Study a worked multi-agent layout (Triage, Billing, Technical, Escalation) coordinated by a LangGraph supervisor for support workloads.
Reuse the five mock MCP servers (Zendesk, Stripe, Slack, Salesforce, Intercom) as a starting template for wiring real external tools.
Run the 200-prompt red-team script against your own agent stack to check for PII leaks and prompt-injection bypasses.
Adopt the four-layer guardrail pattern (input, execution, output, memory) with Llama Guard, Presidio, and gVisor for a tenant-isolated agent.
Needs Python 3.12+, Node 22+, Docker for Postgres with pgvector, gVisor for the execution sandbox, and API keys for both Claude tiers.
ResolveAI is a project, written mostly in Chinese in its README, that aims to be a customer-support system built out of several AI agents working together rather than one big chatbot. The author compares it to commercial products like Sierra and Decagon. The pitch is that a real support ticket usually mixes four kinds of pressure at once: multi-step planning, calling out to other systems like Stripe or Zendesk, dealing with users who try to trick the AI, and keeping different customers' data apart. A single language model with a long prompt tends to crack under at least one of those, so the project routes each pressure to a different layer. The design uses four specialist agents (Triage, Billing, Technical, Escalation) coordinated by a supervisor written with LangGraph. A cheaper model (Claude Haiku) is used for the first triage step, and a stronger model (Claude Sonnet) is used for the specialist agents, with only a short structured summary passed between them to keep token costs down. External systems are reached through five mock MCP servers, one each for Zendesk, Stripe, Slack, Salesforce, and Intercom, so adding a new service means writing one more MCP server rather than rewiring the agents. A lot of the README is about safety. There are four guardrail layers: an input layer that runs Llama Guard, indirect-injection detection, and Microsoft's Presidio for personally identifiable information, an execution layer that runs every tool call inside a gVisor sandbox with a capability whitelist, an output layer that re-scans for leaked PII and made-up entities, and a memory layer that keeps each tenant and each customer separated. There is also a red-team test script with 200 adversarial prompts that the project aims to pass with zero PII leaks. The repo is organized as a monorepo: a FastAPI backend in apps/api, a Next.js front-end with shadcn/ui in apps/web, the five MCP servers under packages/mcp-servers, Docker and (planned) Kubernetes config under infra/, and a docs folder with the full design. To run it you need Python 3.12 or newer, Node 22 or newer, and Docker for Postgres with pgvector. The author is honest that this is still at the scaffold stage: the skeleton and a hello-world endpoint are in place, with the rest to be filled in following a roadmap document. It is released under the Apache 2.0 license.
Generated 2026-05-22 · Model: sonnet-4-6 · Verify against the repo before relying on details.