Graph-native agent infrastructure.

Build agents you can trust. Every action becomes a signed, queryable node in your MCP graph—policies enforced up front, approvals captured in-flight, and evidence hashed for audit.

Launch Platform View Agent Packs Explore API
Existing client systems use our infrastructure with
Jina.ai logo Parallel.ai logo AWS logo Google Cloud logo DigitalOcean logo Neo4j logo MongoDB logo Redis logo PostgreSQL logo Supabase logo Vercel logo Docker logo Kubernetes logo Terraform logo GitHub logo GitLab logo Snowflake logo Databricks logo Elastic logo Apache Kafka logo RabbitMQ logo Grafana logo Prometheus logo Datadog logo Stripe logo Twilio logo SendGrid logo Cloudflare logo OpenAI logo Anthropic logo Temporal logo Heroku logo Azure logo Netlify logo Render logo Pulumi logo Ansible logo Jenkins logo CircleCI logo Jira logo Confluence logo Slack logo Discord logo Notion logo Airtable logo Zapier logo Salesforce logo HubSpot logo Shopify logo Intercom logo Figma logo Bitbucket logo GitLab CI logo Nginx logo Apache logo Elasticsearch logo Kibana logo Splunk logo New Relic logo Sentry logo PagerDuty logo Fastly logo Akamai logo Okta logo Auth0 logo Vault logo Consul logo Datadog APM logo Apollo GraphQL logo Hasura logo Prisma logo PlanetScale logo CockroachDB logo YugabyteDB logo InfluxDB logo Cassandra logo CouchDB logo

Trust primitives, graph-first

A content-addressed MCP graph turns plans, approvals, tool calls, and artifacts into verifiable evidence.

Graph-native evidence

Each step, approval, tool call, and artifact is a node/edge with a stable content hash for fast queries and diffs.

Hash-addressed Replay-ready Diff-able

Constitutional guardrails

Declarative policies prevent execution until conditions are satisfied (cost caps, SoD, environment access, PII boundaries).

Deny-by-default Human-in-the-loop

Zero-trust operations

Tool contracts, RBAC scopes, and signed reviews ship with each workflow. Credentials are scoped per tool and environment.

RBAC Tool contracts Signed reviews

Verifiable by default

Export provenance for audit or replay in NDJSON/JSON-LD with signatures (e.g., Ed25519) and immutable retention windows.

NDJSON JSON-LD

How it works

Policies up front. Approvals at the edge. Evidence everywhere.

  1. Propose — The planner assembles a graph-shaped plan with typed steps and preconditions.
  2. Check — Policies run against the plan (limits, SoD, environment/PII). Required approvals are requested.
  3. Execute — Tools run behind contracts; every call and artifact is hashed and linked.
  4. Prove — Evidence is emitted as a signed, queryable subgraph. Export, replay, or diff anytime.
Policy example (YAML) 
policies:
  cost_caps:
    when: plan.total_cost_usd > 50
    require: approval(role="finance")

  env_access:
    when: step.env in ["staging","prod"]
    require: approval(role="security") and mfa(actor)

  pii_tools:
    when: tool.category == "PII"
    deny_unless: data_masking.enabled and rbac.scope includes "pii:read"

Minimal API flow

# 0) Inspect API
curl -s https://api.distributed.systems/v1/info

# 1) Propose a plan (no side effects)
curl -sX POST https://api.distributed.systems/v1/plans \
  -H "Content-Type: application/json" \
  -d '{
    "goal": "Rotate production credentials",
    "constraints": ["require_approval:security","env:prod","cost_usd<=50"]
  }'

# 2) Approve if policy requires
curl -sX POST https://api.distributed.systems/v1/approvals \
  -H "Content-Type: application/json" \
  -d '{"plan_id":"pln_123","actor":"alice@company.com","note":"Change window OK"}'

# 3) Execute (contracts enforced)
curl -sX POST https://api.distributed.systems/v1/runs \
  -H "Content-Type: application/json" \
  -d '{"plan_id":"pln_123"}'

# 4) Evidence: query a subgraph
curl -s "https://api.distributed.systems/v1/evidence?run_id=run_456&format=ndjson"

Agentic MCP Packs

Custom MCP clusters built for Jina.ai (Elastic) and Parallel.ai. Bundle graph queries, cost auditors, policy checkpoints, and provenance exports so you can ship mission-critical workflows fast.

J-Plus MCP Cluster

Jina.ai Elastic

Built for Jina.ai (acquired by Elastic). Low-latency planning + verification for finance, ops, and incident response where proofs and guardrails matter.

  • Plan scaffolding with policy-ready steps
  • Streaming evidence & approval logs
  • Graph-assisted cost/variance analysis

Optimized for Jina.ai's neural search infrastructure — spend approvals, on-call runbooks, post-incident attestations.

P-Plus MCP Cluster

Parallel.ai Parallel Web Systems

Built for Parallel.ai (Parallel Web Systems). Compliance-first pipelines with rich tooling for KYC/KYB, policy rollout, and auditable oversight.

  • Policy distribution + enforcement chronicle
  • Tool connectors for billing, legal, ops
  • Replay-ready provenance for audits

Optimized for Parallel.ai's automation platform — KYB/KYC checks, vendor onboarding, policy attestations.

Powering: Jina.ai logo Parallel.ai logo

Where teams start

Finance approvals

Cap spend, require finance sign-off above thresholds, and export evidence to your ledger.

Incident response

Codify runbooks with approvals for risky actions; ship signed post-incident attestations.

KYC/KYB

Policy-driven checks with replayable evidence; redaction/masking for PII tooling.

Change management

Four-eyes on prod changes; diff plans vs. execution and archive the proof.

MLOps

Gate deployments on eval results, cost limits, and data access scopes—then prove you did.

Data pipelines

ETL with tool contracts and immutable outputs; NDJSON/JSON-LD exports for audit.

Architectural shape

Governed, agentic graph runtime with event-sourced provenance and policy-aware execution.

Graph Gateway

FastAPI service terminating REST, enforcing AuthN/Z, emitting OpenTelemetry. Routes verbs to Policy Engine and Stream Ingestor.

Policy Engine

Pre/post execution policy evaluation: ABAC/RBAC, cost caps, SoD, PII/data-class gates, environment gates.

Stream Ingestor

Consumes Redis Streams, normalizes events, enriches with metadata, writes to Neo4j, MinIO, and DuckDB.

Evidence Builder

Computes content hashes (BLAKE3/SHA-256), builds Merkle links, signs envelopes (Ed25519) with Identity/Key service.

Execution Broker

Dispatches approved runs to tool runners behind contracts, streams tokens/logs, emits ToolCall* events.

Graph Persister

Append-only node/edge writes to Neo4j, maintains latest-view projections, batch writer with idempotency.

Security & compliance

Signatures

Reviews and exports can be signed (Ed25519). Verify provenance at the edge. Public keys pinned to Actor nodes.

Separation of duties

Enforce four-eyes on production changes and sensitive environments. Different approver from proposer required.

RBAC & scopes

Constrain tool access by role, environment, and data class (PII). Scoped credentials per tool and environment.

Retention

Configurable evidence retention, WORM buckets, immutable windows, export bundles on demand (NDJSON/JSON-LD).

Ready to ship verifiable agents?

Launch the platform, call the API, or start with a Pack. You can always export your evidence.

Launch Platform Read the Docs Compare Packs