Substrate · first-party

Gaia.
Omega-operated. WASM-first.

Gaia is the first-party placement substrate of Omega — datacenters and edge clusters operated by us. Workloads land as WASI 0.2 components on Wasmtime 37 with the pooling allocator. Cold start is on the wire in 1.2 ms; the unit cost stays in the cents-per-million range.

[substrate]

Gaia · first-party

[capability]

Standard (WASM)

[runtime]

Wasmtime 37 · WASI 0.2

[cold P50]

1.2 ms

Numbers

Gaia is fast
because it has to be.

1.2 ms

cold start P50

Pooling allocator + warmup; zero-allocation hot path; no fork/exec.

64 MB

default sandbox

Configurable per brane. Pooled — releases settle in <1ms.

ambient capabilities

No /proc, no DNS unless granted, no syscall the manifest didn't name.

6.2k

instances per host

On a 16-core box with 64GB RAM. Pooling amortizes start cost.

Manifest

What you grant is
all that runs.

// the capability surface IS the security model

gaia-only-the-essentials.zgraph.tomlΩ · ZGraph

[brane.fetch]
substrate   = "gaia"
capability  = "standard"
image       = "omega/cloud-fetch:2.4.1"
replicas    = 32

[brane.fetch.capability]
"net.http"   = { allowlist = ["api.openalex.org", "*.crossref.org"] }
"fs.tmp"     = { quota = "256 MiB", lifetime = "request" }
"clock"      = { resolution = "ms" }

[brane.fetch.limits]
cpu_quota   = 0.5
mem_max     = "64 MiB"
deadline    = "8s"

// annotations

Each capability key maps to a WASI 0.2 import. The component link-stage fails if the brane references something it wasn't granted.

net.http can be further scoped to a host allowlist. fs.tmp is a per-instance ephemeral mount.

Granting a capability you didn't need is the same kind of mistake as committing a secret. The manifest review is the security review.

Operations

Operate Gaia
like a unix process.

$ω gaia logs --brane fetch --since 30s

Ω 13:41:07.118 fetch.034 REQ api.openalex.org/works bytes=12,422 dur=42ms Ω 13:41:07.118 fetch.034 RES 200 cpu=8ms Ω 13:41:07.121 fetch.034 END cold=1.1ms exec=42ms pooled✓ Ω 13:41:07.198 fetch.039 REQ api.crossref.org/works/... Ω 13:41:07.241 fetch.039 RES 200 cpu=11ms …

$ω gaia profile --brane fetch --p50 --p99

cold exec cpu mem P50 1.0ms 42ms 8ms 18MiB P99 1.4ms 210ms 63ms 42MiB RPS 1.41 K (steady)

$ω gaia snapshot fetch.034 → snap-20260501-1341.bin

✓ wrote 4.1MiB image · ed25519:Q3kJ...

// the rules

component model

WASI 0.2 (preview2 stable)

instance lifecycle

pooled · pinned · ephemeral

hot reload

atomic. zero in-flight loss.

snapshots

per-instance · ed25519 signed

determinism

opt-in via [brane.execution.deterministic]

profile

cargo-style flame graphs · pprof export

Use it for

What Gaia
is best at.

Untrusted user code

Plugins, agent tools, sandboxed evaluation. The capability surface is the security model — there's nothing to escape to.

PLUGINS

Edge-of-edge functions

Sub-millisecond cold starts on commodity hardware. Run a million RPS pool from a closet.

EDGE FN

Reproducible inference helpers

Tokenizers, retrieval, post-processing — the deterministic glue around model calls. Snapshotable, replayable, signed.

AI TOOLS

Multi-tenant SaaS surfaces

One brane per tenant, capability-scoped, lifecycle-pooled. The unit cost stays in the cents-per-million range.

SAAS

← Back to platform Next substrate — Biome →

Gaia.Omega-operated. WASM-first.

Gaia is fastbecause it has to be.

What you grant isall that runs.

Operate Gaialike a unix process.

What Gaiais best at.