FAQ
Questions that come up often — about the runtime model, licensing, integration, and what `@pleach/core` is and isn't.
What is @pleach/core?
A TypeScript-first agent runtime substrate published under the
@pleach/* scope on npm. It treats every LLM call inside an
agent as classifiable, auditable, and replayable — sessions,
checkpointing, reactive channels, family-locked model routing,
and an append-only per-call audit ledger.
The contract is language-agnostic by design. The TypeScript
distribution is the reference implementation, in production today.
A Go implementation has been built against the same contract and
round-trips a shared corpus of recorded turns — proof the wire
shapes aren't TypeScript-flavored. The Go implementation isn't
published as a SKU yet; an official @pleach Go runtime is the
next planned published implementation.
How is this different from the Vercel AI SDK?
Pleach wraps the AI SDK; it doesn't replace it. AiSdkProvider
keeps the AI SDK as your provider layer, and the runtime adds
what sits around it: sessions, family-locked routing, the
four-stage lattice, the audit ledger, replay determinism, and
checkpointing.
If your app is "chat with tools and stream the response," reach
for the AI SDK. If you need per-call audit, per-turn cost
attribution, replay determinism, or family-locked routing,
@pleach/core is doing structural work the AI SDK isn't built
for. The concrete shape difference: an AI SDK streamText call
returns a stream of text deltas and tool events with no shared
identity tuple; an executeMessage call yields the same surface
shape but every call beneath it lands as a row keyed on
(sessionId, turnId, stageId, seqWithinTurn) — that's the join
key the AI SDK doesn't ship.
See Comparison and Migrating from the AI SDK.
How does this compare to Claude Code, Goose, OpenHands, AutoGen, CrewAI?
Different category. Those are agent harnesses — complete
running products you launch and use. @pleach/core is the
substrate one layer below: the primitives a harness is built
on. If you're the end user, install a harness. If you're
shipping a customer-facing agent product where each tenant
needs their own session, audit trail, and invoice, the harness's
session log isn't the row shape you need.
See Comparison → Agent harnesses for the capability matrix.
Is this open source? What's the license?
Yes — every shipping @pleach/* package ships under
FSL-1.1-Apache-2.0 (Functional Source License with Apache 2.0
as the future license). FSL is source-available, usable in
production, free of charge during the FSL window; the only
restriction is on competing offerings. Each package auto-
transitions to permissive Apache 2.0 two years after first stable
publish.
@pleach/trust-pack alone remains a 0.0.1 · UNLICENSED
placeholder; it'll ship FSL-1.1-Apache-2.0 when its first cut
lands.
Does Pleach replace my Anthropic or OpenAI Enterprise contract?
No — it composes underneath. SSO/SAML, ZDR, Workspaces or
Projects, the Admin / Usage API, dedicated capacity, prompt
caching, snapshot pinning all keep doing their job. Pleach adds
the three things the vendor contract doesn't cover: per-axis
rollup by tenantId inside one Workspace or Project (external
customers in a SaaS, or employees, teams, and cost centers when
used internally), a hash-chained AuditableCall row in your own
Postgres, and replay-deterministic regression across model
snapshots. No new vendor on the security questionnaire — npm
install plus a table. See
Migrating from Anthropic Enterprise
and Migrating from OpenAI Enterprise.
Who's behind this?
@pleach/* is the public FSL-1.1-Apache-2.0 source-available
ecosystem (auto-transitions to Apache 2.0 two years after first
stable publish). The
substrate was extracted from a production agent runtime and generalized; the
upstream deployment is one private consumer of many possible.
Contact for both general questions and security disclosures:
getpleach@protonmail.com.
What can I build with this?
Anything that wants the structural guarantees:
- A multi-tenant AI product where finance needs per-customer invoicing.
- A regulated agent surface where a compliance team will ask "show me every decision this session made."
- A long-running agent with planning + tool loop + synthesis + safety review, where each step needs to be observable.
- An eval / regression-test loop replaying production failures.
- A product mid-migration between providers that can't break tool-call dialect mid-conversation.
- An offline-first browser app needing IndexedDB sync.
- Stuck-session debugging where you need to rewind and try a different path.
What you're probably not building if @pleach/core is overkill:
- A single-shot RAG bot (query → paragraph). Use the AI SDK.
- A static workflow with fixed branches. Use Temporal or Inngest.
- A chat UI with no tools and no audit needs. Use
streamText.
See the README's "Who is this for?" table for the long version.
