Operations, Fuze Docs

Deployment tiers

Pick a tier by data residency requirements. The public surface is identical across tiers.

Dev tier

evidenceSink writes to an in-memory buffer. StaticPolicyEngine substitutes for Cerbos. No signing. Used for local iteration and unit tests.

import { StaticPolicyEngine } from '@fuze-ai/agent'

const records: unknown[] = []
const policy = new StaticPolicyEngine([
  { id: 'allow.greet', toolName: 'greet', effect: 'allow' },
])

Cloud tier

evidenceSink ships records to the Fuze cloud daemon over HTTPS. Cerbos runs embedded WASM via @fuze-ai/agent-policy-cerbos. Run-roots are signed via @fuze-ai/agent-signing (LocalKeySigner) and anchored to a transparency log. All ingest is hosted in the EU.

Sovereign tier

Customer-operated Kubernetes + Postgres + Cerbos + KMS, deployed via @fuze-ai/agent-sovereign-terraform. Signing keys come from the customer's KMS (@fuze-ai/agent-signing-kms). No data leaves the customer perimeter. See the Sovereign tier guide.

Monitor

The tracer emits OTel-shaped spans for every loop iteration, model call, tool execution, guardrail phase, and policy decision. Span names are stable and namespaced under fuze.*.

Span	Emitted by	Notable attributes
`fuze.run`	Loop entry	`fuze.run.id`, `fuze.run.lawful_basis`, `fuze.run.tenant`
`fuze.model`	Model dispatch	`fuze.model.residency`, `fuze.model.tokens_in/out`
`fuze.tool`	Tool dispatch	`fuze.tool.classification`, `fuze.tool.name`
`fuze.policy`	Cerbos gate	`fuze.policy.decision`, `fuze.policy.engine_error`
`fuze.guardrail`	Guardrail runner	`fuze.guardrail.phase`, `fuze.guardrail.hard_block`
`fuze.evidence.append`	Hash-chain emitter	`fuze.evidence.seq`, `fuze.evidence.head`

Scale

The loop is single-process per run. Separate runs share nothing through Ctx. Suspend/resume goes through @fuze-ai/agent-suspend-store (SQLite locally; Postgres in production). Provider rate limits are absorbed by maxRetries: 0 at the provider plus the loop's own retry budget.

Troubleshoot

Engine error halts the run

code

fuze.policy.engine_error=true

The Cerbos engine threw or returned malformed output. The loop is fail-stop on this signal; there is no allow-on-error path. Check Cerbos pod logs, then the policy-bundle hash referenced in the run's evidence bundle.

Lawful-basis mismatch at run start

code

LawfulBasisMismatch: agent declared 'legitimate_interests' but tool 'lookup_user' retention 'pii.v2' permits ['consent','contract']

Either change the agent's lawfulBasis or remove the tool from the agent.

Missing oversight

code

fuze.run.missing_oversight=true

producesArt22Decision: true or a non-'none' annexIIIDomain requires an oversight tool path that records evaluateApproval. Add the HITL primitive, see HITL tutorial.

Hash chain verification fails

verifyChain(records) returned false. Records are out of order, a record was dropped, or a byte was flipped. Re-fetch the record stream from the canonical sink.

Upgrade

Patch versions are drop-in. Minor versions: read the CHANGELOG. Major versions: see v0 to v1 migration.