Trust governance Platform team in a box Build production-ready

Fastpace

Ship faster. With governance.

Deliver production-worthy code with Claude Code Codex Gemini CLI Open Claude

With domain context, spec discipline, Jira/Linear integration and more. Every AI call leaves a signed receipt reviewers and auditors can trace.

$29/seat · first 5 seats free for 12 months · works with any AI agent

Buy Team → See pricing Get started ↓

The problem
How it works
Shared surface
PRD → ERD → plan
Skills
Agents
Integrations
Stack with
Adopt at your pace
Receipts
Vendor-agnostic
Primitives
Dashboards
Maturity
Get started
Pricing

claude · in repo/ · fastpace active

⚡ fastpaceis guarding you. what would you like to do?

feature: migrate auth to OIDC

branch: feat/oidc-migration

planningspecwrite testsimplementrun testsdocsPRpush

planning· 0%0 of 8

? approve? yesnoskip

The problem

Your AI agent is fast. Its output isn't fast to ship.

No domain context

The agent doesn't know your bounded contexts, your ADRs, your conventions, or your terminology. So it produces code that compiles but doesn't fit. You spend the saved time rewriting.

No spec discipline

"Build the X feature" is the prompt. The agent guesses at requirements. Three days later you discover the missing edge case nobody wrote down.

No backlog connection

The agent has no idea this work corresponds to JIRA-4128. So traceability dies. Reviewers can't tell why the change was made. PRs lack context.

Context depth

Better domain context → better code

Every artifact you add to the repo gives the AI runtime better understanding. Code quality compounds as context layers up — and it all lives in git. Each tier produces stronger audit evidence too: by L5, every decision has a reviewable rationale on file.

Code quality →

Expert High Fair Low

L1 · code only

L2 · + architecture

L3 · + PRD / ERD

L4 · + execution plan

L5 · + ADRs & learnings

code only

+ architecture

+ PRD / ERD

+ execution plan

+ ADRs & learnings

Context depth →

Tier

Context added

What the AI can reason about

Code only

AI ignores business intent, conventions, and history.

+ architecture & patterns

AI follows conventions, but lacks business-domain awareness.

+ PRD / ERD

AI respects acceptance criteria and interface contracts. ↳ ISO/IEC 42001 §8.4 evidence on file

+ execution plan

AI respects phase boundaries and dependency ordering. ↳ phase boundaries = approval checkpoints · EU AI Act Art. 14

+ ADRs & learnings

Complete institutional awareness. AI avoids repeating past mistakes. ↳ ADRs = SOC 2 CC8.1 + NIST AI RMF GOVERN-3.2 evidence

Measure & improve

Track and improve repo quality

Six dimensions, one grade. Each fix maps to a skill that closes the gap.

In Claude Code

/fp-context-score alias: /fp-repo-quality

Top-3 ranked fixes, each tied to a skill. Read-only.

In your terminal

fastpace context-score alias: fastpace repo-quality

Deterministic, no LLM call. Drop into CI.

--explain --json --debug

$ fastpace repo-quality

⚡ fastpace repo quality · grade B (74)

  ✓ doc inventory          88   A   (7/9 files present, glossary thin)
  ✓ why-density            71   B   (18% of comments explain why; target 25%)
  ! decision links         42   D   (0.4 refs/kLOC — sparse)
  ✓ docstring richness     79   B   (61/77 exports rich)
  ! vocabulary             55   C   (11/20 top terms in glossary)
  ✓ freshness              92   A

  weighted total: 74 / 100  ·  grade B

top-3 fixes (impact / effort)
  1 ▸ +6 pts · /fp-teach glossary             — define 9 missing top-terms (~20 min)
  2 ▸ +5 pts · /fp-write-adr                  — capture 3 large untracked calls (~45 min)
  3 ▸ +3 pts · docstring sweep                  — src/billing/ · 9 of 11 exports bare (~30 min)

Shared surface

One surface for product, eng, and compliance

No more shuffling artifacts between Confluence, Jira, Slack, slide decks, GRC tools, and audit binders. Every team — from product to compliance — works against the same git-backed source of truth. Committable, reviewable, audit-ready.

Product

Write PRDs, not tickets

Architects

Approve ERDs and ADRs

Developers

Ship features with guardrails

Leaders

See reality, not slideware

DevOps

Codify deploys, runbooks, alerts

Security

Review every decision

Risk

Track exposure, mitigations

Compliance

Audit-ready by default

Your repo

git · audit-ready

Spec-driven development, upgraded

PRD → ERD → execution plan, in your repo

Spec-driven dev usually stops at the spec. fastpace doesn't. PRDs become engineering designs (ERDs); ERDs become execution plans of waves, epics, and stories — grounded in your architecture, decisions, and patterns. Every artifact is a reviewable file in your repo, not a ticket in a separate tool. Tab through the steps.

