Provenance built-in
Every step leaves a portable, signed proof so teams can verify outputs independently (SLSA/in-toto predicates, C2PA manifests, optional SCITT transparency log).
What & why
Trust-first control plane for AI workflows
Platform, infra, and risk leads share the same storyline: every run emits capability token → guardrail verdict → signed artifact → replay token, so no one has to guess what shipped.
When an auditor asks for acronyms, those receipts already map to OpenTelemetry GenAI budgets, C2PA manifests, and optional SCITT transparency logs.
Deterministic delivery
Built-in controls keep multi-agent runs deterministic and replayable under load—seeds, checkpoints, transactional outbox, and budget-aware scheduling.
Policy you can hire for
Write policies your security team can own. Built-in guardrails ship today; bring existing OPA/Rego policies now and Cedar packs next, with Wasm handled behind the scenes.
Portable capabilities
Per-step capability tokens lock down every hop now; Biscuit v2 exports and W3C VCs are queued so partners and regulators can verify receipts offline.
Telemetry that will not break dashboards
trust.* attributes line up with OpenTelemetry GenAI semantics, and we flag stability levels so collectors stay healthy as the spec moves.
Proof trail
Four artifacts, four canonical docs
Follow the trail: capability token → Wasm verdict → signed artifact → replay token. Each link opens the canonical doc so Risk & Compliance can audit independently.
Receipt
fleetforge-ctl and the HTTP APIs mint signed receipts (capability tokens, attestation IDs) you and partners can verify.
Receipts guide →Policy decision
Rego guardrails compile to Wasm inside the runtime so infra, security, and policy teams read the same verdicts (OPA today, Cedar next).
Policy plane →Signed artifact
Artifacts leave with C2PA manifests and optional SCITT transparency logs so Risk & Compliance can verify provenance independently.
Attestation vault →Replay token
Attestation IDs and trust.* spans give you deterministic replay metadata, so you can re-run any workflow and explain drift.
Replay & forensics →Receipt chain
Capability token → Wasm verdict → C2PA → replay
Every agent action emits the same receipts you show on the demo: capability token, policy verdict, signed artifact, deterministic replay. Keep that chain visible so Risk & Compliance see the breadcrumbs.
Receipt
Capability tokens capture who ran what, with budgets and allowlists attached. They show up in CLI receipts and trust.* telemetry.
See CLI receipts →Policy decision
One decision tree (Rego → Wasm) gates ingress, tools, delivery, and replay so every hop shares the same guardrail.
Policy plane docs →Signed artifact
Artifacts leave with C2PA signatures and optional SCITT anchors so Risk & Compliance can verify with their own tools.
Verify with CLI →Replay token
Attestation IDs bind replays to the exact spans and receipts you shipped, so forensics and approvals stay deterministic.
Replay & forensics →Operate like infrastructure
Delivery plane built for fleets
The delivery plane looks like the rest of your stack: transactional outbox with Kafka forwarders, enforced budgets, deterministic seeds, and optional exactly-once connectors. Read the Delivery plane doc →
Transactional outbox
Postgres state machine + Kafka forwarders keep delivery idempotent and debuggable.
Budgets & backpressure
Every multi-agent job enforces spend caps and queue depth so fleets stay predictable.
Replay parity
Deterministic seeds + run attestations make replays mirror production spans byte-for-byte.
Optional exactly-once
run_id + step_id tags let connectors opt into exactly-once semantics when needed.
3-minute walkthrough
Replay the canonical LangGraph run
Kick off Hello Fleet (planner → researcher & engineer → editor), watch the receipts stream in, flip Wasm guardrails live, then replay with the same attestation IDs. The scrollytelling rail below keeps each proof chip sticky.
Preparing the product walkthrough…
Adapters & neutrality
Canonical demo, optional adapters on request
LangGraph is canonical. AutoGen, CrewAI, and custom orchestrators reuse the same contract and trust plane, and are opt-in.
LangGraph (canonical)
DemoHello Fleet demo — the single canonical slice. Re-run it whenever you show another adapter.
Run Hello Fleet →AutoGen (optional)
LangGraph is canonical. AutoGen adapters reuse the same trust plane and are opt-in.
Install instructions →CrewAI (optional)
LangGraph is canonical. CrewAI adapters reuse the same trust plane and are opt-in.
Install instructions →Custom orchestrator
Bring your own orchestrator via the OpenAPI / Connect client contract.
Open docs →Pipeline, serverless, and analytics adapters (Airflow, Argo, Step Functions, dbt) now live in the Coming soon tracker so the homepage stays focused on the canonical slice.
Docs & runtime reference
Docs & runtime reference
Docs that match the demo. Open the Hello Fleet tutorial, core Concepts, CLI, and the embedded Runtime API—mapped 1:1 to what you just ran.
Hello Fleet tutorial
Click-through instructions that mirror the demo run, receipts, and guardrail toggles.
Core concepts
Trust Mesh overview—North Star narrative, delivery/policy/replay pillars, and GTM guardrails.
CLI & receipts
fleetforge-ctl verify, capability tokens, and C2PA/SCITT manifests so CLI + UI stay aligned.
Roadmap & Status
Single execution tracker that ties roadmap themes to the Status & Acceptance evidence.