Note for website readers: This page contains links to source files in the Fred repository. Those links work when reading this document on GitHub or in VS Code, but will not open on this website.
docs / ARCHITECTURE

Fred Platform
Architecture

Entry point for the Fred codebase. Read this first — about 20 minutes — and every other document in this repo will make sense.

What is Fred

Fred is a platform for deploying operator-configured AI agents at team scale. A platform admin sets the guardrails — quotas, allowed models, allowed tools. A team admin enrolls agents from a catalog and configures them for the team's context: prompts, MCP tools, routing policy. Team members interact with those agents through a managed chat interface — without writing code.

What makes Fred different from a simple LLM wrapper is its strict enforcement of governance boundaries. Operators configure within limits they cannot exceed. Every action is team-scoped and authorized. Execution is isolated from product management so neither layer can accidentally reach into the other's concerns. Fred is designed to run in regulated environments where auditability and role separation matter.

The one design decision that explains everything

Fred has three layers. They never merge.

control-plane-backend
teams · agents · sessions · auth · enrollment
issues ExecutionGrant to runtime — never touches execution internals
ExecutionGrant (trust envelope)
fred-runtime
SSE streaming · HITL pause/resume · checkpoints · grant validation
knows nothing about teams or product APIs
typed authoring contracts
fred-sdk
execution types · prompt utilities · authoring primitives
shared language between agent authors and the runtime — no product or server dependency
The boundary rule: if it is about what runs, it belongs in runtime. If it is about who is allowed to run what, it belongs in control-plane. When in doubt, apply this rule before touching either layer.

This separation means the execution engine can evolve without touching product APIs, and the product surface can evolve without touching how agents run. It also keeps the authorization model clean: the ExecutionGrant carries user_id, team_id, agent_instance_id, and policy constraints — the runtime validates it but never issues it.

Components

Deployed services

These components run as processes or containers in a production deployment.

Component Layer Role
apps/fred-agents Runtime Reference agent pod — the Fred-provided set of agents, built on fred-runtime
apps/control-plane-backend Control plane Product/session/admin APIs and ExecutionGrant issuance
apps/knowledge-flow-backend Control plane Document ingestion, retrieval, and knowledge management
apps/frontend Client React SPA — chat UI, agent management, session lifecycle

Authoring libraries

These are Python libraries — they are not running services. They are the building blocks used to write agent pods. apps/fred-agents is itself built with them and serves as the reference implementation. Any team can import these same libraries to author their own fully deployable agent pod, tailored to their context, that slots into the same platform without modifying Fred's core.

Library Layer What it provides
libs/fred-runtime Runtime Execution framework — agent engine, SSE, HITL, checkpoints. The core import for any custom agent pod.
libs/fred-sdk SDK Shared execution contracts, typed primitives, prompt utilities
libs/fred-core Cross-cutting Caching, config, logging, KPI stores
Bring your own agent pod: import fred-runtime, define your agent behaviors, and deploy the result as a standard container. The control plane enrolls it exactly like apps/fred-agents — no changes to Fred's core required.
ignored/fred/agentic-backend is archived. The backend migration is complete. Do not reference it as a target or active service.

Five mental models to internalize before writing code

1 Team-scoped agent instances

There are no global agents. An agent exists as a template (defined in the runtime pod catalog) and an instance (enrolled by a team admin in control-plane). Members interact only with instances. The instance carries tuning field values, MCP configuration, and prompt overrides — all team-scoped and stored in control-plane, never in the runtime pod.

2 The ExecutionGrant — the trust envelope

When the frontend calls execute, control-plane issues an ExecutionGrant that encodes user_id, team_id, agent_instance_id, session_id, and policy constraints. The runtime validates this grant on every request. Neither the frontend nor the user can forge or escalate it. This is the primary security boundary between product and execution.

3 The MCP catalog — tools as first-class citizens

Agents use tools via the Model Context Protocol (MCP). The MCP catalog (mcp_catalog.yaml in the agent pod) declares available servers, their configuration fields, and their behavioral contracts. The control-plane proxies this catalog to the frontend — it does not interpret it. The operator selects which MCP servers an agent instance uses at enrollment time.

4 Platform admin vs team admin — orthogonal, not hierarchical

A platform admin (owner) sets immutable guardrails: quotas, allowed model profiles, allowed MCP servers. A team admin (manager) configures everything within those guardrails: agents, routing policy, shared prompts. Neither role can write to the other's surfaces. Owner cannot manage agents or prompts. Manager cannot touch platform policy. This is enforced at the API layer, not only in the UI. See docs/swift/platform/REBAC.md for the full model.

5 Personal vs team scope

Everything in Fred is scoped to a team — including "personal." /teams/personal is a reserved system team that represents one user's private space. Personal prompts, sessions, and history all live under this team. There is no parallel user-owned namespace outside the team model. A user who is not a member of any other team still has exactly one team: personal.

20-minute reading path

Five documents, in order. Read the why before you open each one.

1
Before touching any API boundary — understand who is allowed to do what and how the owner / manager / member split is enforced at the engine level.
REBAC.md 5 min
Start with the "Product authorization model" section
2
Before touching the execution path — the SSE contract, ExecutionGrant lifecycle, and event types are frozen and cannot be improvised.
RUNTIME-EXECUTION-CONTRACT.md 5 min
Read §1–4 only on first pass
3
Before touching control-plane or the frontend — understand the product surface, what control-plane owns vs proxies, and which typed contracts the frontend depends on.
CONTROL-PLANE-PRODUCT-CONTRACT.md 5 min
Read §1–3 only on first pass
4
Before writing any code — build rules, test commands, CLI convention, and the non-negotiable engineering rules that prevent the most common mistakes.
DEVELOPER_CONTRACT.md 3 min
5
Before starting any task — understand the RFC → backlog → sprint → GitHub issue → implement workflow. Every task in this repo follows this sequence.
PMO.md 2 min
Read §7 "How work gets done"
After these five, open docs/swift/README.md as a lookup table — not a reading assignment. Use it to find the right doc for a specific concern.

How work gets done

Every task in Fred follows the same sequence. Planning lives in the repository, not in issue trackers.

RFC written or amended
Design authority lives in docs/swift/rfc/ — the GitHub issue is not the design.
Backlog entry confirmed
One checkbox in the relevant backlog file. No duplicate entries.
Developer confirms scope
One sentence of approval is enough. No implementation before this.
GitHub issue created
Links RFC, backlog item, and task ID. This is the execution handoff.
Implementation
Code assistant reads RFC and backlog for full context. Follows docs/CONVENTIONS.md.
Close-out
Backlog checkbox marked done, STATUS.md and id-legend.yaml updated.

Full details: docs/PMO.md §7 · Mandatory step rules: CLAUDE.md §Task lifecycle

Where to read more

Topology & service boundaries
docs/swift/platform/PLATFORM_RUNTIME_MAP.md
Execution contract (frozen)
docs/swift/design/RUNTIME-EXECUTION-CONTRACT.md
Product/session/admin contract (frozen)
docs/swift/design/CONTROL-PLANE-PRODUCT-CONTRACT.md
Authorization model
docs/swift/platform/REBAC.md
Config & policy conventions
docs/swift/platform/CONFIGURATION_AND_POLICY_CONVENTIONS.md
Frontend coding rules
docs/swift/platform/FRONTEND_CODING_GUIDELINES.md
Developer contract
docs/swift/platform/DEVELOPER_CONTRACT.md
Full document index
docs/swift/README.md