01
Neural core
Low-latency scheduling for agent runs, queues, and priority shifts on your metal.
Pilox OS v2 — Secure by design
The agent operating system for your infrastructure.
Deploy, connect, and manage AI agents across your infrastructure — with built-in isolation, mesh networking, and operator tooling in one surface.
Free to startYour VPCA2A + MCPFederated mesh
- Models supported
- 800+
- Platform layers
- 9
- LF protocols (A2A + MCP)
- 2
Directional labels, not benchmarks. See project docs for what ships today.
01
Provision
Stand up control plane, Postgres, Redis. Compose profiles match your environment in Getting Started.
02
Attach workloads
Define agents, models, capabilities; import from trusted registries when you enable marketplace paths.
03
Extend trust
Federate instances, turn on mesh features, and route GPU-heavy tiers without a second orchestrator.
Trusted by teams shipping agents in production
YC
AWS
▲
S
◧
DD
See it in action
Deploy an agent in 30 seconds
pilox-terminal
pilox ~ $ setup --license PILOX-PRO-XXXX
✓ License verified — Pro plan (10 instances)
✓ Admin account created
✓ PostgreSQL connected
✓ Local registry auto-configured
pilox ~ $ agent deploy code-reviewer --model llama3.1
Pulling llama3.1... done (4.7 GB)
✓ Agent 'code-reviewer' deployed on mesh
→ A2A endpoint: http://localhost:3000/api/a2a/jsonrpc
→ Marketplace: visible (public catalog)
pilox ~ $ mesh status
NODES AGENTS MESH UPTIME
1 1 healthy 00:00:42
pilox ~ $
Platform layers
Vertical integration spectrum [01–09]
Sys status: optimal · landing
02
Mesh fabric
Discovery and signed traffic between instances: local bus today, federation where you enable it.
03
Encryption shell
Noise sessions, SPIFFE-ready identity, and policy hooks so trust stays explicit.
04
Data synapse
Postgres + pgvector and shared state patterns agents can query without ad-hoc glue.
05
Flow control
Backpressure and multi-tenant fairness so bursts don’t flatten the whole fleet.
06
Optic logs
OpenTelemetry-shaped events: traces, metrics, and operator-facing narratives in one pipe.
07
Agent token
Short-lived credentials and capability scopes for subprocesses and tools.
08
Vault I/O
Secrets and keys bound to workload identity, not copy-pasted env files.
09
Pilox CLI
Operator surface for bootstrap, health checks, and automation against your deployment.
Deploy Now
Free · Self-hosted · 5 min setup
Local install
Bootstrap a local node
From checkout — no outbound forge required
No forge links: work from checkout or release archive. Full mesh / prod / marketplace docs: /docs and in-tree docs/.
1. Environment (app/.env.local)
Generate a real ENCRYPTION_KEY (64 hex chars) before prod.
# Database (example — match your Compose)
DATABASE_URL=postgres://pilox:pilox_secret@localhost:5432/pilox
AUTH_SECRET=change-me-to-at-least-32-characters-long
AUTH_URL=http://localhost:3000
ENCRYPTION_KEY=0000000000000000000000000000000000000000000000000000000000000000
REDIS_URL=redis://localhost:6379
ADMIN_PASSWORD=changeme2. Dev stack (Postgres + Redis + Next)
Requires Node ≥ 22 and Docker for the default database profile.
dev-bootstrap.sh
# From repository root
cd app
docker compose up -d postgres redis
npm install
npm run db:migrate:run
npm run db:seed
npm run dev
# Open http://localhost:3000 → /setup then /auth/login3. Production-style Compose (docker/)
From the docker/ directory in your tree — no remote clone step.
cd docker
cp .env.example .env
# Edit .env (domain, secrets, Postgres, Redis…)
docker compose -f docker-compose.prod.yml up -dSee docs/SERVER_INSTALL.md and docs/PRODUCTION.md for TLS, domains, and hardening.
Operating context
When agents leave the notebook, they inherit the same obligations as any production workload: isolation, identity, and an evidence trail.
How teams describe the shift to fleet-scale agents
- 1Boundary
Boundary
Shared runtimes blur accountability
One process, many tools, opaque side effects. Pilox treats each agent as a bounded workload with its own execution envelope.
