The Cabin Crew Orchestrator is the brain of the platform—a platform-agnostic Go/Rust binary that enforces governance and signs logs. It's the only component that requires a commercial license (BSL 1.1), while all engines and drivers remain open source.

Every workflow follows a strict two-phase commit system:

1. Plan Phase (Flight Plan): Engines generate artifacts (code diffs, Terraform plans, JSON manifests). The Orchestrator hashes and signs the intent before any execution.
2. Apply Phase (Take-off): Only after policy validation passes does the Orchestrator allow engines to execute side effects (git push, terraform apply).

This separation ensures that no action is taken without cryptographic proof of intent.

The Orchestrator runs anywhere—GitHub Actions, GitLab CI, AWS CodeBuild—without code changes. It uses Keyless OIDC to verify identity, pulling tokens from the environment rather than requiring API keys.

Whether you're running on GitHub, AWS, or your own infrastructure, the Orchestrator adapts automatically.

The Orchestrator handles parallel execution of multiple engines (PM, Dev, Infra) using a DAG-based scheduler. It manages dependencies, retries, and failure isolation automatically.

Engines communicate via a standardized JSON protocol, allowing seamless composition of workflows.

The Orchestrator supports two modes:

• Atomic Mode: For OSS users. The GitHub Actions adapter auto-injects OIDC tokens and generates ephemeral configs. No setup required.
• Governed Mode: For enterprise. Full policy enforcement, custom storage drivers, and vendor signatures enabled.

Start simple, scale to enterprise governance when ready.