Architectural pattern The lifecycle implements Plan-Then-Execute — tool calls are planned (PRD → ERD → execution-plan) before any agent is exposed to untrusted content during implementation. Specialist subagents (planner, reviewer, erd-guru) operate as Dual-LLM-shaped: a privileged coordinator orchestrates scoped specialists in fresh contexts.

Each step commits a reviewable artifact: PRD.md· ERD.md· execution-plan.json· watch-cards/· audit.log· status-reports/

Better PRDs

PRDs the AI can verify against your code

Most PRDs get written in a vacuum — assumptions about what exists, vague success metrics, no awareness of conflicting prior decisions. /fp-write-prd runs a structured interview, then cross-references every answer against the repo before writing the artifact.

interview /fp-write-prd credit-card-validation

Q. who hurts today?

user checkout shoppers typing bad credit cards

Q. what triggers the pain?

user no client-side validation; payment service rejects on submit

Q. success metric?

metric 40% fewer rejected card submissions

Q. in scope?

scope card number, expiry, CVC format checks

Q. out of scope?

scope 3DS, fraud scoring (later phase)

Q. rollout?

rollout 10% canary → 100% over 2 weeks

output fastpace/docs/prd/credit-card-validation.md

Problem shoppers · pain · trigger ✓
Goals measurable outcomes ✓
Non-goals explicitly excluded ✓
Users who benefits, who doesn't ✓
Success one north-star metric ✓
Scope in / out / later ✓
Open issues unanswered questions ✓

✓ wrote credit-card-validation.md · status draft

Why "grounded"? The interview is just the input. The PRD is reconciled against your repo before it lands.

cross-ref Compared answers to src/checkout/*.ts — flagged 2 capabilities already implemented.

glossary Used canonical term "checkout" (from glossary.md) instead of "purchase flow" from your input.

decisions Detected conflict with ADR-0003 (no PII in client logs) — surfaced for review.

patterns Suggested following the existing retry-with-backoff pattern from patterns.md.

PRD → ERD

Grounded designs

/fp-prd-to-erd reads the PRD and your fastpace/context/. The ERD that comes out already knows your decisions, your patterns, your domain terms.

PRD credit-card-validation.md approved

Problem

Checkout submits fail for 12% of users because bad card numbers aren't caught until the processor rejects them.

Who

Logged-in shoppers at checkout.

Goal

Reject invalid cards client-side before submit. Drop rejection rate below 3%.

Non-goals

Fraud scoring. Chargeback handling.

Success metric

Checkout submit success ≥ 97% (7-day average).

DOMAIN CONTEXT fastpace/context/

decisions.md

2025-02-14 — No PAN in logs. CVC never stored.

→ decides the security section

architecture.md

Checkout handler is POST /api/cart/submit · Express middleware chain.

→ fixes the entry point + boundary

patterns.md

## retry-with-backoff — withRetry(fn, { tries: 3, base: 200 })

→ picks the retry idiom

glossary.md

tenant — top-level partition. luhn — checksum.

→ names stay correct

ERD credit-card-validation.md drafted by Claude

Interface contract

POST /api/cart/submit pre-validates with validateCard(pan, month, year, cvc). from architecture.md

Acceptance criteria

• luhn checksum passes · • expiry in the future · • cvc is 3–4 digits names from glossary.md

Security

PAN never logged. CVC never stored. Redact in all error paths. from decisions.md (2025-02-14)

Reliability

External BIN lookup wrapped in withRetry(fn, { tries: 3, base: 200 }). from patterns.md

Rollback

Feature-flag cc_client_validation. Default off.

/fp-prd-to-erd credit-card-validation

→ drafted ERD at fastpace/docs/erd/credit-card-validation.md · 4 context files consulted

grounded

ERD → Execution plan

Plans that know your codebase

/fp-erd-to-execplan breaks an ERD into waves, epics, and stories — but sized by your architecture, patterns, learnings, and prior plans. Not generic estimates.

ERD credit-card-validation.md approved

Contract

POST /api/cart/submit with validateCard(…)

Acceptance

luhn · expiry · cvc 3–4 digits · BIN lookup fallback

Security

PAN redacted; CVC never stored

Reliability

Retry with backoff; idempotent server path

Rollout

Feature flag, 10% canary

DOMAIN CONTEXT fastpace/context/ + prior plans

architecture.md

Modules: checkout · billing · notifications. Shared @core/http for retries.

→ picks the modules each story touches

patterns.md

## retry-with-backoff · ## idempotency-key · ## feature-flag

→ reuses proven idioms → fewer stories

learnings.md

2025-03-02 — retry storms without jitter caused a thundering herd on recovery.

→ inserts a "jitter" story into wave 2

exec-plans/prior.json

Last feature of this size shipped in 3 waves · ~42h.

