queen mark
the apiary · the fleet orchestrator · coming soon

queen

See and steer the whole fleet, and never touch the memory. queen is the control plane beside the deeplake data plane. It carries liveness, identity, enrollment, signed commands, usage observation, and fleet reporting. Nothing else.

a control plane with a hard boundary

The apiary is clean on one machine. The problem starts when the stack spreads across machines, teammates, and throwaway workers, and nobody can say which daemons are alive or who may mint identity. queen answers those questions and nothing else. Memory and skills stay on deeplake, where they already work. queen owns seeing and steering the fleet that writes to it.

what it will do

fleet at a glance

Every agent in your org with derived health, healthy versus offline by heartbeat age, scoped to your own fleet.

custody stays with you

Your long-lived orchestrator holds the deeplake credential, not the cloud. queen coordinates blobs it cannot decrypt.

enroll without ceremony

Approve a machine in the cloud and a custodian device finishes the rewrap. A headless VPS joins with a join-only token.

revocation as policy

Cut a stolen device and rotate the credential as two honest steps, not improv. The hard cases have written answers.

the specs

model
two-application: local agent + cloud plane
boundary
postgres behind an edge api, no memory content
stack
cloudflare workers + hyperdrive + postgres
presence
heartbeat + status-on-change, ttl reaping
dashboard
read-only fleet view, org-scoped
licensing
cloud binding and byoc enforcement

common questions

Does queen read my memory?

No. Memory and skills stay on deeplake. queen coordinates identity, presence, and encrypted blobs it cannot decrypt in the default mode. Presence never writes into the memory dataset.

What happens when a laptop is stolen?

Revoke the device in queen and rotate the deeplake credential. Those are two honest, separate steps, written down before the support ticket.

Do I need two machines open to enroll a new one?

No. Approve in the cloud, and an existing custodian device finishes the cryptographic rewrap next time it is online.

Where does coordination state live?

In postgres behind an edge api: identity, devices, fleets, enrollment, presence, leases, and encrypted blob metadata. No memory content, no prompts, no plaintext credentials.

queen is coming soon

queen is on the apiary roadmap. The rest of the stack ships today, and it is exactly what queen will see and steer once it lands.

explore the apiary