Documentation

Tracebind — Getting started

A landing page for the docs surface. Full reference ships with the product and is provided to customers and design partners. Hosted docs migrate here as the public site stabilizes.

What Tracebind is

Tracebind is a deterministic compiler. It takes one input — an authorized browser session driven by a named operator — and produces one set of byte-reproducible outputs: an OpenAPI 3.1 spec, typed SDKs in TypeScript and Python (Go in beta), an Anthropic MCP server, a replay proxy stub, and a signed ArmoredLedger receipt bundle. The same session input on the same version of Tracebind yields the same output bytes every run.

For the long-form positioning, the technical explainer is provided to customers and design partners alongside the product.

Install

Tracebind runs anywhere systemd-nspawn does. The recommended deployment is on Voltainer, ArmoredGate's hardened container platform.

  • Linux host with systemd 250+
  • buildah, jq, nftables
  • Voltainer and ArmoredForge binaries (shipped to customers)
  • Auto Browser sources (vendored)
cd tracebind
sudo scripts/voltainer-up.sh

The Tracebind source tree is provided to customers and design partners under the multi-license matrix. Contact sales for access.

The script handles the full pipeline: buildah builds the OCI images, forge convert emits the Voltainer manifest plus content-addressed blobs, an override layer merges env / ports / bind mounts, and voltainer create + start bring both containers up on the voltbr0 bridge.

Quick start

npm install
npm run build
AUTOBROWSER_URL=http://10.89.0.4:8000 \
  npm run dev --workspace @tracebind/controller

The controller listens on :7401. The dashboard runs on :7402. Bind both to the loopback or to a private interface before exposing to a shared network.

Create a session

Every session takes a named operator. The operator id lands in the audit log and on every captured endpoint. There is no anonymous mode.

curl -X POST http://localhost:7401/sessions \
  -H 'content-type: application/json' \
  -d '{
    "name": "first-test",
    "startUrl": "https://httpbin.org",
    "operatorId": "karl"
  }'

Core concepts

Operator

A named human (or service principal) who drives a session. The audit log is keyed by operator id.

Session

A bounded capture window. One Playwright browser context, one operator, one or more starting URLs.

Endpoint

A normalized cluster of HTTP requests with the same method and path template. The unit of value Tracebind exports.

Spec

An OpenAPI 3.1 document compiled from one or more sessions over a single source application.

Artifact

An immutable, content-addressable output — spec, SDK tarball, MCP server tarball, evidence pack, attestation, manifest. Stored in the registry; referenced by digest.

Registry

Every paying tenant gets two buckets — private and public — backed by Bunny.net storage with path-prefix isolation. Both buckets serve every artifact kind the platform produces: Voltainer manifests, OpenAPI specs, SDK tarballs, MCP server tarballs, AL receipt bundles, in-toto attestations, and compliance evidence packs.

  • Content-addressable paths are immutable. Republishing means a new digest.
  • Versioned names are immutable per version. v3 never changes; v4 ships separately.
  • Pointers (latest, stable) are mutable named references; every rebind emits an AL receipt with the old and new target digests.
  • Public pulls serve direct from the CDN edge, no auth.
  • Private pulls require an authenticated signed-URL mint from the controller; 15-minute TTL by default, 5 minutes for high-sensitivity tenants. URL issuance is the auditable moment.

Per-tier storage and bandwidth quotas live on the pricing page.

Audit chain

Every Tracebind tenant at every paid tier gets operator-tagged, signed, ledger-anchored receipts by default. Premium-gating the audit chain would undermine the brand — the audit chain is the floor, not the upsell.

The receipt event kinds the registry emits:

  • registry.push — every successful artifact push
  • registry.url_issued — every signed-URL mint for a private pull
  • registry.delete — every artifact deletion (with required justification)
  • registry.pointer_updated — every latest rebind, with old + new digests
  • registry.hostname_activated / _revoked — every custom-hostname lifecycle event

Public artifacts can additionally be Sigstore-signed when the tenant enables signing. The signature lands at public/<path>.sig; the digest is captured in the push receipt.

MCP emission

Every Tracebind output ships an Anthropic MCP server tarball. Drop it into Claude Desktop, Cursor, Devin, or any MCP host: one tool per endpoint, auth via environment variables (the emitter denylists the Authorization header from agent control), and an optional custom-header passthrough for tenant routing.

The four @armoredgate/* MCP wrappers expose the rest of the portfolio (Voltainer, ArmoredLedger, ArmoredForge, Armory) to agents the same way. The conversational layer that coordinates them is Tessera.

Cookbook

  • 01 · Compile a SaaS into an SDK and deploy a poller in 10 minutes
  • 02 · The SOC 2 vendor-audit evidence pack
  • 03 · Supervised human → agent handoff with consent

Cookbook recipes ship with the product. Contact sales for access or to talk through a specific integration shape.

Tessera

Tessera is the conversational layer above the ArmoredGate MCP suite. Precise, dry, principled. It reads back manifests, gates destructive operations on confirmation, refuses to deploy without an AL receipt, and declines stealth / bypass / unauthorized-system requests in one sentence with one sentence of reason.

Read the brand book for the full persona, the five refusals, and the sample prompts.