Crusbro logoCrusbro

Home / Products / openOPC agents

openOPC multi-role agent platform

PRD v1.1 alignment · Manager / Auditor · HITL · WorkRoot · plant-floor UA

openOPC (Open One-Person Company) gives each tenant an agent cluster:
— Manager parses intent and coordinates @mention virtual roles;
— Auditor gates milestones with accept / reject and drives remediation loops;
— Skill injects role context before LLM calls; Tool is authorized per role and risk tags can force HITL;
— WorkRoot isolates tenant data and evidence on the data plane.

On the plant floor we use the OPC UA interoperability namespace. On the freight side, the PRD ocean_freight_customs_v1 template maps to live email monitoring, booking / customs microservices and a freeze-before-send outbound queue. The diagrams below show in-cluster agent traffic and external mail flows.

Product overview

Initial Scope Summary: OPC life cycle, role/Tool/Skill/HITL configuration, Run andtrace_idObservable, auditable export; interface with external account/subscription infrastructure API.

Field delivery: We keep a single-team loop with clear API-level ownership so customers know who owns what. On PLC/SCADA / MES we add UA subscriptions and guarded writes. In freight, mail_monitor fans inbound mail into booking, documentation and manifest workers; outbound uses freeze snapshot + approve, matching the PRD "outbound Gate + HITL" pattern. Tool-gate persistence uses agent_skills_json.

openOPC: Manager, Auditor, Virtual Role, HITL and WorkRoot (generalized model) A user or channel starts a Run; the Manager coordinates virtual roles via @mention; roles invoke Tools; high-risk actions enter HITL; the Manager submits an Evidence Pack to the Auditor, who accepts or rejects to close the loop. Bottom layer: shapes and connections (all text is placed behind to avoid being blocked) Virtual role (generalization: not bound to specific industry role_key) Top level: all visible text openOPC runtime: multi-role collaboration (generalization) Decoupled from specific industries; role_key, skills, and tools are injected from templates and tenant configurations Trigger: User · API · Channel Bot Manager Intent · Teardown · Coordination within Room @mention dispatch Virtual character A role configurable Virtual character B role configurable Virtual character C role configurable virtual character… Can be added or deleted Tool · Skill · LLM Routing Authorization by role · Risk label · trace_id HITL High Risk Actions · Allow / Deny / Allow-once Auditor Gate · Evidence Pack accept / reject · finding_id Read-only review · Do not execute outgoing Tools Evidence reject → rectify loop WorkRoot · Tenant isolation workspace deliverables/artifacts · auditable hashes · run_events

Freight forwarding case: email interaction with external parties

Corresponds to PRDocean_freight_customs_v1: The cluster is coordinated by the Managerlogistics, customs, docand other roles; externally they are still represented as customers, booking portals, fleets andhub servicesmail flow between.Booking/Customs declaration outbound shipmentGate must be sent to the outside through HITL and Auditor. The picture below only drawsexternal partiesThe flow direction and intra-cluster collaboration are shown in the figure above.

Ocean freight forwarding email interaction: customers, booking portals, fleets and agents The flow of mail among the four parties: customers and fleets send it to the agent; the agent and the booking portal exchange bookings and provisioning; the agent sends manifests and VGMs to customers. Email interaction (four-party role) With the intelligent agent as the hub: receiving mail classification → project merging → freezing outgoing Agent cluster IMAP · Category · Project Warehouse · Freeze client booking gate fleet Entrustment and entrustment Manifest·VGM Booking application Provisioning postback Box seal number list

Core Mechanism (PRD Language)

  • Run and trace: A production task runs throughtrace_id;Tool calls, Room messages, HITL decisions and exports all need to be associated (see the design document for industrial delivery alignment hash chains, etc.).
  • Auditor and HITL dual access control: HITL manages "tool/external launcher author executable"; Auditor manages "stage milestone Evidence Pack" - sending gate suggestions to double re-checking externally (PRD §7D / §9).
  • Skill/Tool Governance: Skill is injected before LLM call; Tool is authorized by role and can trigger HITL with risk tag; configuration release revision is bound to running Run.
  • Multi-tenancy and mailbox isolation: WorkRoot data plane isolation; customer/booking port/fleet binning and type identification drive sub-process (consistent with mail_monitor implementation).

Key indicators (example of acceptance criteria)

Session replayTool sequence and timeline indexable retrieval (typical deployment < 400 ms level)
Freeze/GateAttachments before outgoingSHA-256Consistent with frozen copies; HITL decisions are consistent withtool_call_idBindable instructions
mandatory roleThere is only one manager and one auditor each in the published configuration (release verification)
OPC UA (onsite)Configurable subscription and read-write cycles, and versioned mapping tables

Feature list and specifications

abilityillustrate
Console (standalone deployment)account,LLM,mailIMAP/SMTP, booking hatch mailbox, Agent start and stop, etc. are provided by the freight/OPC operating environment and are not within the scope of this official website warehouse.
Operation and maintenance interventionManual takeover, session suspension, single-step replay
open interfaceinternallyRESTDocuments are released with versions, and sample requests can be imported.Postmangather
deployLinux cluster /K8s;Message and vector libraries can be privatized

Data and security

Sensitive routes and credentials reside in customer-controllable key management; Progress/streaming output does not echo key plaintext; audit export does not include private keys. The outgoing mail queue is an independent process and is isolated from the generation service; it has the same governance direction as the "Key and Privacy" and "Outgoing Unduplicated (Impotent Key)" clauses in the PRD.

View freight forwarding agents in smart logistics solutions white paper Book a demo