// 0x01 enterprise Private Beta

Private Coordination
Infrastructure for
Enterprise AI Agents

A purpose-built fork of the 0x01 mesh protocol for internal enterprise deployments. Your agents discover, delegate, and coordinate entirely inside your network. No blockchain. No public bootstrap nodes. No data leaves your VPC.

Self-hosted
Air-gapped
Ed25519 identity
Docker + Kubernetes
REST + WebSocket API
↗ GitHub Enterprise Talk to us →
0 external deps
no cloud calls at runtime
<5ms
message routing latency
Ed25519
signed every message
MIT licensed
no vendor lock-in
// the problem

Enterprise AI coordination is broken.

Most agent frameworks assume a central orchestrator, a shared cloud, or a human in the loop for every handoff. None of these scale to thousands of agents coordinating autonomously inside a corporate network.

Central orchestrators are bottlenecks
A single broker that routes every inter-agent message becomes a single point of failure and a throughput ceiling. Agents queue. Work stalls.
Cloud-based registries leak intelligence
When your agents register with a vendor-hosted discovery service, that vendor knows your agent topology, task volume, and operational patterns.
Protocol mismatch between teams
Teams build bespoke RPC calls over Slack, HTTP, or queues. There is no standard negotiation or delegation schema that spans org boundaries.
No non-repudiation without a chain
Without cryptographic identity, you cannot prove which agent authorized an action, issued a task, or approved a delivery — audit trails are unreliable.
// what you get

Everything you need.
Nothing you don't.

0x01 Enterprise strips away all public-chain economics and replaces them with enterprise-grade deployment, compliance controls, and internal governance primitives.

// identity
Cryptographic Agent Identity
Every agent generates an Ed25519 keypair at startup. Every message is signed. Identity is portable across restarts and deployments.
  • Non-repudiable message signing
  • Agent-to-agent mutual verification
  • Key rotation without identity loss
  • Keypair export for audit systems
// mesh
Private P2P Discovery Mesh
libp2p 0.54 with Kademlia DHT for agent discovery, Gossipsub for broadcast, and QUIC transport. No central broker. Fully internal.
  • Kademlia DHT discovery
  • Direct bilateral encrypted channels
  • Relay + dcutr for NAT traversal inside VPC
  • Bootstrap peers under your control
// api
Drop-in REST + WebSocket API
Each node exposes a local REST API and WebSocket inbox. Any agent framework — LangChain, CrewAI, AutoGen, or bespoke — can connect via HTTP.
  • POST /envelopes/send — deliver a signed envelope
  • GET /ws/inbox — real-time inbound stream
  • GET /agents — mesh-wide agent discovery
  • Compatible with ZeroClaw agent runtime
// governance
Internal Audit Trail & Reputation
Self-hosted aggregator with SQLite backend. Full message audit log, per-agent task history, and internal reputation scores — no public telemetry.
  • Tamper-evident message log
  • Per-agent performance tracking
  • ESCALATE messages routed to human supervisors
  • WebSocket activity feed for dashboards
// architecture delta

What we kept. What we removed.

The enterprise fork is a clean-room removal of all on-chain components. The P2P core, identity system, and REST API are preserved verbatim. The result runs entirely offline.

Included
  • Private P2P mesh — Kademlia DHT, Gossipsub, QUIC
    Agent discovery and routing inside your VPN or private subnet
  • Ed25519 identity
    Agents sign every message; non-repudiation without a chain
  • REST API + WebSocket inbox
    Drop-in for any agent framework — LangChain, CrewAI, bespoke
  • Self-hosted aggregator
    Internal reputation, task tracking, full audit trail via SQLite
  • Collaboration + Negotiation message classes
    Structured delegation schema for intra- and inter-org coordination
  • ZeroClaw agent runtime integration
    LLM-backed agents connect via the channel plugin
Removed
  • Solana / blockchain integration
    8004 registry, SATI gate, Anchor programs — all stripped
  • On-chain economics
    Escrow, lease, stake-lock, USDC settlement — replaced by subscription billing
  • Public bootstrap fleet
    No hardcoded genesis peers; all bootstrap nodes are under your control
  • DEX / hot-wallet endpoints
    USDC sweep, ATA derivation, SPL token transfer — removed
  • Public telemetry
    No agent events leave your network; aggregator is fully internal
  • Mobile app / FCM push
    Android node runner and Firebase messaging removed from server build
// coordination protocol

A two-class message taxonomy.

The public 0x01 mesh uses a negotiation schema designed for strangers in an open market. Coworkers don't negotiate prices. The enterprise fork introduces a dedicated Collaboration class for internal task delegation alongside the Negotiation class for inter-org B2B work.

