early beta · Apache-2.0 · v1.3.0
Production readiness, honestly.
osmoda is an early-beta, open-source project. This page is the maturity matrix we'd want before betting a workload on someone else's infrastructure: what's production-grade today, what's hardening, and what's still on the v1.4 roadmap. The repo is public — every claim here is checkable against the code at github.com/bolivian-peru/os-moda.
In the code today and exercised in normal use.
Works today; the formal layer on top (cert, enforcement, tests) is being built.
Designed — sometimes with a tool surface present — but the enforcement isn't wired in yet.
Core runtime
10 system daemons
agentd, watchdog, routines, teachd, mesh, voice, keyd, mcpd, egress + the gateway. Each a separate supervised process.
92 typed tools
Structured, audited, schema-validated tool surface exposed to the agent via the bridge.
20 pre-built skills
Higher-level workflows the agent invokes by intent match. Markdown + frontmatter under skills/.
Disk-persisted sessions
gateway v0.2.1 — sessions survive restarts (atomic tmp+rename, debounced, mode 0600). Runtime-tagged so claude-code ↔ openclaw swaps start clean.
BYO model key
Anthropic OAuth (Pro/Max flat-rate) or API key; OpenAI key; switch per-agent from the dashboard with no rebuild.
Reliability & recovery
NixOS atomic deploy + rollback
Every config change is a generation; revert any deploy with one command. Foundational, well-exercised.
Watchdog auto-restart
6-second median wedge recovery; retry-with-backoff. Restarts a crashed daemon before you notice.
Dual-signal wedge detection
v1.3.25 — requires both the heartbeat AND the chat-frame signal to be stale before flagging wedged. Eliminated the false-positive restart class.
Automated test suite (core)
The 14.6k-line gateway and the Rust daemons have minimal automated test coverage today. Client SDK + tooling are tested; the core is not yet. A regression net is the precondition for the 'critical apps' claim.
High availability / multi-host
Today the managed tier runs on a single host. No multi-region failover or load-balancer sharding yet. One machine down = outage.
Security & isolation
KEYD credential vault
Signed-action model — the agent never holds raw keys; it requests an action and the vault signs. Token crypto: 32-byte random, SHA-256 at rest, timing-safe compare.
Post-quantum mesh
X25519 + ML-KEM-768 hybrid between customer machines. Harvest-now-decrypt-later resistant.
EU residency by default
Customer data in Frankfurt EU-1 unless you choose otherwise; on-device voice (whisper.cpp) so audio never egresses.
Trust-tier capability surface
sandbox_exec + capability_mint tools ship and capability declarations are audited. But enforcement is advisory today — declarations are logged, not kernel-enforced.
Bubblewrap sandbox enforcement
Tier 1/2 kernel-level containment (bubblewrap wired into sandbox_exec's default path) is on the v1.4 roadmap. Until then an agent with system access is not OS-sandboxed.
Hard-blocking approval gate
The four approval tools persist to SQLite and the agent is prompted to call them before destructive ops — but enforcement is convention-based. A wrapper that REFUSES to proceed without an approved id is v1.4.
Audit & compliance
SHA-256 hash-chained audit ledger
Every action sealed and chained; tampering breaks the chain. This is cryptographic, not aspirational — the claim holds.
SOC 2 evidence generation
The ledger generates evidence relevant to SOC 2 Trust Service Criteria. Evidence generation ships; the certification itself is in progress, not held.
HIPAA / 21 CFR Part 11 controls
Technical controls are mapped to the relevant frameworks (45 CFR 164.312, electronic-records requirements). Mapped and documented — not certified.
GDPR / ISO 27001 alignment
EU residency + the audit ledger cover the technical substrate. Formal ISO 27001 certification is not in place.
Public API (spawn.os.moda)
Idempotency keys
POST /spawn accepts Idempotency-Key; network retries no longer double-charge or double-provision.
Token lifecycle
osk_ tokens can be issued, expired, and revoked. Compromised token = revoke, not rebuild.
Structured errors
Machine-readable error codes; no more string-matching the message.
WebSocket hardening
Heartbeat + idle close on the live-chat socket; connections no longer hang with rotting buffered state.
x402 off the sync path
Payment confirmation via webhook instead of the 120s sync middleware (the spawn-timeout race). Idempotency absorbs the common case today; webhook path is backlog.
What to run on it today
Good fit now
- • Overnight automation — scrapers, briefs, monitoring, lead-gen
- • Internal tooling, dev / staging environments
- • Non-critical workflows where a failure means "rerun it", not "lose money"
- • Self-hosted experiments where you own the box and accept beta risk
- • Anyone who wants to read, fork, and harden the source themselves
Wait for v1.4+
- • Money-moving or transaction-critical systems
- • Regulated workloads needing certification (not just evidence)
- • Anything where unattended root access must be kernel-sandboxed
- • Workloads that can't tolerate single-host downtime
- • Mission-critical apps with zero rollback tolerance
The gate for the right-hand column closing is concrete: bubblewrap trust-tier enforcement, a hard-blocking approval gate, automated test coverage on the gateway + daemons, and HA across more than one host. Those are the team's priority. We'll move items from Roadmap to Shipped on this page as they land — and the first named pilot deployment will appear at os.moda/#pilot.
FAQ
Is osmoda production-ready for critical apps?
Not yet for critical workloads — money-moving, regulated, or life-affecting apps where downtime or data loss is unacceptable. The honest blockers are: security isolation is advisory (bubblewrap enforcement is v1.4), the core gateway has minimal automated test coverage, and the managed tier runs on a single host with no HA. For non-critical automation — overnight scrapers, lead-gen, drafts, monitoring — it's usable today, and because it's Apache-2.0 you can read every line and harden it yourself.
What does 'shipped' vs 'hardening' vs 'roadmap' mean here?
Shipped = in the code today and exercised in normal use. Hardening = the capability exists and works, but the formal layer on top (a certification, kernel enforcement, a test net) is still being built. Roadmap = designed, sometimes with a tool surface present, but the load-bearing enforcement or infrastructure is not wired in yet. We label honestly because an early-beta project earns trust by being precise about its edges.
When will the v1.4 items ship?
We don't publish hard dates — an early-stage project that misses a promised date loses more trust than one that ships quietly. The roadmap items (bubblewrap enforcement, hard approval gate, gateway test coverage, HA) are the gate for recommending osmoda for critical workloads, and they're the team's priority. Track progress in the changelog and the open-source repo at https://github.com/bolivian-peru/os-moda.
Why publish this at all? Most vendors hide it.
Because the repo is public — anyone can read the code and see what's enforced versus advisory. A maturity page that matches the code reads as confidence; a marketing site that oversells reads as risk. For the infra buyers we want (people who'll read the source before they trust it), honesty is the stronger pitch.
Trust the architecture, not the headline. The repo is the proof.