LTS — in force. 1.x is the long-term-support line: through 2027-11-15 active and 2028-05-15 security. See
docs/lts.mdfor support windows, deprecation policy, and security-backport SLAs.
Deterministic, policy-gated workflow execution for AI systems that must be auditable.
Most AI orchestration tools run workflows and return outputs. When something goes wrong — or when a regulator asks — there is no reliable way to answer: What exactly ran? What did the model see? What did it return? Can you prove it?
Boruna answers those questions by design.
Every Boruna workflow run produces a tamper-evident evidence bundle: a hash-chained audit log of every step executed, every capability invoked, every model response received. That bundle can be inspected, verified, and replayed — without network access, without a central server, without trusting anyone's word.
This makes Boruna suited for teams building AI workflows that touch regulated data, make consequential decisions, or need a defensible audit trail.
- DAG workflow execution — steps are
.axsource files; the workflow is aworkflow.jsonDAG definition (schema_version: 1frozen at 1.0) - Capability enforcement — every side effect (LLM calls, HTTP, database, filesystem) is declared and policy-gated at the VM level
- Evidence bundles — hash-chained tamper-evident logs, written automatically with
--record. Optional AES-256-GCM envelope encryption for compliance-sensitive deployments.evidence inspectshows step output content for plaintext bundles. - Deterministic replay — re-execute any recorded workflow with identical outputs, verified by the VM
- Distributed execution — coord+workers HTTP cluster with active-active HA, worker URL failover, capability-tagged placement, and optional mTLS with per-worker client certs
- Approval gates — pause workflow execution for human review or external triggers before continuing
- Diagnostics, auto-repair, and migration —
boruna lang check,boruna lang repair,boruna migratefor.axfiles and bundle/workflow upgrades boruna new— interactive scaffold for new workflows from templates- 27 built-in functions — string, list, and map operations (
__builtin_string_*,__builtin_list_*,__builtin_map_*) available in every.axfile without imports - Import resolution —
import "std-name"inlineslibs/<name>/src/core.axat compile time; all 13 stdlib packages are 1.0-stable - Three formal versioned specifications —
.axlanguage 1.0, evidence bundle format 1.0, workflow DAG schema 1.0 (all underdocs/spec/) - MCP server — exposes 12 tools for AI coding agent integration (Claude Code, Cursor, Codex)
- Not a general-purpose language or runtime (use Rust, Python, Go for that)
- Not an LLM framework (use LangChain, LCEL, etc. for prompt engineering)
- Not a cloud service (Boruna runs wherever you deploy it)
- Not a key-management system (operators wire HSM / KMS integration themselves; bundle-encryption KEK lifecycle is operator-owned)
Pre-built static binaries are published on every tagged release:
# Linux x86_64 (musl — works on Alpine, Ubuntu, Debian, ...)
curl -fsSL https://github.com/escapeboy/boruna/releases/latest/download/SHA256SUMS -o SHA256SUMS
TARGET=x86_64-unknown-linux-musl
TAR=$(grep "$TARGET" SHA256SUMS | awk '{print $2}')
curl -fsSLO "https://github.com/escapeboy/boruna/releases/latest/download/$TAR"
grep "$TAR" SHA256SUMS | sha256sum -c -
tar -xzf "$TAR"
./boruna-*-${TARGET}/boruna --versionOther targets: aarch64-unknown-linux-musl, x86_64-apple-darwin, aarch64-apple-darwin. See docs/releasing.md for details.
