Skip to content
Spawnly Docs

See it in action

Two short clips of Spawnly running on a live cluster. Want to run them yourself? Install the Claude Code plugin and run /spawnly:up then /spawnly:demo — Claude brings the platform up and narrates the same scenarios on your own machine.

An agent, working end to end

A long-lived weather-monitor agent: a user chats with it from the dashboard, it calls a get_weather tool, and its lifecycle events stream into the timeline in real time. Under the hood the agent never touches identity plumbing — its sidecar fetched a SPIFFE SVID at startup, exchanged it for a scoped token, and the agent just does its job.

Chatting with a long-lived agent while its event timeline streams below.

How the chat path works: Chatting with a long-lived agent.

Chained agents: spawn consent + real-time revocation

The headline features, in one flow. A chain-worker spawns a chain of sub-agents, and you see two things that make agent delegation safe:

  • Human-in-the-loop spawn consent (CIBA). A child can’t obtain credentials until a human approves the spawn on the dashboard — using OpenID CIBA, the backchannel approval flow banks use for out-of-band payment authorisation. Once granted, the stored consent auto-approves identical repeats deeper in the chain.
  • Real-time revocation cascade. Revoke one node and its entire descendant subtree loses authorisation within seconds — live, while its ancestors keep working. Pods stay up; their next protected call simply returns 403. Reversible with resume.
A child waits for consent; once approved the chain grows; then revoking a node cascades work_denied through its subtree while ancestors keep serving work_ok.

Go deeper: CIBA spawn consent and Defining Policy (how the revoked relations are derived).