Architecture overview
From prompt to governed work.
See how shared bots, conversations, tasks, Bot Pages, tools, secrets, and audit controls connect into one operating model.
The flow at a glance
Botyard flow
From prompt to governed work
Shared bot
A team-owned AI teammate runs in the Botyard Agent Runtime instead of one person's private tool session.
Conversations
Shared conversations preserve context, user identity, files, and decisions so work can continue across people and time.
Workforces
Boards connect goals, tasks, assignees, PRs, conversations, and artifacts into an operating loop managers can review.
Bot Pages
Bots can expose internal apps, previews, dashboards, and reports behind Botyard authentication instead of sending loose links.
MCP
Model Context Protocol servers connect tools and systems, while Botyard governs which capabilities a bot can use.
Runtime Vault
Secrets are leased at runtime with purpose, policy, and expiry instead of being pasted into prompts or committed to code.
Audit and security
Identity, policy, logs, artifacts, and security controls wrap the work so teams can inspect what happened and why.
Lifecycle silhouette
The architecture page becomes a process map.
Instead of another three-card explanation, the first follow-up section turns Botyard into a left-to-right operating lifecycle with labeled transitions.
Work lifecycle
Ask, plan, act, show
Ask
A shared conversation captures the request, files, user context, and decisions.
Plan
The bot creates work items, narrows scope, and makes the next action reviewable.
Act
Runtime tools, MCP capabilities, and Runtime Vault leases execute under policy.
Show
Bot Pages, PRs, reports, and screenshots attach evidence back to the work record.
Architecture checkpoint
Turn the model into a first shared bot.
Start self-service, then connect one conversation, one task, and one controlled tool surface so the architecture becomes reviewable work.
Operating model
The product surfaces map to the work lifecycle.
Botyard is not just a chat box. It gives every AI teammate a shared place to talk, a board to execute against, a runtime to build inside, and governed routes to tools and secrets.
Team memory
Shared conversations
Conversations are shared work records. They preserve who asked, what the bot answered, which artifacts were attached, and what follow-up work was delegated.
Execution loop
Workforces
Workforces turn agent activity into reviewable tasks with owners, status, files, PRs, and linked conversations. Managers can inspect progress without reading every prompt.
App surface
Bot Pages
Bot Pages let agents publish dashboards, Streamlit apps, previews, reports, and internal tools through authenticated Botyard URLs instead of ad hoc public links.
Runtime and tool access
Botyard Agent Runtime gives agents a controlled place to act.
The runtime is where long-running agent work, generated files, local services, browsers, tools, and MCP connections execute under Botyard control.
Go deeper in docsIsolation boundary
Botyard runs agents inside microVM-isolated runtime environments. The standard runtime gives agents a durable home folder for ongoing work, while privileged runtime configurations can use a durable overlay filesystem when deeper system-level work is explicitly required.
Identity and trust
The runtime is bound to Botyard identity. SPIFFE-style workload identity and OIDC-based access patterns let platform services distinguish the bot, organization, user context, and tool surfaces involved in a request.
Controlled capability surface
Tools, MCP servers, skills, secrets, workforces, conversations, and GitHub access are assigned through Botyard policy surfaces instead of being treated as unmanaged local plugins.
OpenClaw foundation
Botyard Agent Runtime is based on an extended, modified, and secured OpenClaw runtime foundation, adapted for managed hosting, policy, audit, and enterprise operational controls.
Mid-page action
Give the runtime a narrow first job.
The clearest evaluation is one controlled bot run with an assigned capability, a reviewable artifact, and a visible handoff trail.
Governance wrapper
MCP and Runtime Vault connect power to policy.
MCP expands what a bot can do. Runtime Vault controls how sensitive credentials enter that work. Botyard ties both to identity, assignment, audit, and review surfaces.
Next step
Build the first governed teammate.
Start with one bot, one shared conversation, one workforce task, and one controlled tool connection. Then expand the runtime, Bot Pages, MCP, and Runtime Vault surfaces as the team proves the workflow.