Skip to content
vollko
Main
Homepage Engineering Transformation Whitepaper
Sections
Why OSS Sensing Identity Substrate / Orchestration Substrate / Eval Substrate / Observability Substrate / Data fabric Substrate / Knowledge fabric Cognition Action Inter-layer comms Knowledge persistence The 3-language ports
The trace · deep dives
01 · sense
sensing-ingestion
02 · substrate · memory & identity
knowledge-graphs agent-memory agent-identity observability
03 · cognition · the firm thinks
agent-frameworks orchestration eval-harness protocols
04 · trust + learning
governance feedback-loops
05 · synthesis · one trace
end-to-endStart a conversation
The companion catalog · The AI-Native Organization →

Open source over rentals,
every time.

60+ standalone packages that implement the primitives an AI-native organization actually needs - identity, eval harness, observability, knowledge fabric, multi-agent coordination, signed actions, durable workflows. TypeScript, Python, Rust. No vendor lock-in. No renewal pressure. Audit-grade by design.

Browse by layer All repos on GitHub
60+
Packages
3
Languages
OSS
License-first
0
Vendor lock
the stack · visual ToC

Four layers. Fifty primitives.

Each repo lands on one layer. Ember = flagship.

Why OSS · the thesis

Three reasons SaaS loses for AI infrastructure.

Audit, switching cost, pace of change.

SaaS works for stable problems; the 2026 agent stack isn't one. Five infra acquisitions in six months — Helicone, Langfuse, Promptfoo, Traceloop, Permify — say the layer is still settling. Three tests decide it:

· · ·
the cube, assembled · the horizontal layer

The bricks are shipped. Here's the cube they build.

The primitives below are the parts. These 15 repositories wire them into a governed, eval-gated cube that runs end‑to‑end — the exact architecture the whitepaper describes, in TypeScript you can read. Published 2026‑05‑28, Apache‑2.0.

core loop · sense → think → gate → act → learn
cube-template  ☆ the assembler
The cube assembler: six face contracts wired into a governed, eval-gated golden path. create-cube generator + cube.config manifest + CLI.
tsSIX FACESGOLDEN PATHCLI
cube-spine
Canonical event envelope, in-process bus, and hash-chained transcript for the cube platform. Ed25519-signed, JCS-canonical, replayable.
tsEVENT BUSTRANSCRIPT
cube-runtime
Own-the-loop 5-phase agent cognition runtime behind a swappable CognitionFace contract. Deterministic fake backend for CI.
ts5-PHASE LOOP
eval-gate
Three-layer quality gate (deterministic → trusted rules → LLM jury) for the cube platform. AI-slop veto + contradiction detector + cross-family shadow verdict.
tsEVALJURY
governance
Policy-as-code gate: kill-switch + policy engine + grounding gate + approval queue. Scoped kill-switch, file-persistent queue, decision audit log.
tsPOLICYKILL-SWITCH
reference-constellation  ☆ the proof
One benign caregiver-domain cube composing the whole platform end-to-end — the L2 acceptance test. bun start runs the full stack live. Public hub linking all 15.
tsEND-TO-ENDRUNNABLE
horizontal layer · trust, memory, knowledge, sensing, loops, operator tooling
identity-services
DID resolver, capability-VC issuer/revocation, ID-JAG token-exchange, and CIMD for the cube platform's trust root.
tsDIDCAPABILITY-VC
trust-plane
Per-call authorization plane: identity + capability + risk + runtime attestation + policy, composed into one allow|queue|deny.
tsAUTHZ
memory-manager
Five-tier memory with token-budgeted context assembly and transcript-derived episodic recall. Never exceeds the context ceiling.
tsMEMORYBUDGETED
knowledge-pipeline
Extract → resolve → graph+vector → reranked unified lookup, with single-valid-time and lean multi-hop.
tsKGVECTOR
sensing
AI reader (doc → chunks/entities/lineage) + sensor router (6 families → stream|event|batch) + trigger debounce.
tsINGESTROUTER
loop-closers
Close the four feedback loops: outcome capture, nightly eval promotion, process summary, system summary (data layer, no UI).
ts4 LOOPS
maturity-scorecard
Score an organization's AI-native maturity (L0-L3) on a capability axis and a governance-readiness axis, with the missing loops.
tsL0–L3TRANSFORM
cubability-sorter
Sort work items into Tier 1-4 by how cube-able they are (repetitive, schema-clear, async, reversible). Irreversible work never lands Tier 1.
tsTIER 1–4TRANSFORM
adoption-dashboard
Two adoption lines from work records: % of work touched by agents and capacity redeployed (data layer, no UI).
tsADOPTIONTRANSFORM
· · ·
Layer 01 · Sensing

Read the world cleanly.

