We added hash-chained workflow histories to Dapr Workflows (a Durable Execution engine).
Each batch of workflow events is cryptographically linked to the previous batch and signed using the SPIFFE workload identity that produced it. This makes workflow histories tamper-evident and allows verification of execution integrity, provenance, and identity.
The docs cover the design, verification model, and implementation details.
Happy to answer questions about the architecture or tradeoffs.
One pattern we've seen while building AI agents is that developers often have to make a frustrating choice between agent frameworks and workflow engines.
Frameworks like LangGraph, Strands, CrewAI, ADK, etc. already implement reasoning loops, tool execution, retries, and memory. But they typically don't provide durable execution—if the process crashes, the agent will restart from scratch. Some have very basic checkpoint systems that leave failure detection and resumption to the user, which is essentially the hard problem workflow engines solve.
The problem with workflow engines is they handle durability well but require developers to rewrite their agent logic inside the workflow system, which means rebuilding the agent framework from scratch.
This work aims to remove that tradeoff by allowing existing agent frameworks to get all the benefits of a durable workflow orchestrator without rewriting any part of their code.
Hi everyone, I performed a deep analysis of the code, runtime behavior and architecture of many popular agent frameworks and decided to publish a post with some initial findings on what I perceive to be critical gaps when it comes to guaranteed execution in real world scenarios, that shift the hardest problems to the users. Happy to discuss further
Each batch of workflow events is cryptographically linked to the previous batch and signed using the SPIFFE workload identity that produced it. This makes workflow histories tamper-evident and allows verification of execution integrity, provenance, and identity.
The docs cover the design, verification model, and implementation details.
Happy to answer questions about the architecture or tradeoffs.