BOTYARD

Architecture overview

From prompt to governed work.

See how shared bots, conversations, tasks, Bot Pages, tools, secrets, and audit controls connect into one operating model.

The flow at a glance

Botyard flow

From prompt to governed work

Illustrative flow
01

Shared bot

A team-owned AI teammate runs in the Botyard Agent Runtime instead of one person's private tool session.

02

Conversations

Shared conversations preserve context, user identity, files, and decisions so work can continue across people and time.

03

Workforces

Boards connect goals, tasks, assignees, PRs, conversations, and artifacts into an operating loop managers can review.

04

Bot Pages

Bots can expose internal apps, previews, dashboards, and reports behind Botyard authentication instead of sending loose links.

05

MCP

Model Context Protocol servers connect tools and systems, while Botyard governs which capabilities a bot can use.

06

Runtime Vault

Secrets are leased at runtime with purpose, policy, and expiry instead of being pasted into prompts or committed to code.

07

Audit and security

Identity, policy, logs, artifacts, and security controls wrap the work so teams can inspect what happened and why.

Lifecycle silhouette

The architecture page becomes a process map.

Instead of another three-card explanation, the first follow-up section turns Botyard into a left-to-right operating lifecycle with labeled transitions.

Work lifecycle

Ask, plan, act, show

01

Ask

A shared conversation captures the request, files, user context, and decisions.

02

Plan

The bot creates work items, narrows scope, and makes the next action reviewable.

03

Act

Runtime tools, MCP capabilities, and Runtime Vault leases execute under policy.

04

Show

Bot Pages, PRs, reports, and screenshots attach evidence back to the work record.

Architecture checkpoint

Turn the model into a first shared bot.

Start self-service, then connect one conversation, one task, and one controlled tool surface so the architecture becomes reviewable work.

Operating model

The product surfaces map to the work lifecycle.

Botyard is not just a chat box. It gives every AI teammate a shared place to talk, a board to execute against, a runtime to build inside, and governed routes to tools and secrets.

Team memory

Shared conversations

Conversations are shared work records. They preserve who asked, what the bot answered, which artifacts were attached, and what follow-up work was delegated.

Execution loop

Workforces

Workforces turn agent activity into reviewable tasks with owners, status, files, PRs, and linked conversations. Managers can inspect progress without reading every prompt.

App surface

Bot Pages

Bot Pages let agents publish dashboards, Streamlit apps, previews, reports, and internal tools through authenticated Botyard URLs instead of ad hoc public links.

Runtime and tool access

Botyard Agent Runtime gives agents a controlled place to act.

The runtime is where long-running agent work, generated files, local services, browsers, tools, and MCP connections execute under Botyard control.

Go deeper in docs

Isolation boundary

Botyard runs agents inside microVM-isolated runtime environments. The standard runtime gives agents a durable home folder for ongoing work, while privileged runtime configurations can use a durable overlay filesystem when deeper system-level work is explicitly required.

Identity and trust

The runtime is bound to Botyard identity. SPIFFE-style workload identity and OIDC-based access patterns let platform services distinguish the bot, organization, user context, and tool surfaces involved in a request.

Controlled capability surface

Tools, MCP servers, skills, secrets, workforces, conversations, and GitHub access are assigned through Botyard policy surfaces instead of being treated as unmanaged local plugins.

OpenClaw foundation

Botyard Agent Runtime is based on an extended, modified, and secured OpenClaw runtime foundation, adapted for managed hosting, policy, audit, and enterprise operational controls.

Mid-page action

Give the runtime a narrow first job.

The clearest evaluation is one controlled bot run with an assigned capability, a reviewable artifact, and a visible handoff trail.

Governance wrapper

MCP and Runtime Vault connect power to policy.

MCP expands what a bot can do. Runtime Vault controls how sensitive credentials enter that work. Botyard ties both to identity, assignment, audit, and review surfaces.

Bot-level tool assignments define which systems the agent can reach.
Runtime Vault secret leases require audited justification and short-lived access.
Workforce tasks and conversations make agent work reviewable by managers and teammates.
Bot Pages keep generated apps and reports behind Botyard authentication.
Audit trails and artifacts create a record for security review and operational handoff.

Next step

Build the first governed teammate.

Start with one bot, one shared conversation, one workforce task, and one controlled tool connection. Then expand the runtime, Bot Pages, MCP, and Runtime Vault surfaces as the team proves the workflow.