Is this designed for AI agents to use?
Yes — agents are first-class consumers, not bolted on. Every
AuditableCall row is a typed record; turnId, toolName,
subagentDepth, and tokenUsage are addressable from code the
same way they're addressable in SQL. SpawnTreeState rolls
nested-spawn cost back to the parent turnId, so an agent
reading its own trace sees recursion as a tree, not a flattened
log.
The runtime also lets an agent debug itself: the deterministic
fingerprint stream replays last week's failure against this
week's prompt byte-identically; per-channel checkpoint() /
restore() under window.__HARNESS_DEVTOOLS__ rewinds from
before a bad decision instead of escalating to a human. This
site renders to /llms.txt and /llms-full.txt — an agent
ingesting Pleach reads the docs themselves, not a stripped
sitemap.
The reference distribution is TypeScript a developer can read. The same surface — typed rows, deterministic fingerprints, checkpoints — is what an agent reads from code. Agent-friendly first; usable by devs because devs read the same surface.
@pleach/core itself is written largely by agents under that
surface. The four-stage lattice fails CI on out-of-lattice
edges; the audit ledger makes the agent-written code reviewable
in SQL. The runtime authored by agents is the same one
auditable by humans.
Why does it require so many decisions up front?
It doesn't. With zero config, new SessionRuntime() wires
in-memory adapters and runs. You add a provider, a storage
adapter, plugins, and safety policies when you need them.
Every SessionRuntimeConfig field except the implicit defaults
is optional.
The reference docs surface the full config space because that's their job; the actual happy-path setup is small. The Getting started page is six lines of code.
Why the 4-stage lattice? Isn't it limiting?
The lattice is what makes cost allocation, observability, and
time-travel structural instead of bolted on. Once stages are
declared, you can budget a turn's synthesize calls
independently from its tool-loop calls, slice the audit ledger
by stage, and rewind to the start of synthesize to re-run.
"Slice the audit ledger by stage" is a literal SQL move: every
row in harness_auditable_calls carries a non-null stage_id
drawn from the four lattice members, so GROUP BY stage_id
gives you a real partition. There's no second source of truth
for which stage a call belonged to.
If you don't need those properties, yes — the lattice is overhead. The substrate is overkill for "I want a chat shell with tools." See Architecture §1.
Why exactly one synthesize call per turn?
Because the user sees the synthesis. If the runtime fires two
synthesize calls and shows one of them, the audit ledger and
the rendered UI disagree on what the model said. Structurally
capping at one means the rendered string and the audited string
are the same string.
Sequential plan-then-verify chains land via an upcoming per-runtime synthesize policy; concurrent debate topologies (many synthesizers per turn, agent-handoff networks) are v1.1+ work.
Why family-locked routing?
Because tokenizer, prompt-cache key, tool-call dialect, and refusal pattern differ across families (Anthropic vs OpenAI vs Google). When a provider fails mid-conversation and the cascade silently widens to a different family, the tool dialect changes and tools that worked stop working. The lock makes the cascade walk in-family rungs only; cross-family widening is explicit and visible.
Why a separate AuditableCall ledger from the event log?
Two distinct concerns. The event log is the broader stream of observable events (messages, tools, interrupts); the audit ledger records load-bearing decisions (which model fired, why, with what fingerprint, against which policy).
A regulator's "show me every decision this session made" question has a one-row-per-call answer from the ledger that doesn't require event-log archeology. See Event log and AuditableCall row.
Can I use this without Supabase?
Yes. MemoryAdapter and MemorySaver cover testing and dev;
IndexedDBAdapter and IndexedDBSaver cover browser apps;
SupabaseAdapter and SupabaseSaver cover server production.
Custom adapters are one interface away. See the SQLite recipe in Recipes for a complete custom-adapter example.
Can I use this with my own LLM provider?
Yes. AiSdkProvider covers any AI SDK provider (Anthropic,
OpenAI, Google, Mistral, xAI, Groq, Bedrock, plus community
providers); AnthropicSdkProvider wraps Anthropic's SDK
directly; AgentProvider is the interface for everything else
(local Ollama, a custom gateway, your own SDK wrapper).
See Providers.
Can I use this without React?
Yes. @pleach/core/react is one subpath; the rest of the
runtime is framework-agnostic. Server-rendered apps,
Svelte/Vue/Solid frontends, native mobile clients, and CLI
tools all consume the runtime through its async-iterator
stream and the HTTP+SSE wire contract.
See API routes for the wire shapes any language can implement.
