Platform
One system to design, run, and govern agent workflows.
Ballast is the layer between a prompt and production: a visual builder that compiles to a checkpointed execution engine, with observability and governance built into the same surface.
Primitives
Six node types. Every workflow.
Complex agent systems reduce to a small set of composable primitives. Each one is fully configurable and compiles to real executable graph state.
Agent
An LLM call with a scoped system prompt. Writes its output into run state.
model · system_prompt · temperature · max_tokens · output_key
Tool
A typed side effect — HTTP request, Slack message, email — with templated params.
tool_name · params · output_key
Condition
Evaluates an expression against run state and selects the matching branch.
expression · edges: true / false
Loop
Repeats its body while an expression holds, with a hard iteration ceiling.
expression · max_iterations
Human Gate
Pauses the run and waits for an approval decision. State is checkpointed first.
prompt · approve / reject · optional input
Merge
Fan-in barrier. Waits until every incoming branch has completed.
no configuration — pure synchronization
Lifecycle
From canvas to execution.
The graph you see is the graph that runs. No translation layer, no drift between the diagram and the deployment.
01
Design
Compose nodes and edges on the canvas. Every node exposes its full configuration — prompts, models, params, timeouts — in a side drawer. Saves are versioned; every publish snapshots an immutable graph.
02
Compile
The graph JSON compiles to an executable plan: adjacency, fan-in barriers, branch conditions, and loop bounds are validated before a single token is spent.
03
Execute
The engine walks the plan with a checkpoint after every node. Human gates pause the run; approvals resume it from the exact node it stopped at — even across process restarts.
04
Observe
Every step streams over WebSocket as it happens: status, inputs, outputs, duration, and cost in USD. The full trace persists for audit and replay.
Reliability
Built for failure.
Production means processes die, APIs flake, and models time out. The engine assumes all three.
Retries with exponential backoff
Transient failures retry per node with configurable limits. A flaky API call does not fail a workflow.
Hard per-step timeouts
No agent hangs a run. Every node has a deadline and a defined failure path when it passes.
Bounded loops
Loops carry a mandatory max_iterations ceiling. Runaway agent cycles are structurally impossible.
Resume from any checkpoint
Failed or interrupted runs restart from the last persisted state — never from the beginning.
Structured, validated output
Give an agent a JSON Schema and its reply is parsed, validated, and auto-repaired by re-prompting on the errors — downstream nodes get typed objects, not hopeful string parsing.
Governed model fallback
Fail over only for approved, transient error classes — never on an auth error — and never to a model your governance allowlist forbids. Every fallback is recorded.
run r_7f3a · worker restart at step 3
State is written to the database after every node. When the process died at step 3, nothing was lost — the run resumed from the last checkpoint in 42 ms and completed.
Observability
Every step, accounted for.
Token counts and USD cost are attributed to each individual step, not smeared across a monthly invoice. Success rate, latency, and spend roll up per workflow.
run r_9c21 · cost attribution
| step | model | tokens | cost |
|---|---|---|---|
| classify_ticket | claude-haiku-4-5 | 1,204 | $0.0031 |
| draft_reply | claude-sonnet-4-6 | 2,847 | $0.0261 |
| review_gate | — | — | $0.0000 |
| notify_team | — | — | $0.0000 |
| total | 4,051 | $0.0292 |
Cost per outcome, not per token
A run that resolves a ticket for $0.03 is a business metric. Four million tokens is not. Ballast reports both, but leads with the one your CFO understands.
Live traces
Runs stream step events over WebSocket the moment they happen. The trace you watch live is the same record you audit later.
Failure forensics
Failed steps capture the exact input, error, and retry history — and the run stays resumable from its last checkpoint.
Governance
Governance is not an add-on.
Audit and approval are first-class engine features, not an enterprise tier bolted on later.
Immutable audit log
Every create, update, run, approval, and rejection is recorded with actor, target, and timestamp. Nothing is editable after the fact.
Approval gates
Any edge of a workflow can require a human decision. Approvers see the exact state the run paused with, and their decision is part of the trace.
Versioned workflows
Every save snapshots the previous graph. Runs record the version they executed, so you can always answer: what exactly ran?
Governance & policy events
Every runtime policy decision — a denied tool, a redacted field, a blocked model or fallback, a budget block, an override — is recorded as an inspectable event with redacted evidence. Enforcement you can audit.
DLP & tool permissions
Named PII field types and custom regexes are scrubbed before a prompt leaves the box; tools carry per-workflow and per-argument policies. All enforced at run time, so editing the graph can't bypass them.
Atomic budgets & overrides
Per-run and periodic spend caps enforced on every trigger surface, with atomic reservations so concurrent runs can't race past a limit — and an audited override when an admin needs to make an exception.
Eval gates on deploy
Set quality and cost thresholds on a workflow and a release is blocked server-side when the latest evaluation regresses. A regression prevents the deploy — it doesn't just warn.
Integrations
Works with your stack.
See the engine run.
Open the console and run a checkpointed workflow in under a minute.