The Workshop
On July 7, 2026 we ran the whole stack at once, on one repo — and kept the receipts.
The Workshop is a live board whose content is the stack's own receipts. The two API endpoints it displays were not written by a human: a deterministic driver dispatched fresh AI workers under a locked contract, verified their work by running the tests itself, and signed a portable attestation for each task. The board, the code, and every claim on this page link to proof you can check yourself.
How one unit of work flows through the stack
Every arrow is machine-checked. The worker never grades itself, the receipt outlives every vendor, and nothing reaches production on an agent's word alone.
The run, blow by blow
01 Contract
A goal file spelled out the definition of done, immutable acceptance tests, hard constraints, a budget, and autonomy level zero — propose only. The dial is earned, and day one earns nothing. This is Box 0 of The Machine: the goal never lives only in a context window.
"contract": {
"definition_of_done": "GET /api/uptime returns 200 JSON {up:true, uptimeSeconds}; GET /api/version
returns 200 JSON {version} matching package.json. Each has a node --test case.",
"acceptance_tests": ["uptime endpoint answers with up===true",
"version endpoint matches package.json version"], // immutable
"constraints": ["touch only app/server.mjs and test/", "no new dependencies"],
"autonomy_ceiling": 0 // propose — never commit
},
"budget": { "max_worker_runs": 8, "max_wall_seconds": 1800 } 02 Dispatch & verify
machine-driver — a zero-token, deterministic while-loop — spawned one fresh Claude worker per task, then ran the test suite itself. A worker saying "done" counts for nothing; an exit code of 0 is what counts. Both tasks verified on the first attempt. This is the actual driver log:
[17:15:54] driver up — mode=propose (operator asked propose)
[17:15:54] -> job-001 (attempt 1): add GET /api/uptime + node:test case …
[17:16:46] ok verified. ← npm test, run by the driver: 52s
[17:16:48] -> job-002 (attempt 1): add GET /api/version + node:test case …
[17:18:00] ok verified. ← 72s
[17:18:02] GOAL COMPLETE — 2 tasks, 0 blocked/surfaced. 03 Prove
Each verified task produced an Ed25519-signed Agent Attestation Record — the receipt. It binds the claim, the verdict, and a hash commitment to the evidence, signed by the org. The signature checks against the DID document published on this very domain — no vendor, no central server, no trust in us required:
{
"subject": "did:web:frontierinfra.org:stack-demo-worker", // who did the work
"task": { "id": "job-001", "claim": "add GET /api/uptime …" },
"verdict": "verified", // the verifier's finding
"ground_truth": "confirmed", // checked against reality
"checks": [{ "query": "npm test",
"response_sha256": "d0d1c1…", // evidence, committed by hash
"excerpt": "ok 6 - uptime endpoint answers…" }],
"verifier": { "id": "did:web:frontierinfra.org:machine-driver-verify" }, // ≠ subject
"sig": { "alg": "Ed25519", "by": "did:web:frontierinfra.org" } // ← your key, your domain
} 04 Enforce
Proctor — the machine-level enforcement engine that gates every session's "done" on this Mac — then ran the run's meta-contract with its own verifier: all tests green AND both attestations valid. 3 checks against reality, 3 passes, proof signed; the proof was bridged into a signed meta-attestation. The demo attesting the demo:
"checks": [
{ "name": "`npm test` passes (incl. workforce-built endpoints)", "passed": true },
{ "name": "job-001 AAR verifies (signature + evidence)", "passed": true },
{ "name": "job-002 AAR verifies (signature + evidence)", "passed": true }
],
"signed_off": true 05 Land
The workforce's diff — 23 insertions, exactly the two contracted files — was reviewed by the operator and went through the repo's own gates as a pull request. The stamped intake gate rejected the first PR body. The demo's own governance blocked the demo, exactly as designed, until the paperwork carried real verification detail:
PR INTAKE CHECK: FAIL
- PR must name the smallest regression guardrail or explain why none was added.
- PR must include human verification details.
← fixed the body; fresh run green; merged. What broke, honestly
Two things broke, honestly. The driver's signing step failed on a relative key path — and instead of a silent skip, it alerted loudly, left the unsigned records intact for later signing, and the root cause was fixed upstream the next day with regression tests (relative paths now anchor to the goal file, and a missing key names its full resolved path). The second break was the intake gate above. Demos that never break prove nothing; this one broke twice and recovered with the audit trail to show it.
[17:16:46] ALERT: AAR sign FAILED for task job-001 (rc 1):
error: ENOENT: no such file or directory, open 'secrets/stack-demo.jwk.json' Every tier, with its receipt
| Tier | Project | Receipt |
|---|---|---|
| Govern | Maintainer Gate Blueprint | ops model stamped by installer; prod-DB guard blocks destructive commands; PR intake gate enforced (and fired) |
| Behave | ADL | discipline layers + the run's contract as an ADL manifest |
| Enforce | Proctor | meta-proof signed by Proctor's verifier, 3/3 checks against reality |
| Operate | machine-driver | driver log + hash-chained loop audit for the two worker dispatches |
| Prove | AAR | one signed record per task, verifiable against did:web:frontierinfra.org — live on this domain |
| Declare | AVL | the board serves agent views; validates at L3 (so does this page) |
Don't take our word for it
The point of the stack is that you never have to trust the operator — or us. Fetch a receipt from the live board and check the signature against the key published on this domain:
# fetch a receipt from the live board, verify it against this domain's published key
curl -sO https://workshop.frontierinfra.org/receipts/aar-job-001.json
git clone https://github.com/frontier-infra/agentcontrolplane
node agentcontrolplane/tools/aar.mjs verify aar-job-001.json
# → [✓] L0: Ed25519 signature valid … → conformance: L2 What happened next: the seam became a product
The day after the run, the proof→receipt bridge was productized into Proctor itself: every contract signed off on a key-configured machine now auto-emits a signed attestation — verify, judge, or operator sign-off alike. The change went through a 15-agent adversarial review workflow before it shipped, which caught two real defects the tests had missed (a Python 3.9 incompatibility that would have silently disabled emission on stock macOS, and a path-traversal through hostile contract ids) — both reproduced, fixed, and regression-tested. The spec section it conforms to (ADL contract & proof, §7) now has two independent, interoperating producers: machine-driver and Proctor. That is how a record format stops being a feature and starts being a standard.
What this is not
What this is not: the attestations are same-principal (we verified our own workers — disclosed in every record, useful for provenance, not audit-grade independence); the run was demo-scale (two small tasks, one machine); and the workforce ran in propose mode with a human landing the merge. Each of those is a dial the stack exposes, not a ceiling it hides.
← Frontier Infra home · agents: this page is readable at /workshop.agent