RRailCall/ docs

RailCall System Architecture & Developer Manual

A local-first Layer-2 Terminal for building, auditing, and organizing developer workflows.

Local-firstLoopback-boundBYOK Audit receiptsNo fake greenTerminal = source of truth

RailCall Studio runs on your machine. The terminal stays the source of truth, while Studio organizes sessions, folders, workflows, integrations, artifacts, generated links, and audit receipts around it.

bash
curl -fsSL https://railcall.ai/install.sh | bash
railcall studio
v0.1 preview. Screenshots in this manual are real captures of the live /v2 Studio, taken with zero external sockets. Blocks tagged Example show illustrative output, not live data. Where a flow is forward-looking (webhook tunnels, CLI billing) it is marked as such. RailCall runs in dry-run / proof-only mode today — no live sends or charges.

1 · What is RailCall?

RailCall is a local developer kit and Layer-2 Terminal. It is not a cloud IDE and not a fake dashboard. It gives developers a local Studio interface that organizes the real terminal, local files, workflows, API integrations, audit receipts, and generated artifacts.

LayerRole
Terminalsource of truth — real commands, real output
Local foldersource of truth — your files on your SSD
Studioorganization layer over the terminal
Receiptsproof layer — evidence for every claim
BYOKintegration layer — your keys, local

2 · Quickstart

bash
# 1 · install the CLI + Studio (offline, ~6 MB) — login · balance · audit · verify · build · studio
curl -fsSL https://railcall.ai/install.sh | bash

# 2 · authenticate + check balance
railcall login <YOUR_API_KEY>
railcall balance

# 3 · audit a file locally — zero-retention, nothing leaves your machine, signed receipt on disk
#     (make a tiny sample so the very first run can't fail)
printf 'name,email\nAda,ada@example.com\nGrace,grace@example\n' > sample.csv
railcall audit sample.csv

# 4 · verify that receipt yourself — offline, no network, no trust required
railcall verify          # re-checks what audit just minted; a tampered receipt FAILS the signature

# 5 · open RailCall Studio (the visual builder):
railcall studio          # boots Studio on 127.0.0.1:8799

Expected result: a local browser tab opens at http://127.0.0.1:<port> (default 8799).

Studio is launched from the terminal but viewed in the browser — a real interface without turning RailCall into a heavy desktop app.

3 · System Architecture

The lifecycle from signup to a running cockpit:

Online signup · identity + entitlement
Payment / entitlement → API key
Install CLI + download Studio → railcall studio
Loopback server on 127.0.0.1 — never a public port
Studio UI → terminal · workflows · artifacts · audit receipts

Webhook ingestion path

Third-party service (Stripe, GitHub…)
Secure tunnel URL your tunnel
↓ forwards to
127.0.0.1:<port>/api/webhook/<slot_id>
Native ingestion gate → sanitized local inbox → audit log → Studio monitor feed
External services cannot directly call 127.0.0.1 on your machine. For real third-party webhooks you use a user-controlled secure tunnel — ngrok, Tailscale Funnel, Cloudflare Tunnel, etc. RailCall never opens a public port automatically.

4 · Studio Interface

Launching Studio opens http://127.0.0.1:8799/v2 — three panes around a governed composer. The status bar never lies: every screen locks LOCAL · BYOK · DRY-RUN · NO SENDS until you explicitly approve a live action.

RailCall Studio /v2 Builder: left workspace index, center governed composer with starter rails and a live activity ledger, right Inspector·Proof panel; status bar reads LOCAL · BYOK · DRY-RUN · NO SENDS
Builder — left: workspace index (workflows · integrations · monitoring · data · receipts · router) · center: governed composer + live activity ledger · right: Inspector · Proof. The engine reads RailCall · hosted — no key needed; your keys are only ever for your connectors.

Left · Workspace index

Workflows, integrations, monitoring, data, receipts, system, router — the real state of your machine, not a mockup.

Center · Governed composer

Describe a program in plain language; RailCall composes it from a pre-audited library and streams a governed build log. The activity ledger underneath shows every real event.

