Skip to main content

Status & Acceptance

Canonical tracker for Trust Mesh delivery. This page consolidates product promise status, code pointers, and the single “Hello Fleet” acceptance flow that demonstrates capability tokens, attestations, C2PA manifests, and deterministic replay. All other docs should link here instead of duplicating scorecards. For timing, see Roadmap & Status.

Legend: ✅ Delivered · ⚙️ Feature-gated · ⚠️ In progress · ⏳ Next · ⛔ Not started

Promise tracker

PromiseStatusEvidence in repoNotes / gaps
Identity-secured steps (capability tokens per hop)core/runtime/src/capability.rs core/runtime/src/scheduler.rs:1924 core/runtime/src/executor.rs:389Scheduler mints scoped tokens per step and every agent/tool/LLM/HTTP executor enforces validate_capability_token before touching external systems.
Provenance-sealed traces (attestations, deterministic envelopes, replay parity)core/trust/src/vault_object_store.rs core/runtime/src/lib.rs:395 core/runtime/src/replay.rsAttestations land in the object-store vault + Postgres index, replay pulls from the same evidence set, and drift detection fails runs that mutate attestation sets.
Policy everywhere (OPA→Wasm, OWASP/NIST mapped)core/runtime/src/guardrails.rs core/runtime/src/policy.rsPrompt-injection, tool ACL, budget, and regulated packs run at ingress/egress; decisions are signed artifacts surfaced in telemetry and ChangeOps.
Trust graph & replay store (attestation vault + event log)core/storage/migrations/0015_attestations.sql core/runtime/src/aibom.rs docs/reference/aibom.mdThe durable vault backs AIBOM payloads and replay comparisons, ensuring provenance survives restarts and region splits.
OpenTelemetry GenAI spans with trust.* attributescore/runtime/src/otel.rs deploy/otel/Spans export attestation IDs, capability token IDs, policy decisions, and GenAI semconv metrics for dashboards.
Adapters: LangGraph, AutoGen, CrewAI emit attestationscore/runtime/src/adapters.rs sdk/python/fleetforge/*_adapter docs/reference/adapters.md core/runtime/src/lib.rsLangGraph/AutoGen/CrewAI now run through the adapter smoke suite (capability tokens, attestations, replay) and the compatibility matrix publishes CI evidence + usage guidance.
TrustOps release gates (attestation parity, ≤1% token drift)docs/concepts/changeops.md docs/reference/changeops.md core/changeops/src/lib.rsGates inspect replay/canary telemetry plus attestation IDs and deny when drift exceeds thresholds.
SCITT feed (optional transparency)⚠️core/trust/src/scitt.rs core/runtime-api/src/transparency.rsChangeOps decisions emit SCITT entries; per-run/per-artifact publishing and background rollups are pending.
C2PA Content Credentials on artifacts⚠️core/trust/src/c2pa.rs core/runtime/src/executor.rs:782 core/runtime/src/scheduler.rs:2730Manifests are generated and stapled, but the signing toolchain needs hardening and UI/CLI affordances for selecting manifests are still basic.
Budget-aware SLO scheduling⚠️core/runtime/src/scheduler.rs:140 core/runtime/src/executor.rs:160 docs/concepts/policy.md#budget--slo-contractsScheduler ranks steps by SLO slack, emits fleetforge.slo.* metrics, and records budget/SLO snapshots plus env-tunable inflight caps; an automated tenant-wide SLO planner/feedback loop is still pending.
