Capability tree
The full TapPass platform decomposed into buildable building blocks. Each block is grouped under a capability (what it lets an operator do) and tagged with a horizon (when it lands).
Concept cards under Architecture → Concepts remain the source of truth for what each block is. This page is the source of truth for how blocks compose into the platform and when each lands.
For the design rationale (why this shape, what alternatives were considered), see ADR 0004 — Capability tree.
How to read this
Section titled “How to read this”- Horizon:
Now= active development ·Next= top of the backlog ·Later= scoped but unscheduled ·Future= vision-only ·Retired= once existed, no longer. - Depends on: other leaves. Cross-cutting concerns live in their primary capability and are referenced from elsewhere — never duplicated.
- Doc: link to the supporting concept card or component file.
—means a concept doc is missing for this block; that's a follow-up authoring task.
Horizons last reviewed 2026-05-08. Concept-doc splits and missing docs are tracked in ADR 0004 §Migration path.
Govern
Section titled “Govern”The runtime governance core: policies, pipelines, the engine that runs them, and how they translate to enforced runtime constraints.
Policy
Section titled “Policy”The rules themselves, in OPA. Horizon: Now · Depends on: — · Doc: policy
Pipeline
Section titled “Pipeline”Ordered sequence of steps wrapped around an interaction (before / during / after). Horizon: Now · Depends on: Policy, Pipeline Step · Doc: pipeline
Pipeline Step
Section titled “Pipeline Step”Single check unit with its own config; composable. Horizon: Now · Depends on: — · Doc: pipeline-step
Policy Engine
Section titled “Policy Engine”Hot-path evaluator that runs compiled policy on every interaction. Horizon: Now · Depends on: Compiled Policy · Doc: policy-engine
Policy Compiler
Section titled “Policy Compiler”Combines org + project + pipeline policies into one artifact. Horizon: Next · Depends on: Policy, Cascade · Doc: policy-compiler
Compiled Policy
Section titled “Compiled Policy”The artifact emitted by the compiler, consumed by engines and providers. Horizon: Next · Depends on: Policy Compiler · Doc: compiled-policy
Policy Provider
Section titled “Policy Provider”Translates compiled policy into target-runtime config (Claude Code settings.json, Terraform sandbox, MCP gateway, …).
Horizon: Later · Depends on: Compiled Policy, Sandbox Spec · Doc: policy-provider
Pre-deploy Policy Evaluation
Section titled “Pre-deploy Policy Evaluation”Dry-run / simulation surface for evaluating policy changes before promotion. Horizon: Later · Depends on: Compiled Policy · Doc: pre-deployment-evaluator
Cascade
Section titled “Cascade”The org → project → pipeline resolution model. Horizon: Now · Depends on: Organisation, Project · Doc: cascade
Sandbox Spec
Section titled “Sandbox Spec”The contract that says what a runtime sandbox must enforce. Horizon: Future · Depends on: Compiled Policy · Doc: sandbox-spec
Configure
Section titled “Configure”Surfaces an operator uses to configure TapPass — UI today, CLI/MCP-led tomorrow.
Admin UI
Section titled “Admin UI”Current React admin frontend. Horizon: Now · Depends on: — · Doc: frontend
Operator command-line. Horizon: Next · Depends on: — · Doc: operator-cli
Agentic CLI
Section titled “Agentic CLI”LLM-driven configuration loop. Horizon: Future · Depends on: CLI · Doc: agentic-cli
MCP Server
Section titled “MCP Server”Headless configuration via MCP — the "configure TapPass through Claude Code" path. Horizon: Future · Depends on: — · Doc: mcp-server
SDK (admin)
Section titled “SDK (admin)”Programmatic configuration calls. Horizon: Later · Depends on: — · Doc: sdk-admin
Bootstrap
Section titled “Bootstrap”Initial org setup (first run, importing existing state). Horizon: Now · Depends on: Organisation, Identity · Doc: bootstrap
Operator Onboarding
Section titled “Operator Onboarding”First-touch flow that gets a new business operator from zero to a governed agent. Horizon: Now · Depends on: Bootstrap, Admin UI · Doc: onboarding-wizard
Catalog
Section titled “Catalog”Pre-built building blocks the operator picks from rather than authors from scratch.
