Crusbro logoCrusbro

Home / Products / openOPC agents

openOPC multi-role agent platform

PRD v1.1 alignment · Manager / Auditor · HITL · WorkRoot · plant-floor UA

openOPC is not a single agent—it is a configurable “agent company” platform. With a JSON Schema, you define roles, workflows, rules, permissions and data sources, then assemble them into runnable multi‑role collaboration. LLMs execute tasks, while critical steps can enforce HITL and Gate controls for stable, reliable, low‑error and verifiable delivery.

Each tenant maps to one agent‑cluster instance: Manager decomposes intent and coordinates virtual roles; Auditor gates milestones with accept / reject and drives remediation loops; Skills/Tools are authorized per role and risk tags can force HITL; deliverables and evidence live in WorkRoot for data‑plane isolation. The diagrams below show in‑cluster traffic and external mail flows.

Product overview

Initial Scope Summary: OPC life cycle, role/Tool/Skill/HITL configuration, Run andtrace_idObservable, auditable export; interface with external account/subscription infrastructure API.

Field delivery: We keep a single-team loop with clear API-level ownership so customers know who owns what. On PLC/SCADA / MES we add UA subscriptions and guarded writes. In freight, mail_monitor fans inbound mail into booking, documentation and manifest workers; outbound uses freeze snapshot + approve, matching the PRD "outbound Gate + HITL" pattern. Tool-gate persistence uses agent_skills_json.

openOPC: Manager, Auditor, Virtual Role, HITL and WorkRoot (generalized model) A user or channel starts a Run; the Manager coordinates virtual roles via @mention; roles invoke Tools; high-risk actions enter HITL; the Manager submits an Evidence Pack to the Auditor, who accepts or rejects to close the loop. Bottom layer: shapes and connections (all text is placed behind to avoid being blocked) Virtual role (generalization: not bound to specific industry role_key) Top level: all visible text openOPC runtime: multi-role collaboration (generalization) Decoupled from specific industries; role_key, skills, and tools are injected from templates and tenant configurations Trigger: User · API · Channel Bot Manager Intent · Teardown · Coordination within Room @mention dispatch Virtual character A role configurable Virtual character B role configurable Virtual character C role configurable virtual character… Can be added or deleted Tool · Skill · LLM Routing Authorization by role · Risk label · trace_id HITL High Risk Actions · Allow / Deny / Allow-once Auditor Gate · Evidence Pack accept / reject · finding_id Read-only review · Do not execute outgoing Tools Evidence reject → rectify loop WorkRoot · Tenant isolation workspace deliverables/artifacts · auditable hashes · run_events

Freight forwarding case: email interaction with external parties

Corresponds to PRDocean_freight_customs_v1: The cluster is coordinated by the Managerlogistics, customs, docand other roles; externally they are still represented as customers, booking portals, fleets andhub servicesmail flow between.Booking/Customs declaration outbound shipmentGate must be sent to the outside through HITL and Auditor. The picture below only drawsexternal partiesThe flow direction and intra-cluster collaboration are shown in the figure above.

Sub‑product landing Try now

Ocean freight forwarding email interaction: customers, booking portals, fleets and agents The flow of mail among the four parties: customers and fleets send it to the agent; the agent and the booking portal exchange bookings and provisioning; the agent sends manifests and VGMs to customers. Email interaction (four-party role) With the intelligent agent as the hub: receiving mail classification → project merging → freezing outgoing Agent cluster IMAP · Category · Project Warehouse · Freeze client booking gate fleet Entrustment and entrustment Manifest·VGM Booking application Provisioning postback Box seal number list

Core Mechanism (PRD Language)

  • Run and trace: A production task runs throughtrace_id;Tool calls, Room messages, HITL decisions and exports all need to be associated (see the design document for industrial delivery alignment hash chains, etc.).
  • Auditor and HITL dual access control: HITL manages "tool/external launcher author executable"; Auditor manages "stage milestone Evidence Pack" - sending gate suggestions to double re-checking externally (PRD §7D / §9).
  • Skill/Tool Governance: Skill is injected before LLM call; Tool is authorized by role and can trigger HITL with risk tag; configuration release revision is bound to running Run.
  • Multi-tenancy and mailbox isolation: WorkRoot data plane isolation; customer/booking port/fleet binning and type identification drive sub-process (consistent with mail_monitor implementation).

Key indicators (example of acceptance criteria)

Session replayTool sequence and timeline indexable retrieval (typical deployment < 400 ms level)
Freeze/GateAttachments before outgoingSHA-256Consistent with frozen copies; HITL decisions are consistent withtool_call_idBindable instructions
mandatory roleThere is only one manager and one auditor each in the published configuration (release verification)
OPC UA (onsite)Configurable subscription and read-write cycles, and versioned mapping tables

Feature list and specifications

abilityillustrate
Console (standalone deployment)account,LLM,mailIMAP/SMTP, booking hatch mailbox, Agent start and stop, etc. are provided by the freight/OPC operating environment and are not within the scope of this official website warehouse.
Operation and maintenance interventionManual takeover, session suspension, single-step replay
open interfaceinternallyRESTDocuments are released with versions, and sample requests can be imported.Postmangather
deployLinux cluster /K8s;Message and vector libraries can be privatized

Data and security

Sensitive routes and credentials reside in customer-controllable key management; Progress/streaming output does not echo key plaintext; audit export does not include private keys. The outgoing mail queue is an independent process and is isolated from the generation service; it has the same governance direction as the "Key and Privacy" and "Outgoing Unduplicated (Impotent Key)" clauses in the PRD.

View freight forwarding agents in smart logistics solutions white paper Book a demo