Agents, skills & prompts as real artifacts.
Semver-versioned. Owned by a team. Scoped to AD groups. Rolled out like code — with evals, canaries, and one-click rollback.
Versioned like code
Every change is a new semver release. Pin consumers to v1.2.x or ride the latest tag. Rollback is one API call.
Group-scoped by default
Bind artifacts to AD / Entra groups. The finance-bot agent is invisible to anyone outside ad:Finance-Ops.
Eval & canary built-in
Promote a prompt from beta to stable after evals pass. Ship to 5% of traffic, watch metrics, then scale.
Multi-step workers with tool access. Each agent has a manifest: prompt, tools, scope, and guardrail bindings.
Support Triage
v1.4.2stableClassifies incoming tickets, assigns severity, and routes to the right engineering queue using MCP-connected ticketing.
SQL Analyst
v2.0.0stableTranslates natural language into safe, policy-checked SQL. Guardrails block destructive ops; PII columns are auto-masked.
Release Captain
v0.9.1betaDrafts changelogs, checks CI, and files a release PR. Read-only in repos outside the caller's team scope.
Finance Bot
v0.3.0betaAnswers expense questions, pulls SAP records, and flags outliers. Strict per-group data scoping.
Every artifact is a manifest.
YAML in, governed service out. Drop a manifest into the registry and pLLM handles validation, versioning, group binding, guardrail wiring, and rollout. No custom glue code.
-
Schema-validated on upload -
Diffable across versions -
Auto-bound to AD / Entra groups -
Guardrails attached per-artifact
# agent manifest — registry: acme-corp
kind: Agent
name: support-triage
version: 1.4.2
owner: support-platform
scope:
allow_groups:
- ad:Support-Agents
- ad:Support-Leads
deny_groups:
- ad:Contractors
model:
primary: claude-4.6-sonnet
fallback: gpt-5
tools:
- mcp://jira/*
- mcp://github/search_* # read-only
- mcp://internal-rag/query
guardrails:
- presidio-pii # pre_call, logging_only
- prompt-injection # pre_call
rollout:
strategy: canary
stable_weight: 95
canary_weight: 5