Get access
A two-axis substrate

Three substrates.
Two capabilities.
One manifest.

Omega is a thin substrate organized along two axes — where the workload runs (Gaia, Biome, Habitat) and how it runs (Standard WASM, or Frontier MicroVM). The same ZGraph manifest can compile to any combination, and the workload code never has to know which.

[crates]
29 crates · Rust 2024
[loc]
297K — every byte readable
[manifest]
ZGraph DAG · TOML
[license]
AGPL-3.0 / commercial
Axes
placement × capability

Two questions,
answered per brane.

[axis 01] WHERE

PlacementSubstrate

The host pool the brane lands on. Three choices: Gaia (Omega-operated), Biome (provider-operated), or Habitat (your own).

  • · gaia · biome · habitat
[axis 02] HOW

CapabilityProfile

The execution shape. Standard is the WASM-first default. Frontier is Firecracker MicroVMs for the workloads WASM can't host (V8 JIT, X11, GPU).

  • · standard · frontier
  • Frontier is not available on Habitat — sovereign hardware runs WASM only.
Substrates
three placement options

Where the
brane lands.

01GAIA
[GAIA] PlacementSubstrate · first-party

Omega-operated WASM substrate

Datacenters and edge clusters operated by us. WASI 0.2 components on Wasmtime 37, 1.2 ms cold starts, capability-scoped from the first byte. The default for most workloads.

  • · Wasmtime 37 · WASI 0.2
  • · Cold start ≤1.2ms
  • · Pooling allocator
read /gaia
02BIOME
[BIOME] PlacementSubstrate · provider-operated

Decentralized provider substrate

A topology of long-lived peers that find each other through your network of choice — Tailscale, NetBird, WireGuard, or plain LAN. Workloads address branes by manifest name. The substrate doesn't broker; it dispatches.

  • · Tailscale / NetBird / WG
  • · CRDT-backed state
  • · No control plane
read /biome
03HABITAT
[HABITAT] PlacementSubstrate · tenant hardware

Customer-owned substrate

Run Omega on metal you already own — phones, Pis, RISC-V boards, racks. Same manifest, same CLI, same resolver. The substrate doesn't care if the host is in a datacenter or your closet.

  • · ARM · x86 · RISC-V
  • · <5MB agent footprint
  • · Air-gapped operation
read /habitat
04FRONTIER
[FRONTIER] CapabilityProfile · runs on Gaia or Biome

Advanced capability — Firecracker MicroVMs

Reserved for the workloads WASM cannot host: V8 JIT, X11/Wayland desktops, GPU passthrough. Firecracker 1.7 with snapshot resume, ≤5MB jailer, multi-arch guests. Frontier is a flag, not a substrate — it lives on Gaia or Biome, never on Habitat.

  • · Firecracker 1.7
  • · 125ms boot (snapshot)
  • · x86_64 · aarch64 · GPU
read /frontier
ZGraph
declarative DAG

Branes are nodes,
events are edges.

// a single manifest crossing every substrate and capability
multi-substrate-pipeline.zgraph.tomlΩ · ZGraph
# multi-substrate-pipeline.zgraph.toml
[brane.ingest]
substrate   = "gaia"
capability  = "standard"
replicas    = 32
image       = "omega/wasi-fetch:1.0"

[brane.transform]
substrate   = "biome"
capability  = "standard"
replicas    = "auto"
peers       = "lab.lan/transform-pool-*"

[brane.train]
substrate   = "gaia"
capability  = "frontier"        # Firecracker — V8/CUDA/X11
replicas    = 4
guest       = "noble-aarch64"
gpu         = "passthrough"

[brane.archive]
substrate   = "habitat"
capability  = "standard"
hosts       = ["nas-01", "nas-02", "nas-03"]

[graph]
edges = [
  { from = "ingest",    to = "transform", on = "raw.batch" },
  { from = "transform", to = "train",     on = "tensor.shard" },
  { from = "train",     to = "archive",   on = "checkpoint.snapshot" },
]

[resolver.public]
host = "pipeline.branes.sh"
mode = "tailscale-funnel"
// annotations

Each brane picks its substrate (Gaia / Biome / Habitat) and its capability (Standard / Frontier). Everything else — replicas, capabilities, graph edges — is uniform.

graph.edges are typed event channels. The substrate dispatches; your branes don't know which host published.

The resolver block on any brane will give the workload a public host on *.branes.sh regardless of substrate.

Why a substrate
and not another platform

The platforms
we wanted to replace.

One runtime, locked

Most platforms commit to a single isolation model — containers, VMs, functions. Omega doesn't pick. ZGraph compiles to whatever shape the work needs, and you can change shapes without rewriting code.
vs. K8S

A control plane that owns you

Etcd, scheduler, API server, ingress — every layer wants its own credentials, its own quirks. Omega ships a single daemon and a manifest. The mesh is the control plane; the manifest is the API.
vs. ETCD

Multi-tenant by accident

When one customer's noisy job becomes another's outage, you've already lost. Omega's tier choice (Forge / Foundry) is also an isolation choice — explicit, audited, and per-brane, not per-cluster.
vs. SHARED HOST

Vendored everything

A platform with vendored binaries you can't audit is a platform that owns the keys to your future. Omega is 297K lines of Rust, no vendored binaries, BSL-free at the runtime layer.
vs. CLOSED CORE
Spec sheet
if you skim, skim here

The numbers
behind the substrate.

// runtime
Wasmtime
37 (WASI 0.2 component model)
Firecracker
1.7 (snapshot resume, ≤5MB jailer)
Cold start (Forge, P50)
1.2 ms — pooling allocator + nanoclaw warmup
Boot (Foundry, P50)
125 ms — snapshot, 121–134ms range
Daemon footprint
<15 MB resident (coordinator), <5 MB (gateway)
// substrate
Manifest
ZGraph DAG (TOML, JSON, YAML supported)
CLI
ω · same protocol local + cloud
Identity
OAS DIDs · Ed25519 · BLAKE3
Capability tokens
Arsenal ACTs (signed, scoped, lineage-bound)
Resolvers
Tailscale Funnel · cloudflared · NetBird · ngrok