- 2Trust
Trust
Cross-team agents need cryptographic trust
Not just API keys: signed manifests, federation-aware policy, and mesh discovery you can put in front of security review.
- 3Scale
Scale
From ten agents to ten regions
The same control plane semantics locally and across peers: bus, federation, then planetary registry paths without re-architecting your mental model.
Platform
A single spine for execution, wire protocols, and control-plane operations.
Everything below maps to components you can deploy, audit, and extend, not a slide-deck feature list.
shippedRead platform docs
Isolated execution & packaging
Firecracker microVMs per agent where KVM is available; WASM path for density. Docker Compose stacks for Postgres, Redis, Ollama, and the control plane: same primitives serious infra teams expect.
~125ms
VM cold path
9
Stack layers
BSL→ASL
2030 path
Execution
MicroVM isolation + WASM density
Firecracker-class boundaries where the hypervisor exists; WASM path when you need cold starts measured in milliseconds.
Wire protocol
A2A + MCP as first-class surfaces
Agent Cards, streaming RPC, and MCP tool exposure, not bolt-on plugins after the fact.
Mesh
Local bus → federation → registry
Redis v1 with integrity, then signed cross-instance trust, then discovery documents the network can crawl.
mixed
Security architecture
Layered model: isolation, zero-trust networking, sanitization, guardrails (LLM Guard, LlamaFirewall, NeMo), capability-style least privilege, audit-oriented event chains.
shipped
Control plane & ecosystem
Operator dashboard, marketplace catalog from federated registries, OpenTelemetry hooks, GPU scheduling hooks (MIG / HAMi) as you scale hardware.
mixed
Protocols & hardened SDK
Native A2A (JSON-RPC, streaming, Agent Cards) and MCP for tools. @pilox/a2a-sdk direction: Noise E2E, SPIFFE-aware identity, schema enforcement, standard-compatible and security-first.
shipped
Mesh & federation
Redis bus v1 with HMAC integrity locally; signed manifests and JWT (Ed25519) across instances; registry, gateway, and WAN path for planetary discovery via /.well-known/pilox-mesh.json.
Depth
Where Pilox diverges from “another agent framework”
Roadmap and vision vary by release. Use these as design anchors when you read the repo.
Global mesh
Edge to core topology
Pilox connects agents across regions the way operators think about infrastructure: a local bus, federated trust, then registries and gateways at the edge. The map is illustrative topology — not live telemetry or cable geography.
Federation & registry paths — phased rollout
Local mesh
Redis bus v1 on your cluster: fast pub/sub with HMAC integrity for co-located agents.
Federation
Trusted peers exchange signed manifests and JWT (Ed25519) so instances trust each other, not the whole internet.
Planetary path
Registry, gateway, and WAN bridges discover routes via /.well-known/pilox-mesh.json (phased rollout, same mental model).
- Mesh overview (in-tree: docs/MESH_PLANETARY_PRODUCT.md)
Comparison
Pilox Advantage
Pilox is the only self-hosted agent OS with A2A federation, visual workflows, and a built-in marketplace — no glue code required.
| Feature | Pilox | LangChain | CrewAI | AutoGen |
|---|---|---|---|---|
| Self-hosted (your VPC) | ||||
| A2A protocol (LF standard) | ||||
| MCP support | ||||
| Federated mesh | ||||
| Built-in marketplace | ||||
| Workflow engine (visual) | ||||
| Multi-model (Ollama, OpenAI, etc.) | ||||
| GPU routing | ||||
| Observability (Prometheus + Tempo) | ||||
| No vendor lock-in |
See Pricing
Community free · Pro 29€/mo · Enterprise custom
Architecture
System architecture
Neural-mesh topology: each node runs independently under collective Pilox control-plane logic. The ladder is the map; the accordion is the briefing — L0 through L8, repo is source of truth.
Stack preview
AMD SEV-SNP / Intel TDX style confidential execution and future CXL pooling: hardware roots of trust for the most sensitive agents.
Pilox global catalog
Public agents on this site
Static JSON shipped with the landing. Instances merge the same file via PILOX_GLOBAL_CATALOG_URL.
Loading catalog…
Marketplace
Registries your operators can trust
Federation is not a CSV export: it is policy, signatures, and a path from catalog to running workload inside your perimeter.