Tool Catalog
Section titled “Tool Catalog”Registry of known tools and MCP servers with metadata. Horizon: Next · Depends on: — · Doc: tool
Tool Discovery
Section titled “Tool Discovery”Surfaces unknown tools/MCP calls from the audit log so they can be catalogued. Horizon: Next · Depends on: Tool Catalog, Audit Trail · Doc: runtime-tool-discovery
Check Pack
Section titled “Check Pack”Functional grouping of pipeline steps (e.g. "PII", "secrets", "code-review"). Horizon: Later · Depends on: Pipeline Step · Doc: check-pack
Compliance Pack
Section titled “Compliance Pack”Regulation-mapped pack (ISO 42001, NIST AI RMF, EU AI Act). Horizon: Next · Depends on: Check Pack · Doc: compliance-pack
Agent Template
Section titled “Agent Template”Preset agent with attached checks/constraints (e.g. "code-reviewing agent"). Horizon: Later · Depends on: Pipeline, Check Pack · Doc: collibra-reference-agent
Observe
Section titled “Observe”Visibility into what agents are doing, what policies caught, what tools were touched, and what it cost.
Audit Trail
Section titled “Audit Trail”Append-only signed log of every governance event. Horizon: Now · Depends on: — · Doc: audit-log
Audit Trace
Section titled “Audit Trace”Correlated view across an interaction's events. Horizon: Now · Depends on: Audit Trail · Doc: audit-trace
Session
Section titled “Session”Per-agent bidirectional capture (turns, tool calls, MCP calls). Horizon: Now · Depends on: Audit Trail · Doc: session
Pipeline Findings
Section titled “Pipeline Findings”Per-session view of which checks fired and what they detected. Horizon: Now · Depends on: Session, Pipeline · Doc: pipeline-findings
Tool Footprint
Section titled “Tool Footprint”Per-session inventory of tool + MCP calls. Horizon: Next · Depends on: Session · Doc: tool-footprint
Metering
Section titled “Metering”Tokens, cost, call counts per session / agent / project. Horizon: Next · Depends on: Session · Doc: metering
Inspect / replay a session or pipeline run. Horizon: Later · Depends on: Session, Audit Trace · Doc: probe
Organise
Section titled “Organise”Multi-tenant structure: who owns what, who sees what.
Organisation
Section titled “Organisation”Root tenant. Horizon: Now · Depends on: — · Doc: organisation
Sub-grouping inside an org. Horizon: Now · Depends on: Organisation · Doc: team
Project
Section titled “Project”Workspace that owns agents and pipelines. Horizon: Now · Depends on: Team · Doc: project
Identity
Section titled “Identity”Operator authentication (SSO / API keys). Horizon: Now · Depends on: — · Doc: identity
The runtime substrate where agents execute, the LLM/tool calls leave the org, and runtime state stays aligned with config.
Runtime
Section titled “Runtime”Catalog of runtime types covered (SaaS / low-code / custom-built). Horizon: Later · Depends on: — · Doc: runtime
LLM Provider
Section titled “LLM Provider”LLM provider integrations (Anthropic, OpenAI, Bedrock, …). Horizon: Now · Depends on: — · Doc: llm-provider
Sandbox
Section titled “Sandbox”Physical runtime sandbox that enforces the Sandbox Spec from Govern. Horizon: Future · Depends on: Sandbox Spec · Doc: sandbox
Deployment cohort (dev / staging / prod, or canary phases). Horizon: Later · Depends on: — · Doc: ring
Keep runtime/agent state aligned with external sources of truth, detect drift. Horizon: Later · Depends on: Runtime · Doc: sync
TapPass Chat
Section titled “TapPass Chat”First-party governed-chat runtime (LibreChat soft fork); the SMB entry product. Horizon: Next · Depends on: Policy Engine, Compiled Policy, LLM Provider, Audit Trail · Doc: tappass-chat