→ calibrates hour estimates

EXECUTION PLAN credit-card-validation.json 3 waves · 38h

waves

epics

stories

on critical path

Validate client-side

1 epic · 3 stories · 12h

E1 client validation

S1 luhn + expiry checker patterns.md 4h ▸

S2 cvc format guard 2h ▸

S3 error UX states 6h

Wire retries & server path

2 epics · 5 stories · 18h

E2 BIN lookup + retry

S4 withRetry wrapper patterns.md 3h ▸

S5 jitter on 5xx learnings.md 3h ▸

S6 idempotency header patterns.md 4h ▸

E3 server pre-validate

S7 submit middleware architecture.md 5h ▸

S8 PAN redaction logs decisions.md 3h

Roll out

1 epic · 2 stories · 8h

E4 feature flag + metrics

S9 flag on 10% canary patterns.md 3h ▸

S10 dashboards + alerts 5h

/fp-erd-to-execplan credit-card-validation

→ saved fastpace/exec-plans/credit-card-validation.json · opens in fastpace ui to assign names & track progress

calibrated

Feature lifecycle

Backlog → Done

Domain context and spec is the new code Lock in the what and the why before any code gets written.

Planning

Spec

Write tests

Implement

Run tests

Document

Create PR

Push

/fp-new-feature · credit-card-validation

1 ⚡ planning

  problem:   pasting card numbers is error-prone
  user:      logged-in shoppers at checkout
  goal:      reject invalid cards before submit

✓ approve planning? yes

2 ⚡ spec
  drafting fastpace/docs/erd/cc-validation.md…
  • contract: validateCard(pan, month, year, cvc)
  • data model: no schema change
  • security: no PAN logged; CVC never stored
  • acceptance: luhn pass, expiry future, cvc 3-4 digits

✓ approve spec? yes

3 ⚡ write tests
  writing 14 failing tests in tests/cards.test.ts…

◐ phase 4 · implementing 0%
↳ state saved · watch-cards/credit-card-validation.json

Every phase

produces a durable artifact

Planning

problem · user · goal

✓

Spec

ERD · contracts · security

✓

Write tests

failing tests

◐

Implement

code to make tests pass

Run tests

green suite

Document

README · inline docs

Create PR

PR draft from ERD

Push

branch + PR opened

Approval gate per phase (developer / lead / architect)

State saved to watch-cards/ — resume any time

No push or PR without your explicit approval — ever

Stop, leave, come back

Pick up where you left off

Start working on a feature. Close your laptop. Come back tomorrow. State is saved after every phase — branch name, base branch, risk class, completed phases — so any AI or any engineer can reconstruct the full context in flight.

Artifacts persisted with the state
Watch cards at fastpace/watch-cards/<feature>.json
Swap models tomorrow — the card still works
Multiple features in flight at once — no merge conflicts in state

Credit card validation

feat/credit-card-validation → main

● medium risk updated 2h ago

✓ planning ✓ spec ✓ write tests ◐ implement run tests docs PR push

implement 0% 3 of 8 phases

Approvals

planning developer spec team_lead implement awaiting…

Artifacts

fastpace/docs/specs/cc-validation.md

resume with — Claude rehydrates the full state from this card.

Status reports

No more Jira-to-slides

fastpace reads your PRDs, ERDs, execution plans, git history, and in-flight features — then generates a structured report for leadership in seconds. Pick a period, an audience, the sections you want, and hit one button.

localhost:7777 / status-reports

Status reports

Configure the period and audience, pick what to include, then generate.

Report criteria

Reporting period

last 7 days

Audience

VP of Engineering

Include in report

✓ Last 7 progress ✓ Execution plan ✓ Risks / blockers ✓ Next 7 days

✓ saved to fastpace/docs/status-reports/2026-04-23-vp.md

Generated report ↓ rendered preview · saved to docs/status-reports/

Period

last 7 days

Audience

VP of Engineering

Last 7 days · progress

3 features

Credit card validation44% → 62%implement · Priya

Migrate auth to OIDC6% → 14%spec · Lee

Rate-limit endpoints58% → 82%create-pr · Sam

Execution plan

on track

Q2 · 9 weeks

Apr 1 — Jun 3

W1W2W3W4W5W6W7W8W9

cc-validation

62%

oidc

14%

rate-limits

82%

done active planned blocked

Risks & blockers

1 red · 1 yellow

OIDC rollout blocked

security sign-off pending

path to green security team review · ETA Tue · owner: Lee

Rate-limit provider at risk

quota changes possible next quarter

path to green draft fallback adapter · ETA this sprint · owner: Sam

Critical findings clear

none open this period

Next 7 days · priorities

Mon → Fri

Ship cc-validationcanary 10%Mon · Priya

Close OIDC specsign-offTue · Lee + legal

Publish rate-limits post-mortemdraftWed · Sam

Reports save as committable markdown in fastpace/docs/status-reports/ — the team gets a permanent version-controlled record.

25+ slash commands

Skills — daily-reach commands across five categories.

Skills are slash commands your AI agent runs against your repo. Not generic prompts — they're scoped to a job, read your domain context, and produce structured output. Drop your own in .claude/skills/ and they show up immediately.