Or build from source:
git clone https://github.com/escapeboy/boruna
cd boruna
cargo build --workspace --release# Run a workflow
boruna workflow run examples/workflows/llm_code_review --policy allow-all --record
# Verify the evidence bundle
boruna evidence verify .boruna/runs/<run-id>/→ Full Quickstart — 10 minutes, ends with a verified evidence bundle.
| Workflow | Pattern | What it shows |
|---|---|---|
| LLM Code Review | Linear, 3 steps | LLM capability, data flow, evidence recording |
| Document Processing | Fan-out, 5 steps | Parallel steps, multi-input merge |
| Customer Support Triage | Approval gate | Human-in-the-loop, conditional pause, audit trail |
Each example runs in demo mode (no external services) and produces a verifiable evidence bundle.
workflow.json → DAG Validator → Step Runner
↓
.ax source
↓
Compiler → Bytecode
↓
VM (capability gateway)
↓
EventLog entry (CapCall + CapResult)
↓
Hash-chained audit log
boruna evidence verify <bundle>
→ Chain integrity: VALID
→ All step hashes: MATCH
→ Verification: PASSED
Every CapCall (including LLM calls) is logged with its full response. The log is SHA-256 hash-chained from a genesis entry containing the workflow definition hash. Modification of any entry breaks the chain.
Boruna is a Rust workspace with 10 production crates plus a benches/ member:
| Crate | Purpose |
|---|---|
boruna-orchestrator |
Workflow engine, DAG execution, evidence bundles |
boruna-vm |
Bytecode VM, capability gateway, actor system, replay |
boruna-compiler |
Lexer, parser, type checker, code generator |
boruna-bytecode |
Opcodes, Module, Value, Capability definitions |
boruna-framework |
Elm-architecture runtime, test harness |
boruna-effect |
LLM integration, prompt management, caching |
boruna-cli |
CLI binary (boruna) |
boruna-tooling |
Diagnostics, repair, trace-to-tests, templates |
boruna-pkg |
Package registry, resolver, lockfiles |
1175+ tests across 11 workspace members. cargo test --workspace --features boruna-cli/serve — all pass.
| Quickstart | Build, run a workflow, inspect evidence |
| Concepts: Determinism | Why and how determinism is enforced |
| Concepts: Capabilities | Side effect declaration and policy gating |
| Concepts: Evidence Bundles | Hash-chained audit logs and replay |
| Guide: First Workflow | Build a workflow from scratch |
| Guide: Coord HA | Multi-coord deployment topologies |
| Guide: Coord mTLS | X.509 client certs + cert generation |
| Guide: Worker Capability Tagging | Heterogeneous fleet placement |
| Guide: Migration | Upgrade legacy bundles and workflow files |
Spec: .ax Language 1.0 |
Formal language specification |
| Spec: Workflow DAG 1.0 | workflow.json schema |
| Spec: Evidence Bundle 1.0 | Bundle format + encryption envelope |
| Reference: CLI | All boruna commands |
| LTS contract | Support windows + deprecation policy for 1.x |
| Performance | Baseline numbers + 1.x performance budget |
| Stability | What is stable, experimental, and planned |
| Roadmap | 0.2.0 → 1.0.0 → 1.x |
| Limitations | Real constraints, stated honestly |
| FAQ | Common questions |
| All docs → | Full documentation index |
Boruna is at v1.3.0 — third minor release on the 1.x LTS line. New in 1.3.0: 27 language built-in functions (string, list, map), end-to-end import resolution (import "std-name"), step-output display in evidence inspect for plaintext bundles, std-llm and std-json graduated to 1.0-stable (all 13 stdlib packages are now stable), plus std-json and std-validation enhancements. The core execution engine, distributed-execution stack, evidence bundles, and four formal versioned specifications (.ax language, bytecode, workflow DAG, evidence bundle) are feature-complete and frozen. The 1.x line is under long-term-support per docs/lts.md: every 1.0 program, workflow, and bundle keeps working on every 1.y release.
The project is suited for evaluation, internal tooling, and audit-sensitive AI pipelines. Operator action: validate the docs/PERFORMANCE.md budget against your workload, and review docs/limitations.md for known constraints. External security audit booking is the Q4 2026 commitment in lts.md.
See docs/stability.md for the stability tier breakdown.
Boruna exposes an MCP server for AI coding agent integration. See AGENTS.md for integration instructions and the tool reference.
See CONTRIBUTING.md. The short version: open an issue, implement with tests, run cargo test --workspace + cargo clippy + cargo fmt, add a CHANGELOG entry, open a PR.
MIT — Copyright 2026 Boruna Contributors