Public alpha. Stripe Live in ~2 weeks. → Get on the launch list
Get startedCore concepts

Core concepts

Worker-OS is small enough that the entire mental model fits on one page. Five terms; five sentences each; five verifiable artifacts you can produce from outside the platform.

1. Athena (L1) — the compiler

The deterministic compiler that turns a YAML DSL into a decision graph. Hard limits on AST size, predicate depth, quantifier nesting and CPU budget enforce compile-time correctness; a hostile DSL cannot bomb the compiler. Half-compiled state cannot be committed to storage — Athena returns either a complete decision graph or nothing.

What it returns. A LintResult with stable machine codes (SCHEMA_VIOLATION, CONTRADICTORY_RULES, MISSING_ARRAY_MAX, …) and JSON paths to the offending nodes.

Verifiable artifact. Every commit produces a row in policy_commits with an authorship signature over the canonical dsl_hash. The hash chain is append-only; you can replay it.

sha256·b1946ac92492…e6b9f4a7canonical dsl_hash of the example policy

Hard limits spec → · Error code catalogue →

2. Nyx (L2) — the decision engine

The synchronous fast path that evaluates a compiled graph against an input. SLA: p95 ≤ 10 ms, p99 ≤ 30 ms, CPU budget ≤ 40 ms. No LLM call is allowed in the hot path — that is a doctrine violation, not a configuration option. Decisions that need probabilistic reasoning return ESCALATE_TO_QUEUE and hand off to the async deep path.

What it returns. A DecisionResult with the matched rule, the reason code, the confidence, the fallback flag, and the full evaluation trace.

Verifiable artifact. Replay any past decision by piping its input.json into wos simulate. If the bytes don’t match, file an issue — that is a P1 reproducibility failure.

$ wos simulate policy.yaml input.json --json | sha256sum
f4c2e8a91b6d3f70···  -

Sync vs async path spec →

3. Hermes (L3) — the CLI

This CLI / SDK. The only customer-facing surface. By doctrine: no dashboard, no console, no GUI, no Web UI of any kind. Three commands — lint, simulate, deploy — and a stable contract on exit codes. Output is byte-stable under NO_COLOR and pipes.

What it returns. Status icons and Glass-Box JSON in TTY; raw JSON envelopes under --json.

Verifiable artifact. The published binary is signed via Sigstore on a public GitHub Actions runner. Reproducible builds. SBOM published per release.

$ cosign verify-blob \
    --certificate-identity-regexp 'https://github.com/futami-worker-os/.*' \
    --signature wos.mjs.sig wos.mjs
  Verified OK

CLI reference →

4. Integrity Plane (L⊥) — the receipt

Four cryptographic primitives, layered: Ed25519 signature over the canonical decision pre-image, a Merkle tree that rolls every decision in a window into a single root, a Shamir 3-of-5 threshold key distributed across four jurisdictions plus a cross-cloud HSM, and an OpenTimestamps anchor that publishes the daily Merkle root to the Bitcoin chain.

What it returns. A receipt that is reconstructible from the input bytes plus the policy bytes plus our public key plus the inclusion proof plus the OpenTimestamps anchor. Five inputs, one verifier, no platform dependency.

Verifiable artifact. Two commands. If both return zero, the chain of custody holds:

$ cosign verify-blob --key https://worker-os.com/pgp-key.asc \
    --signature receipt.sig receipt.json
  Verified OK

$ ots verify rollup-2026-05-10.ots
  Bitcoin block 875432 — attestation valid

Integrity plane spec → · Verification recipes →

5. Glass-Box — the doctrine

Every byte of every decision is reconstructible from the input bytes plus the policy bytes plus our public key. There is no opaque score, no proprietary “trust us” middleware, no information held back. If we vanish tomorrow, your decisions and their proofs still verify.

What it requires. A discipline, not a feature. Every commit that lands in wos-core is reviewed against the doctrine: any code that adds a hidden code path, an opaque field, or a non-replayable side effect is rejected.

Verifiable artifact. Pull yesterday’s audit log, pick any decision row, run wos simulate against the same input. The returned JSON should be byte-identical to the stored decision. If it isn’t, that is an integrity violation and we publish a signed postmortem within 72 hours.

Audit endpoints → · Threat model →

How they compose

client                                       regulator
   │                                              ▲
   ▼                                              │
[L−1] Edge defense (R1–R6 rate limit, body, etc) │
   │                                              │
   ▼                                              │
[L1] Athena — compile policy.yaml → graph        │
   │                                              │
   ▼                                              │
[L2] Nyx  — evaluate graph(input) → decision     │
   │                                              │
   ▼                                              │
[L⊥] Integrity — sign · include in Merkle ──────►│  receipt.json
                                                   (verifies without us)

L3 (this CLI) is the surface that orchestrates the first three for you. L4 (Judgment UI) appears only when L2 returns ESCALATE_TO_HUMAN; the customer never sees it directly. L0 is Stripe — billed per decision, three-axis metering.

Full seven-layer architecture →

Install & sign upwos lint