Platform

One system to design, run, and govern agent workflows.

Ballast is the layer between a prompt and production: a visual builder that compiles to a checkpointed execution engine, with observability and governance built into the same surface.

Primitives

Six node types. Every workflow.

Complex agent systems reduce to a small set of composable primitives. Each one is fully configurable and compiles to real executable graph state.

Agent

An LLM call with a scoped system prompt. Writes its output into run state.

model · system_prompt · temperature · max_tokens · output_key

Tool

A typed side effect — HTTP request, Slack message, email — with templated params.

tool_name · params · output_key

Condition

Evaluates an expression against run state and selects the matching branch.

expression · edges: true / false

Loop

Repeats its body while an expression holds, with a hard iteration ceiling.

expression · max_iterations

Human Gate

Pauses the run and waits for an approval decision. State is checkpointed first.

prompt · approve / reject · optional input

Merge

Fan-in barrier. Waits until every incoming branch has completed.

no configuration — pure synchronization

Lifecycle

From canvas to execution.

The graph you see is the graph that runs. No translation layer, no drift between the diagram and the deployment.

01

Design

Compose nodes and edges on the canvas. Every node exposes its full configuration — prompts, models, params, timeouts — in a side drawer. Saves are versioned; every publish snapshots an immutable graph.

02

Compile

The graph JSON compiles to an executable plan: adjacency, fan-in barriers, branch conditions, and loop bounds are validated before a single token is spent.

03

Execute

The engine walks the plan with a checkpoint after every node. Human gates pause the run; approvals resume it from the exact node it stopped at — even across process restarts.

04

Observe

Every step streams over WebSocket as it happens: status, inputs, outputs, duration, and cost in USD. The full trace persists for audit and replay.

Reliability

Built for failure.

Production means processes die, APIs flake, and models time out. The engine assumes all three.

Retries with exponential backoff

Transient failures retry per node with configurable limits. A flaky API call does not fail a workflow.

Hard per-step timeouts

No agent hangs a run. Every node has a deadline and a defined failure path when it passes.

Bounded loops

Loops carry a mandatory max_iterations ceiling. Runaway agent cycles are structurally impossible.

Resume from any checkpoint

Failed or interrupted runs restart from the last persisted state — never from the beginning.

Structured, validated output

Give an agent a JSON Schema and its reply is parsed, validated, and auto-repaired by re-prompting on the errors — downstream nodes get typed objects, not hopeful string parsing.

Governed model fallback

Fail over only for approved, transient error classes — never on an auth error — and never to a model your governance allowlist forbids. Every fallback is recorded.

run r_7f3a · worker restart at step 3

ckpt_1ckpt_2ckpt_3kill -9resume from ckpt_3ckpt_4successcheckpoint persistedresumed execution

State is written to the database after every node. When the process died at step 3, nothing was lost — the run resumed from the last checkpoint in 42 ms and completed.

Observability

Every step, accounted for.

Token counts and USD cost are attributed to each individual step, not smeared across a monthly invoice. Success rate, latency, and spend roll up per workflow.

run r_9c21 · cost attribution

stepmodeltokenscost
classify_ticketclaude-haiku-4-51,204$0.0031
draft_replyclaude-sonnet-4-62,847$0.0261
review_gate$0.0000
notify_team$0.0000
total4,051$0.0292

Cost per outcome, not per token

A run that resolves a ticket for $0.03 is a business metric. Four million tokens is not. Ballast reports both, but leads with the one your CFO understands.

Live traces

Runs stream step events over WebSocket the moment they happen. The trace you watch live is the same record you audit later.

Failure forensics

Failed steps capture the exact input, error, and retry history — and the run stays resumable from its last checkpoint.

Governance

Governance is not an add-on.

Audit and approval are first-class engine features, not an enterprise tier bolted on later.

Immutable audit log

Every create, update, run, approval, and rejection is recorded with actor, target, and timestamp. Nothing is editable after the fact.

Approval gates

Any edge of a workflow can require a human decision. Approvers see the exact state the run paused with, and their decision is part of the trace.

Versioned workflows

Every save snapshots the previous graph. Runs record the version they executed, so you can always answer: what exactly ran?

Governance & policy events

Every runtime policy decision — a denied tool, a redacted field, a blocked model or fallback, a budget block, an override — is recorded as an inspectable event with redacted evidence. Enforcement you can audit.

DLP & tool permissions

Named PII field types and custom regexes are scrubbed before a prompt leaves the box; tools carry per-workflow and per-argument policies. All enforced at run time, so editing the graph can't bypass them.

Atomic budgets & overrides

Per-run and periodic spend caps enforced on every trigger surface, with atomic reservations so concurrent runs can't race past a limit — and an audited override when an admin needs to make an exception.

Eval gates on deploy

Set quality and cost thresholds on a workflow and a release is blocked server-side when the latest evaluation regresses. A regression prevents the deploy — it doesn't just warn.

Integrations

Works with your stack.

AnthropicOpenAISlackResendHTTPPostgres

See the engine run.

Open the console and run a checkpointed workflow in under a minute.