By Eidetic Labs · The agent operating layer
Craik is the governance substrate around coding agents — shared project state, policy-bound authority, durable receipts, and handoffs the next agent can trust. Built for software work that crosses sessions, runners, and reviewers.
$
pip install craik
§ Premise
Most agent frameworks optimize for tool calling, prompt routing, parallel execution. Those are necessary. They are not enough. Agent systems become useful at organizational scale only when they can remember, justify, coordinate, dispute, and hand off work over time.
01 Runtime layer
Craik prepares governed context before a runner acts, records what happened after it acts, and keeps the work graph durable across sessions, tools, and future agents. Memory, provenance, policy, and work state are runtime concerns — not optional logging.
$ craik project add ./repo --name product
→ project registered · pid_8b3 · 4 ADRs · 17 facts indexed
$ craik task create --project product "ship migration 0042"
→ task_042 created · case file scheduled
$ craik case build task_042
→ case file built · 12 evidence refs · 3 contradictions surfaced
$ craik prompt compile task_042 --runner codex
→ prompt sealed · policy: strict.write · grants: 2
$ craik run task_042 ▌
02 Capabilities
Craik treats every part of agent work as a typed, governable, queryable runtime object. The capabilities below are the shape of that surface.
01
Agents inherit a working model of your repository before they act — facts, ADRs, issues, PRs, tests, prior handoffs, known traps, and contradictions — instead of reconstructing state from scratch on every prompt.
02
Provider calls, credentials, operator identity, side effects, memory writes, and policy decisions become durable, structured records bound to both an operator and a credential.
03
Write authority, review gates, credential rotation, and approval surfaces are first-class runtime objects — not prompt suggestions.
04
Codex, Claude, Gemini, plus direct OpenAI and Anthropic provider paths and OpenAI-compatible local servers (Ollama, vLLM, etc.) all consume the same Craik contracts. One governance model. One handoff format.
05
Runs end with machine-readable state. The next agent — human or model — picks up where the last one stopped, with reasons attached.
06
Stigmem-backed facts, scope-aware proposals, and a contradiction inbox so truth doesn't silently overwrite truth.
07
Tasks, PRs, issues, facts, decisions, docs, tools, agents, and artifacts modeled as connected, queryable state — exportable for review and audit.
08
OIDC operator identity. Credential pools with rotation and failover. Workload identity for CI and cloud. RFC 8693 token exchange. Policy-bound credential gates with approval-gated first use — every provider call bound to both operator and credential identities, named on every receipt.
02·b Artifacts
"actor": "oidc://acme/alice", "credential": "pool:openai-prod#k_77a", "action": "provider.call", "provider": "anthropic.messages", "model": "claude-opus-4-7", "policy": "strict.write", "target": "task_042", "reason": "migration plan compile", "result": "ok", "evidence": ["adr/0042","pr/1188"], "sealed_at": "2026-05-19T14:08:21Z"
## State of task_042
Migration 0042 plan compiled and reviewed. 2 of 4 evidence checks pass; contradiction open on row-count assumption.
## Open
## Next agent should
rcpt_4f1c, rcpt_4f1dopenai-prodmigration.apply — review gateTasks, case files, policies, and receipts are nodes — not log lines.
03 Workflow
Six durable phases. Every transition leaves an artifact. Every artifact is queryable. Nothing is implicit.
Connect a repository and establish the project profile, ADRs, and capability map.
→ project.profile
Build a case file with evidence, contradictions, policy, risks, and known constraints.
→ case_file.task_042
Bind a policy envelope, capability grants, operator identity, and credential profile.
→ policy.envelope
Dispatch through a runner adapter — Codex, Claude, Gemini, or direct provider.
→ runner.session
Persist receipts, graph edges, memory proposals, contradictions, and side effects.
→ receipts/*.json
Emit machine-readable state for the next agent — model or human — to resume.
→ handoff.md + state
04 Vision
When the vision is complete, Craik turns multi-agent software work into an auditable system of record. Every action is receipted. Every contradiction is surfaced. Every handoff is machine-readable. Every credential is bound to an operator identity. The default state of agent work becomes governed — not hopeful.
Review contracts, intent locks, and parallel runner orchestration without losing the work graph.
Long-running, durable sessions that survive token expiry, model swaps, and reviewer round-trips.
Slack, GitHub, schedules, and webhooks as governed ingress with the same receipt model.
Skills, tools, and plugins with probation, signed capability grants, and revocation.
Cross-project facts with trust scopes, federation policies, and contradiction federation.
Export work graphs to SIEM, generate audit trails per task, attest provenance per receipt.
Craik 0.1.x · governed MVP