open core
The runtime is open. The authority is not.
The paper-first runtime, the operator terminal, the public contracts, and the read-only MCP surface are published under Apache-2.0. Hosted operator services and authenticated runtime authority stay commercial. This page states the boundary exactly, with the artifacts to prove it.
what is open
- zero-engineApache-2.0 · PyPI
Paper-first Python runtime. Local paper API with journaled decisions, replayable audit log, and idempotent execution. Live execution is disabled by default and gated behind explicit custody and kill-switch controls.
- zero-osApache-2.0 · crates.io
Operator terminal for self-custodial onchain operations, built against the local runtime contract.
- zero-cliApache-2.0 · PyPI
Installer shim for provisioning a local runtime. Pre-alpha.
- engine container imageApache-2.0 · Docker Hub / GHCR
The same engine releases as container images: getzero/zero:latest and ghcr.io/zero-intel/zero:latest. Paper mode; the runtime environment refuses private-key material.
- public contractspublic · no key required
The versioned public proof API contract, response schemas, and runnable examples.
- public MCPpublic · read-only
A read-only MCP endpoint at /oss/mcp over streamable HTTP. It refuses order execution, session mutation, runtime mutation, secret access, and live account state — refusals are returned as typed records, not errors.
what stays commercial
- hosted operator servicesproprietary
Deployment provisioning, live leases, and the operator cockpit on app.getzero.dev. Authenticated, commercial, and separate from every surface listed above.
- authenticated runtime MCPproprietary
The operator MCP surface at /mcp carries runtime authority and is not part of the open core. The public endpoint at /oss/mcp is the only unauthenticated MCP surface.
- everything elseproprietary
The private monorepo is proprietary unless a subproject explicitly states otherwise. Public releases happen through an explicit carve-out, never by default.
artifacts
- sourcegithub.com/zero-intel/zero
- python packagepypi.org/project/zero-engine
- rust cratecrates.io/crates/zero-os
- installer shimpypi.org/project/zero-cli
- docker hubgetzero/zero:latest
- github container registryghcr.io/zero-intel/zero:latest
- public mcp endpointgetzero.dev/oss/mcp
- machine indexgetzero.dev/llms.txt
current engine release: engine-v0.1.6 — pinned in the deployment install contract and published to PyPI, Docker Hub, and GHCR from the same tag.
license boundary
The default is proprietary. The engine is the explicit carve-out: releases published as zero-engine, zero-cli, and zero-os carry Apache-2.0, pinned per release. The hosted product, control planes, and everything not named in the carve-out remain closed. This page declares its own boundary in a machine-readable license meta tag, as every public surface here does.
The open runtime is non-custodial by construction: it runs paper-first, its container contract refuses private-key material in the environment, and live execution requires an explicit operator lease that the open packages cannot grant themselves.
quickstart
# runtime (python)
pip install zero-engine
zero-paper-api # local paper runtime at http://127.0.0.1:8765
# operator terminal (rust)
cargo install zero-os
# container (paper mode)
docker pull ghcr.io/zero-intel/zero:latest
# public mcp (read-only, no key)
curl -s https://getzero.dev/oss/mcp -X POST \
-H 'content-type: application/json' \
-d '{"jsonrpc":"2.0","id":1,"method":"tools/list"}'the public MCP endpoint answers without authentication and cannot place orders, mutate runtime state, or read account or secret material.