Connection lost
Trying to reconnect…
Server didn't respond
Recovering…
Reference & guides
emisar documentation
Install a runner, author packs, wire in an LLM — the reference is right here. The runner and the packs are Apache-2.0 open source, and the full source — control plane included — is on GitHub too.
Get started
Operate
Deploying in production
From one runner to a governed fleet — reference architecture, a phased rollout, best practices by layer, worked examples, and a go-live checklist.
Read it
Policies & approvals
Risk-tier defaults, per-action overrides, human approvals, and revocable standing grants — control what runs.
Read it
Runbooks
Saved, versioned action sequences — policy-gated per step, readable by your LLM as playbooks.
Read it
Teams & access
Roles, invitations, per-member runner scopes, account-wide MFA, sessions, and API key scopes.
Read it
Single sign-on & directory sync
Team & EnterpriseOIDC sign-in (Team and Enterprise) with Google Workspace, Okta, Keycloak, plus Enterprise SCIM directory sync — offboarding revokes access automatically, with group-to-role mapping.
Read it
Runner fleet
Groups and labels, enrollment keys, pack credentials, updates, troubleshooting, and clean removal.
Read it
Signed dispatch
Make a runner run only actions a real person signed in their MCP client — generate keys, configure both ends, and rotate or revoke them across a fleet.
Read it
Audit & SIEM
What gets recorded, the dashboard view, NDJSON export with a read-only key, and the runner journal.
Read it
Build packs
Pack reference
Action YAML reference: declared args + validation, limits, redaction, side-effects, examples.
Read it
Author your own pack
Write, validate, install, and trust a pack you maintain — and when to propose one to the registry.
Read it
Host your own registry
Run a private pack registry on GCS, S3, or any static host with packctl — hash-pinned installs, air-gap friendly.
Read it
Reference
MCP reference
The methods, parameters, idempotency, and error taxonomy of the emisar MCP server — the contract once you're connected.
Read it
Security model
Trust boundary, searchable cloud audit, hash-chained runner journal, redaction-before-egress.
Read it
Hosting & plans
The supported product is the hosted emisar control plane today; the repo — Apache-2.0 runner and packs, source-available control plane — can be evaluated in your own environment. Plans and audit retention are on the pricing page.
Read it
Use cases
Worked examples of letting an agent operate real infrastructure through declared, gated, audited actions — not a shell.
Incident response: the 33-hour wipe
A CSI driver reformats a live volume; the agent contains it through declared actions and writes the fix to Terraform.
Read it
The fleet-wide 502
Every backend was green, yet one anycast edge threw intermittent 502s; the agent traced it across five layers and stopped the bleed behind approvals.
Read it
Stuck on something?
Open an issue on GitHub or email us. We answer fast.