Ecosystem
Stackbilder is built on multiple complementary tools that enforce governance across the full development lifecycle.
The Pieces
| Tool | License | Role |
|---|---|---|
Charter (@stackbilt/cli) | Apache-2.0 (open source) | Local + CI governance runtime with ADF context compiler |
AEGIS (@stackbilt/aegis-core) | Open source | Inter-agent orchestration framework and MCP-based task management |
| Stackbilder | Commercial | Unified platform on stackbilder.com — architecture generation, scaffold engine, Evidence Engine, Worker Observability, Consultations, img-forge |
Charter and AEGIS are the open-source foundations. Stackbilder is the commercial platform that wraps them.
Service Map
| Service | URL | Purpose |
|---|---|---|
| Stackbilder | stackbilder.com | Unified platform Worker — UI, REST API, scaffold engine, governance, Evidence Engine, Observability |
| Auth | auth.stackbilt.dev | Authentication service (Better Auth + D1, OAuth, SSO) — service binding from Stackbilder |
| img-forge | imgforge.stackbilt.dev | Multi-provider image generation gateway — service binding from Stackbilder |
| MCP gateway | mcp.stackbilt.dev/mcp | OAuth-authenticated MCP Worker that proxies to TarotScript / img-forge / Engine / Deployer. Sibling consumer of the platform’s product workers (see MCP Gateway) |
| Trust verifier | trust.stackbilder.com/evidence/:hash | Public Evidence Engine receipt verifier (anti-probe semantics) |
How They Fit Together
┌──────────────────────┐
│ AI agent / LM │
│ (Claude Code, etc.) │
└──────────┬───────────┘
│ OAuth + MCP
▼
┌──────────────────────┐
│ mcp.stackbilt.dev │
┌─ human ─►─ stackbilder.com ──┐ │ (MCP gateway) │
│ (web UI + API) │ └──────────┬───────────┘
│ │ │
│ ▼ ▼
│ ┌─────────────────────────────────────┐
│ │ Backend product Workers │
│ │ ─ tarotscript-worker (scaffold) │
│ │ ─ img-forge-mcp │
│ │ ─ stackbilt-engine (architecture) │
│ │ ─ stackbilt-deployer (CF deploy) │
│ │ ─ edge-auth (entitlements + quota) │
│ └─────────────────────────────────────┘
│
└─ CLI ─►─ Charter (charter blast / surface) ──► same backends via APIA single user prompt — “build me an X” — flows through whichever consumer is closest:
IDEA
│
▼
runFullFlowAsync(idea) ← invoked from web UI, MCP tool, or REST
→ PRODUCT → UX → RISK → ARCHITECT → TDD → SPRINT
│
└── inline governance: blessed-pattern enforcement,
red-team review, ADR persistence (Pro/Team tiers)
│
▼
getFlowScaffold(flowId) → deployable project
│
▼
Charter: validate + drift → commit and stack compliance
│
▼
SHIPPED (governed)Charter: Local Enforcement + ADF Context Compiler
Charter runs in your terminal and CI pipeline. It validates commit trailers, scores drift against your blessed stack, and blocks merges on violations. Zero SaaS dependency - all checks are deterministic and local.
Charter also ships ADF (Attention-Directed Format) - a modular, AST-backed context system that replaces monolithic .cursorrules and claude.md files with compiled, trigger-routed .ai/ modules. ADF treats LLM context as a compiled language: emoji-decorated semantic keys, typed patch operations, manifest-driven progressive disclosure, and metric ceilings with CI evidence gating.
npm install --save-dev @stackbilt/cli
npx charter setup --preset fullstack --ci github --yes
npx charter adf init # scaffold .ai/ context directoryGovernance commands: validate, drift, audit, classify, hook install.
ADF commands: adf init, adf fmt, adf patch, adf bundle, adf sync, adf evidence.
For quantitative analysis of ADF’s impact on autonomous system architecture, see the Context-as-Code white paper.