Stream parsers, document ingestion, pre-flight filters.

personal-ediscovery  ☆ flagship
Privacy-first local indexer for your digital life - emails, chats, photos, documents - exposed to your AI via MCP. No cloud, no embedding leaks, consent-gated.
py PRIVACY-FIRST LOCAL MCP RRF SQLITE-VEC
llm-stream-parser
Parse SSE streams from OpenAI / Anthropic / any LLM API. Robust against partial chunks and reconnects.
tsSTREAMS
pii-detect
Detect emails, phones, SSNs, IBANs, BTC addresses. Pre-ingest filter before anything enters the substrate.
tsPII
secret-sniff
Scan text for credentials and API keys before they leave the gateway. Tight ruleset, low false positives.
tsSECRETS
tool-call-validator
Parse + validate LLM tool-call JSON with lenient repair. Catches malformed calls at the edge, not in the side-effect.
tsJSON-REPAIR
think-scrubber
Streaming scrubber/extractor for reasoning blocks (e.g. <think>...</think>). Three-language port.
tspyrsREASONING
· · ·
Layer 02 · Substrate / Identity & provenance

Every agent has a name & a signature.

DIDs, capability VCs, signed actions, attestations.

NIST and OWASP both published in 2026 that traditional IAM is inadequate for agent identity. These primitives implement the new model: per-agent DIDs, capability verifiable credentials, signed action receipts, and provenance-aware MCP servers.

agent-id  ☆ flagship
Machine-first identity. ~400 LOC TS composing W3C DIDs + Capability VCs + Ed25519 into the agent-native profile that was missing. Three functions, zero blockchain. Spec v1.0.
ts py rs DID CAPABILITY VC ED25519 SPEC v1.0
agent-credential-helper
OS-keychain credential helper for agents. Per-OS secure storage; no plaintext secrets in env vars.
tsCREDS
agent-attestation  ☆ flagship
Cryptographically verifiable receipts for agent actions. OTel covers traces. Sigstore covers builds. Neither covers this agent took this action for that user at that time.
ts ATTESTATION ED25519 FORMAT + LIB + CLI AUDIT
agent-toolprint  ☆ flagship
Double-signed receipts for every tool call. The agent signs, the tool counter-signs. Anyone with the public keys verifies - no host, no service, no chain. Under 5 min to a verified receipt.
ts py rs DSSE JCS ED25519 COUNTERSIGN
mcp-provenance  ☆ flagship
Sign, verify, publish MCP servers - with capability declarations. The supply-chain primitive missing since OX Security disclosed ~200,000 vulnerable instances across 150M+ downloads (May 2026).
ts MCP PROVENANCE SIGSTORE CAPABILITY MANIFEST SUPPLY CHAIN
hmac-sign
Webhook signing with timing-safe verification. The boring building block every integration needs.
tsHMAC
· · ·
Layer 02 · Substrate / Orchestration & safety

The gateway, the sandbox, the throttles.

Substrate-level routing, rate limits, prompt injection, sandboxed execution.

shack-gateway  ☆ flagship
Progressive-discovery MCP gateway. Four shack_* meta-tools surface instead of dumping every downstream schema (~5 k tok each, breaks at ~50 servers). Security pipeline on every call: sandbox, allow/deny, hooks, redaction.
rs ts py MCP GATEWAY PROGRESSIVE DISCOVERY SANDBOX
shack-wasm-interpreter
Sandboxed fuel-bounded WASM execution exposed as MCP. Run untrusted agent-generated code without giving up the box.
rstspySANDBOX
rate-limit-guard
Cross-process throttling for agent fleets. Distributed, deterministic, three-language port.
tspyrsRATE LIMIT
token-bucket
Minimal token-bucket rate limiter. The primitive everything else wraps.
tsRATE LIMIT
circuit-breaker
Classic circuit breaker pattern; one less excuse to write your own.
tsRESILIENCE
prompt-shield
Prompt-injection detector at the substrate edge. Stops the obvious attacks before they reach the agent.
tsINJECTION
loop-guardrail
Sliding-window detector for repetitive tool-call loops. Trip when an agent gets stuck.
tspyrsSAFETY
· · ·
Layer 02 · Substrate / Eval harness

The eval harness - the flagship.

Quality-gated SOP execution with independent LLM evaluators.

