Skip to main content
PAS
Available now

Turn goals into auditable plans that run safely on your machine

The Orchestrator converts goals into directed plans, executes steps under policy modes, and writes tamper-evident audit logs for every action.

Get started locallyAPI & Schemas

What the Orchestrator does

The Orchestrator is the brain of Personal Assistant System (PAS). It takes your goals and converts them into a directed acyclic graph (DAG) of executable steps, then runs those steps safely under configurable policy modes. Every action is logged, high-risk operations require approval, and you maintain full control over what runs and when.

Reader capabilities

  • Directed plan (DAG) generation from natural language goals
  • Tool catalog validation and schema checking
  • Real-time task status and progress tracking

Writer capabilities Gated

  • Execute tool calls with timeout and budget enforcement
  • Write tamper-evident audit logs for compliance
  • Trigger approval workflows for high-risk steps
Local-first by default: All orchestration runs on your machine. Optional cloud model routing requires explicit opt-in.

Who benefits from the Orchestrator

Individuals

Automate multi-step chores with review gates so you stay in control

Example: "Summarize my weekly notes and draft a task list" — the Orchestrator plans the steps, pauses for your approval before saving, and logs everything.

Teams & Managers

Standardize workflows with repeatable runs and status visibility

Example: "Generate weekly project status report" — consistent format, auditable history, and team-wide visibility into what ran.

Developers & IT

Clear contracts, schema-validated calls, and stable REST APIs

Example: Integrate orchestration into CI/CD pipelines with predictable endpoints and structured error responses.

Security & Compliance

Approvals, logs, and allowlists align to organizational policy

Control: Set policy mode to "constrained" and require manual approval for any high-risk tool call.

How it works

1

Input: Goal + Context

You provide a natural language goal and optional context (files, previous results, constraints).

2

Plan: DAG Generation

The model proposes a directed plan of tool steps. The orchestrator validates each step against the tool catalog and checks schemas.

3

Execute: Tool Calls

Steps run sequentially or in parallel under timeouts and autonomy budgets. High-risk steps pause for approval.

4

Verify: Evaluation Checks

Optional evaluation runs confirm outputs meet quality criteria before finalizing.

5

Output: Result + Audit Trail

You receive the final result plus a complete log of every step, tool call, and approval decision.

Safety & approvals: Policy modes (constrained vs. autonomous) control whether high-risk steps require manual consent. Rate limits and allowlists prevent runaway execution.

Example workflows

Daily brief automation

Runs entirely offline
Input:

"Find new docs from the last 24 hours and summarize them"

Steps:
  1. docs.search_docs (filter: last 24h)
  2. llm.generate (summarize results)
  3. docs.write_doc (save summary) — pauses for approval
Output:

Summary document + audit log showing search query, LLM prompt, and approval timestamp

PR preparation workflow

Approval required
Input:

"Add input validation to user registration module and write unit tests"

Steps:
  1. code.search (locate registration module)
  2. code.propose_patch (add validation) — pauses for approval
  3. eval.run_unit_tests (stub tests to confirm structure)
Output:

Diff preview, test results, and full audit trail of code changes

Technical details

Key endpoints

  • POST /tasks
  • GET /tasks/:id
  • POST /tasks/:id/run
  • GET /approvals
  • POST /approvals/:id/approve
View full API schema

Configuration

  • POLICY_MODE — constrained (default) or autonomous
  • AUTONOMY_BUDGET — max steps per task
  • RATE_LIMIT — calls per minute
  • TIMEOUT — per-step timeout

Performance notes

  • Plan generation: typically 1-3 seconds for 5-10 step plans
  • Execution: depends on tool latency; parallel steps where possible
  • Audit log writes: async, non-blocking

Observability

  • Task state metrics (pending, running, completed, failed)
  • Approval counters and latency
  • Error rates by tool and step type
  • Budget exhaustion alerts

Security posture

Constrained by default

High-risk steps (writes, outbound calls) require explicit consent. Policy mode can be set to autonomous for trusted environments.

Outbound disabled by default

Network calls and external tool invocations are blocked unless explicitly allowlisted in configuration.

Full audit trail

Every tool call, approval decision, and result is logged with timestamps. Planned: cryptographic signing for tamper-evidence.

Rate limits & budgets

Autonomy budgets prevent runaway execution. Rate limits protect against abuse or misconfiguration.

Roadmap & status

Available

Current features

  • DAG planning and execution
  • Approval workflows and policy modes
  • Audit logging and task history
  • Tool catalog validation
Planned

Coming soon

  • Containerized tool sandboxes for isolation
  • Cryptographic signing of audit logs
  • Advanced retry strategies and error recovery
View full roadmap

Frequently asked questions

Ready to orchestrate safely?

Install Personal Assistant System (PAS) locally and start running auditable, policy-governed workflows

Try locallyView examplesTalk to us