AIBOM / ML-BOM (CycloneDX)⚠️core/runtime/src/aibom.rs docs/reference/aibom.md core/ctl/src/main.rs (aibom generate)CLI emits BOMs, but dataset/tool lineage and SCITT references are incomplete.
Policy interoperability (OPA bundles + Cedar schema)⚠️docs/concepts/policy.md#policy-interoperability-roadmap policy-packs/Rego→Wasm packs run today; bundle loader + Cedar translation layers are in progress so customers can reuse existing policy tooling and audits.
Portable capability credentials (Biscuit/VC)⚙️docs/concepts/policy.md#capability-credentials-roadmap core/runtime/src/capability.rsRuntime mints scoped tokens, but Biscuit exports and VC projections are still behind feature flags; receipts remain runtime-bound until this lands.
Deterministic replay controls (IO sealing, virtual time)⚠️docs/concepts/replay.md#hardening-deterministic-replay core/runtime/src/replay.rsSeeds/checkpoints exist; artifact sealing, virtual clocks, and strict replay mode are being added so forensic runs cannot drift.
Telemetry compatibility + transparency roadmap⚠️docs/concepts/delivery.md#telemetry--compatibility-roadmap docs/reference/telemetry-compat.md docs/roadmap/roadmap-and-status.md#telemetry-versioning-policy-otel-stability-alignmenttrust.* semconv keys are versioned on paper but shims + version-pin flags are still rolling out; SCITT publication beyond ChangeOps remains gated.
Receipts-as-gates (CI/CD)⚠️docs/concepts/changeops.md#receipts-as-gates-ci--github-action .github/actions/fleetforge-receiptsGitHub Action prototype fails merges when drift/receipts regress, but default inclusion in starter repos and enterprise templates is pending.
Attested exports required⚠️docs/reference/aibom.md#export-with-receipts-ui--policy core/runtime/src/aibom.rsUI exposes “Export with receipts” and guardrails block unsigned artifacts, but managed tenants still need rollout + SCITT/VC options.
Policy packs marketplace⚠️docs/concepts/policy.md#policy-packs-marketplace policy-packs-enterprise/EU AI Act deployer pack + sector packs are drafted; publishing workflow and signed templates are in progress.
Budget/SLO scorecards (FinOps)⚠️docs/concepts/delivery.md#budget--slo-scorecards-finops core/telemetry/Metrics exist; new dashboards + Snowflake/Looker exporters are under development.
Bring Your Own Traces (OTel ingest)⚠️docs/roadmap/roadmap-and-status.md#observability--transparency-alignment-scitt--attestation-vault-api core/telemetry/Enrichment pipeline design is complete; ingesting external GenAI spans and stapling receipts is still experimental.
Pluggable policy engine & SDK (OPA/Cedar)⚠️docs/concepts/policy.md#pluggable-policy-engine--sdk policy-packs/Engine selection + SDK scaffolding exist; production-ready bundle tooling and ChangeOps integration are being finished.
Pipeline/serverless/analytics adapters⚠️website/docs/reference/adapters.md adapters/pipelines/Adapter specs for Airflow, Argo, AWS Step Functions, and dbt are defined; GA implementations land after the LangGraph acceptance remains green.
Attestation vault API (in-toto/SLSA + SCITT hooks)⚠️docs/reference/attestation-vault.md core/trust/src/vault_object_store.rsVault already stores predicates; external API endpoints + SCITT auto-posting are rolling out to tenants.

