Nimbusware: Local-First Adversarial Proxy Workflow Orchestration Platform

Nimbusware is a local-first adversarial proxy workflow orchestration platform combining FastAPI control plane, Streamlit operator console, and Hermes orchestration engine. Its core innovations include adversarial design (critics, verifiers, unanimous gates) for code quality, micro-slice workflow for fine-grained changes, and dual versions (personal/enterprise) to meet diverse needs. Key use cases cover code review automation, large-scale refactoring, and enterprise-level proxy orchestration.

Project Background

• Author/Maintainer: tycheung
• Source: GitHub (https://github.com/tycheung/nimbusware)
• Release Time: 2026-05-30

Core Innovation

Nimbusware's core lies in its adversarial design理念: introducing Critics (security, performance, network, refactoring), Verifiers, and Unanimous Gates to ensure strict multi-dimensional review of code changes, improving software quality and security.

Layered Architecture

层级	组件	职责
API层	Nimbusware API	提供 /v1 REST API (OpenAPI, Problem+JSON errors)
控制台层	Operator Console	Streamlit-based interface for monitoring, timeline, config
编排层	Hermes Orchestrator	Run pipelines, critics, gates, slice chains, preflight
存储层	Event Store/Config Store	PostgreSQL-based append-only event store & versioned config docs
记忆层	Memory	Repo-wide index (personal) / fleet-wide index (enterprise)
扩展层	Extensions	Role definitions, package management, integrations

Local-First Design

• Data stored locally first (user control)
• Offline support (auto-sync on network recovery)
• Enterprise extension for multi-tenant/fleet management

Hermes Engine Details

Run Lifecycle

run.created → 计划 → 实现/验证路径 → 基于物化配置的策略快照 Each run uses a frozen policy_snapshot for reproducibility.

Adversarial Criticism

• Security Critics: Check vulnerabilities
• Performance Critics: Analyze performance impact
• Network/Resilience Critics: Evaluate network dependencies & fault tolerance
• Refactoring Critics: Assess refactoring quality in production config

Unanimous Gates & Escalation

Stage progression requires all critics/verifiers to pass; escalation prevents deadlocks.

Micro-Slice Workflow

• Process small code changes (few files/lines)
• Full flow: validation → criticism → testing → gates
• Support differential re-planning & context injection

Dual Versions

Personal Edition

• Single operator mode
• Repo-wide memory
• No IAM
• For individuals/small teams

Enterprise Edition

Adds:

• IAM (API keys, tenant management, row-level isolation)
• Fleet memory (org-wide index/sync)
• Config NOTIFY (PostgreSQL LISTEN/NOTIFY)
• S3-compatible object storage
• Redis work queue
• Enterprise console (tenant switcher, fleet dashboard)

Operator Console

Core Features

• Run/timeline view: filter (workflow, date, status), export (CSV/JSON), run details (summary, timeline, critics matrix)
• Config/search: operator chat, custom agents (CRUD/editor), package directory search (FAISS index)

Enterprise-Exclusive

• API key connection
• Tenant switcher
• Fleet dashboard (memory status, Ollama SLI, Redis queue health)

Technical Implementation

Config Management

• Versioned config docs in PostgreSQL
• Materializers generate T1/T2 configs
• Enterprise: config.document.updated event for cache invalidation
• Git export for GitOps

Preflight Mechanism

• Check Ollama/model health before runs
• CLI & fleet history API
• Metric export

Retrieval Memory

• Index discovery results & gate failures
• Replay tool, role telemetry, read-only CLI

Extensibility

• Package Integrator: Directory search, FAISS sorting, compatibility scoring
• Role System: Frontend/backend write roles + failure routing
• Self-Optimization Loop: Gated/non-gated loops with Phase D marking & optional LLM criticism

Application Scenarios

1. Code Review Automation: Multi-dimensional auto-review (security, performance, maintainability) before merge.
2. Large-Scale Refactoring: Micro-slice workflow decomposes large changes into small, verifiable steps (reduces risk, improves traceability).
3. Enterprise Proxy Orchestration: Strict governance (IAM, tenant isolation, audit logs) for regulated environments.

Summary

Nimbusware is not just a tool but a methodology: adversarial design + fine-grained control make AI agent workflows predictable, auditable, and controllable. Local-first design ensures data control, while enterprise extension supports scalability.

Outlook

As AI agents play a bigger role in software development, Nimbusware-like orchestration platforms will become key infrastructure, helping developers/enterprises safely and efficiently leverage proxy workflows.