Diagrid is a developer of foundation-level technologies for workflows and autonomous AI agents. It is also the company behind the Distributed Application Runtime (Dapr). The organisation has this week updated to Dapr 1.18, with its extended services to manage AI agents, workflows and distributed applications. In a world where agentic AI services are becoming more autonomous, more dispersed and more tough to track in terms of provenance, privileges and power, should we view a distributed application runtime as an essential base substrate component in any modern intelligent system?
Provenance tracking is indeed key, says Diagrid, new capabilities in Dapr 1.18 digitally sign execution history, propagate trusted provenance across agentic services and “generate attestations” that allow software system auditors to verify exactly how work was performed.
What is agentic custody?
Specifically, the release introduces branded services including Workflow History Signing, Workflow History Propagation and Workflow Attestation – a triumvirate of tools designed to help software engineers cryptographically verify how work was performed, what agentic identity had “custody” i.e. where an agentic service has
autonomous data access, how its decision logic controls play out and what system tools, integrations and transactions it is capable of, and whether execution history has remained intact.
“The first wave of AI focused on making models intelligent. The next wave will focus on making AI systems trustworthy,” said Yaron Schneider, co-founder and CTO of Diagrid and chair of the Agentic AI Foundation Workflows Working Group. “When an AI agent approves a transaction, accesses sensitive data, or triggers a business process, organisations need the ability to prove what happened in a way that’s tamper-proof.”
Missing layers in AI & workflow infrastructure
Schneider suggests that, over the last decade, the technology industry has made progress in making distributed systems resilient. Applications can recover from failures, workflows can resume after crashes and AI agents can retry failed operations and continue execution across long-running processes.
But, he cautions, one critical question has remained largely unanswered i.e. can execution be verified?
When an AI agent makes a decision, invokes a tool, delegates work to another agent, or triggers a workflow, a number of questions arise:
- How can you prove what actually happened and by which identities?
- How can security teams verify that execution history was not modified?
- How can compliance teams establish a chain of custody for critical decisions?
- And how can downstream systems determine whether execution context can be trusted?
As noted above, Dapr 1.18 offers verifiable execution through three new capabilities:
- Workflow History Signing: Workflow execution history can be cryptographically signed, making execution records tamper-evident and independently verifiable, signed by application identities backed by the open SPIFFE (Secure Production Identity Framework For Everyone) standard.
- Workflow History Propagation: Execution lineage can travel across workflow, service and application boundaries, allowing downstream systems to understand and validate the origin and history of requests.
- Workflow Attestation: Activities and child workflows can receive attested execution context, enabling policy, security, compliance, and trust decisions based on verified provenance.
Taken together, Diagrid insists that these capabilities will allow software engineering teams starting to implement real-world agentic AI services a way to establish cryptographic chains of execution that extend across workflows, services, and AI agents.
“As organisations increasingly deploy AI agents into production environments, industry efforts have begun focusing on governance, interoperability and trust. Verifiable Execution represents an important step toward bringing cryptographic integrity and provenance to agentic systems,” said CTO Schneider.
AI decision provenance, compliance & operational accountability
He tells us that organisations are increasingly asked to prove things like AI decision provenance, regulatory compliance, operational accountability, data lineage and software and infrastructure integrity. The same principles that transformed software delivery through software signing, software attestations, and software supply chain security are now extending into workflow execution and AI systems.
Other highlights of Dapr 1.18 include the Jobs API for scheduling future and recurring work, which “graduates to stable”, backed by performance regression tests and ready for production-critical scheduled workloads. There is also hot-reloading for components and configurations (now generally available), enabling zero-downtime configuration updates without application restarts.
Actor applications can now open a single bidirectional gRPC stream to the sidecar to receive all callback types without exposing an inbound server port, simplifying networking and reducing attack surface.
Dapr community spirit
These capabilities were designed and contributed by engineers from Diagrid in collaboration with the Dapr community. As the primary contributor to Dapr and Dapr Agents, Diagrid promises the community it is invested heavily in advancing the future of durable execution, distributed systems and AI orchestration.
By combining durable execution, workflow history propagation, cryptographic history signing, workflow attestation, and verifiable execution provenance, the team says Dapr 1.18 extends durable execution beyond resilience and into trust. Dapr 1.18 can be installed via the Dapr CLI or upgraded on Kubernetes clusters via the free Diagrid Conductor service.