The self-hosted platform layer that governs AI-driven software work — so every change is authorized, owned, provenanced, and audited. Lights-out automation you can actually trust, because you can see it.
AI ships code faster than teams can govern it. The "dark factory" runs lights-out — and that's exactly the danger: opaque, un-owned, unaccountable.
Agents and pipelines act, but nothing records who owned the change, under what policy, or with which inputs.
No oversight dial, no approval trail, no way to prove — after the fact — that a lights-out run was safe.
Charters and harness configs claim behavior the code doesn't actually enforce — imitation surfaces that read as governed but aren't.
Governance itself has no workflow, and no way to test whether a change actually helped.
Open Refinery sits between your harnesses (agents, scripts, CI) and your targets (repos, models, MCP servers, APIs). It governs how work reaches those targets — and records everything.
The orchestrator is a deterministic queue, not an agent: cheap, reproducible, and auditable. The agent's judgment stays inside a step; sequencing stays plain software.
strict whitelist mode + a pre-action authorize gatepip install + one commandOne governed loop, end to end — from a work item on a board to a real model call.
Authored artifacts — rule / skill / command / agent — with deny-overrides and a strict lock a lower layer can't override.
Changes to governance itself walk an accept / deny / feedback chain that auto-escalates up the role ladder.
Enable curated canon — TDD, ATDD, spec-driven, code review, CI/CD, observability, tech-debt — as standards and ready-made processes.
Anthropic, OpenAI, MCP, and generic API targets — connect by API key or OAuth, with routing, failover, and windowed rate quotas.
An audit or strict (whitelist / default-deny) mode, plus a pre-action /authorize gate — verify identity + intent before a tool, command, or host-egress action. Per-namespace whitelists; every refusal audited.
Revert a work item to a known-good prior stage and get a structured reverse plan that unwinds the whole deployment — code, DB migrations, config, env, libraries, data, services, secret refs, infra, DNS. The harness applies it and reports back.
Group users into teams; a usage ledger meters units per governed invoke and rolls up cost by team; a team's live in-flight concurrency cap is enforced at the invoke seam.
Resolve routes on region / compliance / cost inputs — an unmet requirement blocks the call, it isn't silently downgraded. A cross-agent traffic graph shows who sends how much to which target.
Background jobs, scheduled ingest, and a WebSocket live channel — job status, new audit events, and per-run live logs stream to the dashboard, no polling.
Give Claude Code (and other harnesses) a governed identity — via OAuth device flow or a token. Every action the agent takes is authorized and audited under its role, exactly like a person.
A first-run wizard takes the first admin from sign-up to a running factory: connect your tools, import a repo, adopt standards, and shape the first process from your own tracker's columns — then ship a work item.
GitHub, GitLab, GitHub Issues, Jira, Linear — code hosts and issue trackers, by OAuth or token. Trackers expose their columns for workflow discovery so processes match your board.
Ingest a repo's charter/harness/code, then surface coverage, drift, and imitation surfaces with 0–100 health scores.
Flag the poison: dead rules, contradictions, redundancy, and prompt injection — per role level, with insights.
State a hypothesis, run before/after evals, and get a real significance verdict — control vs. treatment.
Inline sign-off or an async queue with chained approvals — an ordered role chain, a distinct signer per slot.
Score factory / harness / charter debt, track it over time, and get concrete "what to try next" insights.
HMAC-signed event fan-out and a complete, queryable, attributed audit trail — with metrics derived from it.
GitHub, GitLab, Jira, Linear — import repos and sync work items, connect by token or OAuth, credentials encrypted at rest.
A React dashboard ships in the wheel — an overview that surfaces what needs attention, a work board, and a right-hand detail/action drawer. Self-hosted API docs with live "Try it out" at /api-docs.
Python 3.11+. SQLite ships with Python — nothing else to install.
Only SECRET_KEY is required in the environment; everything else is UI-managed and encrypted in the database.
# install + run — server and dashboard on :8000 pip install open-refinery open-refinery serve # open http://your-host:8000 — the dashboard walks you through # creating the first admin, then signing you in.