Hello Fleet acceptance walkthrough

The Hello Fleet demo is the single reference workflow for “First Green Bar” acceptance. Completing the steps below proves capability tokens, attestations, C2PA manifests, replay parity, and gate readiness without juggling multiple examples.

  1. Start the demo stack

    just demo

    This brings up Postgres, applies migrations, and launches fleetforge-runtime plus the demo UI at http://localhost:3000/demo.

  2. Submit the Hello Fleet DAG (LangGraph agent_team)
    Use the UI’s Run Demo button or the CLI below. This is the same LangGraph run the /demo page references, so copy the emitted RUN_ID and reuse it everywhere:

    cargo run -p fleetforge-ctl -- submit \
      --file examples/_packs/demo-pack/agent_team/run_spec.json

    Capture the reported RUN_ID. Paste it into /demo’s CLI snippet (fleetforge-ctl receipt --run-id <RUN_ID>) so reviewers see the exact same receipts.

  3. Verify capability tokens on the run
    Fetch the run snapshot and inspect each step’s capability_token_id:

    cargo run -p fleetforge-ctl -- get $RUN_ID \
      | jq '.steps[] | {id, capability_token_id: .output_snapshot.capability_token_id}'

    Every token must be present; missing IDs indicate the guard short-circuited execution.

  4. Export attestations and validate the trust chain

    cargo run -p fleetforge-ctl -- audit export \
      --bundle-dir tmp/hello-fleet \
      --limit 200

    The bundle directory now contains attestation JSON alongside artifact binaries, paired C2PA manifests, and transparency metadata when the writer is enabled. Use any artifact + manifest pair with the verifier (add --transparency when a .scitt.json file is present):

    cargo run -p fleetforge-ctl -- verify \
      tmp/hello-fleet/artifacts/<artifact>.bin \
      --manifest tmp/hello-fleet/artifacts/<artifact>.bin.c2pa.json \
      --transparency tmp/hello-fleet/artifacts/<artifact>.bin.scitt.json

    The command validates the manifest digest/signature, verifies the capability-token chain on each attestation (subject, scope, budgets), and, when provided, confirms the SCITT receipt matches the artifact hash + attestation set. Any mismatch fails the acceptance gate.

  5. Replay the run deterministically

    cargo run -p fleetforge-ctl -- replay $RUN_ID

    Confirm the CLI reports all_within_tolerance = true (≤1% token/cost drift) and no replay_*_diff artifacts are emitted.

  6. Feed the evidence into ChangeOps (optional but recommended)
    Create a gate input (include telemetry.replays[] pointing at the Hello Fleet replay) and run:

    cargo run -p fleetforge-ctl -- gates check \
      --input changeops/demo-hello-fleet.json

    Successful output should include the attestation bundle reference and (when FLEETFORGE_TRANSPARENCY_WRITER=1 with a local or scitt-http backend) a stubbed or published SCITT transparency receipt.

These steps align the CLI, UI, and ChangeOps experience around a single scenario. When extending acceptance, update this walkthrough instead of creating new bespoke demos.

Day-in-the-life workflows

Need the concrete IC and CI loops for fleetforge-ctl? Follow the dedicated Day-in-the-life workflows guide for the full receipt → verify → replay → gate story.

North Star “First Green Bar” checklist

The North Star doc defines five acceptance beats. After completing the Hello Fleet walkthrough above, run the quick checks below to prove each beat is green:

RequirementVerificationEvidence
Attested replayRun cargo run -p fleetforge-ctl -- replay $RUN_ID and ensure the CLI prints all_within_tolerance = true with no replay_*_diff artifacts.Replay output, plus the stored attestation IDs in run_steps.replay_snapshot.
Policy coverageFollow step 4 of the tutorial: tighten the budget guardrail, re-run, and observe the budget_exceeded denial in the UI/CLI along with the policy_decisions artifact.Guardrail artifact SHA + log entry referencing the signed TrustDecision.
Output provenanceRun fleetforge-ctl -- verify tmp/hello-fleet/artifacts/<artifact>.bin --manifest … [--transparency …] to validate capability tokens, SLSA/in-toto attestations, the C2PA manifest, and (optionally) the SCITT receipt.CLI output showing the trust chain (capability token scopes/budgets, predicate type) plus the “SCITT receipt verified” block when transparency metadata is supplied.
SCITT compatibility(Enterprise tier) Enable the writer before running gates check:
export FLEETFORGE_LICENSE_TIER=enterprise
export FLEETFORGE_TRANSPARENCY_BACKEND=scitt-http
export FLEETFORGE_TRANSPARENCY_ENDPOINT=http://127.0.0.1:9000/scitt
export FLEETFORGE_TRANSPARENCY_DRY_RUN=1
export FLEETFORGE_TRANSPARENCY_WRITER=1
Then execute step 6 and inspect gate-decision.json for decision.metadata.scitt_entry.transparency.		Presence of a transparency block (backend, status, receipt or job_id).
OTEL completenessThe just demo stack ships with an OTLP endpoint exposed at http://localhost:4317. After running Hello Fleet, inspect the collector logs for trust.* attributes:
`docker compose logs otel-collector		grep "trust."(when using the demo compose file) or point your own OTEL collector at the runtime and confirm spans includetrust.attestation_id, trust.capability_token_id, and trust.policy_decision_id`.