Right · Inspector · Proof

Live counts, PASS state, receipts, external, human-QA, sends (disabled), network (loopback), keys (local · 0600).

Modes

Builder composes · Monitor streams the receipt ledger + Airlock states · Integrate manages 135 BYOK connections reachable through the API stack.

Open any workflow and the Inspector proves how it will behave before it runs — dry-run by default, external writes Airlock-gated, secrets never logged:

Studio workflow detail for signup_to_sheet: dry-run now button, run-live steps, and an Inspector showing dry_run by default YES, external touched false, writes Airlock-gated, LOCAL · DRY-RUN enforced
Workflow · signup_to_sheet — a real outbound rail. Inspector proves it: dry_run YES · external touched false · writes Airlock-gated · secret_value_logged false. Nothing leaves your machine until you say so.

5 · Workflows

The build loop:

flow
Describe → Compose → Build → Audit → Receipt → Artifact

Example Example — you say: "A lead comes in and routes to 5 employees for call/email follow-up over 2 weeks." RailCall produces a workflow spec, mapped audited pieces, needs-audit gaps, a visual artifact, a receipt, and an audit status.

Status meanings

StatusMeaning
PASSAll required steps mapped to audited pieces and verified.
PARTIALSome pieces verified, but one or more steps need audit or custom implementation.
FAILThe workflow failed validation or audit.
UNKNOWNThe check has not run yet. Honest — not a pass, not a fail.
NEEDS HUMAN QAAutomated checks passed, but a person still needs to test the customer journey.

6 · Real Multi-Connector Workflows

This is what the rail is for. A workflow is a chain of connectors — data is read out of one system, handed to the next, and dropped. Every hop crosses the Approval Airlock and appends a receipt. RailCall orchestrates across the systems you already run (and even the automation tools you already have — n8n, Make, Zapier are connectors too) without becoming the place your data lives.

The connectors named below are reachable through our API stack — 135 BYOK connections across ~5 generic adapters + aggregators, each a slot in your Integrate tab. Live sends are Airlock-gated and dry-run in the v0.1 preview — you watch the exact composed payload and the receipt before a single byte leaves your machine, and a connection counts as proven only once a real key + live run mint a receipt. Example blocks show the shape, not live traffic.
⚡ Sev-1 incident → executive paging
GitHub · Salesforce · n8n · Microsoft Teams · Twilio voice — five systems, one governed rail
GitHub · issue:sev1 Salesforce · open Case n8n · ops pipeline MS Teams · post + Planner Twilio · voice call

Every is an Approval Airlock gate; every hop emits a receipt.

  1. An issue is labeled sev1. Your tunnel forwards the webhook to /api/webhook/github_sev1; RailCall sanitizes and logs it.
  2. RailCall opens or updates a Salesforce Case on the affected account — with your Salesforce key, from your machine.
  3. It triggers your existing n8n ops pipeline by its webhook, passing the case id — RailCall governs n8n rather than replacing it.
  4. It posts to the incident channel in Microsoft Teams and opens a Planner task for the owner.
  5. It places a Twilio voice call to the on-call engineer, reading out the case id and severity.
What RailCall keeps: one receipt — workflow_id, the five hops, each Airlock approval, external_sockets, integrity_root. Not the issue text, the account record, or the phone number. Those passed through.
💳 Failed payment → AR collections
Stripe · HubSpot · SendGrid · Twilio · Salesforce — dunning without a SaaS holding your customer list
Stripe · charge.failed HubSpot · flag account SendGrid · dunning email Twilio · SMS Salesforce · follow-up task
  1. Stripe posts charge.failed to your webhook slot; the payload is sanitized into your local inbox.
  2. RailCall flags the account at-risk in HubSpot and reads the amount + customer ref straight through.
  3. It sends a templated dunning email via SendGrid and a polite Twilio SMS — each a separate Airlock approval.
  4. It opens a Salesforce task for the account owner to close the loop.
What RailCall keeps: the accounts_receivable_collections receipt — proof each step ran, license-clean, zero external sockets. The card, the email body, the phone number: passed through, never parked.
🎯 Inbound lead → multichannel routing
Webhook · Salesforce · n8n · Slack · Twilio — speed-to-lead, fully audited
Form/Webhook · new lead Salesforce · upsert lead n8n · enrich + score Slack · #sales alert Twilio · call the AE
  1. A lead hits your webhook slot. RailCall upserts it into Salesforce and dedupes on email.
  2. Your existing n8n enrichment flow scores it; RailCall hands the record over and reads the score back.
  3. It alerts Slack #sales with the score and, if hot, places a Twilio call connecting the assigned AE to the lead.
What RailCall keeps: the routing receipt and the Airlock trail. The lead's contact details live in your Salesforce, not on our rail.
🚢 PR merged → release ops
GitHub · Linear · Microsoft Teams · Notion — ship notes that write themselves
GitHub · PR merged Linear · close issue MS Teams · notify Notion · changelog entry
  1. A PR merges to main. RailCall closes the linked Linear issue and pulls the title + author.
  2. It notifies the release channel in Microsoft Teams and appends a dated entry to your Notion changelog.
What RailCall keeps: the receipt linking commit → issue → changelog. The diff and the notes stay in GitHub and Notion.

