Skip to content
watch-only floorpaper executionno custodystatus

open core

The runtime is open. The authority is not.

The paper-first runtime, the operator terminal, the public contracts, and the read-only MCP surface are published under Apache-2.0. Hosted operator services and authenticated runtime authority stay commercial. This page states the boundary exactly, with the artifacts to prove it.

Open the repositoryOpen the public MCPOpen the proof API

what is open

  • zero-engineApache-2.0 · PyPI

    Paper-first Python runtime. Local paper API with journaled decisions, replayable audit log, and idempotent execution. Live execution is disabled by default and gated behind explicit custody and kill-switch controls.

  • zero-osApache-2.0 · crates.io

    Operator terminal for self-custodial onchain operations, built against the local runtime contract.

  • zero-cliApache-2.0 · PyPI

    Installer shim for provisioning a local runtime. Pre-alpha.

  • engine container imageApache-2.0 · Docker Hub / GHCR

    The same engine releases as container images: getzero/zero:latest and ghcr.io/zero-intel/zero:latest. Paper mode; the runtime environment refuses private-key material.

  • public contractspublic · no key required

    The versioned public proof API contract, response schemas, and runnable examples.

  • public MCPpublic · read-only

    A read-only MCP endpoint at /oss/mcp over streamable HTTP. It refuses order execution, session mutation, runtime mutation, secret access, and live account state — refusals are returned as typed records, not errors.

what stays commercial

  • hosted operator servicesproprietary

    Deployment provisioning, live leases, and the operator cockpit on app.getzero.dev. Authenticated, commercial, and separate from every surface listed above.

  • authenticated runtime MCPproprietary

    The operator MCP surface at /mcp carries runtime authority and is not part of the open core. The public endpoint at /oss/mcp is the only unauthenticated MCP surface.

  • everything elseproprietary

    The private monorepo is proprietary unless a subproject explicitly states otherwise. Public releases happen through an explicit carve-out, never by default.

artifacts

current engine release: engine-v0.1.6 — pinned in the deployment install contract and published to PyPI, Docker Hub, and GHCR from the same tag.

license boundary

The default is proprietary. The engine is the explicit carve-out: releases published as zero-engine, zero-cli, and zero-os carry Apache-2.0, pinned per release. The hosted product, control planes, and everything not named in the carve-out remain closed. This page declares its own boundary in a machine-readable license meta tag, as every public surface here does.

The open runtime is non-custodial by construction: it runs paper-first, its container contract refuses private-key material in the environment, and live execution requires an explicit operator lease that the open packages cannot grant themselves.

quickstart

# runtime (python)
pip install zero-engine
zero-paper-api        # local paper runtime at http://127.0.0.1:8765

# operator terminal (rust)
cargo install zero-os

# container (paper mode)
docker pull ghcr.io/zero-intel/zero:latest

# public mcp (read-only, no key)
curl -s https://getzero.dev/oss/mcp -X POST \
  -H 'content-type: application/json' \
  -d '{"jsonrpc":"2.0","id":1,"method":"tools/list"}'

the public MCP endpoint answers without authentication and cannot place orders, mutate runtime state, or read account or secret material.