The brain of your
autonomous operations
Runs in your infrastructure. Coordinates your runners. Operates both flow and bot engines under a single contract. Proves every decision with cryptographic evidence.
Your infrastructure. Your models. Your evidence.
Three jobs. Done without compromise.
The Orchestrator receives work, operates the engines, and governs every step with compliance by design.
Receives & coordinates
Triggers arrive from schedules, webhooks, events, queues, external systems. Each one becomes a run with full lineage and ID.
- Cron + interval + calendar schedules
- Inbound webhooks with HMAC + idempotency
- Storage / queue / email / MQ events
- High-availability scheduler with misfire recovery
Operates the engines
Flow logic runs in managed containers. UI bots run in managed desktop environments with isolated sessions. One formal invocation protocol ties them together — so a single run can mix logic, UI, and intelligence seamlessly.
- Flow + Bot + Agentic in a single run
- Formal invocation protocol between engines
- Dispatch always central — never direct-to-runner
- Multi-OS runners: Windows, macOS, Linux
Governs security & compliance
Your secrets, your policies, your evidence — all before the run starts, during execution, and signed at the end.
- Plugin vault (Azure KV / AWS / HashiCorp / CyberArk)
- Policy Packs: HIPAA, SOC 2, PCI-DSS, GDPR, Finance
- Evidence Pack signed + WORM + offline-verifiable
- Correlation IDs end-to-end, audit trail separate
Every run flows through the Orchestrator.
Flows never invoke runners directly. The Orchestrator dispatches every run, enforces every policy, signs every evidence pack. Central dispatch is the invariant that makes audit, control, and governance possible.
Enterprise-grade modules. One cohesive platform.
Every block is a first-class module: ownership, API contract, integration tests, operational runbook, and quality gates.
API Gateway + Auth/RBAC
Identity, role hierarchy, folder-level ACLs, SSO (SAML + OIDC + MFA). Your people, your permissions, your providers.
Registry & Versioning
Signed system packages with SemVer. Promote dev → staging → prod with rollback one-click.
Run Lifecycle Manager
Persistent state machine for every execution: created → queued → dispatched → running → completed. Full replay and retry.
Dispatch + Queue Manager
Routes each run to the right worker: pinned, by capability, or any available. Transactional queues with SLA + retry.
Runner Manager
Registry of your runners across clouds and on-prem. Pools, capabilities, health. Automatic VM power-on across 9 providers.
Session Broker
Isolates RDP sessions per job. Automatic cleanup + profile scrub on sensitive runs (PHI/PII/PCI).
Container Pool Manager
Ephemeral container pool for flow runs. Auto-scales with queue depth. Kubernetes-native, cloud-agnostic.
Secrets & Credential Broker
Plugin architecture: Azure KV, AWS Secrets, HashiCorp, CyberArk, GCP, on-prem. Secrets never leave your tenant boundary.
Policy & Compliance Engine
HIPAA, SOC 2, PCI-DSS, GDPR, Finance packs. Evaluated before runtime (compile-time) and during execution. Plus BYOM routing.
Evidence & Audit Engine
Cryptographically signed Evidence Pack per run. Immutable (WORM), hash chain, offline verification. Separate operational audit log.
Observability
End-to-end distributed tracing with correlation IDs. OTLP to your Jaeger / App Insights / Datadog. Prometheus metrics.
Scheduler & Triggers
Time, webhook, queue, storage event, email, message bus, polling. High-availability scheduler with misfire recovery.
One contract. Two execution planes.
Flow logic runs in ephemeral containers. UI automation runs in isolated desktop sessions. A single run can mix both, seamlessly.
Service Workers
Flow Runtime
Ephemeral containers for logic, APIs, data, AI reasoning. Kubernetes-native, auto-scaling, stateless compute.
- HTTP / REST / GraphQL
- Databases (SQL, NoSQL)
- Files, email, OCR
- LLM reasoning (BYOM)
- Control flow, branching, loops
Desktop Runners
Bot Runtime
Managed VMs with isolated RDP sessions for real UI automation. Multi-OS native: Windows, macOS, Linux.
