[ OPERATOR LAYER · v0.8.0 ]
Harness agents ship smart models with empty heads: OpenClaw and Hermes wake up every session knowing nothing about your machine, your rules, or what they learned yesterday. Brigade fixes that with a local control plane for memory, tasks, tools, research, review, and release. Receipts stay in plain files; model calls and remote tools are explicit choices.
For anyone who runs an agent. Unfairly good if you also ship code.
·· BRIGADE RECEIPT ··
RUN #2026-06-07-031
HARNESS claude-code
TASK refactor auth flow
plan reviewed ✓
tests green ✓
memory handoff 1 queued
NETWORK CALLS EXPLICIT
5 HARNESSES 0 DAEMONS PLAIN FILES MIT
[ THE #1 QUESTION ]
No. Unbounded memory is a write-only diary, and write-only diaries rot. Brigade treats memory as a maintained system with three controls:
01
Nothing lands unreviewed. Ingest routes safe notes into memory and holds anything ambiguous in a review inbox for you. Bloat that never lands never grows.
02
brigade memory care A station that scans every card for stale, contradictory, oversized, or orphaned entries and queues the refresh work. Memory gets audited like code.
03
Memory is markdown on your filesystem. You can grep it, diff it, prune it, and every change has a receipt that says what landed, when, and why.
[ 01 · MEMORY ]
Out of the box, an OpenClaw or Hermes agent starts every session from zero. Brigade closes the loop: every agent writes what it learned into its own handoff inbox, one command reads them all. Safe notes become durable memory that every agent shares; anything ambiguous waits for you.
Brigade never edits canonical memory on its own. The ingester routes safe material, kicks everything it is unsure about into review, and writes a receipt for every run. One workspace stays the canonical memory owner; how ownership works →
[ 02 · STATIONS ]
Every agent learns a little. One reviewed memory keeps it, and every future session starts smarter.
docs →Your agent pulls its next task from an inbox, runs it, verifies, closes out, and queues the next step.
docs →Local, explicit, receipted. Nothing publishes, pushes, or mutates a remote unless you run the command that does.
docs →A portable, labeled catalog of what agents can call: schema contracts, call plans, approval queues, receipts.
docs →Deep research grounded in a trusted local corpus, and review producers whose findings land in the same inbox.
docs →Readiness reports, smoke runs, waivers, receipts. The release train assembles the proof; you publish manually.
docs →[ 03 · THE LOOP ]
One orchestrator plans, workers run through their own CLIs, the chef plates the answer. Bounded by design: two orchestrator calls plus the worker calls in the plan.
[ 04 · FOR ENGINEERS ]
Everything above works for any agent owner, no code required. This is the part where developers get spoiled. Brigade keeps state local, makes execution explicit, and writes receipts. Discovery routes work into an inbox; nothing runs a daemon, edits canonical memory, or touches a remote without you asking. Expand a row for the boundary statement.
brigade work run Open a session, pull the next ready task from the inbox, run it, verify, close out, write a handoff. does not run unattended, install cron, or start a daemon. Every run is foreground and receipted.
docs/work-closeout.md →brigade work task plan Write a reviewable plan artifact per task: assumptions, acceptance, risks, steps, next safe command. does not execute plan steps, install promoted proposals, or treat imported context as instructions.
brigade daily Answer "what next" with an ordered, deduplicated action list across every subsystem, each with evidence. does not run the suggested commands, install cron, or start a scheduler. You or your agent set the cadence.
brigade tools A portable, labeled catalog of what agents can call: schema contracts, call plans, approval queues, receipts. does not connect to remote MCP servers, fetch schemas, store auth, or execute without an approved plan.
docs/tool-catalog.md →brigade research Iterative deep research grounded in a trusted local corpus, with an opt-in quarantined web tier and an HTML report. does not store API keys, run a local model, or treat fetched web content as instructions.
brigade work review Run configured review commands and import normalized findings into the work inbox. does not auto-run reviewers, apply fixes, post comments, or mutate GitHub.