Does it work with Edge runtimes?
Yes. The substrate avoids Node-only APIs in its hot path —
fingerprint, channels, audit, prompt-builder are all
isomorphic. Supabase + Anthropic SDKs both run on edge runtimes;
the storage adapter uses Web Crypto explicitly. The
fingerprint module reaches globalThis.crypto.subtle rather
than Node's node:crypto, which is why a recorded turn under
Node and the same turn replayed under Cloudflare Workers produce
the same fingerprint stream — same hash function, same input
canonicalization, same byte output.
See Deployment.
Why FSL-1.1-Apache-2.0?
Every shipping @pleach/* package publishes under FSL-1.1-
Apache-2.0 — the Functional Source License with Apache 2.0 as
the future license. Source-available, usable in production, free
of charge during the FSL window; the only restriction is on
competing offerings. Each package auto-transitions to permissive
Apache 2.0 two years after first stable publish. Pre-0.1.0
placeholder publishes (0.0.1) carried the FSL grant under the
same posture. See the fair-source post-mortem
for the reasoning behind the license-posture history.
Can I contribute?
Yes. The upstream source is at
github.com/pleachhq/core.
Bug reports, feature requests, and PRs are welcome. The
upstream CONTRIBUTING.md documents the workflow.
For sibling SKUs that aren't published yet, the design is tracked in upstream planning docs; opening an issue with your use case helps prioritize the publish wave.
Where do I report security issues?
getpleach@protonmail.com. The upstream SECURITY.md documents
the disclosure policy — initial acknowledgement within two
business days, a fix-or-mitigation plan for confirmed reports,
and a CVE filed when a published @pleach/* package needs one.
No paid bug-bounty program today; reports get a real response,
not a payout.
Is there a hosted version?
Not today; in development. @pleach/gateway@0.1.0 ships
the self-hostable routing substrate — GatewayClient wraps
@pleach/core's model-family substrate with per-tenant BYOK key
routing, family-strict cascade pivot, per-call cost emission
(domain.gateway.cost.recorded), and OTel llm.invocation span
emission. See Gateway for the surface.
@pleach/observe@0.1.0 ships as a destination-flexible
brownfield SDK — buyers write AuditableCall rows to their own
Postgres, Supabase, OTel collector, or any custom destination;
the SDK layer stays free.
The hosted products on the roadmap are enterprise products:
- Hosted Gateway — multi-tenant routing, per-tenant cost caps, provider failover. Per-tenant subscription pricing with optional consolidated billing on dollars Pleach holds; no markup on inference (BYO-key buyers route through the gateway at provider list price).
- Hosted Observe at enterprise scope — SSO/SAML/SCIM,
multi-seat dashboards, retention SLAs, SOC 2 wrapper,
signed audit retention, per-tenant evidence pack export. The
managed export bridge routes audit rows into the review surface
your team already runs (Datadog, Splunk, Grafana, SIEM, or
custom destination). Compliance attestation is bundled
inside Hosted Observe Enterprise, not sold as a separate SKU —
the agent-runtime-specific axes (
AuditableCallrow +subagentDepth+tenantId) are the wedge that makes it defensible alongside Vanta or Drata, but they don't carry a separate procurement line item. - Marketplace bundles — AWS, Azure, GCP. Procurement-readable packaging of the hosted products on the buyer's preferred cloud contract surface.
Self-serve tiers for smaller teams are in development. Pricing
specifics land on /pricing before they ship.
None of these gate runtime features. The runtime stays
trust-protected: no telemetry phone-home, no remote license
check, no account required to run, and no retro-paywall on a
release that already shipped. FSL-1.1-Apache-2.0 is irrevocable
per release — npm install @pleach/core@<version> works forever,
and that version's two-year clock to Apache 2.0 keeps ticking
independently.
How do I stay updated?
- The upstream
CHANGELOG.mdon every@pleach/*package. - The
pleachhq/corerepo's releases page. - Security:
getpleach@protonmail.comfor advisories.
There's no marketing list. The packages are the canonical broadcast surface.
Capabilities
Where to go next
Getting started
Six lines of code to a running runtime.
Architecture
The six pieces of the substrate.
Comparison
How `@pleach/core` compares to the AI SDK, LangChain, LlamaIndex, Mastra.
Glossary
Canonical terms — Anchor-plan, CallClass, Family-lock, Seam, and the rest.
Recipes
End-to-end patterns — custom adapters, multi-tenant wiring, scrubber configuration.