Spec discipline

/fp-discover Bootstrap domain context for a new repo. 5–10 minutes; outputs L1–L2.
/fp-write-prd Interactive PRD authoring. Agent drafts; you redline.
/fp-prd-to-erd Reads the PRD, produces entities, relationships, decisions, edge cases.
/fp-erd-to-execplan Sizes the work as waves → epics → stories with hour estimates.
/fp-write-adr Captures an architectural decision with the context that produced it. Adds to L5.

Code quality

/fp-context-score Grade your repo's domain context (0–100) across coverage, freshness, vocabulary, decisions, patterns, learnings.
/fp-review Run code-reviewer agent against the current diff. Catches "contradicts ADR-007" issues.
/fp-refactor Suggests refactors aligned to your patterns + ADRs. Doesn't propose generic improvements.
/fp-test-gen Generates tests against your existing test patterns. Respects your conventions.

Backlog sync

/fp-pull-issue Pulls a Jira / Linear issue into AI context. Body, comments, linked PRs.
/fp-link-commit Annotates a commit with its source ticket ID + AI summary. Comments back on the issue.
/fp-pr-summary Generates the PR description from the run manifests + ticket context. No more "wip" PRs.

Reflection

/fp-status One-liner status: AI commits today, reliability, context score, in-flight stories.
/fp-explain Why was this AI line of code generated? Walks back through the manifest + prompt hash.
/fp-bisect When AI-generated code broke something, find which run manifest produced the regression.
/fp-learnings Captures a lesson learned. Adds to fastpace/context/learnings.md (L5).

Maintenance

/fp-context-refresh Walks fastpace/context/ for stale references, missing patterns, terminology drift.
/fp-doctor Diagnoses your install: identity, manifest, hooks, audit chain.
/fp-verify Walks the audit chain; reports tamper status. Exit 0 = pass.

See the full skills reference →

7 specialists

Agents — bundled, scoped, with daily jobs.

Most "AI for code" tools have a single chat agent. fastpace ships seven specialists, each with explicit scope (allowed tools, paths, command patterns) and a daily job to do.

/onboarder

Spins up new repos and engineers fast.

Daily use: New hire? /onboarder gives them a personalized walkthrough pulling from your real ADRs and patterns.

/architect

Drafts ERDs and execution plans from PRDs.

Daily use: Use it before any feature kickoff. /fp-prd-to-erd then /fp-erd-to-execplan.

/code-reviewer

Reviews PRs against your patterns + ADRs.

Daily use: Wire into PR-review hook. Comments inline. Saves senior-dev cycles.

/security-reviewer

Catches security issues before they ship.

Daily use: Pre-merge gate. Flags hardcoded secrets, broken IAM, sketchy regex.

/evidence-curator

Surfaces the receipts when reviewers ask.

Daily use: "Show me what produced this code" becomes one command.

/context-curator

Keeps L1–L5 context fresh.

Daily use: Weekly chore — runs in CI, reports what needs updating in fastpace/context/.

/debugger

Investigates AI-generated regressions.

Daily use: Walks the audit chain, finds the run manifest that produced the failing line, suggests a fix that respects original constraints.

See the full agents reference →

Backlog sync

Integrations — your real backlog ↔ AI context, bidirectional.

Real backlog flows into agent context; AI commits flow back to the issue. Traceability survives the loop.

Jira Atlassian Cloud + Server

Stories pulled into AI context. Generated code linked back via commit trailers + auto-comments on the issue.

Linear GraphQL native

Issue → context flow + AI commit ↔ issue linking. Status transitions configurable per team.

Confluence Atlassian docs

Pages cached as L2 context — architecture diagrams, glossaries, runbooks. Updated on-demand.

Google Docs Drive + Docs API

PRDs and design docs already in Docs become L3 context without copy-paste.

GitHub PRs + Actions

Provenance trailers on every commit. PR descriptions generated from manifests + tickets. Audit-gate workflow shipped.

GitLab MRs + pipelines

Same model as GitHub. Self-hosted GitLab supported.

Bitbucket Atlassian source

PR + pipeline context. Reuses the Atlassian OAuth surface.

Slack / SIEM Webhooks bus

F3.10 events on AI activity, audit-chain breaks, fleet maturity drops, evidence-request transitions.

See setup details for each →

No migration · stack on top

Layer onto your existing AI agent.

fastpace doesn't replace Cursor, Copilot, Claude Code, or Cline. It makes them better. Same agent, dramatically better output. Honest cost-stack math:

Cursor $20/dev/mo

Cursor types fast. fastpace makes the typing fit your codebase. $20 + $29 = $49/dev for code reviewers approve first time.

GitHub Copilot Business $19/dev/mo

Copilot has no domain context, no spec workflow, no Jira sync. fastpace adds all three.

Claude Code usage-based

Native pairing. Skills, agents, hooks all install via fastpace init directly into .claude/.

Cline / Continue free

Drop-in. Cheapest path to spec-driven AI coding — free runtime + $29/dev for the coordination layer.

Codex CLI usage-based

Hooks + provenance trailers. Run manifests captured per call.

Bedrock / Azure / Vertex cloud rates

Runtime-agnostic. Same governance, any model provider. Multi-cloud shops get one governance surface.

