For developers & admins
Agents that understand · a runtime that owns the steps
omadia is agentic software that runs on owned infrastructure. A hybrid: non-deterministic AI agents that read intent, write, and build UI, paired with a deterministic runtime that owns the steps and hand-offs. Own LLM keys, own plugins, data stays resident.
architecture · the hybrid
The agents are non-deterministic: they understand, reason, and produce. The runtime is deterministic: it owns step progression and human-in-the-loop. Neither replaces the other; they hand off to each other.
non-deterministic
Plugin-defined agents read a turn's intent, reason over context and the knowledge graph, formulate answers, call tools, and assemble interactive UI. The orchestrator routes each turn to the agent that owns it.
deterministic workflow engine
A deterministic engine where the runtime, not the model, owns step progression and hand-offs. Multi-step processes become explicit, replayable, and gated by human-in-the-loop approval. Ships Q3.
omadia core · building blocks
The core runs on Node. Plugins load as self-contained units; no runtime npm fetches.
A Postgres knowledge graph with pgvector embeddings, the durable, queryable memory tier agents reason over.
Routes every turn to the plugin agent that owns it. Run several isolated orchestrators, separate agent teams, per deployment.
Secrets and LLM keys are sealed in an AES-256-GCM vault. Nothing sensitive sits in plaintext config.
Ships as a Docker Compose stack: roughly seven services, about 4 GB RAM. One command to stand up, owned operation.
An in-tree admin console for operators: orchestrators, plugins, providers, vault, telemetry, and audit in one place.
capabilities · day one
Mermaid, Graphviz, PlantUML and Vega-Lite via Kroki, served as signed PNG URLs.
Sycophancy levels and boundary presets at the response edge.
Tavily and Brave with structured citations on every claim.
channels · reachability
Channels are the reachability layer. Text channels carry the agent into the tools teams already use. The omadia UI is one more channel, the only one that answers a prompt with interactive UI instead of text. Additive, never a replacement for chat.
The agent shows up in the chat tools people already live in, speaking plain text on each side.
Implemented as a channel alongside the text channels, omadia UI answers a prompt on a Canvas with live, interactive elements rather than a text reply, for tasks where a form, a table, or a control beats a paragraph.
llm providers · own key
Every provider is a plugin. Keys live encrypted in the vault and are swappable per capability: route reasoning to one model, drafting to another. Five providers are available today; Gemini lands Q3.
plugins & hub
Channels, integrations, agents, tools, LLM providers, all of it ships as plugins. Self-contained ZIPs with bundled dependencies, so there's no npm trust at runtime, and integrity is checked before anything loads.
Channels, integrations, agents, tools, and providers are all plugins. One install path, one permission model, one place to audit what's running.
Plugins are self-contained ZIPs with their dependencies bundled, no runtime npm fetches. The Hub verifies each artifact by SHA-256 over TLS before it loads.
After an operator approves it, an agent or plugin can add its own tools, non-escalating and fully auditable. Capability grows without widening privilege.
hub.omadia.ai is the plugin registry. Browse, pull, and pin plugins; every fetch is integrity-checked against its published hash.
plugin registry
hub.omadia.ai
Browse and pull plugins from the registry. Every artifact is SHA-256-pinned and fetched over TLS. What's published is exactly what loads.
For the widest set of community integrations today, a DIY framework still wins on raw count. omadia is for teams who have to answer to a security review.
integrations
Each integration is a plugin from the Hub. Available today, with more shipping as the registry grows.
Read-only JSON-RPC plus a native enrich_company tool with OpenRegister + NorthData backed Handelsregister enrichment.
Shared Microsoft Graph layer (Bot-Framework App-Registration). Powers Teams attachments, roster, and the calendar tools.
Calendar, Gmail, Drive, Docs, Sheets and Directory via a service account, with domain-wide delegation, read-mostly and allow-listed.
A GitHub App connector: issues, pull requests and repository context as tools. One-click install via the GitHub App flow; the Builder can even file core bugs directly.
Read-only, space-scoped REST API plus a Confluence-Playbook Sub-Agent and proactive page-entity sync into the knowledge graph.
roadmap
Concrete, quarter-dated work, not a wish list. omadia is pre-1.0 and in public preview; these land on the dates shown.
The deterministic workflow engine. The runtime owns step progression and human-in-the-loop, so multi-step processes are explicit and replayable.
A bot type that moderates group chats, built on Conductor, keeping multi-party conversations on track and on policy.
Provable actions across trust boundaries: verifiable evidence that a given action happened as recorded.
security & operations
Single-tenant, data-resident, EU/GDPR-aligned. Every action is accountable, sensitive data never leaves the infrastructure in the clear, and the whole stack runs in-house.
Every action produces a cryptographically traceable receipt: a tamper-evident record of what happened and why.
Agent output is checked against grounding before it acts, catching fabricated claims rather than trusting them.
Reversible tokenisation keeps sensitive data on owned infrastructure. It never leaves in plaintext, and tokens resolve back when authorised.
Secrets and LLM keys are sealed with AES-256-GCM. Access is mediated, never strewn across plaintext config.
One tenant per deployment, data resident where it runs, aligned with EU/GDPR expectations.
Self-hosted via Docker Compose. No control plane phoning home. The deployment stays in-house, end to end.
Detected today (full stack)
Email · IBAN · Phone · Credit-Card (Luhn) · DE-Personalausweis · DE-Steuer-ID · Names (PERSON, NER) · Addresses · Organizations · custom regex
docker compose up: roughly seven services, about 4 GB RAM, running entirely on owned infrastructure.
proof · artifacts
The receipt, tokenisation and integrity check below come straight from the running code. Each one takes minutes to reproduce on a local machine.
{
"datasetsInterned": 1,
"fieldsMasked": 1,
"fieldsCleartext": 3,
"verbsExecuted": ["sort", "top_n"],
"pseudonymProjectionUsed": false
}Emitted every agent turn. Counts what was interned, masked, and what left in clear. The DPO audits the facts.
plugin-api · PrivacyReceipt
# operator input, stays on-prem
"Top customer: Anna Schmidt, 32 orders this quarter."
# payload sent to the LLM
"Top customer: [masked], 32 orders this quarter."
└─ interned as dataset ds_3f9a · resolves only locallyPII is interned behind a dataset handle that resolves only on-prem. The model only ever sees [masked].
privacy proxy · on-wire payload
registry install · harness-plugin-web-search@1.0.0
index sha256:9f2c…b417 pinned in registry index
artifact download host-pinned to registry origin
verify sha256(zip) == pinned ✓
result installed · capabilities reviewed first
on mismatch → RegistryError: registry.sha256_mismatchEvery registry install is checked against a SHA-256 pinned in the index, from a host-pinned origin. A tampered artifact fails closed.
plugins · registryClient (sha256 pin)
Every artifact above comes straight from the OSS code.
get started
The Core is open source. Clone it, stand up the Compose stack, pull plugins from the Hub, and point it at own LLM keys.
Evaluating it for the business, not just the stack? See the business view