One substrate · three products
fasten is the open-source substrate that records what happened — typed, correlated by one request_id, tamper-evident. membrane governs what your agents believe; fasten fleet carries the fleet and the compliance. One record, three lenses.
One Substrate · Three Products
Audit · Open Source
The substrate. Record what happened — correlated across every transport, hash-chained so it can't be quietly rewritten.
Belief · Commercial
Built on fasten, for AI agents. mbnl normalizes any model's output, then membrane computes what the agent believes — which source won, what drifted, what's stale — and the control tier enforces policy before a bad action lands.
Explore membrane →Data Plane · Commercial
Aggregate the whole fleet into one queryable plane — compliance reports, tamper-evident archive, tiered retention. Hosted or air-gapped.
Explore fleet →membrane and fleet are built on the fasten substrate — one typed, correlated, tamper-evident event model. A layer below agent-orchestration frameworks (LangGraph · CrewAI · AutoGen) and above per-call tracing, where every framework leaves state to you.
How it works
Every stream — across agents, services, and transports — threads into one typed substrate. On top sit two lenses and a control tier; the model is Audit → Belief → Correction:
fasten
Record what happened — typed, correlated by one id, tamper-evident across every transport.
membrane
Compute what the agent believes and reconcile it against your systems of record. Catch drift.
membrane · control tier
Decide and enforce — block the action on stale or contradicted state before the side-effect lands.
↳ mbnl sits in front of all three — normalizing any model or vendor's output to one typed event before it enters the substrate. control is membrane's enforcement tier, not a separate product.
Why fasten
A software system is more than AI agents. Logs, metrics, and traces tell you what is happening. fasten is the connective tissue across AI and non-AI components — the fourth pillar, joining all three with the tamper-evident record of what happened, who changed it, who can prove it.
One request_id correlates typed audit events, structured logs, HTTP access, and system events into a unified 3-pane view. Seven anchors (5 Ws + H + correlation) typed at the source. fasten treats AI agents as one kind of actor, alongside users, services, schedulers, and integrations. Same primitive for every actor.
Three tiers sit on the same hash-chained record:
first_break_at reports the first row whose hash doesn't match. Tampering is detectable.(monotonic_seq, hash) pair.One substrate, three tiers, no second sensor in your code path.
The same primitive serves any system that does anything consequential — banks, hospitals, industrial control, mobile apps, SaaS backends, regulated manufacturing, and AI agents. Most teams already run a great observability platform and a great compliance platform. They still carry a gap that fills with a homegrown audit table, glue code, and quarterly log scraping. fasten fills that gap natively.
Every adjacent surface gets the substrate it ought to be reading from — observability tools that want to chat with the record, governance toolkits that want to refuse a bad action before it lands, GRC platforms that want to attest against a framework after the fact. Same hash-chained rows, three lenses.
Typed at the source
Every audit event is a value in a finite catalogue you ship with the code (fasten.codes.register(...)). The reader, the agent, and the auditor share one closed vocabulary. Hallucinated field names are structurally impossible.
Correlation at the type level
request_idEvery audit row carries who, what, when, where, why, how, and the correlation id. Joins across audit · sys · api · across the fleet are not inferred — the schema does them. One request_id threads everything.
Independently verifiable
Each audit row carries prev_hash and hash. Tampering surfaces at first_break_at with a reason string. The chain is verifiable without the LLM in the loop — the row either matches or it doesn't.
One substrate, two reasoning lenses on top: fasten fleet's /investigate reasons over audit history and returns cited rows; Membrane reasons over agent beliefs and blocks bad state at write time. Same hash-chained rows — different surfaces. The evidence is the same row both lenses cite.
membrane · Drift Reconciliation
An agent holds plan = Growth, active. Billing cancelled them three days ago — a missed webhook, or a value cached at session start. membrane reconciles the belief against the source of record and flags the divergence before the refund goes out.
fasten fleet · The 2 a.m. Incident
Two hundred instances; one misbehaves; the request crossed MQTT → scheduler → microservice → an external API. Jaeger sees HTTP spans, Loki has unstructured logs, the audit table is local and homegrown. fasten threads one id end to end; fleet aggregates every node into one queryable plane.
Open source, six languages, your first hash-chained event in five minutes. Add membrane and fleet when you need belief and the fleet view.
The audit substrate for distributed systems — and the belief layer for the AI agents on top of them.