newSovereign Cloud Workspace

Code in your browser. On your infrastructure.

A per-tenant code-server + Odin Agent Runtime + workspace CLI, deployed on Hetzner-EU or the infrastructure you already control. Every commit, file write, and agent action gets a receipt.

Request enterprise access See it for solo + small teams

BuilderBuyerOperatorthree audiences · one surface

Composition

Three pieces. One contract. Your boundary.

The workspace is composed from three primitives, each with its own audit surface. They work together because they share the same governance contract — not because they're glued at the seams.

primitive · code-server

container

Per-tenant code-server container. Mounted workspace volume survives container restart. Operator-set basicAuth + session cookie. Reachable at code.<slug>.staging.odin-labs.ai.

ship VS Code surface, browser-native
isolate Per-tenant network, no cross-tenant DNS
audit File-write events captured

uid1000 (coder)

networkper-tenant

primitive · odin-agent

CLI

Per-tenant Odin Agent Runtime. Skill manifest derived from the tenant's enabled hubs at provision time. 15 proven-core skills always loaded; opt-in beyond that.

deliberate Multi-round work-order planning
decide BrainDB write contract enforced
limit Per-tenant provider keys, per-tenant budget

version4.80.1

skills15 core + tenant

primitive · workspace CLI

HTTP

HTTP bridge between Command Center (uid 1001) and code-server (uid 1000). The workspace CLI handles cross-uid file writes so work-order updates from CC land cleanly inside the workspace.

bridge CC ↔ code-server I/O
contract sessionId ↔ workOrderId FK
verify Convergence ≤ 15s to CC kanban

authX-API-Key

cross-uidyes

Sovereignty

Your boundary. Your data. Your jurisdiction.

On-prem on Hetzner-EU (Amsterdam) by default. Or deploy on your own Kubernetes / bare-metal / VPC. Data never leaves the boundary you choose. Per-tenant network isolation is a structural property — not a runtime check.

data-residency.live

🇪🇺EU sovereignty (Hetzner-NL default)yes
🇳🇱Dutch jurisdictionyes
🏢On-prem (your infrastructure)supported
📜GDPR data-residency postureyes
🔒Designed for HIPAA-eligibledesigned
📋Designed for SOC 2 readinessdesigned

Per-tenant network isolation — structural, not runtime

networkEach tenant runs in its own Docker bridge network. Cross-tenant DNS resolution is a structural impossibility, not a firewall rule.
storagePer-tenant postgres database + per-tenant BrainDB. Append-only audit trail enforced at the storage layer.
envPer-tenant secrets and provider API keys. Operator-shared keys are explicit-opt-in only.
auditEvery cross-tenant attempt would itself emit an AuditEvent. Forensic by construction.

Doctrine source: rules 02 + 16 + 16c.

Agentic

The workspace runs agents. The agents leave a paper trail.

The Odin Agent Runtime lives inside the workspace, not outside it. Your devs run /deliberate or /multi-track inside their VS Code session. Every spawned sub-agent is bounded by the tenant's budget + skill manifest + per-tenant provider keys.

terminal · odin-agent /deliberate

+4-0bash

1$ odin-agent /deliberate "add OAuth2 to the customer portal"

3Phase 0 → tools detected: codex T5, factory T1, droid T2

4Phase 0.5 → subject pinned, cycle-context written

5Phase 1 → cognitive council confidence 78%

6Phase 2 → 4 WOs drafted, validator GREEN

7 WO-01 → src/auth/oauth2.ts (new)

8 WO-02 → src/auth/oauth2.test.ts (new)

9 WO-03 → src/routes/auth.ts (modified)

10 WO-04 → docs/auth.md (new)

11Phase 3 → execution awaiting your approval

every phase emits AuditEvent · cycle id del-add-oauth2-1780531000

Where the runtime lives

→Inside the workspace — your VS Code session has the CLI on its PATH. No remote API to call.
→Per-tenant manifest — skill set scoped to the hubs your tenant enabled at provision.
→Per-tenant providers — Anthropic / OpenAI / OpenRouter / local MLX keys come from your tenant env, not a shared pool.
→Per-tenant budget — daily + per-session caps stop runaway spend by construction.
→Tenant-scoped audit — every spawn + every prompt + every tool call lands in your BrainDB.

Explore Odin Agent Runtime

Audited

Every action gets a receipt.

The workspace doesn't bolt on audit. It emits AuditEvent at every governance boundary — file writes, agent spawns, model calls, BrainDB writes, policy approvals. The trail is queryable by actor, action, tenant, timestamp.

workspace · audit-trail · last 8 events

decisions

14:23:14user:operator→workspace.open#a8f2
“VS Code session opened on code.demo-3.staging.odin-labs.ai”
14:24:01agent:coding→deliberate.phase-1#b14c
“Cognitive council confidence 78% on OAuth2 ambition”
14:25:30agent:coding→code.edit#c903
“src/auth/oauth2.ts created (124 lines)”
14:25:31agent:brain→memory.write#d6e1
“Decision recorded: chose authlib over passport (rationale 18 chars)”
14:28:42user:operator→policy.approve#e7a8
“Approved auth/oauth2 PR via Control Tower kanban”
14:29:01agent:coding→code.commit#f211
“Committed feat/oauth2 to workspace git remote”
14:31:18agent:brain→memory.query#a45d
“Semantic recall: prior authlib decision surfaced for cross-team review”
14:32:00user:operator→workspace.close#b8f9
“Session ended, transcript preserved in BrainDB”