Run¶
How to run the AutonomyOps runtime and the local demo stack.
Prerequisites¶
Build completed —
bin/autonomyexistsDocker and Docker Compose V2 installed and running
1. Start the Demo Stack¶
The demo stack brings up: container registry, OTel collector, Jaeger, runtime, otel-sink bridge, and control plane.
make demo-up
To build Docker images from current source first:
make demo-up-build
2. Verify All Services Are Running¶
docker compose -f demo/docker-compose.yml ps
Expected output (all STATE: running):
NAME SERVICE STATE PORTS
demo-orchestrator-1 orchestrator running 0.0.0.0:8888->8888/tcp
demo-jaeger-1 jaeger running 0.0.0.0:16686->16686/tcp, ...
demo-otel-collector-1 otel-collector running 0.0.0.0:4317-4318->4317-4318/tcp
demo-otel-sink-1 otel-sink running 0.0.0.0:4319->4318/tcp
demo-registry-1 registry running 0.0.0.0:5000->5000/tcp
demo-runtime-1 runtime running 0.0.0.0:7777->7777/tcp
All services must be running before proceeding.
3. Run the Pre-flight Check¶
make demo-preflight
This checks that the registry, runtime, and control plane are all reachable and healthy.
4. Check Individual Service Health¶
Runtime:
curl http://localhost:7777/health
Expected: {"status":"ok"}
Control plane:
curl http://localhost:8888/v1/health
Expected: {"status":"ok"}
Jaeger UI: http://localhost:16686
5. Run the Full Demo Sequence¶
make demo-run
This executes the three core supply-chain demo scripts in sequence (after
demo-preflight has run as a prerequisite):
Script |
What it does |
|---|---|
|
Build the policy bundle, push test OCI artifact, attach lock + policy sidecars, load the bundle into the runtime cache |
|
Sign the agent image and the lock + policy sidecars with cosign (required) |
|
Verify the full supply chain (image + lock + policy signatures) and run the Python agent demo |
Offline-drain and failure drills are separate targets — running
make demo-run does not invoke them:
Target |
Underlying script |
What it does |
|---|---|---|
|
|
Stop the OTLP sink, generate tool calls (events buffer in WAL), drain on recovery |
|
|
Run the five failure-injection drills |
See Demo Runbook for expected outputs and recovery procedures.
6. Tear Down¶
make demo-down
Running the Runtime Standalone¶
To run the runtime outside Docker with a local policy bundle:
# Build a policy bundle
./bin/autonomy policy build \
--in demo/policies \
--out bundle.tar.gz \
--version 1.0.0 \
--name demo
# Load it into the active slot
./bin/autonomy policy load --bundle bundle.tar.gz
# Start the runtime on port 7777
./bin/autonomy runtime start --listen 127.0.0.1:7777
The runtime binds on :7777, loads the active policy bundle from
~/.autonomy/policy/current/, and accepts POST /v1/tool requests.
Press Ctrl-C for graceful shutdown (5-second timeout).
Runtime with Release Polling¶
To enable the background release poll loop:
./bin/autonomy runtime start \
--listen 127.0.0.1:7777 \
--orchestrator-url http://localhost:8888 \
--release-channel stable \
--poll-interval 30s
The poller emits ai.deployment.lifecycle telemetry events and runs the four-step
OCI verification pipeline on any candidate release with a new fingerprint.
Environment Variables¶
Variable |
Default |
Purpose |
|---|---|---|
|
(empty) |
Control-plane base URL for release polling |
|
|
Release channel to poll |
|
(empty) |
Cosign public key path for release verification |
|
(empty) |
OTLP endpoint for telemetry export |
Evidence¶
Makefile(demo-up,demo-up-build,demo-preflight,demo-run,demo-down)demo/docker-compose.ymlruntime/server.go,runtime/poller.godocs/_generated/test-outputs/demo-output.txt
Do Not Do¶
❌ Do NOT expose port 7777 to untrusted networks without a reverse proxy — the runtime HTTP API has no per-caller authentication (policy enforcement is internal)
❌ Do NOT start the runtime in production without a loaded policy bundle — deny-all is the fallback, not allow-all
See Also¶
First Edge — end-to-end walkthrough
Demo Runbook — detailed failure drills and expected outputs