Two Soroban contracts anchor every StellarFlow workflow run on the Stellar network. Written in Rust, compiled to WASM, and deployed to Soroban.
Stores workflow definitions and run state on-chain. Every workflow run is anchored on Stellar — the network enforces valid state transitions.
initialize(admin)register_workflow(name, version, step_count)start_run(run_id, workflow_name)record_step(run_id, step_id, agent, status, inputs_hash, outputs_hash)complete_run(run_id, success)cancel_run(run_id)get_run(run_id)get_step(run_id, step_id)wf_regrun_startstep_donerun_endWORKFLOW_REGISTRY_CONTRACTImmutable append-only audit trail. Each step records SHA-256 hashes of its inputs and outputs. Entries can never be modified — tamper-proof by design.
initialize(admin)record(kind, workflow_id, run_id, step_id, agent, inputs_hash, outputs_hash)get_entry(entry_id)get_run_entries(run_id)verify(entry_id, inputs_hash, outputs_hash)entry_count()auditAUDIT_LOG_CONTRACTcargo install --locked stellar-cli --features optexport DEPLOYER_SECRET=S...your_testnet_secretbash contracts/deploy.sh# Copy output into .envWhen a workflow run is triggered via POST /api/workflows/run, the API calls start_run() on the WorkflowRegistry contract — anchoring the run on-chain before any agent executes.
As each step completes, record_step() is invoked with SHA-256 hashes of the step's inputs and outputs. The AuditLog contract appends an immutable entry and emits an event that any indexer (Horizon) can stream in real-time.
If WORKFLOW_REGISTRY_CONTRACT or AUDIT_LOG_CONTRACT are not set, the API falls back to in-memory simulation — so the app works fully without deploying contracts first.