in.
  5. Deploy OpenClaw to a managed machine after approval.
  6. Manage the OpenClaw instance with safe health, logs, and restart actions.
  7. Attach capabilities that describe what the organization or instance is allowed to use.
  8. Attach connection records that prepare the system for future SaaS access.
  9. Create a workflow that uses capabilities and connections, then run it in simulation.
  10. For Google Drive, add the list files action to the workflow and review the returned file list.
  11. Turn on confirmation for a capability permission and run the workflow to see it pause.
  12. Type the displayed phrase to approve the step and continue the workflow.
  13. Review the Jobs page to see timeout and recovery details for operational work.
  14. Review the Nodes page to see whether a machine is online, stale, or offline.
  15. Review any blocked workflow step to see which rule stopped it.
  16. Adjust capability permissions to control which actions workflows may simulate.
  17. Run the validation script before moving to another phase.
  18. Run the browser E2E script when the Docker Compose stack is already running.

Demo Scenarios

What You Can Show Today

Deploy a new OpenClaw instance

Pick a customer, pick a managed machine, request deployment, type the approval phrase, and watch the job become a managed instance.

Take over an existing OpenClaw

Start with a discovered OpenClaw record, confirm promotion, and turn it into a managed record without restarting or changing the customer environment.

Attach a SaaS connection

Create a placeholder connection for a provider, mark it connected for demo purposes, and link it to a capability or OpenClaw instance.

Run lifecycle operations

Open a managed instance, run a health check, request logs, or start a controlled gateway restart with approval.

Run a workflow simulation

Create a workflow with capability and connection steps, execute it, and review the step-by-step log. Try a disallowed action to see the workflow stop safely.

Approve a workflow step

Mark a capability action as requiring confirmation, run the workflow, type the displayed phrase, and watch the workflow continue.

Recover from stale work

Restart the platform or inspect old jobs and workflows to see stale work fail safely with a clear reason instead of sitting forever.

List Google Drive files safely

Link a Google Drive connection to an allowed capability, run the list files workflow step, and see either demo data or live read-only data depending on the environment.

Manage capability rules

Open capability permissions, choose a capability and organization, set allowed actions, and see workflow validation follow those rules.

Run browser validation

Use the Playwright suite to check login, records, workflows, and the report site from a real browser without triggering OpenClaw deployment.

System Architecture

How The Pieces Fit Together

Control plane and execution plane

The main app approves, records, and assigns work. The local agent performs approved work on the assigned machine and reports the result back.

Node and instance

A node is a machine managed or observed by the MSP. An instance is the customer environment running on a node, with OpenClaw as the current supported type.

Capability, connection, workflow

A capability describes what the platform can do. A connection represents access to a tool. A workflow combines approved capabilities and connections into ordered steps.

MSP, org, and user views

MSP operators see the full platform. Company admins should see their company's resources. Individual users should see their personal work and approved company tools.

System Guarantees

Rules The Platform Now Protects

Safe deployment

OpenClaw deployment stays confirmation-gated, isolated by project, and executed only by the agent on the assigned machine.

Controlled execution

The API approves and records work. The agent performs operational commands and cannot take jobs for another machine.

Policy enforcement

Workflow steps must pass capability, connection, and usage rules before any step can run. Steps that require approval pause instead of running automatically.

No secret leakage

Secret-looking job data is redacted before display, and audit reasons redact keyed secret values.

Recovery without surprise reruns

Timed-out jobs and interrupted workflows are marked clearly. Risky work does not restart by itself after a service restart.

Production Readiness

What Is Ready Before A Real Launch

Environment rules

Local, staging, and production use the same system with different safeguards. The production setup rejects development passwords and placeholder secrets.

Readiness checks

Operators can check whether the app, database, service queue, and OpenClaw bundle are ready before relying on the system.

Recovery path

The runbook now explains how to start the platform, verify it, back up the database, restore from backup, restart services, and roll back a release.

Secret protection

Secret-looking values are kept out of job results, audit messages, and recent service logs during validation.

Known Limitations

  • Production readiness is a baseline, not a replacement for a full launch checklist.
  • Secrets still come from environment configuration until a vault is added.
  • Rollback steps are documented, but full rollback is not automated yet.
  • The OpenClaw helper container can report an unhealthy state even when the main gateway is healthy.
  • SaaS sign-in is not connected yet, so there is no OAuth flow.
  • Only one outside action exists today: Google Drive file listing.
  • Google Drive returns demo data unless a development-only read token is configured.
  • Workflow approvals are single-person, step-level approvals only.
  • Recovery runs during startup and normal status views, not as a separate background monitor yet.
  • Retry information is visible, but automatic retry buttons are not available yet.
  • Capability permissions can be edited, but not deleted or disabled yet.
  • Connection records still do not contain real credentials.
  • Composio support remains prepared, not a broad live integration.
  • Browser tests do not run real OpenClaw deployment yet; that remains backend and manual validated.

What's Next

  • Expand from one safe external action to a small set of approved provider actions.
  • Add real OAuth and Composio account handshakes.
  • Add secure credential handling with one-time secret capture and protected storage.
  • Add automation so routine work can be scheduled, monitored, and reviewed.
  • Add richer recovery controls such as manual retry for safe jobs and stronger agent health monitoring.
  • Expand browser coverage as the future org and user interfaces are split out.