Read docs/MARKETPLACE_ARCHITECTURE.mdregistry.internal/catalog
Flow
- 1
01
Discover
Browse federated catalogs; filter by policy, capability, and registry origin.
- 2
02
Validate
Buyer checklists and signed manifests before anything touches your namespace.
- 3
03
Deploy
Promote into your instance with local stats and pins your operators actually use.
Catalog grid
Placeholder for agent cards, filters, and deploy actions once marketing assets ship.
Ecosystem
Built from components you already approve
Curated slices below; the ticker is the full integration surface.
Runtime & isolation
- Firecracker
- Wasmtime
- Extism
- Kata
- CoCo
Data & memory
- PostgreSQL 16
- pgvector
- LanceDB
- Loro
- Redis
- NATS
Identity & safety
- SPIFFE/SPIRE
- Sigstore
- Noise
- OPA
- LlamaFirewall
- OTel
FirecrackerWasmtimeExtismWasmEdgeFermyon SpinNATSRedisApache IggyPostgreSQL 16pgvectorpgvectorscaleLanceDBLoroAutomergeElectric SQLSPIFFE/SPIREstep-caSigstore/CosignOPACasbinSpiceDBTetragonCiliumFalcoLlamaFirewallNeMo GuardrailslibsodiumNoise (snow)Ed25519VirTEEOpenTelemetryClickHouseJaegerPrometheusQuickwitHyperDXKeplerKAI SchedulerHAMimig-partedDCGMGPUStackVPTQ (2-bit weights)TurboQuant (KV cache)vLLMKata ContainersCoCoVirTEE SEV/TDXOcclumA2A (Linux Foundation)MCP (AAIF / LF)libp2pmemberlistmDNSLLM Guardpymooscikit-optNext.jsReactTailwind CSSDrizzle ORMNextAuthFirecrackerWasmtimeExtismWasmEdgeFermyon SpinNATSRedisApache IggyPostgreSQL 16pgvectorpgvectorscaleLanceDBLoroAutomergeElectric SQLSPIFFE/SPIREstep-caSigstore/CosignOPACasbinSpiceDBTetragonCiliumFalcoLlamaFirewallNeMo GuardrailslibsodiumNoise (snow)Ed25519VirTEEOpenTelemetryClickHouseJaegerPrometheusQuickwitHyperDXKeplerKAI SchedulerHAMimig-partedDCGMGPUStackVPTQ (2-bit weights)TurboQuant (KV cache)vLLMKata ContainersCoCoVirTEE SEV/TDXOcclumA2A (Linux Foundation)MCP (AAIF / LF)libp2pmemberlistmDNSLLM Guardpymooscikit-optNext.jsReactTailwind CSSDrizzle ORMNextAuth
Evaluation
Capability matrix
Procurement and platform teams rarely compare on marketing pages alone. This table is a starting point for your own RFP rows and vendor questionnaires.
- Use Pilox column as “target state” during architecture review.
- Verify each row against the other vendor’s public docs.
| Capability | Pilox | Typical stack |
|---|---|---|
| Self-hosted | Yes (BSL 1.1) | Varies |
| Agent isolation (microVM) | Firecracker + WASM (roadmap) | Rarely |
| A2A protocol (LF standard) | Native | Uncommon |
| MCP support | Native | Some |
| E2E encryption (Noise) | SDK / mesh path | Rare |
| Zero-trust identity (SPIFFE) | Roadmap / integration | Rare |
| 70B on consumer GPU (VPTQ+TurboQuant) | Yes (2-bit weights + 3-bit KV) | No |
| GPU fractional scheduling | MIG + HAMi (ops) | Rare |
| Planetary mesh / federation | Yes (phased) | No |
| Confidential computing (TEE) | Vision | No |
| Agent marketplace | Built-in direction | Some |
| Anti prompt-injection (layered) | Yes (config-dependent) | Partial |
| Swarm intelligence patterns | Multiple patterns | Graph/crew only |
| Audit trail (hash-chain) | Planned | Rare |
| Web dashboard | Yes | Varies |
| LLM optimization (VPTQ/TurboQuant/sleep) | Yes | Rare |
Security
Security posture
Least-agency for automated workloads: grant the minimum autonomy an agent needs, instrument the rest.
