fastenv1.0.0-beta
Docs How It Works Investigate What's Inside
Talk to UsS

Data Plane

fasten fleet aka cloud

The hosted (or self-hostable) audit data plane over the fasten substrate — fleet aggregation, compliance reports, a tamper-evident archive, and tiered retention.

Talk to UsS Read the DocsD
fleet verify
$ fleet verify --pack soc2-2026Q1 rows 128,402 // audit · sys · api hash-chain OK rekor=sealed window 2026-01-01 → 2026-03-31 signed compliance pack ready
3 Streams7 AnchorsOne request_idHosted · Self-Host

Why a Data Plane

Fleet Visibility

One Queryable Plane

Audit, sys, and API streams across every node and service, correlated by one request_id — not Jaeger + Loki + a homegrown audit table.

Compliance Evidence

Reports an Auditor Accepts

Generated from typed audit rows: SOC 2, HIPAA, GMP, ISO 26262, FSSC 22000 — months of evidence-gathering collapse to a signed pack.

Verifiable Trust

Tamper-Evident Archive

Chained hashing plus a Sigstore Rekor seal — prove a row existed at time T, unaltered. Cryptography instead of "trust us."

The Same Substrate

A single node runs free on the fasten SDK forever. fleet is the operations and compliance layer over the same tamper-evident rows — for when you have a fleet, an auditor, and a 2 a.m. page. membrane reads those same rows for the AI-engineering lens.

How It Works

The SRE and Compliance Lens Over the Same Substrate.

fleet and membrane read the same fasten rows — one data plane, two lenses. fleet is the fleet and compliance view; membrane is the AI-engineering view. The SDK keeps recording whether or not you run either.

  • Reads any fasten reader endpoint — no re-instrumentation.
  • One request_id correlates the three streams across the fleet.
  • Hosted or self-hosted / air-gapped — your data, your cloud.
fleet query
$ fleet query --req 3a7b1c --stream all node-07 api POST /refund actor=agent:cs-12 node-07 audit REFUND_ISSUED target=usr_42 node-11 sys webhook.stripe plan=cancelled correlated across 3 nodes · 3 streams # one id · hash-chained · Rekor-sealed

Observability

Rate, errors, latency — and the trace, from your own streams.

No separate metrics pipeline. fleet derives RED graphs — requests, error rate, p50/p95 latency — straight from the API and audit streams, and renders any request_id's correlated events as a trace. For request-level observability you don't need a second tool; host/infra metrics stay wherever they live.

Investigate

Plain English in. Cited cross-stream answer out.

The three streams threaded by one request_id already render as a live 3-pane view in the TUI, the fleet UI, and any HTTP consumer of the reader API. The investigation surface adds a plain-English chat on top of that — the agent calls reader tools across audit, sys, and api, and returns an answer where every claim cites a hash-chained row by (monotonic_seq, hash). BYO-LLM, self-hostable, air-gapped friendly.

fleet UI Investigator — Audit · API Access top (50/50), Sys Log terminal bottom · shipped today

fasten-tui — Rich TUI, Tab to rotate primary pane, SSH-friendly

the chat surface — additive on top of the 3-pane view, same reader API underneath

Ask in plain English. Get a cited answer.

The chat sits at POST /api/v1/investigate. The agent calls reader tools across audit, sys, and api — and a post-loop validator rejects any answer whose factual claims don't carry (monotonic_seq, hash). The operator can re-verify the audit citation against the chain doctor independently.

  • BYO-LLM — Anthropic, OpenAI, or a self-hosted endpoint (vLLM / Ollama).
  • Tenancy is dispatcher-injected — never a free model parameter.
  • Per-tenant cost cap + daily-spend telemetry, surfaced in fleet UI.
  • External agents plug in via the MCP server — Claude Desktop, Cursor, your own.
fleet · chat
> Why did request 3a7b1c fail at 14:32, and was any audit row tampered with around that time? # calling tools across audit · sys · api… POST /v1/refund [api 14:32:01 · seq=8412] "stripe webhook 502" [sys 14:32:03 · seq=8413] REFUND_ROLLED_BACK r-901 [aud 14:32:04 · seq=8414] doctor: chain OK in window · no tampering Answer: request 3a7b1c failed because the Stripe webhook returned 502; the audit stream shows REFUND_ROLLED_BACK within 4s. Chain is intact. # every claim resolves to a (monotonic_seq, hash) pair above

MCP Server

Plug Any Agent Into Your Data

Claude Desktop, Cursor, or your own agent — single-binary MCP server exposes the reader API as typed tools. BYO-LLM. Data never leaves your network.

/investigate · chat

Plain English Across 3 Streams

The agent calls reader tools across audit, sys, and api in one loop — and a post-loop validator rejects any claim that doesn't carry (monotonic_seq, hash). Additive on top of the live 3-pane view.

Air-Gapped CLI

fasten investigate "…"

Static Go binary, no browser required. Runs against a local fasten store with a local LLM key — industrial and regulated sites that can't open a browser get the same surface.

The Differentiator

Investigators built on telemetry substrates summarise what they found. fasten cites the specific row a claim depends on, and the chain proves the row was unaltered. The only investigator a compliance reviewer can accept evidence from — whether the question is about a refund, a kubernetes deploy, or an agent tool call.

What's Inside

Inside the Data Plane.

Metrics

Rate · Errors · Latency

RED graphs derived from the API and audit streams — requests/min, error rate, p50/p95 latency, top routes. No separate metrics pipeline to run.

Traces

Request Waterfall

One request_id's audit, sys, and API events on a shared timeline — the correlation fasten already records, shown as a trace.

Query

Three-Stream View

Audit, sys, and API in one query over any fasten reader endpoint.

Scale

Fleet Aggregation

Multi-node audit aggregation across the fleet — one queryable plane.

Compliance

Compliance Reports

SOC 2 · HIPAA · GMP · ISO 26262 · FSSC 22000, generated from typed rows.

Integrity

Tamper-Evident Archive

Chained hashing plus a Sigstore Rekor seal for independent verification.

Lifecycle

Tiered Retention

Hot (Postgres), cold (S3 + Parquet), and WORM — policy-driven lifecycle.

Governance

SLA · SSO · RBAC

SLA-backed support, SSO, tenant isolation, and an audit log of the audit log.

Investigation

Cited /investigate

Ask a question, get an answer that cites (monotonic_seq, hash) rows — re-verify against the chain. BYO-LLM, three modes.

MCP

Self-Hostable MCP Server

Expose the reader API as typed tools to Claude Desktop, Cursor, or your own agent. Data never leaves your network.

Do I Need fleet to Use fasten?

No. The fasten SDK is Apache-2.0 and complete on its own — single-node and small-fleet deployments use it alone. fleet is the commercial layer for fleets and regulated buyers: you pay us to carry the 2 a.m. page, the auditor meeting, and the fleet.

Operations and Compliance Liability — Without Building It.

Code, a team can build. The 2 a.m. page, the auditor meeting, and the fleet, they shouldn't have to. fleet is in active development with design partners — tell us about your fleet.

Talk to UsS See membrane
fasten

fasten fleet is built by nerdAppLabs, on the fasten substrate.

Products
fastenmembranefasten fleetmbnl · control — part of membrane
Resources
DocsHow It WorksWhat's InsideWhy fastenContact
© 2026 fasten · nerdAppLabs Software Solutions Pvt. Ltd.SDK Apache-2.0 · membrane & fleet commercial