What happens when AI gets root access to an operating system designed for atomic rollback? 9 Rust daemons, 72 typed tools, post-quantum P2P mesh, and a self-learning system that fixes your server at 3am while you sleep.
Every infrastructure engineer knows the drill. A disk fills up, a service OOMs, a certificate expires — and it happens at 3am. The fix is always the same: SSH in, read logs, restart the service, maybe tweak a config. The process is predictable, repetitive, and exactly the kind of task AI agents should handle autonomously.
But giving an AI agent root access to a server is terrifying on traditional Linux. One wrongrm -rf and the system is unrecoverable. One misconfigured iptables rule and you're locked out. The blast radius of any mistake is unbounded.
osModa solves this by building on NixOS — the one Linux distribution where every system change is a transaction, every state has a generation number, and rolling back is a single command. The core insight is simple: NixOS makes AI root access meaningfully safer than on any other operating system.
“Your server fixes itself at 3am. You sleep.”
osModa tagline — and the design goal behind every architectural decision.
osModa is an AI-native operating system built on NixOS where the AI agent IS the system interface. Instead of SSH-ing into a server and running commands manually, the AI has structured, root-level access to the entire system through 9 Rust daemons that expose 72 typed tools.
This is not a chatbot with sudo. The AI never shells out and hopes regex holds. Every tool call returns structured JSON. Every action creates a tamper-evident hash-chained audit event. Every system change can be atomically rolled back to any previous NixOS generation.
The project is fully open source under the Apache 2.0 license, with the complete codebase available on GitHub. The managed hosting platform at spawn.os.moda provides one-click server provisioning for teams that want the infrastructure without the setup.
The heart of osModa is 9 purpose-built Rust daemons communicating over Unix sockets. No TCP exposed to the internet (except the mesh port 18800, encrypted). Each daemon owns a specific system domain and exposes typed tools that return structured JSON.
agentdSystem bridgeProcesses, services, files, network, NixOS config, kernel params. Hash-chained SHA-256 audit ledger in SQLite.
osmoda-watchSafeSwitch deploysBlue-green deploys with health checks, timer-based probation, auto-rollback on failure.
osmoda-routinesBackground automationCron/event/webhook jobs that run between conversations. Health checks, log scans, service monitors.
osmoda-teachdSelf-learningOBSERVE (30s) collects metrics, LEARN (5m) detects patterns, TEACH injects knowledge.
osmoda-meshP2P encrypted meshNoise_XX + ML-KEM-768 hybrid post-quantum key exchange. Server-to-server with no central registry.
osmoda-voiceLocal speech I/O100% on-device STT (whisper.cpp) + TTS (piper). Zero cloud dependency.
osmoda-mcpdMCP server managerLifecycle management for MCP servers. Any MCP server becomes an OS capability.
osmoda-egressHTTP proxy sandboxHTTP CONNECT proxy with domain allowlist. Sandboxed tools cannot phone home.
osmoda-keydCrypto wallet daemonETH + SOL wallets with AES-256-GCM keys, policy-gated signing, network-isolated.
osModa uses a three-ring security model inspired by CPU privilege rings. Every process, tool, and application runs within a specific trust boundary with enforced capability limits.
OpenClaw gateway + all 9 daemons. Full system access. The AI IS the system.
Sandboxed with declared capabilities only. Cannot exceed permissions.
Maximum isolation: no network, minimal filesystem, bubblewrap sandbox.
Every system change in osModa goes through SafeSwitch — a probation-based deployment system that combines NixOS atomic generations with health check monitoring. The process works like this:
NixOS rebuild applied
Configuration change creates a new system generation
Probation timer starts
Health checks run continuously: systemd units, TCP ports, HTTP endpoints, custom commands
Auto-rollback on failure
If any check fails, escalation ladder: restart service → rollback generation → notify operator
Commit on success
Timer expires without failures → change is promoted to the stable state
This means the AI can confidently modify system configurations without fear of permanent damage. Bad nginx config? Rolled back in seconds. Memory leak from a new service? Caught by health checks and reverted. The NixOS generation system ensures the previous working state is always one command away.
Every action the AI takes creates a tamper-evident event in an append-only SQLite database. Each event is cryptographically chained to the previous one:
hash = SHA-256(id | timestamp | type | actor | payload | prev_hash)
// Verifiable offline:
$ agentctl verify-ledger
✓ 321 events verified, 0 broken chain linksThis means you can audit exactly what the AI did, when, and why — with cryptographic proof that no events have been inserted, modified, or deleted after the fact. For regulated environments (HIPAA, SOC2, financial compliance), this audit trail is invaluable.
osModa servers can form encrypted peer-to-peer mesh networks without any central registry or coordination server. The cryptographic stack is built for the post-quantum era:
Noise_XX handshake protocol using X25519 key exchange, ChaChaPoly encryption, and BLAKE2s hashing. Proven, fast, and battle-tested.
ML-KEM-768 (FIPS 203) lattice-based key encapsulation. Hybrid HKDF re-key ensures if classical crypto breaks, PQ protects — and vice versa.
Pairing is invite-based: one server generates a code, the other enters it, and the mesh connection is established with mutual authentication. No DNS, no central server, no certificate authorities. This makes osModa mesh networks resilient to infrastructure failures and censorship.
