Machinaut
Join waitlist

Roadmap

What's built, and what isn't.

Candor is a project invariant: everything here is labelled by honest status, not by ambition. As of June 2026 Machinaut is in active development against Lodestar v0.4.0 — P0 (ingest, explorer, share) and the calibration + sentinel halves of P0.5 are built; the live approval loop is the one piece still blocked on an OSS dependency. Nothing is generally available yet.

Status key:ShippedLive & usableBetaUsable, hardeningIn developmentCode built; not yet GAIn designDesigned; awaiting a dependencyPlannedSequenced, not started
The launchable public free tier is P0 + P0.5 together. P0 is unblocked — the OSS shipper (ADR-0014) landed in Lodestar v0.4.0. The one remaining hard blocker is the approval channel (ADR-0015), still Accepted-but-not-built in the Lodestar repo — Machinaut only consumes the result.
  1. P0

    Ingest + Explorer + Share

    In development

    The funnel and infra. Get local NDJSON off the box, store it tenant-scoped, and render the existing Lodestar chain/report behind a hosted, multi-tenant explorer with shareable links.

    • session_ship@1 ingest endpoint (POST /v1/events)
    • Tenant-scoped storage + auth
    • Hosted explorer over projectChain / renderReport
    • Shareable session links

    Gating dependency. Shipper (ADR-0014) landed in Lodestar v0.4.0 — P0 unblocked. Ingest, storage, and the explorer are scaffolded against the pinned contracts.

    Done when A solo dev runs lodestar ship and gets a hosted, shareable chain-report link in minutes; storage is tenant-scoped; auth works.
  2. P0.5

    Approval Inbox + Calibration

    In development

    The differentiator. A read-only explorer alone loses to Langfuse — the approval inbox is what makes this a trust layer. The calibration + sentinel halves are built; the live approval loop is the one piece still blocked on an OSS dependency.

    • Calibration dashboard, per-class ECE / Brier (built — calibration.computed@1 stable in -core)
    • Sentinel alerting → Slack / email (built — sentinel.alerted@1 stable in -core)
    • Approval relay endpoints (built to spec)
    • Hosted approval inbox + customer-side verification (live loop awaits ADR-0015)

    Gating dependency. The calibration + sentinel-alerting halves are unblocked and built. The live approval loop is the one hard blocker: the OSS ApprovalChannel HTTP transport (ADR-0015) is Accepted but not yet built; pendingApprovals also still needs to graduate to -trace.

    Done when A held push-to-main is approved from a phone, the signature verifies customer-side, and the action proceeds.
  3. P1

    Team governance

    Planned

    Make it a team product.

    • SSO / RBAC
    • Org & policy management
    • Hosted policy editor
  4. P2

    Moat + breadth

    Planned

    Widen the surface once the core loop is proven.

    • Memory-firewall console (read-only first)
    • Registry hosting — OSS pack-format landed in v0.4.0; gated on the pack schemas being declared stable
  5. P3

    Enterprise parity

    Planned

    What large customers require to adopt.

    • Residency & retention
    • SOC2 / ISO
    • On-prem / air-gapped
    • SLAs; customer-held approver keys

Self-host with Lodestar OSS is unlimited and free, forever. The cloud free tier covers the solo loop and is never gated — consistent with the open-core posture. Pricing meters on agent runs / traces; no per-seat on self-serve.