See the per-stack setup walkthrough →

Adopt at your pace

At your pace

Test-drive on day one. Turn on phases as the team gets comfortable — and watch the audit signal compound alongside.

Day 1

Crawl

Test-drive, explore, learn.

Sandbox with
Ask around with
Open

audit milestone Audit log starts logging from minute one. announces this install.

Week 1

Walk

Plan and review with fastpace.

ERDs via
PR review via
Capture with

audit milestone First ADR committed. First prompt-redaction event captured. ISO/IEC 42001 §7.5 evidence on file.

Week 2+

Run

Full lifecycle, audited.

Ship with
Plan via
Reports via

audit milestone First evidence snapshot exported via . NHI registry exported. NIST AI RMF MEASURE-3.1 satisfied.

Provenance · the governance kicker

Every AI call leaves a signed trail.

The trust edition leads with this; the build edition uses the same trail for day-to-day reviewer leverage. Any reviewer can trace any line of merged code back to the AI call that produced it. Bisect any incident; explain any change in code review.

Run manifest — signed JSON receipt per AI call. Model, prompt-hash, response-hash, tokens, runtime, opt-out flag. Stored in fastpace/manifests/.
Provenance trailer — RFC-5322-style key:value lines on every AI-generated commit. Links back to the manifest hash.
Audit chain — hash-linked log at fastpace/audit.log. Tampering breaks the chain. fastpace verify validates.
AI BOM — per-release CycloneDX-AI envelope rolling the above up. Useful when you eventually need to answer your auditor.

Vendor-agnostic by design

No vendor lock-in — context stays in git

Free of vendor dependence Committed to git. Works with any LLM runtime.

Your team's brain, in git

Business rules, ADRs, patterns, lessons — all plain markdown. Any AI runtime rehydrates instantly.

Swap models, keep context

Claude today, Codex tomorrow — same repo, same brain.

Onboard in one git clone

A new engineer inherits the institutional knowledge.

Remembered, not rediscovered

Review findings and reversals persist across sessions.

ADRs, not folklore

Decisions land with rationale, tradeoffs, and what was rejected. SOC 2 CC8.1 + NIST AI RMF GOVERN-3.2 evidence on file by default.

Business rules, not just code

Every session knows the why, not just the how.

Click any file on the right to preview what the AI sees.

fastpace / context /

Entry points, module boundaries, data flow.
Languages, frameworks, runtimes, pinned versions.
Naming, commits, test file locations, coding style.
Domain terms a cold reader would not know.
Recurring code idioms worth reusing — retry, pagination, auth.
ADR-lite: what was decided, why, what was rejected.
Hard-won knowledge from incidents and reviews.

architecture.md

Capture knowledge manually with /fp-remember, or let it grow organically as you use fastpace.

Underlying primitives

What's actually wired into your repo

Skills sit on top of three primitives that ship with fastpace: agents (subagents that handle specialist work), hooks (local interceptors on every tool call), and guardrails (project-wide policies). Tab through to see each.

Agents

Specialist agents

Each agent runs in a fresh context with a tight scope and minimal tool access.

`planner`

Turns a goal into a numbered plan.

`reviewer`

Reviews diffs vs. architecture and decisions.

`prd-guru`

Interviews you and drafts a PRD.

`erd-guru`

Translates PRDs into ERDs.

`execution-planner`

Waves → epics → stories.

`doc-writer`

Updates docs without noise.

Hooks

Hooks enforce guardrails

Pre-use hooks block the call before it runs. Post-use hooks observe and log. Each hook is also tagged by intent — audit & safety or velocity — so the compliance story stays legible.

pre-use · block 5

secret-scanner audit & safety

Blocks writes containing AWS keys, tokens, private keys, or Stripe secrets.

push-guard audit & safety

Refuses force-push to protected branches. Refuses auto-push when disabled.

dangerous-command-guard audit & safety

Blocks rm -rf /, git reset --hard, curl | sh, and a dozen other footguns.

commit-validator velocity

Enforces conventional commit format (configurable).

branch-guard audit & safety

Prevents commits directly to main/master or other protected branches.

post-use · observe 2

dependency-alert audit & safety

Alerts on new npm deps outside your approved scopes. Block or warn.

audit-logger audit & safety

Appends every tool use to fastpace/audit.log — hash-chained for tamper evidence.

Guardrails

Policies, not pleases

Configured in fastpace.config.yaml. Safe defaults out of the box.

fastpace.config.yaml click any tile above → the YAML updates live

fastpace will never silently weaken a guardrail — every change is approved by you and logged to fastpace/audit.log.

Local dashboard

100% local dashboard — click around or take the tour

Each repo gets its own 100% local UI. Run fastpace ui inside any repo — a Node HTTP server boots on localhost and opens a dashboard scoped to that project. Browse the audit log, ADR ledger, decisions, and exception queue without leaving the local UI. Zero cloud. Zero telemetry. Your code never leaves the machine.

http://localhost:7777

fastpace

checkout-svc

Search · ⌘K

Compliance

v0.1.0

local · no cloud

Dashboard / In-flight features

⌘K

In-flight features

Every feature started with /fp-new-feature persists to fastpace/watch-cards/.