An eval-first approach: every SOP execution gets independent multi-dimension scoring before it ships. Compare to Inspect (UK AISI), Promptfoo (now under OpenAI), and DeepEval - all OSS. Skip Braintrust ($80M-funded SaaS) unless you specifically need their UX.

harness  ☆ flagship
Quality-gated SOP execution with independent LLM evaluators - the entity doing the work never judges its own output. 6-dim rubric (25/20/20/15/10/10), 3 thresholds (lenient 3.0 / default 3.5 / strict 4.0), 4 SOP templates, 9 MCP tools, 3 evaluator backends.
ts py EVAL MCP CLAUDE-CODE SOP ENGINE
· · ·
Layer 02 · Substrate / Observability & replay

Every action replayable.

Byte-deterministic transcripts, reproducibility seeds, MCP-backed session capture.

OSS-first observability stack pairs well with Langfuse, Arize Phoenix, OpenLLMetry, Logfire free tier - all open or OTel-native. Skip Datadog LLM Obs unless your firm already pays Datadog for everything.

agent-scroll  ☆ flagship
Canonical, byte-deterministic, hash-chained transcripts. Two independent implementations of the spec produce byte-identical bytes. JCS + deterministic CBOR + per-turn Ed25519.
ts py rs TRANSCRIPT JCS CBOR HASH CHAIN SPEC v1.0
agent-rerun  ☆ flagship
SLSA for agent steps. A portable envelope - capture an LLM step's inputs + params + expected output once, verify on any compatible runtime within a declared tolerance.
ts py rs REPLAY TOLERANCE LEVELS SLSA-FOR-AGENTS
explain-since
"What did the agent do since timestamp T?" primitive. The query the weekly process review actually needs.
tsTIMELINE
shack-session-replay
Record / replay agent trajectories as an MCP server. Three-language port.
tspyrsMCP · REPLAY
· · ·
Layer 02 · Substrate / Data fabric

Content-addressed everything.

CIDv1 + Ed25519 + DID manifests for every artifact.

For the rest of the data fabric, the OSS-first stack is pgvector + DuckDB + Qdrant + Apache Iceberg. Add Memgraph or Neo4j Community for graph. No paid vector DB needed under ~50M vectors.

agent-cid
CIDv1 + Ed25519 + DID manifests for content-addressed artifacts. The substrate-grade naming scheme.
tspyrsCID
· · ·
Layer 02 · Substrate / Knowledge fabric

The signed knowledge network.

Trusted teams publish playbooks; agents retrieve with cryptographic verification.

MoltSchool / Kindred  ☆ flagship
The shared notebook every teammate's agent reads. Write once, retrieve with provenance. Pages decay if untouched (90d). Closes OWASP AST07 (update drift) + AST09 (no governance). Backend, web, CLI, Claude Code plugin (MCP + skill + hook). KAF 0.1 spec.
py ts KNOWLEDGE MCP CLAUDE-CODE KAF
dsl  ☆ flagship
A Claude Code skill that loads your team's domain vocabulary. Project ./LEXICON.md + global ~/.claude/LEXICON.md with Applies when: matching. Three modes, never derails.
ts ONTOLOGY CLAUDE-CODE SKILL LEXICON.md
· · ·
Layer 03 · Cognition

Multi-agent coordination, working memory, tool calling.

The cognition substrate without the framework lock-in.

For the agent framework itself, the OSS picks are LangGraph, Mastra, Letta, Pydantic AI, smolagents. These below are the orthogonal primitives that any framework benefits from.

shack-blackboard  ☆ flagship
A shared-state MCP server with three primitives for multi-agent coordination: KV blackboard, pub/sub topics, named locks. 8 MCP tools. JSON-RPC 2.0 over stdio.
rs ts py MULTI-AGENT BLACKBOARD PUB/SUB LOCKS
parley
Signed, bounded, turn-taking rooms for cross-org agent conversations. The protocol the deck never had.
tsTURN-TAKING
context-compressor
Context-window compression & token-budget management. Stops the silent context-window blowups.
tspyrsCTX BUDGET
token-est
Heuristic LLM token estimator. The arithmetic primitive every context assembler needs.
tsTOKEN COUNT
triz-agent
TRIZ-methodology innovation agent. A domain-specialized cognition example.
pyDOMAIN
· · ·
Layer 04 · Action & durability

The write side - payments, publishes, fleets.

Durable agent tasks, agent-to-agent payments, autonomous release pipelines.

