Diagrid has announced the release of Dapr 1.18, introducing what it calls Verifiable Execution, a new set of capabilities designed to bring cryptographic trust, provenance, and tamper-evident execution records to distributed applications and AI agents. The update, one of the most significant since Dapr 1.10, introduces Workflow History Signing, Workflow History Propagation, and Workflow Attestation, enabling organizations to verify how workflows were executed, which identities performed actions, and whether execution histories have been altered. The release is available immediately as an open-source update to Dapr and through Diagrid's managed Catalyst Cloud platform.
The announcement addresses one of the most pressing challenges emerging in the age of agentic AI: trust. While distributed systems have become increasingly resilient over the last decade, and AI agents are now capable of carrying out complex, long-running tasks, proving how those tasks were executed has remained difficult. Dapr 1.18 aims to close that gap by introducing cryptographic chains of custody that span workflows, services, and AI agents, giving organizations a verifiable record of execution that can be independently validated.
Historically, workflow engines and distributed systems have focused primarily on durability and fault tolerance. Modern workflows can survive infrastructure failures, recover from crashes, and retry failed operations automatically. However, questions around provenance and accountability have become increasingly important as AI systems begin making business-critical decisions.
When an AI agent approves a financial transaction, accesses sensitive information, invokes another agent, or executes a long-running workflow, organizations increasingly need answers to questions such as: Who initiated the action? Has the execution history been altered? Can downstream systems trust the results? And can auditors verify the chain of events independently?
Workflow History Signing allows workflow execution histories to be cryptographically signed using identities based on the open SPIFFE standard, creating tamper-evident records that can be independently verified. Workflow History Propagation extends execution lineage across services, workflows, and application boundaries, allowing downstream systems to understand where requests originated and what prior actions influenced them. Finally, Workflow Attestation enables workflows and activities to receive trusted execution context, allowing policies and compliance checks to make decisions based on verified provenance.
Together, these capabilities create what Diagrid describes as Verifiable Execution, a model in which the history of a workflow becomes as trustworthy and auditable as the data it produces.
The release reflects a broader shift occurring across the software industry. Over the last several years, technologies such as software signing, software bills of materials (SBOMs), and artifact attestations have become foundational elements of software supply chain security. Organizations increasingly expect to know where software came from, how it was built, and whether it has been tampered with.
As AI systems become more autonomous, organizations are facing growing demands for explainability, regulatory compliance, and operational accountability. In regulated industries such as healthcare and financial services, proving how an AI-driven decision was made may become as important as the decision itself. Dapr 1.18 extends supply chain security concepts beyond software artifacts and into runtime execution, allowing workflows and AI agents to produce verifiable evidence of what happened, who performed an action, and whether the execution history remains intact.
The Jobs API, which enables scheduling of future and recurring work, has now graduated to stable status after undergoing extensive performance testing and is considered production-ready. Component and Configuration Hot Re is now generally available, enabling organizations to update configurations without restarting applications or interrupting running workloads.
The release also introduces improvements to the Actor runtime model. Applications can now establish a single bidirectional gRPC stream to receive callbacks from the Dapr sidecar, eliminating the need to expose inbound server ports and reducing networking complexity and attack surface.
At the infrastructure level, Dapr 1.18 adds IPv6 and dual-stack networking support, alongside RFC 7230-compliant handling of hop-by-hop HTTP headers during service invocation, improving interoperability and networking security in modern environments.
The timing of the release aligns with growing industry efforts to define the infrastructure required for trustworthy AI systems. Organizations including Microsoft, the Agentic AI Foundation (AAIF), and the Cloud Native Computing Foundation (CNCF) have increasingly focused on governance, interoperability, identity, and provenance as foundational requirements for agent-based AI systems.
With Dapr 1.18, Diagrid is betting that the next phase of cloud-native computing will not simply be about durable execution; it will be about verifiable execution, where trust, provenance, and cryptographic accountability become built-in features of the platforms powering AI and distributed applications.