The osmoda-teachd daemon implements a three-loop learning architecture that lets the operating system learn from its own behavior over time:
Collects CPU, memory, disk, and service health metrics. Monitors systemd journal entries. Builds a continuous timeline of system behavior.
Detects recurring failures, resource usage trends, anomalies, and correlations. High-confidence patterns (confidence >0.7) automatically generate knowledge documents.
Matches context queries against accumulated knowledge. The AI consults learned patterns when diagnosing issues or optimizing configurations. Knowledge compounds over time.
The result is an operating system that becomes progressively better at managing itself. A recurring nginx timeout gets correlated with memory pressure on a specific service, the pattern is documented, and the fix is applied proactively via SafeSwitch before the next occurrence.
The AI never executes raw shell commands. Instead, it calls typed tools that return structured JSON across 14 categories. This eliminates the fragility of text parsing and provides a reliable, auditable interface between AI and OS.
| Category | Tools | Examples |
|---|---|---|
| System Management | 6 | system_health, resource_usage, process_list |
| Filesystem | 4 | file_read, file_write, file_list, file_search |
| Systemd Services | 2 | service_status, service_control |
| Networking | 1 | network_info |
| Crypto Wallets | 6 | wallet_create, wallet_sign, wallet_balance |
| Safe Deploys | 4 | safe_switch, rollback, health_check |
| Automation | 3 | routine_create, routine_list, routine_trigger |
| Voice I/O | 5 | voice_listen, voice_speak, voice_status |
| P2P Mesh | 11 | mesh_pair, mesh_send, mesh_status, mesh_peers |
| MCP Management | 4 | mcp_install, mcp_start, mcp_stop, mcp_list |
| System Learning | 8 | observe, learn, teach, knowledge_query |
| App Management | 6 | app_deploy, app_remove, app_list, app_logs |
| Safety Commands | 4 | safety_rollback, safety_panic, safety_status |
| Watchers | 2 | watch_create, watch_list |
Giving AI root access requires serious safety engineering. osModa implements defense in depth with multiple layers:
umask(0o077) enforced at startupsafety_panic: stop all + rollbacksafety_rollback: immediate revertWhile osModa is fully open source and self-installable, the spawn.os.moda platform provides one-click managed hosting for teams that want instant deployment without the NixOS setup process.
The free path is the open-source self-install from GitHub. spawn.os.moda is the managed path for teams that want infrastructure without setup — deploy a server, connect via web chat or Telegram, and let the AI handle the rest.
osModa maintains a single conversation across all channels. Web chat gets detailed responses. Telegram and WhatsApp get concise mobile-optimized messages. Same AI, same context, different form factor.
Powered by Claude Opus 4.6. Full system access with detailed, verbose responses. Ideal for complex operations and debugging.
Full contextPowered by Claude Sonnet 4.6. Same full access, concise responses. Quick checks from your phone at any time.
Concise modeThe combination of AI-native system access, atomic rollback, and encrypted mesh networking opens use cases that traditional server management cannot address:
Deploy and manage AI agent swarms with self-healing, audit trails, and mesh coordination across multiple servers.
$7.6B → $183B by 2033Run Nextcloud, Gitea, email servers with automated maintenance. Self-hosting without the babysitting.
Ethereum/Solana validators with policy-gated signing, slashing protection, and attestation monitoring.
Run Llama models locally across multi-node mesh clusters with load balancing and auto-scaling.
Vehicle and IoT software updates with guaranteed rollback. SafeSwitch ensures no bricked devices.
Tamper-evident audit trails for medical compliance. Hash-chained ledger is verifiable offline.
10 Rust crates using axum, tokio, rusqlite, serde. Cryptography: k256, ed25519-dalek, aes-gcm, sha3, snow (Noise protocol), ml-kem (FIPS 203 post-quantum).
Nix flakes for reproducible builds. Crane for Rust compilation. Systemd service management. nftables firewall. Bubblewrap (bwrap) for Ring 2 sandboxing.
SQLite for audit ledger (hash-chained), FTS5 full-text search for memory, and knowledge storage from the LEARN loop. All data local, no external databases.
whisper.cpp for speech-to-text, piper-tts for text-to-speech. 100% local inference with zero cloud dependency. OpenClaw gateway for multi-agent routing.
Several osModa components connect directly to the proxy and automation ecosystem:
osmoda-mcpd manages MCP server lifecycles. Install and run the PROXIES.SX MCP server as an OS-level capability — the AI can manage proxy infrastructure through natural language commands directly from the operating system.
osmoda-egress acts as an HTTP CONNECT proxy with domain allowlists. Sandboxed tools can only access approved domains — combining this with PROXIES.SX mobile proxies creates a controlled, auditable egress pipeline for web automation.
Deploy AI agent swarms on dedicated osModa servers with self-healing infrastructure. Agents that scrape, automate, and collect data can use mobile proxies for IP rotation while the OS handles health monitoring and recovery.
The encrypted mesh network can coordinate distributed scraping and automation nodes without a central server. Each node manages its own proxy connections while the mesh handles task coordination and health monitoring.
Deploy a self-healing AI-native server in minutes. Open source and free to self-host, or use spawn.os.moda for managed one-click provisioning.