For durable workflow execution, pair with OSS engines: Temporal, Restate, DBOS, Inngest OSS, Hatchet, Trigger.dev OSS.

agent-task-protocol  ☆ flagship
A portable contract for what an agent task is. Every framework reinvents it - LangGraph, Temporal, MCP Task, OpenAI SDK, Inngest. ATP makes them legible: lifecycle, persistence, retry, budgets, approvals, checkpoints.
ts DURABILITY JSON SCHEMA SQLITE ADAPTERS
agent-pay
L402 + DID-signed invoices for agent-to-agent Lightning payments. The action-layer execution for money.
tspyrsPAYMENTS
shack-payment-gateway
EIP-191 cryptographic micropayment authorization MCP. Action layer with cryptographic authorization.
rstspyMCP · PAY
agent-publish
Multi-registry release publisher with canonical JSON manifest. Action-layer write for packages.
tsrsRELEASE
agent-launch
Draft platform-native release announcements. Action-layer dispatch for comms.
tsrsDISPATCH
agent-fleet
Autonomous OSS-repo health monitor. End-to-end action example: sense, decide, act, learn.
tsrsFLEET
federated-messenger-identity
Portable contact-mapping across messengers. The dispatch-target abstraction.
tsCONTACTS
channel-capability-matrix
Schema/library for messaging-channel capabilities. The action-routing meta-data.
tsROUTING
· · ·
Wiring · Inter-layer communication

The bus, the transport, the schemas.

Type-safe event bus, encrypted agent RPC, federated Q&A.

Pair with OSS protocols: MCP (Apache 2.0, Linux Foundation), A2A (Apache 2.0, Linux Foundation), CloudEvents (CNCF), AsyncAPI, Apicurio Registry (Apache 2.0, the only fully-OSS multi-format registry).

typed-event-bus  ☆ flagship
~120 lines, zero dependencies, real TypeScript autocomplete for both event names and payload shapes. Six methods (on, once, off, emit, onAny, waitFor). Node 20+, browsers, Bun, Deno, edge.
ts BUS ZERO DEPS ANY RUNTIME NPM
agent-phone
Noise-XK encrypted RPC between agents over DID-bound WebSocket. The secure inter-agent transport.
tspyrsTRANSPORT
agent-ask
Federated public Q&A protocol. The inter-org request/response schema.
tspyrsFED Q&A
tiny-validator
Zod-like schema validator. The schema-registry building block.
tsSCHEMA
· · ·
Cross-cutting · Knowledge persistence

Memory that survives agent rotation.

Portable schema. Episodic, semantic, procedural - one taxonomy.

For the memory engines themselves: Letta (Apache 2.0), Cognee (MIT), Graphiti (Apache 2.0) - all OSS. Skip Zep Cloud if Graphiti standalone covers you.

memory-portability  ☆ flagship
Portable schema for agent memory. Move it between Mem0, LangChain, LlamaIndex, OpenAI without losing it. Three primitives: episodic, semantic, procedural. Adapters + CLI.
ts MEMORY SCHEMA 3 PRIMITIVES CONSENT ADAPTERS
shack-semantic-cache
SQLite-backed tool-result cache exposed as MCP. The hot/working memory tier.
rstspyCACHE · MCP
lru-tiny
Tiny LRU cache. Working-memory eviction primitive when you do not want a dependency tree.
tsLRU
· · ·
The principle

Same primitive, three languages.

TypeScript for the team that ships fast. Python for the team that ships science. Rust for the team that ships forever.

Most of these primitives ship as a coordinated trio - the TypeScript version, the Python version, and the Rust version - published from a single agent-ports meta-repo. Agents and humans pick whichever language fits the surface they live on. The wire formats stay identical across all three so cross-language deployments work without translation.

ts

TypeScript

For agent UIs, web-facing tools, MCP servers run inside Node / Bun / Deno, and integration glue. The first port for each primitive.

py

Python

For ML pipelines, data work, anywhere the science already lives. Same wire format, same semantics.

rs

Rust

For the substrate edge - gateways, sandboxes, validators. Where performance and safety both matter.

· · ·
About Vollko

Vollko is a small senior team. We ship the OSS primitives above because the AI-native organization we want to help firms build needs them - and a primitive that is not open cannot be a foundation.

Build the AI-native firm
· · ·
Read the AI-native organization whitepaper All repos on GitHub
Directory · pick a face
knowledge-graphs
eval-harness
agent-memory
protocols
agent-identity
observability
orchestration
sensing-ingestion
governance
agent-frameworks
feedback-loops
end-to-end