Developers

API-first orchestration for agentic workflows

Build workflows, register tools, run agents, and stream execution events—with governance and tracing out of the box.

Quickstart Auth & tenancy Events Policy examples

Quickstart

Define a workflow with tasks and attached policies (budget, tools, data class).
Register tools (HTTP endpoints) with scoped permissions and rate limits.
Create a run and stream events to observe planning → execution → verification.
Export run evidence for stakeholders (audit logs, policy decisions, outcomes).

Local development

Use environment variables to enable demo mode, disable billing, and simulate run telemetry. The UI surfaces the same artifacts you export to security and procurement teams.

Core primitives

Workflows

Versioned definitions of tasks, tools, routing constraints, and policies.

Agents

Planner/executor/verifier roles with bounded autonomy and auditable actions.

Runs

Immutable run history with live event stream and deterministic replay.

Policies

OPA-enforced constraints for backends, budgets, tools, and tenant boundaries.

Auth & tenancy

Requests are scoped by tenant. In production, a tenant is enforced at the gateway and carried through to policy evaluation, storage, and audit logs. For integrations, prefer short-lived tokens and explicit scopes.

Scopes: ops.read / ops.write / runs.write / policies.write (example taxonomy).
RBAC: roles map to scope bundles; least privilege is the default.
Idempotency: write endpoints support idempotency keys for safe retries.

Events & webhooks

Runs emit structured events (planning, tool calls, policy decisions, outcomes). You can stream events in the UI or deliver them to your systems via webhooks.

Event types

run.created, step.started, tool.called, policy.denied, outcome.recorded, run.completed

Delivery guidance

Use retries with backoff, verify signatures, and store event ids for deduplication.

Policy examples (realistic patterns)

Policies are applied at run creation and at tool-call time. These examples reflect common enterprise requirements.

Budget cap

Deny tool calls once cost_actual exceeds cost_cap; require approvals for overrides.

Tool allowlist

Restrict tools by workspace and role; block unknown outbound endpoints.

Data classification

Force redaction or block export if payload is marked confidential/regulated.

Geo / residency

Route workloads to approved regions and providers by tenant configuration.

Versioning & deprecation

APIs are versioned. Breaking changes are announced ahead of time and maintain a deprecation window. Contracts can define stricter change management requirements for regulated environments.

Support and reliability

For pilot and production deployments, support expectations are described in the SOW/SLA. The platform surfaces operational signals (latency, error rates, budget, policy denies) to support day-2 operations.

Trust Center Observability RBAC