Implementation notes & standards

  • Policy engine: Keep compiling Rego guardrails to Wasm per Open Policy Agent guidance; execute the Wasm module at every ingress/egress boundary (core/runtime/src/guardrails.rs, core/runtime/src/executor.rs). This matches OPA’s documented runtime embedding model.
  • Telemetry: Continue pinning OpenTelemetry GenAI semconv versions in core/runtime/src/otel.rs and propagate the FleetForge-specific trust.* attributes. These keys align with the OpenTelemetry GenAI Semantic Conventions; opt into the matching version via OTEL_SEMCONV_STABILITY_OPT_IN=gen-ai so collectors and exporters understand the schema.
  • Provenance: Follow SLSA + in-toto predicate structures when finalizing sdk/python/fleetforge/langgraph_adapter/runner.py’s build/verify_provenance helpers; persist the resulting envelopes via the attestation vault.
  • C2PA manifests: Start with text bundle + image support using the recipe defined in the C2PA specification; the scaffolding in core/trust/src/c2pa.rs already mirrors the content credential layout.
  • C2PA CLI: fleetforge-ctl c2pa inspect pretty-prints manifest profiles (basic/policy-evidence/full) without hitting the runtime, and fleetforge-ctl c2pa sign --profile … re-signs local artifacts with the correct capability/policy evidence set (fallback profile controlled via FLEETFORGE_C2PA_PROFILE).
  • Transparency (SCITT): Treat SCITT feeds as optional but strongly recommended—set FLEETFORGE_TRANSPARENCY_SCOPE (disabled, gates, runs, artifacts) to control where receipts publish, pair it with FLEETFORGE_TRANSPARENCY_BACKEND=local|scitt-http, and leave FLEETFORGE_TRANSPARENCY_DRY_RUN=1 for tenants that only want local ledgers. The background writer consumes jobs, so keep it enabled in any scope other than disabled.
  • Schema/tooling stability: Keep running Buf breaking checks for protobuf surfaces and honor SemVer for JSON Schemas + SDK packages to prevent downstream compatibility surprises.

Evidence map

CapabilityWhere to look
Guardrails + capability enforcementcore/runtime/src/executor.rs:389-820 (LangGraph executor), core/runtime/src/executor.rs:221-280 (pre-exec guard + guardrail payloads), core/runtime/src/scheduler.rs:842-1189 (minting/attaching tokens and persisting policy artifacts).
Adapter attestation fieldssdk/python/fleetforge/langgraph_adapter/runner.py:70-170 (envelope builder emitting attestation_ids, subject_id, material_digests).
Attestation vault & digestscore/trust/src/vault.rs (trait and in-memory impl) plus core/trust/src/vault_object_store.rs (object-store backend + canonical digest handling).
Telemetry + dashboardscore/runtime/src/otel.rs (attribute emission), Grafana query snippets in deploy/otel/dashboards/*.json referencing attributes["trust.attestation_id"].
ChangeOps telemetry contractdocs/reference/changeops.md:71-110 and core/changeops/src/lib.rs (required telemetry.replays[] / telemetry.canary[] blocks, decision semantics).
Schemas for tokens/attestationsapi/schemas/agent_run.json (capability + attestation fields) and api/schemas/capability_token.json.
Policy packs & Rego→Wasm architecturedocs/concepts/policy.md, core/runtime/src/guardrails.rs, policy-packs/* (pack structure and Rego sources compiled to Wasm).

Risk register

  • Attestation sprawl: Without landing the object-store vault + Postgres index everywhere, provenance queries will fall back to in-memory state and create audit gaps. Prioritize rolling out core/trust/src/vault_object_store.rs across environments.
  • Adapter drift: LangGraph already emits attestations/capability tokens, but AutoGen/CrewAI can lag without CI parity tests. Add Phase 3 adapter matrix tests that run all samples through the runtime to keep cross-framework behavior aligned.
  • C2PA adoption: Some downstream consumers still lack C2PA tooling, yet enterprises increasingly expect signed manifests. Continue implementing manifests now so customers with compatible viewers (or fleetforge-ctl verify) can rely on the evidence even if other platforms catch up later.