From DSG Governance Control Plane
Multi-agent workflow executor combining fast ROM DOM simulation on Vercel with real browser fallback via Browserbase/Stagehand for DSG Control Plane tasks.
How this skill is triggered — by the user, by Claude, or both
Slash command
/dsg-governance:dsg-hybrid-agentThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
This skill provides a **multi-agent workflow executor** for DSG Control Plane that combines:
This skill provides a multi-agent workflow executor for DSG Control Plane that combines:
┌─────────────────────────────────────────────────────────────────┐
│ HYBRID AGENT WORKFLOW │
├─────────────────────────────────────────────────────────────────┤
│ Task YAML → PARSE → SIM SESSION → REAL BROWSER (if needed) │
│ │ │ │ │ │
│ ▼ ▼ ▼ ▼ │
│ [Goal] [Steps] [Engine] [Stagehand] │
│ │ │ │
│ └──────┬───────┘ │
│ ▼ │
│ [VERIFICATION GATE T4] │
│ │ │
│ ▼ │
│ [MERGED RESULT] │
└─────────────────────────────────────────────────────────────────┘
src/rom-dom/)Pre-recorded DOM snapshots for all DSG pages:
Each ROM contains:
src/lib/simulation/engine.ts)Pure TypeScript, runs on Vercel:
ROMSimulationEngine - per-ROM simulationSimulationSession - multi-step workflow with contextSimulationEngineFactory - create enginesapp/api/agent/hybrid/route.ts)Three modes:
sim-only - Fast, free, no real browserhybrid - Simulate first, real for auth steps, verify at T4real-only - Full real browser (slow, costs)tasks/)YAML workflows:
login-and-gate-eval.yaml - Full login + gate evaluationpublic-recon.yaml - Public endpoint reconnaissancedelivery-proof-scan.yaml - Delivery proof scanningreadiness-check.yaml - Production readinessci-cd-pipeline.yaml - Full CI/CD verificationcurl -X POST https://your-app.vercel.app/api/agent/hybrid \
-H "Content-Type: application/json" \
-d '{"goal": "Public recon", "mode": "sim-only", "steps": [
{"type": "api-call", "rom": "health"},
{"type": "api-call", "rom": "mcp-manifest"},
{"type": "api-call", "rom": "compliance-annex4"}
]}'
curl -X POST https://your-app.vercel.app/api/agent/hybrid \
-H "Content-Type: application/json" \
-d @tasks/login-and-gate-eval.yaml
// In Hermes agent context
const result = await fetch('https://tdealer01-crypto-dsg-control-plane.vercel.app/api/agent/hybrid', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({
goal: 'Login and evaluate gate',
mode: 'hybrid',
steps: [...]
})
});
This skill supports parallel agent execution for independent workflows:
# Parallel task group
agentGroup:
- agent: recon-agent
task: public-recon.yaml
- agent: compliance-agent
task: compliance-check.yaml
- agent: readiness-agent
task: readiness-check.yaml
Each agent runs in isolation with its own SimulationSession, then results are merged at T4 gate.
Every hybrid step supports verification:
verification:
type: exact # Deep equality: sim === real
# OR
type: keys
keys: [decision, evidenceHash] # Only check these keys
# OR
type: custom
fn: "(sim, real) => real.decision === 'PASS'" # Custom logic
If verification fails, the workflow stops and reports the divergence.
| Variable | Required | Description |
|---|---|---|
BROWSERBASE_API_KEY | For real browser | Browserbase API key |
BROWSERBASE_PROJECT_ID | For real browser | Browserbase project ID |
Without these, only sim-only mode works.
To add new pages to ROM:
# 1. Run recorder (local with Playwright)
npx tsx scripts/record-rom.ts <page-key>
# 2. Commit JSON to src/rom-dom/
# 3. Deploy to Vercel (auto-embedded in bundle)
This skill integrates with:
/api/dsg/v1/gates/evaluate/api/mcp-server (6 tools)/api/compliance-evidence-pack/annex4/api/ccvs/compliance-status/api/readiness/check| Mode | Latency | Cost | Use Case |
|---|---|---|---|
| sim-only | < 100ms | Free | Recon, CI, testing |
| hybrid | 2-10s | ~$0.05/session | Auth + gate eval |
| real-only | 5-30s | ~$0.10/session | Full e2e, debugging |
// Agent calls hybrid API
const task = await loadTask('login-and-gate-eval');
const response = await fetch('/api/agent/hybrid', {
method: 'POST',
body: JSON.stringify(task)
});
- name: Run DSG Hybrid Agent
run: |
curl -X POST ${{ secrets.DSG_HYBRID_URL }} \
-H "Content-Type: application/json" \
-d @tasks/ci-cd-pipeline.yaml
// Spawn multiple agents in parallel
const agents = [
runTask('public-recon'),
runTask('compliance-check'),
runTask('readiness-check')
];
const results = await Promise.all(agents);
// Merge results at T4 gate
src/rom-dom/
├── registry.ts # Main registry + types
├── login.json # Login page ROM
├── hermes-dashboard.json # Dashboard ROM
├── landing.json # Landing page ROM
├── delivery-proof.json # Delivery proof ROM
├── readiness-report.json # Readiness ROM
├── health.json # Health endpoint ROM
├── mcp-manifest.json # MCP server ROM
├── compliance-annex4.json # Compliance ROM
├── ccvs-status.json # CCVS ROM
└── gate-evaluate.json # Gate eval API ROM
src/lib/simulation/
├── engine.ts # Simulation engine
├── task-registry.ts # Task loader
└── index.ts # Exports
app/api/agent/hybrid/
└── route.ts # Hybrid API endpoint
tasks/
├── login-and-gate-eval.yaml
├── public-recon.yaml
├── delivery-proof-scan.yaml
├── readiness-check.yaml
└── ci-cd-pipeline.yaml
npx claudepluginhub tdealer01-crypto/tdealer01-crypto-dsg-control-plane --plugin dsg-governanceAdds URL blocklisting, rate limiting, robots.txt enforcement, and ethical scraping guardrails on top of the agent-browser skill.
Drives an existing browser via CDP for authenticated, visual, or interactive web automation. Use when static fetches are insufficient and you need real browser interaction.
Explains Schrute's self-learning browser agent workflow for recording interactions into tiered API skills, including explore-record commands, tier promotion, confirmation, and security model.