Credit card validation

feat/credit-card-validation → main

● medium risk updated 2h ago

✓ planning ✓ spec ✓ write tests ◐ implement run tests docs PR push

implement · 62% 3 of 8 phases

Migrate auth to OIDC

feat/oidc-migration → main

● high risk updated yesterday

✓ planning ◐ spec write tests implement run tests docs PR push

spec · 28% 1 of 8 phases

Rate-limit public endpoints

feat/rate-limits → main

● low risk updated 4h ago

✓ planning ✓ spec ✓ write tests ✓ implement ✓ run tests ✓ docs ◐ PR push

PR · 54% 6 of 8 phases

Audit chain

Tamper-evident by construction. fastpace verify walks the chain in seconds.

$ fastpace verify
[ok] chain integrity: 1247 entries
  signatures verified  1247
  unsigned entries     0

last entry
  seq          1246
  ts           2026-04-30T14:21:08Z
  tool · phase Read · PostToolUse
  summary      {"file_path":"src/auth/session.ts","agent":"reviewer"}
  entry hash   a14b2c8f3d9e7c2a1b4f...

What an auditor sees: deterministic verification. No "trust us" — every entry proves itself. The pre-merge audit gate (F2.9) runs this in CI on every PR.

Provenance

F2.3 — every AI commit carries Fp-* trailers binding it to a manifest, agent, prompt hash. Five-layer verify in seconds.

$ fastpace verify-provenance HEAD
[ok] commit       a8f3c2b9  feat(billing): add idempotency keys
[ok] trailers     Fp-Run-Manifest, AI-Model, AI-Agent, AI-Prompt-Hash
[ok] manifest     2026-04-30T14-21-08Z-a3b8c1.json
[ok] signature    verified against install fingerprint
[ok] audit-link   manifest_id present in audit chain at seq 1198
[ok] explanation  retrieval context + approval chain present

5/5 layers verified.

Org dashboard self-hosted

F1.13 — @fastpace-ai/org-dashboard standalone binary. Self-hosted aggregator: ingests signed audit shards from every install, verifies them against the org SAML envelope, computes per-repo / per-team / per-org rollups. No cloud.

$ fastpace-org-dashboard --port 8443 --store ./fp-org-store
[ok] ingest endpoint    POST /api/org/ingest
[ok] rollup endpoint    GET  /api/org/rollup
[ok] maturity endpoint  GET  /api/org/maturity
[ok] baselines endpoint GET  /api/org/baselines
[ok] SAML envelope      verified · 14 installs · 7 teams
[ok] last ingest        2026-05-01T17:08:42Z · checkout-svc · 12 entries
[ok] serving on         https://0.0.0.0:8443

GET /api/org/maturity

{
  "ok": true,
  "repo_count": 14,
  "maturity": {
    "aggregate": 68,
    "reporting_repos": 14,
    "total_repos": 14,
    "status": "measured",
    "sub_scores": [
      { "fId": "F4.1", "label": "Project Setup",           "pct": 84, "reporting_repos": 14 },
      { "fId": "F4.2", "label": "Spec-Driven Development", "pct": 71, "reporting_repos": 14 },
      { "fId": "F4.3", "label": "Context Management",      "pct": 62, "reporting_repos": 14 },
      { "fId": "F4.5", "label": "Harness Engineering",     "pct": 76, "reporting_repos": 14 }
    ]
  }
}

Deploy targets

npm install -g@fastpace-ai/org-dashboard

store backendfilesystem · S3 · GCS · Azure Blob

authnF1.14 SAML envelope · SCIM auto-provision · RBAC

data planeyour VPC; never phones home

Tour as:

1 of 8

The local UI

Every fastpace install ships a local dashboard that runs entirely on your employees' machine — no SaaS in the data path. Pick a persona above to walk only the views that matter to your role.

Org dashboard

Self-hosted fleet aggregator — your VPC, your data plane

@fastpace-ai/org-dashboard is a thin Node HTTP server that ingests signed audit summaries from every fastpace install, verifies them against your SAML envelope, and rolls them up by repo / team / org. Deploy it inside your VPC; fastpace.net never sees the data.

fleet · acme-corp

⚡ https://fastpace.acme-corp.com:4444 self-hosted

Fleet overview

Aggregated from signed shards. Each install pushes via F3.11 every 5 min; the dashboard polls + recomputes on ingest.

repos

teams

developers

chains ok

14/14

org maturity

framework readiness

82%

Top 5 repos by maturity

billing-apipayments81

checkout-svcpayments72

acme-webgrowth64

notificationsplatform55

internal-toolsinfra42

Recent ingests

checkout-svc · 12 audit entries · maturity Δ +138s

billing-api · 7 audit entries · maturity steady2m

acme-web · 21 audit entries · 1 new exception5m

notifications · circuit breaker tripped on doc-writer14m

Repos · 14 reporting

Sortable. Click a repo to drill into its per-shard history, exception queue, and audit-chain offset. (Not interactive in demo.)

