Operational Overview

Browser control for hostile CRM surfaces.

The platform is staged around tenant isolation, policy gating, approval checkpoints, HITL interception, queue orchestration, and evidence-first execution.

Runtime Status

System pulse

okAPI
okDatabase
okRedis
onlineWorker
readyBrowser
headless-productionPlaywright mode

Tenants

1Isolated customer environments

Active Sessions

0Encrypted CRM sessions

Running Workflows

0Live browser orchestration

Pending Approval

1Human confirmation queue

Waiting HITL

0MFA and CAPTCHA interventions

Outbound Connectors

1Push destinations enabled

Platform Surfaces

Primary endpoints

  • `/api/v1/system/status` for infra health and browser readiness.
  • `/api/v1/workflows/execute` to enter the orchestrator with policy enforcement.
  • `/api/v1/discovery/run` to kick off CRM profile generation.
  • `/api/v1/mirror/sync` to drive Data Mirror refreshes.
  • `/api/v1/policies/simulate` to test allow/deny/approval outcomes before runtime.
  • `/api/v1/live` WebSocket for supervised execution and dashboard heartbeat.

Spec Hardening

Current truth

  • 6 requirement areas are fully implemented right now.
  • 3 requirement areas still have only foundation or partial coverage.
  • The system is deployable and inspectable, but not yet a complete live CRM executor.
  • `Coverage` shows the honest gap map; `CRM Systems` shows SPA-aware target presets.

Target Presets

Dynamic app profiles

  • monday.com: spa-dynamic, soft-navigation, graphql-first
  • Jira: spa-dynamic, hybrid-navigation, graphql-first
  • GitHub: hybrid-webapp, hybrid-navigation, xhr-fetch
  • Generic No-API Web App: custom, hybrid-navigation, mixed-observability

Critical next work

What still decides success

  • Deep selector crawler and scoring resolver for changing UIs.
  • Real action executor with post-validation and rollback logic.
  • Discovery that learns routes, modals, virtualized tables, and rich editors.
  • Extraction engine that builds the Data Mirror from browser-only systems.