To build your own, just describe it in the composer — "when a GitHub issue is labeled sev1, open a Salesforce case, run my n8n pipeline, post to Teams, and call the on-call engineer." RailCall maps each step to an audited connector, flags any gap as NEEDS AUDIT, and hands you a receipt. No step is ever silently faked.

7 · Governed Pass-Through — We Never Hold Your Data

This is the whole point. A cloud automation SaaS (Zapier, Make, n8n-cloud) sits between your systems — your customer records, payment events, and OAuth tokens land in their database. RailCall runs on your machine and is a rail, not a store: data is read from one connector, handed to the next, and dropped. The only thing that persists is the proof it happened.

Passes through — RailCall never stores itPersists locally — governance only
Customer records, PII, payment events, ticket bodies, phone numbers, message contentsThe workflow spec — what the rail does
Provider keys & OAuth tokens — held in your 0600 vault, used in-process, never transmitted to usThe audit receipt — hashes, Airlock approvals, external_sockets, integrity_root
The composed payloads handed to your connectorsA sanitized webhook inbox you own under .railcall_workspace/
There is no RailCall cloud holding your business data. The hosted engine composes the workflow; the data plane is 100% local + your own connectors. Keys live in a 0600 vault, runs bind to 127.0.0.1, sends are dry-run + Airlock-gated. Every screenshot in this manual was captured with external_sockets: 0 — measured by an lsof sweep, not asserted.

Because the rail holds nothing, there is nothing on our side to breach, subpoena, or leak. Your data residency is wherever your machine and your connectors already are.

8 · Integrations / BYOK

RailCall reaches your tools through a small API / adapter stack (REST, Webhook, SQL, Email/SMTP, OAuth, plus MCP) — every integration is a config row on that stack, not bespoke code. You bring your own keys. Keys stay local — written to a 0600 vault, masked, never transmitted.

Categories: LLMs · Code & Repos · Cloud & Deploy · Databases · Payments · Comms · Docs & Workspace · Monitoring · Search & Memory · Browser Automation · Artifact Storage · CI/CD · Secrets · Analytics · Support / CRM · Automation.

Studio Integrate tab listing BYOK connectors grouped by category: Code & Repos (github, github_actions, vercel, gitlab, bitbucket, linear, jira), Payments (stripe, paypal, plaid, quickbooks, square, xero), Cloud & Deploy (postgres, supabase, render, aws, gcp), each showing NOT_CONFIGURED with a risk level and read/write scope
Integrate — 135 reachable connections through the API stack, grouped by category, each with a risk level and a read/write scope. A slot never reads connected until a real local test passes.

