fastenv1.0.0-beta
Docs How It Works Investigate What's Inside
Talk to UsS

Data Plane

fasten fleet aka cloud

The hosted (or self-hostable) audit data plane over the fasten substrate. Fleet aggregation, compliance reports, a tamper-evident archive, and tiered retention.

Talk to UsS Read the DocsD
fleet verify
$ fleet verify --pack soc2-2026Q1 rows 128,402 // audit · sys · api hash-chain OK rekor=sealed window 2026-01-01 → 2026-03-31 signed compliance pack ready
3 Streams7 AnchorsOne request_idHosted · Self-Host

Why a Data Plane

Fleet Visibility

One Queryable Plane

Audit, sys, and API streams across every node and service, correlated by one request_id, not Jaeger + Loki + a homegrown audit table.

Compliance Evidence

Reports an Auditor Accepts

Generated from typed audit rows: SOC 2, HIPAA, GMP, ISO 26262, FSSC 22000, months of evidence-gathering collapse to a signed pack.

Verifiable Trust

Tamper-Evident Archive

Chained hashing plus a Sigstore Rekor seal, prove a row existed at time T, unaltered. Cryptography instead of "trust us."

The Same Substrate

A single node runs free on the fasten SDK forever. fleet is the operations and compliance layer over the same tamper-evident rows, for when you have a fleet, an auditor, and a 2 a.m. page. membrane reads those same rows for the AI-engineering lens.

How It Works

The SRE and Compliance Lens Over the Same Substrate.

fleet and membrane read the same fasten rows, one data plane, two lenses. fleet is the fleet and compliance view; membrane is the AI-engineering view. The SDK keeps recording whether or not you run either.

  • Reads any fasten reader endpoint, no re-instrumentation.
  • One request_id correlates the three streams across the fleet.
  • Hosted or self-hosted / air-gapped, your data, your cloud.
fleet query
$ fleet query --req 3a7b1c --stream all node-07 api POST /refund actor=agent:cs-12 node-07 audit REFUND_ISSUED target=usr_42 node-11 sys webhook.stripe plan=cancelled correlated across 3 nodes · 3 streams # one id · hash-chained · Rekor-sealed

Observability

Rate, errors, latency, and the trace, from your own streams.

No separate metrics pipeline. fleet derives RED graphs, requests, error rate, p50/p95 latency, straight from the API and audit streams, and renders any request_id's correlated events as a trace. For request-level observability you don't need a second tool; host/infra metrics stay wherever they live.

Investigate

Plain English in. Cited cross-stream answer out.

The three streams threaded by one request_id already render as a live 3-pane view in the TUI, the fleet UI, and any HTTP consumer of the reader API. The investigation surface adds a plain-English chat on top of that, the agent calls reader tools across audit, sys, and api, and returns an answer where every claim cites a hash-chained row by (monotonic_seq, hash). BYO-LLM, self-hostable, air-gapped friendly.

fleet UI Investigator. Audit · API Access top (50/50), Sys Log terminal bottom · shipped today

fasten-tui. Rich TUI, Tab to rotate primary pane, SSH-friendly

the chat surface, additive on top of the 3-pane view, same reader API underneath

Ask in plain English. Get a cited answer.

The chat sits at POST /api/v1/investigate. The agent calls reader tools across audit, sys, and api, and a post-loop validator rejects any answer whose factual claims don't carry (monotonic_seq, hash). The operator can re-verify the audit citation against the chain doctor independently.

  • BYO-LLM. Anthropic, OpenAI, or a self-hosted endpoint (vLLM / Ollama).
  • Tenancy is dispatcher-injected, never a free model parameter.
  • Per-tenant cost cap + daily-spend telemetry, surfaced in fleet UI.
  • External agents plug in via the MCP server. Claude Desktop, Cursor, your own.
fleet · chat
> Why did request 3a7b1c fail at 14:32, and was any audit row tampered with around that time? # calling tools across audit · sys · api… POST /v1/refund [api 14:32:01 · seq=8412] "stripe webhook 502" [sys 14:32:03 · seq=8413] REFUND_ROLLED_BACK r-901 [aud 14:32:04 · seq=8414] doctor: chain OK in window · no tampering Answer: request 3a7b1c failed because the Stripe webhook returned 502; the audit stream shows REFUND_ROLLED_BACK within 4s. Chain is intact. # every claim resolves to a (monotonic_seq, hash) pair above

MCP Server

Plug Any Agent Into Your Data

Claude Desktop, Cursor, or your own agent, single-binary MCP server exposes the reader API as typed tools. BYO-LLM. Data never leaves your network.

/investigate · chat

Plain English Across 3 Streams

The agent calls reader tools across audit, sys, and api in one loop, and a post-loop validator rejects any claim that doesn't carry (monotonic_seq, hash). Additive on top of the live 3-pane view.

Air-Gapped CLI

fasten investigate "…"

Static Go binary, no browser required. Runs against a local fasten store with a local LLM key, industrial and regulated sites that can't open a browser get the same surface.

The Differentiator

Investigators built on telemetry substrates summarise what they found. fasten cites the specific row a claim depends on, and the chain proves the row was unaltered. The only investigator a compliance reviewer can accept evidence from, whether the question is about a refund, a kubernetes deploy, or an agent tool call.

What's Inside

Inside the Data Plane.

Metrics

Rate · Errors · Latency

RED graphs derived from the API and audit streams, requests/min, error rate, p50/p95 latency, top routes. No separate metrics pipeline to run.

Traces

Request Waterfall

One request_id's audit, sys, and API events on a shared timeline, the correlation fasten already records, shown as a trace.

Query

Three-Stream View

Audit, sys, and API in one query over any fasten reader endpoint.

Scale

Fleet Aggregation

Multi-node audit aggregation across the fleet, one queryable plane.

Compliance

Compliance Reports

SOC 2 · HIPAA · GMP · ISO 26262 · FSSC 22000, generated from typed rows.

Integrity

Tamper-Evident Archive

Chained hashing plus a Sigstore Rekor seal for independent verification.

Lifecycle

Tiered Retention

Hot (Postgres), cold (S3 + Parquet), and WORM, policy-driven lifecycle.

Governance

SLA · SSO · RBAC

SLA-backed support, SSO, tenant isolation, and an audit log of the audit log.

Investigation

Cited /investigate

Ask a question, get an answer that cites (monotonic_seq, hash) rows, re-verify against the chain. BYO-LLM, three modes.

MCP

Self-Hostable MCP Server

Expose the reader API as typed tools to Claude Desktop, Cursor, or your own agent. Data never leaves your network.

Do I Need fleet to Use fasten?

No. The fasten SDK is Apache-2.0 and complete on its own, single-node and small-fleet deployments use it alone. fleet is the commercial layer for fleets and regulated buyers: you pay us to carry the 2 a.m. page, the auditor meeting, and the fleet.

Operations and Compliance Liability. Without Building It.

Code, a team can build. The 2 a.m. page, the auditor meeting, and the fleet, they shouldn't have to. fleet is in active development with design partners, tell us about your fleet.

Talk to UsS See membrane
fasten

fasten fleet is built by nerdAppLabs, on the fasten substrate.

Products
fastenmembranefasten fleetmbnl · control, part of membrane
Resources
DocsHow It WorksWhat's InsideWhy fastenContact
© 2026 fasten · nerdAppLabs Software Solutions Pvt. Ltd.SDK Apache-2.0 · membrane & fleet commercial