Least agency
Agents receive no latent permissions by default. Access is ephemeral, scoped, and verified each cycle — the core posture for anything that runs unsupervised on your estate.
Hardware root of trust
Identity and workload attestation align with how you already bind trust: TPM / Secure Enclave paths, SPIFFE-ready meshes, and keys that do not live in plaintext chat logs.
Isolation & policy
MicroVM and WASM paths, zero-trust networking between workloads, OPA-style policy hooks where you wire them.
Identity & crypto
Ed25519 and Noise sessions, optional SPIFFE/SPIRE, short-lived credentials, aligned with how mesh traffic is actually secured.
Evidence
Structured events suitable for audit pipelines; hash-chained trails and optional external anchoring on the roadmap.
Install
Bring up the stack
Paths differ by profile. This is the production-oriented entrypoint; adjust compose file per Getting Started.
docker-compose.prod.yml
cd docker
cp .env.example .env
docker compose -f docker-compose.prod.yml up -dNext: docs/GETTING_STARTED.md in your tree.
Commercial
Pricing
Start on the open core. Engage commercially when you resell hosted Pilox or need enterprise-grade support around your deployment.
Default path
Community
Free
- Self-hosted under BSL 1.1
- All core modules you enable
- Converts to Apache 2.0 (Mar 2030)
In development
Pro
Soon
- Deeper mesh & GPU routing
- Semantic watchdog patterns
- Audit / Rekor integrations
For regulated teams
Enterprise
Custom
- Named support & SLA
- License for third-party hosting
- Roadmap & training
Changelog
Latest updates
Mar 2026v2.0
Pilox OS v2 — Complete Rebranding
Full rebrand from Hive to Pilox. New design system, Stripe billing, 16-agent marketplace catalog, and enhanced workflow engine.
Mar 2026feature
License Key Gate + Setup Wizard
6-step onboarding with Firebase license verification. Auto-configured local Planetary registry on first boot.
Mar 2026feature
Stripe Checkout Integration
Pro plan at 29/mo with Stripe Checkout. Automatic license upgrade via webhook on payment.
Feb 2026security
Enterprise Security Audit
60+ security fixes across both Landing and Docker. AES-256-GCM token encryption, rate limiting, OWASP hardening.
Feb 2026feature
Planetary Mesh Network
Federated agent mesh with NATS transport, JWT authentication, WAN bridge, and distributed registry.
Community
Join the network
Pilox is built in the open. Contribute, report issues, or just say hi.
Roadmap
Phased delivery, public by default
Each row is a theme you can reason about: outcomes first, tech tags second. No month-by-month dates: order is directional, not a delivery promise.
- 1
Foundation
Control plane, embeddings, and identity baselines so agents are observable and attributable from day one.
MCPNATSpgvectorA2A SDKSPIFFEOpenTelemetrySigstore - 2
Intelligence
70B models on consumer GPUs, denser runtimes, and safer prompts: VPTQ + TurboQuant for extreme compression, WASM where it fits.
VPTQ 2-bitTurboQuant KVWASM tierPrompt-injection defensesLoro CRDTsOPALanceDBSDK publish - 3
Security
Kernel-adjacent enforcement and centralized authz, fewer blind spots as fleets grow.
Tetragon eBPFCiliumSpiceDBClickHouse tracesFalco - 4
Advanced scale
GPU paths, confidential workloads, and autonomy guardrails without a second orchestrator.
KAI schedulerConfidential computingStigmergySemantic watchdogEvolutionary optimizationApache Iggy - 5
Long horizon
Research-grade reliability and economics: WAN-native routing and hardware trends baked into the model.
libp2p WANCXL poolingCausal inferenceFormal verification - 6
Planetary mesh
Phases P1–P6 are described in the mesh product doc (not a delivery calendar).
Cross-Internet discovery and trust: registries, gateways, and WAN bridges, from Redis bus toward planetary routing.
pilox-mesh.jsonRegistryGatewayWAN busFederationDHT (roadmap)
Full mesh breakdown: see Mesh and docs/MESH_PLANETARY_PRODUCT.md in your distribution.
Enterprise
Work with us on rollouts
Whether you need a commercial license for a hosted offering, onboarding for a multi-team rollout, or a security questionnaire filled against a specific commit. Start with context in the form.
Direct
contact@maxence.design