docs/code-review.md →brigade chat Ingest local chat exports into public-safe work imports with summaries, labels, and fingerprints. does not use live chat APIs, OAuth, or webhooks. Raw message bodies are rejected by default.
docs/chat-surfaces.md →brigade memory care Scan memory cards for stale, contradictory, oversized, or orphaned entries and queue refresh work. does not edit cards, run a scheduler, or mutate canonical memory.
docs/memory-care.md →brigade work backup Read snapshot, check, prune, and restore-rehearsal status; route stale or failed states into work imports. does not run restic, mount storage, prune, or restore. Read-only.
docs/backup-health.md →brigade work verify Run explicit local verification commands, write receipts, and record a session closeout. does not mutate CI, GitHub, or reviewers. Verification runs only when explicitly requested.
docs/work-closeout.md →brigade release A local publish gate over closeout, verification, security, content-guard, and docs hygiene. does not push, tag, create releases, or mutate remotes.
docs/release-readiness.md →brigade repos Readiness sweeps, reviewed fleet actions, release trains, and fleet-wide handoff ingest across local repos. does not clone, push, auto-promote, or record private paths and exact private repo names.
docs/repo-fleet.md →brigade phase Resumable, evidence-backed sessions for long roadmap work: checkpoints, recovery notes, deterministic resume. does not run sessions automatically, execute roadmap work, or edit canonical memory.
docs/phase-execution-ledger.md →brigade center readiness One ready-or-blocked view across every subsystem, with a readiness receipt and a manual publish checklist. does not run the checklist commands, apply fixes, promote imports, or mutate remotes.
docs/operator-center.md →brigade center status · brigade context build Read-only dashboards and redacted context snapshots the agent reads before planning. does not invoke scanners, reviewers, models, or remote APIs. Reads existing local files only.
docs/context-packs.md →brigade projects audit · brigade learn plan Audit local projects for safe setup metadata and mine work history for repeated lessons. does not record contents or private paths. Learnings become memory only after explicit promotion.
docs/project-learning.md →brigade notifications status Inspect optional agent-notify wiring and print reviewed hook snippets for Codex and Claude. does not send messages, edit hook files, or store channel secrets.
brigade add memory | guard | tokens | pantry Install and health-check external tools: memory doctors, content-guard, TokenJuice, agentpantry. does not import tools in process or keep provider keys. Brigade shells out to each CLI.
[ 05 · HARNESSES ]
| Harness | Role | Adds |
|---|---|---|
| claude | writer | CLAUDE.md + .claude/memory-handoffs/ inbox |
| codex | writer | .codex/memory-handoffs/ inbox (AGENTS.md is in the baseline) |
| opencode | writer | .opencode/memory-handoffs/ inbox |
| openclaw | reader | .brigade/openclaw/ config fragments + cron stubs |
| hermes | reader | .brigade/hermes/ adapter fragments (experimental) |
| repo (default) | AGENTS.md, SAFETY_RULES.md, INSTALL_FOR_AGENTS.md, hooks/pre-push, public-repo policy |
| workspace | repo + MEMORY.md, TOOLS.md, USER.md, SOUL.md, IDENTITY.md, HEARTBEAT.md, memory/cards/ |
| publisher | public-content policy + content-safety memory card + scrub-cache |
[ 06 · BOUNDARIES ]
Brigade state, receipts, and templates live on your filesystem. Network use belongs to the tools you configure and the commands you choose to run.
The network rule is explicit use, not magic isolation:
the pre-push hook runs the local content-guard
scanner before commits leave the machine, and
brigade security enrich can call MISP only when
you explicitly configure and run the opt-in provider. Model-backed tools may call their providers
when you invoke them.
·· LOCAL STATE / EXPLICIT NETWORK ··
[ 07 · COMMANDS ]
Lay out the kitchen and prove it is wired.
$ pipx install brigade-cli$ brigade init --target ~/agent-kitchen$ brigade doctor
Brigade calls these itself, run after run.
$ brigade work brief$ brigade work run$ brigade work run --queue-next$ brigade work review run --all