Repo	Team	Maturity	Reliability	AI commits 30d	Last shard
`billing-api`	payments	81	94	312	1m
`checkout-svc`	payments	72	91	284	38s
`acme-web`	growth	64	87	421	5m
`notifications`	platform	55	72	198	14m
`internal-tools`	infra	42	—	54	2h
+ 9 more · scroll or paginate in live UI

Teams · 7

Team rollups average per-repo maturity weighted by AI activity. Provisioned via SCIM from your IdP.

Team	Repos	Devs	Maturity	Reliability	Trend (30d)
payments	2	11	76	92	↑ +4
growth	3	9	63	87	↑ +2
platform	4	14	58	74	→ 0
infra	2	6	44	—	↓ -3
data	1	8	61	89	↑ +5
mobile	1	7	71	90	↑ +1
internal	1	7	38	—	↓ -1

Ingest log

Every shard arrives signed. Verify failure → reject without ingest. Last 24h:

[2026-05-01T17:08:42Z] ingest  checkout-svc      sig ok  entries=12  Δ-maturity=+1
[2026-05-01T17:06:11Z] ingest  billing-api       sig ok  entries=7   Δ-maturity= 0
[2026-05-01T17:03:55Z] ingest  acme-web          sig ok  entries=21  Δ-maturity=-1
[2026-05-01T16:54:30Z] ingest  notifications     sig ok  entries=4   Δ-maturity= 0
[2026-05-01T16:54:30Z] alert   notifications     circuit_breaker tripped (doc-writer +37%)
[2026-05-01T16:48:12Z] reject  rogue-clone       sig MISMATCH  envelope=unknown_install
[2026-05-01T16:42:06Z] ingest  data-pipeline     sig ok  entries=15  Δ-maturity=+2
[2026-05-01T16:33:51Z] ingest  mobile-ios        sig ok  entries=9   Δ-maturity=+1
[2026-05-01T16:21:18Z] ingest  internal-tools    sig ok  entries=2   Δ-maturity=-1
…

Fleet baselines

F1.3 — per-agent behavioral baseline averaged across the fleet, weighted by sample size. Repos with too few samples fall back to fleet baseline.

Agent	Avg edits / session	Avg duration (s)	Avg tokens	Samples
`planner`	0 (read-only)	184	89,400	3,124
`reviewer`	3.2	222	74,800	2,891
`prd-guru`	1.1	318	52,300	1,408
`erd-guru`	2.7	402	68,100	1,202
`execution-planner`	1.8	271	71,400	1,184
`doc-writer`	4.4	156	32,800	1,932
`onboarder`	0.6	112	21,500	614

API endpoints

Read-only HTTP surface for the dashboard. Same shape as the local UI's /api/*; consumers just point at the org port instead of :7777.

Method	Path	Returns	Auth
`POST`	`/api/org/ingest`	ack of received shard	signed envelope
`GET`	`/api/org/rollup`	fleet rollup + per-repo	SAML session
`GET`	`/api/org/maturity`	F4.12 aggregate + sub-scores	SAML session
`GET`	`/api/org/installs`	roster of every reporting install	SAML session
`GET`	`/api/org/baselines`	per-agent fleet baselines	SAML session
`GET`	`/api/org/summary`	single-repo build (dev)	local only
`POST`	`/api/auth/saml`	verify envelope, return role	none

Run it locally now: npm install -g @fastpace-ai/org-dashboard then PORT=4444 fastpace-org. Same surface as this mockup, reading from a sample store. Production deploys live in your VPC — we never see the data plane.

7 panels · ~60 seconds

AI-Native Maturity

A single number for whether your team is getting AI-native right.

Nine industry-standard competencies — Project Setup, Spec-Driven Development, Context Management, Testing, Harness, Architectural Guardrails, Review Maturity, AI SDLC, Prompt Engineering — rolled into one 0–100 score. Auto-updated as your team works: local reads are real-time, fleet rollups push every 5 min, webhooks fire instantly.

The audit plane is the metrics plane. Same primitives that prove compliance to a CISO produce the velocity metric a CTO puts on a board slide. fastpace maturity from the CLI, Maturity view at the top of the local UI sidebar, fleet rollup on the org dashboard, opt-in publication on trust.fastpace.net.

All 9 sub-scores measured in v0.30 — F4.4 test parity, F4.6 ADR drift, F4.7 review maturity, F4.8 DORA-by-attribution, and F4.9 prompt effectiveness shipped this sprint (see packages/fp/assets/docs/ai-native-maturity.md for the rubric).

Test-drive — no commitment

Try fastpace in a sandbox first

Before pointing it at your real repo, take fastpace for a spin in a throwaway directory. Five minutes, nothing touched outside the sandbox — just enough to feel the flow and decide if it's for you. The hash-chained audit log is on from minute one, even in the sandbox.