Connect a tool — the flow

  1. Open Integrate and search the 135 reachable connections — stripe, salesforce, twilio, n8n, github
  2. Paste your key. It's written straight to the 0600 vault, masked in the UI, and never transmitted to us.
  3. RailCall runs a real local connection test against the provider. Only a passing probe flips the slot to connected — no green without evidence.
  4. The connector is now available to every workflow, used in-process from your machine, under the Approval Airlock.
StripeNOT CONFIGURED
required  STRIPE_SECRET_KEY
optional  STRIPE_WEBHOOK_SECRET
risk     HIGH
workflows: verify checkout mode · check webhook delivery · inspect recent payment events
Security rule: no integration is marked connected unless a real local connection test passes.

9 · Webhook System

The native ingestion endpoint accepts small webhook payloads, writes them to a local inbox, and appends an audit event. It does not execute untrusted code during ingestion.

PropertyValue
endpointPOST http://127.0.0.1:<port>/api/webhook/<slot_id>
max payload64 KB
execution on ingestnone
storagelocal inbox file
auditappend-only event

For Stripe, GitHub, Shopify, Slack, etc., point the third party at your tunnel URL, not 127.0.0.1 directly:

flow
https://your-tunnel.ngrok.app/api/webhook/stripe_payment_slot
  ↓ forwards to
http://127.0.0.1:8799/api/webhook/stripe_payment_slot
bash
curl -X POST http://127.0.0.1:8799/api/webhook/stripe_payment_slot \
  -H "Content-Type: application/json" \
  -d '{"id":"evt_test_123","type":"charge.succeeded","amount":5000}'

Expected response Example

json
{ "status": "SUCCESS", "message": "Ingested into loopback inbox" }

10 · Audit Receipts

RailCall does not call something green unless there is evidence. Every audited flow emits a receipt:

Studio Monitor view: live receipt ledger streaming from .railcall_workspace/audit_log.jsonl, Airlock command states (pending_approval, approved, executed, blocked, failed all zero), and a governed activity feed showing webhook_in and upload events
Monitor — the live receipt ledger streaming from .railcall_workspace/audit_log.jsonl, with the Airlock command states (pending · approved · executed · blocked · failed) and every governed event, newest first.
receipt · example
{
  "result": "PASS",
  "license_clean": true,
  "external_sockets": 0,
  "integrity_root": "sha256:39bf8abe…582a07b",
  "artifact_path": "builds/accounts_receivable_collections.html",
  "workflow_id": "accounts_receivable_collections",
  "audited_pieces": 14, "needs_audit": 0,
  "timestamp": "2026-06-21T13:31:41Z"
}
FieldMeaning
external_sockets: 0No unexpected external sockets were observed during the audited flow (measured by an lsof sweep, not asserted).
license_clean: trueThe workflow used license-approved components only.
integrity_rootA sha256 hash representing the verified workflow / spec / artifact state.
human QA: UNKNOWNA person has not completed the customer-facing QA path yet.

Audit a flow yourself

Every proof is on local loopback — read it with the same endpoints Studio uses:

bash
curl http://127.0.0.1:8799/api/receipts/list   # every receipt
curl http://127.0.0.1:8799/api/audit           # latest build · external_sockets · integrity_root · human QA

11 · Local Files & Directory Map

.railcall_workspace/
.railcall_workspace/
  workspace.json
  sessions.json
  workflows/
  folder_notes.json
  generated_links.json
  integrations.json
  commands.json
  audit_log.jsonl
  webhook_inbox/
  uploads/
  keys.local.json
FolderHolds
builds/Generated HTML dashboards, workflow visuals, receipts, artifacts.
tests/Signed QA and airlock-proof receipts.
fixtures/Source data for workflows and test flows.
workbench/Studio kit and local UI / server files.
.railcall_workspace/The local workspace DB — sessions, workflows, BYOK vault (0600), integration metadata, audit log, webhook inbox.

Folder notes let developers remember what each folder is for without digging through code or terminal history.

12 · Total Flexibility — APIs, MCPs & Custom UIs

Because RailCall treats the terminal and local files as the source of truth, you can drive the entire system programmatically — no Studio UI required.

