Cloud governs. Your compute executes. Proof closes the loop.#
Trusted Compute is the LumenFlow pattern for routing an Ask to an enrolled connected runtime running on hardware you control — a developer machine, CI runner, private server, or edge box — and keeping the work governed by policy, approvals, and evidence in Cloud.
This is not "LumenFlow runs on anyone's machine." It is bring your own trusted compute, governed centrally.
The chain#
| Step | What happens | Where it runs |
|---|---|---|
| Ask | Operator submits intent | Cloud |
| Dispatch | Cloud routes work to an enrolled runtime | Cloud → Runtime |
| Rules | Policy decisions allow or deny each scope | Runtime + Cloud |
| Tool calls | Runtime executes code edits, tests, etc. | Runtime |
| Approvals | Risky actions (e.g. PR creation) pause for human sign-off | Cloud |
| Proof | Evidence syncs back, replay assembles the chain | Cloud |
Run the demo#
A scripted first-cut demo exercises the full chain locally and writes a canonical evidence bundle plus a detached signature:
pnpm demo:trusted-compute --mode happy
pnpm demo:trusted-compute --mode policy-blocked
The bundle lands at evidence/demo/trusted-compute/<run-id>/ and
contains the core Proof files plus a signed manifest:
| File | Contents |
|---|---|
ask.json | The submitted Ask |
node-session.json | Connected-runtime session metadata |
policy-decisions.jsonl | Allow / deny decisions per scope |
tool-calls.jsonl | Each tool invocation with summaries |
file-diff.patch | Code changes produced |
test-results.json | Test outcome summary |
approval.json | Approval request and resolution record |
pr-summary.md | Human-readable PR description |
replay-link.txt | URL into Cloud Replay |
manifest.json | Schema version, bundle kind, run id, mode, required artifact list, artifact hashes, signer key id, and signature algorithm |
manifest.sig | Detached Ed25519 signature over the manifest |
verifier-public-key.pem | Public key for independently checking the detached signature |
Verify a bundle from the command line:
pnpm tsx scripts/demo/trusted-compute.ts --verify evidence/demo/trusted-compute/<run-id>
In happy mode, all rules allow, tool calls run, the approval gate
pauses for sign-off, and the bundle captures the full transition. In
policy-blocked mode, a denied rule (e.g. attempting to write a
production secret) halts the run before any tool call is recorded — you
will see an empty tool-calls.jsonl and a deny entry in
policy-decisions.jsonl. Both modes emit a signed manifest, so a
third party can verify the required files are present, the hashes match,
the schema is supported, and the detached signature validates.
Scope of the first cut#
The current demo is a scripted orchestrator that exercises the same evidence and approval shapes used by the real control plane. Two pieces are deferred to follow-on work:
- Live external runtime process — the demo simulates the runtime side; a real enrolled developer machine or connected runtime opening a network session is the next layer.
- Real GitHub PR creation — the demo emits a
pr-summary.mdalongside the diff; opening an actual PR against a target repository belongs to a follow-on WU.
Naming#
The user-facing nouns follow the LumenFlow product language: Ask, Connections, Rules, Approvals, Proof. Internally these map to control-plane SDK runtimes, policy decisions, approval records, and evidence receipts. Do not introduce new product names without an accompanying ADR.