First, install globally

🧪

recommended first try

Test-drive in a sandbox repo

5 min

Spin up a fresh sandbox directory — nothing in your real repos is touched:
Scaffold fastpace and let it seed a sample feature:

--sample writes a tiny demo PRD, ERD, and watch card so the dashboard isn't empty on first launch.
Launch Claude Code (or Codex / Gemini CLI) inside the sandbox and try a command:
Once you've felt the flow, blow it away — no traces left:
Done!
Liked it? Move on to Brownfield or Greenfield below to point fastpace at your real repo.

When you're ready for the real thing

🌳

existing repo

Brownfield

Clone your repo, enter it, and scaffold fastpace:
Launch Claude Code, then run:
Done!
Ask questions with or build with

🌱

new repo

Greenfield

Create your project directory, enter it, and scaffold fastpace:
Add your code repos as submodules:
Launch Claude and run:
Done!
Start with while fastpace watches over you.

🧹

when the evaluation ends

Uninstall cleanly

your files survive

Every file fastpace touches gets recorded in a signed install-manifest. Uninstall reads that manifest and removes only what fastpace itself placed — your own hooks, agents, skills, and settings entries are provably untouched. Pick the scopes you want included; the command composes live below.

Scope default = user-global only (gentle). Add scopes for more cleanup.

user-global manifest always included — removes anything fastpace placed in ~/.claude/

--repo also remove fastpace-installed files from this repo's .claude/

--settings reverse-merge fastpace's keys out of settings.json (preserves your own hook entries)

--fastpace-dir also remove the repo's fastpace/ directory — audit log will be lost

--user-identity also remove ~/.fastpace/ — destroys the Ed25519 identity that signs the audit chain

--force · non-interactive (CI / scripts) --dry-run · print the plan, change nothing

composed command

fastpace uninstall

removes user-manifest files; preserves your own .claude/ files, fastpace/, settings.json, and ~/.fastpace

Remove the CLI itself drops the global npm package after the cleanup above

Power-user flags + recovery

--all — shorthand for --repo --settings --fastpace-dir
--everything / --nuke — shorthand for --all --user-identity (full back-out, double-confirm)
--keep-modified — never delete files whose content diverges from what fastpace installed (default under --force)
--force-delete-modified — delete modified files anyway (use sparingly)
--skip-manifest-verify — proceed even if the manifest signature is invalid (recovery for tampering / corruption). Combine with --dry-run first to inspect.

Heads up on --user-identity: this destroys the F0.1 Ed25519 keypair. Past audit logs signed by that key remain verifiable only against the archived public key. Run fastpace identity show --json > identity.json first if you want a copy for later forensic verification.

Nothing about fastpace phones home. Removing the CLI removes the binary; no server-side state to clean up. The licensing service auto-prunes inactive install_ids after 90 days, on our side — no action needed from you.

Keep it up to date

Stop rewriting AI output. Start shipping it.

Free for solo devs. $29/seat/mo for teams (first 5 seats free for 12 months). Works with the AI agent you already pay for.

See pricing View on GitHub

Fastpace

Your AI agent is fast. Its output isn't fast to ship.

No domain context

No spec discipline

No backlog connection

Better domain context → better code

Track and improve repo quality

One surface for product, eng, and compliance

PRD → ERD → execution plan, in your repo

PRDs the AI can verify against your code

Grounded designs

Plans that know your codebase

Backlog → Done

Pick up where you left off

No more Jira-to-slides

Status reports

Report criteria

Skills — daily-reach commands across five categories.

Spec discipline

Code quality

Backlog sync

Reflection

Maintenance

Agents — bundled, scoped, with daily jobs.

Spins up new repos and engineers fast.

Drafts ERDs and execution plans from PRDs.

Reviews PRs against your patterns + ADRs.

Catches security issues before they ship.

Surfaces the receipts when reviewers ask.

Keeps L1–L5 context fresh.

Investigates AI-generated regressions.

Integrations — your real backlog ↔ AI context, bidirectional.

Layer onto your existing AI agent.

At your pace

Crawl

Walk

Run

Every AI call leaves a signed trail.

No vendor lock-in — context stays in git

Your team's brain, in git

What's actually wired into your repo

Specialist agents

planner

reviewer

prd-guru

erd-guru

execution-planner

doc-writer

Hooks enforce guardrails

Policies, not pleases

100% local dashboard — click around or take the tour

In-flight features

Dashboard

AI-Native Maturity live

Config

Hooks

Phases & approval gates

Domain context

Repo quality

PRDs

ERDs

ADRs

Status reports

Execution plans

Integrations

Metrics

DORA & engineering

Recent learnings

Install health

Identity

Audit chain

Run manifests

Reliability

By severity

Top files

AI Bill of Materials

Components

Provenance

Org rollup auto-updated

Org dashboard self-hosted

`planner`

`reviewer`

`prd-guru`

`erd-guru`

`execution-planner`

`doc-writer`