Calling the raw local API

Pull your active usage or workspace state into your own script, scriptable widget, or terminal toolbar. Every metric is exposed on local loopback:

bash
curl http://127.0.0.1:8799/api/usage           # usage / balance — UNKNOWN when unverified, never faked
curl http://127.0.0.1:8799/api/data            # workflows + workspace state
curl http://127.0.0.1:8799/api/receipts/list   # every audit receipt

All read-only, all loopback-bound — the same endpoints Studio itself calls. Nothing leaves 127.0.0.1.

AI & MCP integration (Model Context Protocol)

If you use Anthropic, Claude Desktop, or a custom LLM setup, point your MCP server straight at your local .railcall_workspace/ directory.

13 · Your UI Is Yours — Generating the Interface

RailCall does not design UIs, and that is deliberate. We ship the programmatic source of truth — the local API, the workspace files, the audited state — and stay out of your visual layer entirely. The terminal and .railcall_workspace/ are the canonical surface; everything rendered on top of them is yours to shape.

The split: the RailCall core — builder, terminal, governed engine — runs on our hosted engine, no key from you. A custom interface runs on your model with your key (BYOK). RailCall owns the programmatic bible; the UI is the developer's domain.

Hand the map to a model

Want a custom dashboard, a menu-bar widget, a web panel? Point your desired model — Claude, GPT, Cursor, your own local LLM — at the map and have it generate the interface from real state, calling it with your own key (BYOK). Your model, your key, your aesthetic; RailCall just hands over the source of truth. Go back and forth with it until the layout is right.

Because the source of truth is programmatic and audited, any UI built on it is verifiable by construction — it can only show what the receipts already prove. We keep that core honest; you make it look like anything you want.

14 · Community — Build the Rail With Us

RailCall is built in the open with the developers who run it. Every connector on the rail started as someone's request — the roadmap is public, the audits are shared, and the fastest way to get a workflow, a connector, or a fix is to bring it to the community.

▸ Join the RailCall Discord

Propose connectors · request product improvements · share workflows and get them audited · trade governed rails with other devs · shape what ships next.

Join the RailCall Discord →

Request a connector

Need a system the API stack doesn't reach yet? Ask. Requests are triaged in the open and prioritized by demand.

Ship a workflow

Post a rail you built. The community and the auditor stress-test it, and the good ones become shareable templates.

Product improvements

Found a rough edge or want a feature? File it in Discord — power-user feedback drives the roadmap directly.

Audited, not anecdotal

Bugs come with receipts and repro; fixes come with receipts and proof. The community runs on evidence, same as the product.

15 · Testing Manual

Step 1 — verify repo

bash
git status
git log -1 --oneline

Step 2 — start Studio

bash
railcall studio   # boots RailCall Studio on 127.0.0.1:8799 (port busy? STUDIO_PORT=8801 railcall studio)

Step 3 — test the local webhook endpoint

bash
curl -X POST http://127.0.0.1:8799/api/webhook/stripe_payment_slot \
  -H "Content-Type: application/json" \
  -d '{"id":"evt_test_123","type":"charge.succeeded","amount":5000}'

Step 4 — verify outputs

Step 5 — inspect the local file

bash
ls .railcall_workspace/webhook_inbox/stripe_payment_slot/   # one .json per ingested event

16 · Troubleshooting

Studio link does not open

Local server not running · port in use · browser blocked localhost · process killed. Fix: re-run railcall studio.

Webhook does not arrive

Third party pointing at 127.0.0.1 directly · tunnel not running · wrong slot_id · payload too large · token mismatch. Fix: use a tunnel URL that forwards to local loopback.

Status says UNKNOWN

The check has not been verified yet. UNKNOWN is honest — not a failure and not a pass.

Workflow says PARTIAL

A verified spec/artifact was built from available audited pieces, but some requested steps need additional audited code or human review.

Usage meter says UNKNOWN

RailCall could not verify your balance endpoint. It may be offline or using cached state.

17 · FAQ

RailCall Docs · v0.1 preview · local-first · loopback-bound · self-contained (no CDN, no trackers). Status values shown in examples are illustrative.