The layer your AI agents
answer to.

You run five coding agents. Name one change from last week that was verified by anything other than the agent saying "done." FlightDeck is an AI organization operating system — the governance layer that turns agent output into independently verified, budgeted, auditable work.

Clone the repo and run the demo seed

Need SSO, signed events, or audit export? Email dorrian@agent-forge.app for the EE waitlist.

FlightDeck executive operations center: org health, initiative portfolio with risk and forecast, evidence-backed optimization proposals, flow map with drag detection

The executive operations center after the demo seed runs. Velocity counts only CI-attested changes — on unverified work it reads 0, by design.

The category argument

Agents are the cheap, replaceable part.

Every AI-agent product sells you more agents. That is the wrong layer to invest in. Agents get swapped, upgraded, and deprecated. The durable asset is the layer they answer to: a ledger of evidence, budgets that bound autonomy, and verification that only counts independently attested work.

You cannot run a business on agent self-reports. The moment two agents touch the same codebase, you already have the trust problem — whose "done" counts?

FlightDeck is that layer. Not another bundle of agents. Not a dashboard that repeats what agents claim. A control plane: nothing counts as done until CI independently attests it, nothing spends without a budget, and every decision lives in an append-only ledger. We built it and Apache-licensed it.

Unlike agent frameworks and LLM observability tools (LangSmith, AgentOps, or any "bundle of agents"), which add more agents or trace their calls, FlightDeck governs the organization itself. Different layer of the stack. Keep your tracing tools.

Five mechanisms

Each names its guarantee.

01

The Ledger

Every decision, every piece of evidence, every event — appended, never edited. Evidence is never refused; the audit trail is sacred. Authority is what gets gated, not information. Zero-dependency file ledger to start; Postgres when you want it. Your org's record lives on your infrastructure, not someone else's SaaS.

02

Budgets & Escalations

Every work item carries a budget. Overspend does not fail silently and does not proceed silently — it auto-escalates to a human decision. Autonomy is bounded by explicit numbers, not by hoping the agent stops.

03

The Verification Plane

Velocity only moves on work independently attested by CI. GitHub check runs become verified evidence in the ledger. Synced commits stay unverified until CI attests them. Agents cannot say "done," and they cannot impersonate each other — every agent holds its own hashed API key.

04

The Org Optimizer

Six ledger-signal detectors read the append-only record and propose changes with evidence, projected impact, and risks. It only proposes; humans decide. Its first act on real data was diagnosing its own maker.

05

The Executive Operations Center

Air traffic control, not a chat window. Org health. Initiative portfolio with risk and forecast. Flow map with drag detection. Approvals queue. Business outcomes scorecard — NRR, gross margin, tickets per 1k users. And if nothing is verified, it shows you zero.

How it works

One container. One HTTP call. One screen.

1

Run the container

Single container, self-hosted on your cloud or fully air-gapped. Zero-dependency file ledger to start; Postgres when you want it. Verified in CI on every commit — 56 automated tests including a Postgres integration suite.

2

Point agents and CI at one endpoint

Agents from any framework or language integrate with one HTTP call. No SDK. Your CI attests completed work via GitHub check runs, which land in the ledger as verified evidence.

3

Open the operations center

Run the demo seed and the exec view populates in minutes: portfolio, budgets, approvals, outcomes. Then note that velocity reads 0 until CI attests something. That is honesty as a demo moment.

$ docker compose up  # dashboard + API on :4400
$ curl -X POST localhost:4400/api/v1/events -d '{"type":"evidence_bundle", ...}'  # any agent, any language

Proof — built with itself

No customers yet. Here is what we have instead.

We will not show you invented logos or testimonials, because none exist. The substitute is radical dogfooding — FlightDeck's public repo history is the case study.

Self-attesting CI

FlightDeck dogfoods itself: its own GitHub Actions CI attests its own commits into its own ledger. Its velocity metric is CI-verified changes on itself.

The optimizer diagnosed its maker

The org optimizer's first proposal on real data flagged FlightDeck's own project. We shipped it anyway. That is the product.

Velocity 0 is honest

Unverified work shows velocity 0 on our own dashboard. That is not a bug; it is the entire point. A metric that can be inflated by an agent's self-report is not a metric.

"Cap flightdeck at Prototyper budgets (no reality port)."

— the FlightDeck org optimizer, first proposal on real data, about FlightDeck itself. Built in the open by one founder plus AI agents, coordinated through FlightDeck itself.

FAQ

Asked straight, answered straight.

Isn't this just another dashboard?

No. Dashboards report what agents claim. FlightDeck is a control plane: budgets gate spend, escalations route overspend to humans, and the velocity metric refuses to move on unattested work. The exec view is air traffic control, not a chat window — and if nothing is verified, it shows you zero.

Why not LangSmith or AgentOps?

Different layer. Those are observability and tracing for LLM calls — useful, keep them. FlightDeck is org-level governance: budgets, independent verification, decisions, and an append-only audit trail. Tracing tells you what an agent did inside a call; FlightDeck decides what the org accepts as done and what it's allowed to spend.

I don't have enough agents for this.

It's valuable from roughly 2 agents plus a CI pipeline. The moment two agents touch the same codebase, you already have the trust problem: whose "done" counts? One container, one HTTP call — the setup cost is an afternoon, not a platform migration.

Self-host sounds like friction.

It's one container. Zero-dependency file ledger to start, Postgres when you want it, fully air-gapped if you need it. Self-host is the point for this buyer: your org's ledger of decisions and evidence should not live on someone else's SaaS. Verified in CI on every commit.

Is the Community Edition crippled?

No. CE is the full product under Apache-2.0: ledger, budgets, escalations, verification plane, org optimizer, executive operations center. EE adds enterprise controls — SSO/RBAC, signed events, audit export, hardening, support SLA. If you never email the waitlist, you still have the whole thing.

License

Open-core. CE is the full product.

Community EditionEnterprise Edition
LicenseApache-2.0, freeWaitlist
Append-only ledgerYesYes
Budgets and escalationsYesYes
Verification plane (CI attestation, per-agent hashed keys)YesYes
Org optimizer (six ledger-signal detectors)YesYes
Executive operations centerYesYes
Self-host, single container, air-gappedYesYes
SSO / RBAC · Signed events · Audit export · Hardening · Support SLAYes

If you never email the waitlist, you still have the whole thing.

Whose "done" do you actually trust?

The demo seed populates the executive operations center in minutes. Watch velocity sit at 0 until CI attests something — then decide if that honesty is what your org has been missing.

Clone the repo and run the demo seed

Need SSO, signed events, or audit export? Email dorrian@agent-forge.app for the EE waitlist.