v1.0 GA · `orchard-v1.0.0`

The FAI Orchard is generally available.

Production-grade MCP-native catalog of cross-cloud AI accelerators. Cosign-signed Docker image, SLSA-attested supply chain, multi-region data residency, three byte-equal runtimes, and a v1.0 semver promise locked into a per-package STABILITY.md.

Get started in 5 minutes Self-host (Docker)Read STABILITY.md Pricing

Audit-ready at GA

Built for three audiences

The same v1.0 release lands on every desk: the developer who wants a one-line install, the SRE who runs a multi-instance fleet, and the procurement reviewer who needs a signed answer to every vendor question.

Developers

One install. Five tools. Every MCP client.

Drop into Cursor, Claude Desktop, ChatGPT, Continue, Cline, or VS Code in 60 seconds.
Same 5 tools across npm + Python — byte-equal results, verified by 27-contract conformance suite.
Native CLI + SDK + MCP — pick one or use all three; they share auth + cache.

5-minute quickstart

SREs / Platform

Self-host with one command. Drain with another.

Multi-stage Alpine Docker image with non-root user, HEALTHCHECK, and cosign signatures.
Graceful HTTP shutdown — 503 + Retry-After during drain so rolling deploys land cleanly.
Redis rate-limiter backend (adapter pattern; bring your own ioredis / @upstash / RESP-2 stub).

Self-host guide

Procurement + Security

Audit-ready out of the box.

STABILITY.md spells out every semver guarantee + LTS window + CVSS-tiered patch timeline.
Cross-region WRITE is a tested invariant — locked to deny even with maximal entitlements.
Audit-export with SHA-256-against-bytes manifest verification; defense vs spoofing.

Read STABILITY.md

By the numbers at GA

Verifiable against the regression suite + STABILITY.md gates.

All 5 packages, locked: 1.0.0
Regression cases at GA: 5,969+
Test suites, 0 failures: 109
Runtimes byte-equal (npm + py + VS Code): 3
Regions (us-east, eu-west, ap-south): 3
MCP tools, 6 prompts, 1 resources scheme: 5
Full regression wall-clock budget: < 120 s
Per-package tarball size budget: ≤ 128 KiB

Trusted by enterprises across us-east, eu-west, and ap-south

Named customer references are being added as case-study waivers are signed. Want to be the first published reference? Email [email protected].

us-east· kickoff
eu-west· kickoff
ap-south· kickoff

Get started in 5 minutes

The full quickstart at /docs/orchard/getting-started walks you from npm install to a working MCP tools/call in three steps.

Install in your MCP client

Pick npm OR PyPI; both produce byte-equal results.

# npm (Node ≥ 18)
npx -y @frootai/mcp-orchard@latest

# OR PyPI (Python ≥ 3.10)
uvx frootai-mcp-orchard[sdk]@latest

Wire into Cursor / Claude Desktop / VS Code

Drop one JSON snippet into the client config.

{
  "mcpServers": {
    "frootai-orchard": {
      "command": "npx",
      "args": ["-y", "@frootai/mcp-orchard@latest"]
    }
  }
}

Ask your agent a question

The agent calls orchard.search + orchard.show without any manual setup.

> "Find Azure RAG accelerators with eval coverage"
# → agent runs orchard.search query="rag" where="variety:azure AND trust_badge:eval_proven"
# → renders Markdown table inline

For procurement + security reviewers

Direct answers to the six questions that come up in every enterprise vendor review.

How is your release pipeline secured?: npm tarballs ship with SLSA provenance via OIDC. PyPI wheels carry PEP 740 attestations. The Docker image is cosign-signed by our GitHub Actions OIDC issuer. Every step is reproducible from a tagged commit. See STABILITY.md §5 and the self-host guide for the verification recipe.
What is your security disclosure policy?: 90-day coordinated disclosure by default; embargoed timelines on request. Critical (CVSS ≥ 9) patches within 7 calendar days; High within 30. Report to [email protected] — see SECURITY.md for the full policy.
Where does my audit log data live?: On your bucket. Audit-export writes to your S3 / Azure Blob / on-prem object store with hive-partitioned object keys per region + tenant. SHA-256 manifests verify against actual file bytes — manifest spoofing is detectable. Cross-region WRITE is denied for all tiers, all entitlement combinations, enforced by test invariant.
Can I run this without phoning home?: Yes. Telemetry is opt-in; default install ships disabled. DO_NOT_TRACK=1 is a hard override that suppresses every event. Self-hosted Docker has zero npm-install at runtime so the image is air-gap-friendly.
What's your semver promise?: Strict SemVer 2.0.0. No breaking changes in 1.x.y, ever. Deprecations get a 6-month minimum window before removal in the next major. LTS backports for the current minor and the previous minor.
Do you have a DPA / MSA?: Yes — enterprise customers sign an MSA + DPA before the first production audit-export. Templates land at /docs/enterprise/legal (Phase A10.x). Contact [email protected] for a procurement-ready package.

Agent Skills Marketplace

Extend FAI Orchard with composable agent skills — curated, schema-validated, and supply-chain-gated. 2 new MCP tools let you discover and inspect skills from any MCP client.

Discover

orchard.list_skills — paginated listing sorted by downloads. Free tier sees top 100.

Inspect

orchard.show_skill — full manifest as Markdown. Dependencies, capabilities, publisher, attestation.

Publish

Schema-validated manifests + Sigstore attestation + verification gate. Only @frootai/* deps allowed.

Skills documentation

Choose your Variety

Each Variety hub curates accelerators, quickstart plays, and agent skills for your cloud platform. FrootAI is Azure-first for our Microsoft-visibility bootstrap; Open Source is live today; Hybrid lands next as part of our multi-cloud expansion.

Azure

Azure AI, Bicep, Foundry — 385 curated accelerators

Live

Open Source

FrootAI 101 plays + OSS recipes

Live

Hybrid

Multi-cloud expansion — coming soon

Soon

Ready to deploy?

Start with the 5-minute quickstart, browse the catalog, or talk to sales about an enterprise rollout (SSO + audit export + multi-region + on-prem).

Quickstart Browse the catalog Contact sales

v1.0 changelog · Migrate from v0.9.x · MCP reference · Enterprise guide · Self-host · Pricing · GitHub

Orchard:Schema v1 ↗Validators ↗Overrides PRs ↗Pollinations ↗Contribute ↗