Skip to content
OSTK
SYSTEM_ARCHITECTURE // 02

The ostk Stack

AI coding tools don't have to be monolithic opaque black boxes. ostk breaks down the agent runtime into four decoupled, cooperative layers.

Adopt only what you need. Link against the MIT-licensed client library to construct custom sandboxes, use the transparent prompt caching proxy to slice LLM API bills, connect the hybrid memory engine to Cursor or Claude Code, or boot the full daemon for enterprise GPG audit logging.

COORDINATION_FLOW // ARCHITECTURE_MAP

SYSTEM_COORDINATION_FLOW // LIVE_IPC_AND_INFERENCE_ROUTING
Local Sandbox Scope (Self-Contained) messages /api/messages (HTTPS) enriched prompt raw inference filtered result MCP System ABI VFS State Projection Conversation Context Semantic Query relevant memories VFS Interception / Locks execution metrics re-index trigger Operator claude-code > ostk run worker.af ● active lineage Session: scheduler_t1 api middleware proxy ostk cache Intercept: localhost:8080 INJECTS CONTEXT LOOPS Anthropic API api.anthropic.com ostk recall Index: vector db Context-Aware retrieval kernel core ostk kernel State: daemon active Syscalls: read/write/bash governed local filesystem ~/.claude Agent internal caches ~/project VFS projection / OCC checks (.ostk/) ~/-cache Cached prompt segments

Diagram shows how components interact locally. Your agent tool (or custom pipeline) talks to ostk-cache for prompt interception/caching and to the ostk-kernel via the MCP bridge (System ABI). Filesystem watches populate ostk-recall dynamically, providing local vector search and context drift recovery.

STACK_MATRIX // COMPARISON

COMPONENT LICENSE INTERFACE / SOCKET CORE MECHANISM
ostk (kernel) AGPL-3.0 CLI & Daemon
ostk boot / run 		Landlock/Seatbelt process sandbox limits, WAL audit logging, OCC check constraints.
ostk-recall AGPL-3.0 Stdio MCP / Socket
.ostk/recall.sock 		LanceDB vector store + Tantivy BM25, fastembed-rs reranker, debounce file watcher loop.
ostk-cache AGPL-3.0 Transparent HTTP Proxy
localhost:8080 		Anthropic/OpenAI wire proxy, synthetic projection mutations, local soft-cap tiering (A-D).
libostk MIT JSON-RPC 2.0 over
.ostk/ostk.sock 		Inode-based log rotation tracking, GPG/Ed25519 signature checks, custom platform envelope parsing.

1. ostk Kernel & CLI

AGPL-3.0 LICENSE

The central coordinator. ostk is a single Rust binary daemon that manages process sandboxing boundaries using OS-native features like Landlock (Linux) and Seatbelt (macOS). It intercepts file accesses, reviews signature assertions, and restricts agents from reaching beyond designated directories.

Its journaling engine enforces strict Write-Ahead Logging (WAL) constraints. Every workspace modification is atomic and is cryptographically signed using GPG or Ed25519 keys, creating a transparent, verifiable audit trail that makes it safe to run untrusted AI agents on local systems.

KERNEL SPECS
  • Isolation: Landlock / Seatbelt
  • Journal: journal.jsonl (WAL)
  • Coordination: OCC gen_table
  • Security: GPG / Ed25519 signature
View kernel docs →

2. ostk-recall Memory

AGPL-3.0 LICENSE

When working in large codebases, agents lose focus and context drifts. ostk-recall is a dedicated memory engine. By running a local SQLite schema for relational events and LanceDB for vector search, it provides instant semantic querying across your workspace.

The database is updated in real-time by a socket file watcher listening on recall.sock. Changes are debounced in userspace to prevent performance degradation during batch file writes. Queries are routed through a fastembed-rs reranking model locally, delivering precise context matches to agent systems.

MCP TOOLS
  • recall_search
  • recall_view
  • recall_scan
  • recall_watch
  • recall_status
View recall docs →

3. ostk-cache Proxy

AGPL-3.0 LICENSE

LLM tokens are expensive, and context drift forces repetitive prompt loads. ostk-cache acts as a local wire-compatible HTTP proxy between your client and providers (like Anthropic or OpenAI). It intercepts request payloads, computes content hashes, and serves cached responses instantly.

The proxy operates across 4 dynamic reduction tiers (A to D) based on response lengths and confidence metrics. In Rebuild and RebuildKernel modes, the cache coordinates with the daemon via IPC to rebuild projections and invalidate outdated blocks whenever the codebase changes.

SPECIFICATIONS
  • Wire formats: Anthropic, OpenAI
  • Default proxy port: 8080
  • Audit logging: .ostk/memory/ledger.jsonl
  • Invalidation: IPC signals
View cache docs →

4. libostk Client Library

MIT LICENSE

libostk is the foundational client-side layer. Written in pure Rust with lightweight language wrappers, it provides a stable interface to negotiate capability scopes with the ostk daemon. By making libostk completely MIT licensed, developers can build custom integrations inside closed-source IDE overlays or proprietary automation scripts without licensing restrictions.

Its core driver audit_tail polls the project's audit logs. Instead of simple timestamp comparisons (which are susceptible to race conditions), audit_tail tracks filesystem inode values. If a log is rotated, truncated, or replaced, the tailer auto-reopens the target file, ensuring zero events are dropped.

INTEGRATIONS
  • Windmill pipelines
  • Discord bot dispatch
  • Windmill action runners
  • Windmill/Cursor extensions
View libostk docs →