- Browser automation (real UI)
- Desktop apps + legacy systems
- Citrix, SAP, mainframe emulators
- Session isolation per job
- Auto cleanup + profile scrub on PHI
Linked by a formal invocation protocol with input/output schema validation, correlation ID propagation, and evidence references that cross both planes.
Evidence Pack. Policy Packs. Day one.
Regulated operations demand more than logs. Every run emits a cryptographically signed, immutable evidence bundle your auditor can verify offline — and every run is checked against your policy pack before it starts.
Evidence Pack
An immutable, WORM-stored bundle signed on write. Contains data lineage, classifications, decisions, controls applied, timing, and artifacts — all hashed and chained.
- Merkle root + digital signature
- RFC 3161 timestamp authority
- Chain of custody (creation → upload → access)
- Offline verifiable by any auditor
- Retention configurable per compliance framework
Policy Packs
Declarative rules evaluated before the run is published (compile-time) and during execution (runtime). If a system violates a rule, it doesn't start.
- Data classification (PII / PHI / PCI / Confidential)
- Auto-injected controls: redact, mask, tokenize, DLP scan
- HITL approvals with SLA + escalation
- Data residency + BAA enforcement
Your stack. Every provider. No lock-in.
The Orchestrator is an abstraction layer, not a vendor trap. Switch any provider with a config change. Your LLM, your vault, your storage, your identity — always yours.
BYO LLM
OpenAI, Anthropic, Azure OpenAI, AWS Bedrock, GCP Vertex, Ollama, on-prem
BYO Secrets Vault
Azure KV, AWS Secrets, HashiCorp, CyberArk, Thycotic, BeyondTrust
BYO Storage
Azure Blob, S3, GCS, MinIO, SFTP, local
BYO Identity
Azure AD, Okta, Auth0, Keycloak, ADFS, SAML/OIDC
BYO Compute (VM power)
Azure, AWS, GCP, VMware, Hyper-V, Proxmox, WoL, IPMI, Agent
BYO Email / SMS
SendGrid, SES, Azure Communication, Twilio, Vonage, SMTP
BYO OCR
AWS Textract, Azure Form Recognizer, Google Document AI, Tesseract, ABBYY
BYO Observability
Jaeger, Tempo, Azure Monitor, Datadog, any OTLP-compatible backend
BYOM is policy-aware: when data is classified as PHI / PII / PCI, the Orchestrator routes LLM calls only to providers you've marked as compliant (self-hosted Ollama, on-prem endpoints, or cloud providers with signed BAA). No accidental exposure. Ever.
Every trigger, first-class
Time, events, queues, storage, or your own webhooks — the scheduler is HA with misfire recovery, so nothing gets lost if something blinks.
Schedule
Cron + interval + calendar
Webhook
HMAC + idempotency keys
Form
Hosted public forms
Storage
Blob / S3 object events
Queue
Kafka, SQS, Service Bus, RabbitMQ
Event Bus
Internal + external events
Your infrastructure. Always.
The Orchestrator runs inside your cloud subscription or on-premise. Data never crosses to us. Ever.
In Your Cloud
Azure, AWS, GCP subscription of your choice
- Managed Identity / IAM / Workload Identity
- Private endpoints, VNet isolation
- HA Postgres (PITR) + Redis + object storage
- Your data never leaves your tenant
On-Premise
Your datacenter, your Kubernetes, your rules
- Air-gapped deployment supported
- HashiCorp Vault + local KMS
- VMware / Hyper-V / Proxmox runners
- Full data sovereignty
HA Postgres with PITR. Redis with AOF + replication. Storage with versioning and WORM buckets for evidence. RTO/RPO declared and tested with real disaster recovery drills.
One correlation ID. End to end.
Every run emits OTLP spans through trigger, dispatch, runner, execution, and result — with Prometheus metrics and structured logs that correlate across the entire platform. Export to any backend you already have: Jaeger, Application Insights, Datadog, Tempo.
Own the workforce, not the vendor.
Deploy the Orchestrator in your cloud. Connect your runners. Run your first autonomous system this month.