The Manifesto for Agentic Automation
Governing the Shift from Automation to Autonomy. The standard for Autonomous Workflows.
Governing the Shift from Automation to Autonomy. The standard for Autonomous Workflows.
The standard for Autonomous Workflows.
We are standing at the edge of the Probabilistic Era.
For the last twenty years, professional automation was built on the foundation of Determinism. In Infrastructure, we used Ansible and Terraform. In Finance, we built rigid algorithms. If a system broke, it was a bug in the logic. The liability was static.
Today, we are handing control to systems that do not follow instructions, they interpret intent.
AI Agents are not scripts. They are probabilistic operators. They reason, plan, and execute. While this promises exponential velocity, it introduces a new, existential risk: Stochastic Liability.
To build a future where autonomous agents can be trusted with critical systems, we adhere to the following principles:
Reasoning must be separate from action.
Intent must be decoupled from Execution. An agent must never be granted the authority to "think and act" in a single, opaque atomic step. Just as Terraform separated Plan from Apply, Agentic workflows must separate Reasoning from Action.
Every output must carry its creation story.
Output without history is contraband. In a probabilistic workflow, the final artifact is meaningless without the context of its creation. We require a cryptographic link between the agent's identity, the input context, the model used, and the final output.
No agent can be its own authority.
Safety guardrails must exist outside the agent's cognitive loop. We cannot rely on an LLM to "promise" it checked for security. Policy must be deterministic code, executed by a neutral orchestrator.
Logs must be proofs, not just text.
In the event of failure, a simple text log is insufficient. Autonomous systems require a chain of custody that is mathematically non-repudiable. Every decision and state change must be signed and sealed.
Static keys are a failure of architecture.
Autonomous agents are transient processes. They should not hold long-lived credentials. Identity must be ephemeral, issued only for the duration of a specific task, and cryptographically bound to the workload.
These principles are the foundation of the Cabin Crew Protocol.
We provide the infrastructure to enforce these laws for every agent, on every platform.
Open Source (Apache 2.0): The Protocol, The Engines (Workers), The CLI, The Drivers. Anyone can use, modify, and deploy these components freely.
License (BSL 1.1): The Orchestrator - the binary that enforces governance and signs logs. Enterprise licenses unlock Vendor Signatures and Advanced Governance features.
Revenue Model: Enterprise licenses for the Orchestrator + Hosted Policy Libraries.
The Runtime (The Hub): A platform-agnostic Go/Rust binary that uses Keyless OIDC (GitHub/AWS/GitLab) to sign logs with no long-lived keys. OCI-native distribution pulls engines as Docker images but executes them as subprocesses on the host to share tools (git, npm). Embeds OPA (Open Policy Agent) in-memory to validate artifacts against Rego policies.
The Engines (The Workers): OCI Images distributed as static binaries. Core suite includes Scout (file tree scanner), Planner (issue parser and DAG manager), Dev (TDD loop wrapper), Infra (Terraform wrapper), and Tower (approval gates).
The Flight Recorder: We don't host data - we generate self-contained proofs (audit.json). Default storage pushes to the cabincrew-black-box orphan branch in Git. Enterprise deployments can fan out to Splunk/S3 via webhooks.
No Registry Server: We use OCI (GHCR). Trust is established via Cosign Signatures and OCI Labels.
No Raw Prompts: We audit Outcomes (Artifacts/Decisions), not raw LLM traffic. Privacy by design.
Secret Shield: Orchestrator runs Regex Redaction on all STDOUT/Comments. Engines are blocked from reading .env files.
Autoland: Dev Engine squashes PRs to a single signed commit to preserve cryptographic history in main branch.
Zero-Config OSS: GitHub Actions adapter injects OIDC tokens and generates ephemeral configs automatically.