ONE EVENT. ONE PIPELINE. ONE TRUTH.

BIFROST — Where Every Event Becomes
a Verifiable System Action

Deterministic event orchestration for AI systems.
No duplication. No hidden state. No ambiguity.

Bifrost Architecture
Diagram → Service Map
Ingestingest.ts Validatevalidate.ts Enrichenrich.ts Scorescore.ts Routeroute.ts Executepipeline.ts Auditaudit.ts

Orchestration Model

Bifrost uses event-driven sequential pipelines.
Each service consumes and emits typed events.
No direct service-to-service calls.
No shared mutable state.
All state changes occur through events.

Event[Intake][Validate][Score][Route][Execute][Audit]Output

No service can mutate global state. All state changes occur through events only.

The Event Contract

Every event in Bifrost must conform to this exact schema. No exceptions.

{
  "id": "evt_7f3a9c2b",
  "type": "invoice.created",
  "timestamp": "2026-04-29T14:23:01.000Z",
  "source": "crm/opportunities",
  "payload": {
    "client": "Nova Corp",
    "amount": 12500,
    "currency": "USD"
  },
  "metadata": {
    "trace_id": "sk-7f3a9c2b-x9k2",
    "version": "v1",
    "schema_version": "1.0.0",
    "idempotency_key": "inv_novacorp_20260429"
  }
}

Schema Versioning Strategy

  • v1 (current) → All fields above required
  • v2 (planned) → Adds enrichment metadata
  • Backward compatibility: v1 events always valid in v2

Rule: "New versions never break old contracts. Old events are always processable."

Determinism Guarantee

If you run the same event twice — the system produces the same result.

Bifrost enforces idempotency via event IDs. Duplicate events are detected via idempotency_key and ignored or reconciled.

Every event ID is unique. Every outcome is traceable. Same input always produces same audit trail.

// Duplicate detection
const existing = await prisma.bifrostEvent.findFirst({
  where: {
    payload: { path: ['metadata', 'idempotency_key'],
    equals: event.metadata.idempotency_key }
  }
})
if (existing) return {
  status: 'duplicate_ignored',
  original: existing.id
}

5 Services. One Responsibility Each.

No god objects. No hidden complexity.

SERVICE 1: Event Intake Service

File: /lib/bifrost/ingest.ts

Responsibility: "Receives raw events and persists them before any processing begins."

Input/Output

type Input = RawBifrostEvent
type Output = PersistedEvent

Code

export async function ingest(e) {
  return prisma.bifrostEvent.create({ ... })
}

FAILURE BEHAVIOR

"On failure → returns INTAKE_FAILED error. Event is never lost — retry queue activated. Pipeline halts. No partial processing."

SERVICE 2: Contract Validation Service

File: /lib/contracts/validate.ts

Responsibility: "Validates every event against the TypeScript contract. Rejects non-compliant events."

Input/Output

type Input = PersistedEvent
type Output = ValidatedEvent | Error

Code

export function validate(e) {
  const res = validateSchema(e)
  return res.valid ? e : res.err
}

FAILURE BEHAVIOR

"On failure → emits EVENT_VALIDATION_FAILED. Pipeline halts immediately. Error logged to observability layer. Caller receives violation list."

SERVICE 3: Risk Scoring Service

File: /lib/bifrost/score.ts

Responsibility: "Calculates risk score 0-100 using rules engine and ML fallback."

Input/Output

type Input = ValidatedEvent
type Output = ScoredEvent

Code

export async function score(e) {
  const ml = await scoreWithML(e)
  return { ...e, score: ml ?? rules(e) }
}

FAILURE BEHAVIOR

"ML service failure → automatic fallback to TypeScript rules engine. Score is never null. Pipeline never halts due to scoring failure."

SERVICE 4: Routing Service

File: /lib/bifrost/route.ts

Responsibility: "Determines the correct destination and action for each event."

Input/Output

type Input = ScoredEvent
type Output = RoutedEvent

Code

export function route(e) {
  const res = routingRules.eval(e)
  return { ...e, destination: res }
}

FAILURE BEHAVIOR

"On failure → routes to DEFAULT_REVIEW queue. No event is dropped. Human review triggered automatically."

SERVICE 5: Audit Service

File: /lib/bifrost/audit.ts

Responsibility: "Creates an immutable, append-only audit record for every event."

Input/Output

type Input = ProcessedEvent
type Output = AuditRecord

Code

export async function audit(e) {
  return prisma.auditLog.create({ ... })
}

FAILURE BEHAVIOR

"Audit is the LAST stage. It never blocks. If audit write fails → emergency log to separate append-only store. Audit failure is a P0 alert. No audit = system violation."

6 Principles. All Enforceable.

Not philosophy. Engineering requirements.

PRINCIPLE 1
"Every event must produce a traceable audit record."
Violation: "Processing an event without creating an audit entry = system violation. Triggers P0 alert."
PRINCIPLE 2
"Contracts first, always."
Violation: "Accepting an event without schema validation = CONTRACT_BYPASS. Blocked at intake."
PRINCIPLE 3
"No service can mutate global state."
Violation: "Writing to DB outside pipeline = UNAUTHORIZED_WRITE. Detectable via observability layer."
PRINCIPLE 4
"No event is ever dropped."
Violation: "Failed events go to retry queue. Max 3 retries then dead-letter queue. Never silently discarded."
PRINCIPLE 5
"Same input always produces same output."
Violation: "Non-deterministic behavior = audit log inconsistency. Idempotency key enforces this."
PRINCIPLE 6
"AI augments decisions. Humans approve escalations."
Violation: "Auto-approving HIGH risk events without human review = ESCALATION_BYPASS. Blocked by routing service."

Verify It Yourself

Event ContractsBifrost ServicesPipeline EngineValidationObservabilityFull Repo

Live Demo Terminal

Watch the Bifrost pipeline execute in real-time. Select an event type and see deterministic processing.

Event Type:
Bifrost Terminal
Select an event type and click "Run Demo Event" to start...

ONE EVENT. ONE PIPELINE. ONE TRUTH.

No duplication. No hidden state. No ambiguity.

View the Repo →Deploy Free →