Stackbilder: Architecture + Scaffold + Trust
The 6-mode pipeline (PRODUCT → UX → RISK → ARCHITECT → TDD → SPRINT) produces structured artifacts with cross-referenced IDs. After completion, the scaffold engine generates a deployable Cloudflare Workers project. On Pro/Team, additional capabilities run alongside the scaffold pipeline:
- Evidence Engine — content E-E-A-T validation and tamper-evident receipts (
stackbilder.com/api/v1/evidence/*, see API Reference) - Worker Observability — hosted telemetry ingest + dashboard
- Consultations — CISO and CTO advisory flows backed by structured prompts and receipt-bound deliverables
- Inline governance — blessed-pattern enforcement, red-team review, ADR persistence (replaces the previously-standalone Compass service binding)
Available via:
- Browser UI at stackbilder.com (interactive, human users)
- REST API at
stackbilder.com/api/*(direct HTTP — Charter CLI, server-to-server, CI; see API Reference) - MCP gateway at
mcp.stackbilt.dev/mcp(OAuth-authenticated agent access; routes scaffold/image/deploy tools to the same backend Workers — see MCP Gateway)
Lightweight Agent Pattern
The recommended agent workflow downloads ~40KB total (down from 300KB+):
runFullFlowAsync → getFlowSummary polls → getArtifact per mode → getFlowScaffoldGovernance Modes by Plan
| Plan | Max Mode | Behavior |
|---|---|---|
| Free | PASSIVE | Log only — never blocks |
| Pro | ADVISORY | Warn on issues, flow continues |
| Team | ENFORCED | Block on FAIL, require remediation |
When governance mode is capped by plan tier, a soft upsell prompt appears in the governanceState response.
Blessed Patterns
The platform maintains a ledger of approved technology patterns. These are injected into the ARCHITECT prompt automatically when governance is enabled. Example:
- Compute: Cloudflare Workers (not AWS Lambda)
- Database: Cloudflare D1 (not PostgreSQL)
- Cache: Cloudflare KV (not Redis)
- Queue: Cloudflare Queues (not SQS)
Worker Observability: ODD-Driven Monitoring
@stackbilt/worker-observability is the OSS library (Apache-2.0). The hosted Pro product on stackbilder.com wraps it with D1 storage and a dashboard.
ODD Pillars (Observability → Debugging → Diagnostics)
| Pillar | Signal | Library class | D1 tables |
|---|---|---|---|
| Observability | Metrics, request counts, health | MetricsCollector, Logger | traces, metrics |
| Debugging | Traces, spans, correlated logs | Tracer, Span | spans, logs |
| Diagnostics | Alerts, SLI/SLO status | AlertManager, SLIMonitor | alert_incidents |
Tier Gating
| Feature | Free | Pro ($29/mo) |
|---|---|---|
| Retention | 24h | 30d |
| Workers | 1 | Unlimited |
| Traces + logs | Health status only | Full drilldown |
| SLI/SLO tracking | — | Yes |
| Alert history | — | Yes |
Integration (3 lines)
import { createMonitoring } from '@stackbilt/worker-observability';
const obs = createMonitoring({
service: 'my-worker',
version: '1.0.0',
stackbilt: {
endpoint: 'https://stackbilder.com/api/observe/ingest',
token: env.STACKBILT_TOKEN,
},
});Governance-First Development
Every significant decision flows through governance before implementation:
- Pre-approval — Stackbilder validates the idea against policy during the PRODUCT/RISK modes
- Architecture — Stackbilder generates a governed blueprint with blessed patterns injected into ARCHITECT
- Review — Inline red-team review runs against the architecture output
- Record — ADRs are persisted to the governance ledger (when
autoPersist: true) - Scaffold — Stackbilder generates deployable project files
- Commit — Charter enforces
Governed-By:trailer compliance at the repo level - Evidence — Charter validates ADF metric ceilings (
adf evidence --auto-measure --ci) - CI — Charter blocks merges on drift violations or metric ceiling breaches
Authentication
Stackbilder issues two credential types, both accepted at every endpoint:
- Session cookie —
better-auth.session_token, set during OAuth sign-in (GitHub, Google) at auth.stackbilt.dev. Used by the browser UI. - API key —
Authorization: Bearer ea_*, issued from/settings. Used by Charter CLI, server-to-server pipelines, and MCP-style consumers.
API key resolution: GET /api/account/me returns the caller’s identity (userId, orgId, plan) — useful for tier-aware routing in CI scripts.