A standing control plane drives your issues through plan → implement → gate → merge. Ephemeral, single-tenant runners do the work with the agent of your choice and short-lived, job-scoped credentials — then disappear.
Runner for issue #482 — gate suite green. Implement and gate ran in one isolated container; opening the PR.
Another item touched a suppression — parked for your approval before it can merge.
The control plane is deterministic code, not an LLM holding the whole run in context. Only the bounded units of work are agents.
Each unit of work — plan one issue, implement one issue, run the gate suite — runs inside a fresh, single-tenant runner that reads durable inputs, does a bounded job, writes durable output, and is torn down. The runner is the bounded unit: hard-isolated in its own container with a finite lifetime, so context never accumulates and a crash or rate-limit never loses the thread.
Deterministic core
Plain code enforces caps, blockers, and the killswitch — auditable and replayable.
Bounded runners
Every item gets a throwaway, single-tenant runner with only the inputs it needs.
No drift
Nothing spans items, so there is no accumulating context to corrupt a run.
The control plane spawns a workflow per issue; each step launches and supervises an ephemeral runner that does the bounded work, then disappears.
An agent drafts the approach from the issue and the pack. A genuine fork parks to Needs Decision for a human.
A runner writes the branch with your chosen agent, to the conventions the pack declares.
Preflight and gate plugins run in the same runner. A diff touching a suppression always parks.
Opens a PR to Ready to Merge for a one-click human merge — or auto-merges once a gate earns trust.
03.
A standing, multi-tenant control plane schedules and supervises; ephemeral, single-tenant runners do the work and disappear.
Multi-tenant and always on. It schedules work but never checks out your code and never holds long-lived workload secrets in process.
A throwaway runner per item, single-tenant and isolated. Your source, secrets, and a semi-autonomous agent meet only inside one container with a finite lifetime.
The board (the human surface for parked decisions) and per-repo project packs both ride on top of this split — the control plane reads the board; the runner loads the pack.
One normalized contract — task, repo context, tools in; result and structured output back. Any agent that fills it plugs in behind a single port.
04.
Pick the agent that fits your cost, capability, or policy. Selected by config, run inside the runner.
Your model key, encrypted at rest and injected per job. Metered keys are a later option.
The pack declares what to do; the agent is who executes. The pack names no model.
Forge and tracker tools reach any agent through MCP servers — capability never depends on the model.
05.
Everything repo-specific lives in a project pack the engine loads at run time. Hard-coding a consumer repo's behaviour into the engine is a bug.
| Pack element | What it supplies |
|---|---|
| Planning prompt | how to plan an issue for this repo |
| Implement command | the repo's implement pipeline |
| Preflight command | the repo's quality gate |
| Gate plugins | conventions to enforce before Ready to Merge |
| Conventions + memory | inputs that let the agent decide autonomously |
A pack declares what to do — never which model does it. The agent is
chosen separately, so packs stay portable. The first consumer pack is roulez.
Semi-autonomous agents touch your code, so credentials are job-scoped, least-privilege, and short-lived — injected at launch, never baked into images, never logged, destroyed with the runner.
06.
Install the skella GitHub App; the control plane mints a per-repo installation token with a ~1h TTL at launch and injects it into the runner. GitLab / Bitbucket use the same forge port.
A per-provider OAuth app; the refresh token lives in a real secrets manager — never in plaintext. A short-lived access token is minted per job.
Your model key — bring your own, encrypted at rest, injected per job and destroyed with the runner.
A job-scoped JWT (expires at the job timeout) lets the runner report status without any standing credential.
A tenant's source, secrets, and agent meet only inside a single-tenant container. The managed tier adds strong isolation (microVM / gVisor) and egress controls; on the self-hosted tier that boundary sits on your own infrastructure. A compromised runner is one repo for ~1h — and self-healing on expiry.
07.
Gates graduate toward autonomy by proving themselves — and the riskiest changes never graduate at all.
Every item starts by queueing in Ready to Merge for a one-click human merge. Nothing auto-merges on day one.
Each gate keeps a trust record. As a gate proves itself over real PRs with zero escapes, it graduates toward risk-tiered auto-merge.
A diff that touches any suppression or allow-list is never auto-merge-eligible and always parks for a human.
An agent may never grant itself an exception. Suppressions are a centralized, justified, human-approved, staleness-tested resource — and adding one is itself a gated, parking event. The engine surfaces; humans suppress.
The repos hold conventions and design only — the platform itself is not built yet. The architecture is decided; what follows is the build order, not shipped features.
08.
Foundation decided
Tiered rollout
Cloud control plane; a local-container runner you run on your own infrastructure; bring-your-own keys; the GitHub App and one issue tracker. Lowest isolation burden — you own the runner host. Proves the loop end-to-end across tenants.
Orchestrated / serverless runner adapters with microVM isolation and egress controls; optional metered billing. Additive on the seams from Tier 1 — a new adapter, not a rewrite.
No cadence, no marketing — just a note when skella ships a real milestone. Drop your address and we'll reach out.