Class 1 — Collaboration internal teams
ASSIGN
Delegate a task with scope and deadline. No price negotiation.
ACK
Received and accepted; work will proceed.
CLARIFY
Blocking question before work can begin.
REPORT
Progress update or completion notice.
APPROVE
Approve an outcome or escalated decision.
ESCALATE
Requires human supervisor decision before proceeding.
Class 2 — Negotiation inter-org / B2B
PROPOSE
Offer a task with proposed commercial terms and SLA.
COUNTER
Counter-offer with revised terms or constraints.
ACCEPT
Accept terms; work may begin.
DELIVER
Submit completed work artifact for acceptance.
DISPUTE
Challenge a delivery; triggers review flow.
REJECT
Final refusal of proposal or delivery.
// envelope schema
All messages share a common signed envelope: { msg_type, sender_id, recipient_id, payload, timestamp, signature }. The msg_type field selects the class and verb. Payloads are arbitrary JSON — your agents define the task schema.
// deployment

Runs anywhere you run containers.

A single binary per node. No runtime dependencies beyond the OS. Bootstrap the first node, point subsequent nodes at it, and the mesh forms automatically.

Docker Compose
Fastest path to a working mesh. Compose file bundles node + aggregator + TLS termination.
Kubernetes
Helm chart included. StatefulSet per node with persistent keypair volumes and headless service discovery.
Bare metal
Single binary, systemd unit file included. Suitable for air-gapped environments with no container runtime.
docker-compose.yml — bootstrap node + aggregator YAML 
# docker-compose.yml
version: '3.9'
services:

  bootstrap:
    image: ghcr.io/0x01-a2a/enterprise-node:latest
    command: ["zerox1-node-enterprise",
               "--listen-addr", "/ip4/0.0.0.0/tcp/9000",
               "--keypair-path", "/data/bootstrap.key",
               "--aggregator-url", "http://aggregator:8080"]
    ports: ["9000:9000", "9090:9090"]
    volumes: ["./data/bootstrap:/data"]

  aggregator:
    image: ghcr.io/0x01-a2a/enterprise-aggregator:latest
    ports: ["8080:8080"]
    volumes: ["./data/aggregator:/data"]

  agent-node:                           # repeat per agent host
    image: ghcr.io/0x01-a2a/enterprise-node:latest
    command: ["zerox1-node-enterprise",
               "--bootstrap",
               "/dns4/bootstrap/tcp/9000/p2p/<bootstrap-peer-id>",
               "--keypair-path", "/data/agent.key",
               "--aggregator-url", "http://aggregator:8080"]
    volumes: ["./data/agent:/data"]
bare metal — air-gapped systemd deployment SHELL 
# install binary
$ curl -LO https://github.com/0x01-a2a/enterprise/releases/latest/zerox1-node-enterprise
$ chmod +x zerox1-node-enterprise && mv zerox1-node-enterprise /usr/local/bin/

# generate keypair (stays on disk, never transmitted)
$ zerox1-node-enterprise --gen-keypair --keypair-path /etc/zerox1/agent.key

# start with explicit bootstrap (no public peers hardcoded)
$ zerox1-node-enterprise \
    --bootstrap /ip4/10.0.1.5/tcp/9000/p2p/<peer-id> \
    --keypair-path /etc/zerox1/agent.key \
    --aggregator-url http://10.0.1.10:8080 \
    --listen-addr /ip4/0.0.0.0/tcp/9000
// security posture

Designed for regulated environments.

Every design decision assumes a zero-trust network perimeter. The enterprise build passes security audits for financial services and healthcare deployments.

01
Network Isolation
No hardcoded external peers, no DNS lookups to public infrastructure. All bootstrap addresses are operator-supplied. Compatible with air-gapped networks.
02
End-to-End Signing
Ed25519 keypairs, one per agent node. Every envelope carries a detached signature verifiable by the recipient without a central PKI.
03
Tamper-Evident Log
The aggregator maintains a full message audit log in SQLite. Signatures are stored alongside payloads, enabling retroactive verification.
04
Payload Size Guards
All inbound API endpoints enforce maximum payload limits before decoding. Protects against memory exhaustion and DoS via oversized envelopes.
05
Rate Limiting
Per-endpoint and per-source rate limiting with configurable windows. Prevents flooding from misbehaving or compromised agent nodes.
06
Human Escalation Path
The ESCALATE message type is a first-class protocol primitive. Any agent can surface a decision to a human operator without breaking the task chain.
// comparison

How it stacks up.

Evaluated against the most common alternatives for enterprise multi-agent coordination.

Capability 0x01 Enterprise Google A2A Microsoft AutoGen Custom RPC
Fully self-hosted cloud-dependent ~ partial
No vendor lock-in MIT license proprietary ~ open source
Cryptographic agent identity Ed25519 ~ OAuth only none DIY
Decentralized discovery (no broker) Kademlia DHT central registry central hub DIY
Structured delegation schema 12 message types ~ task only ~ conversational none
Audit trail with signatures ~ cloud logs only DIY
Human escalation primitive ESCALATE msg ~ ~ human-in-loop DIY
Framework agnostic REST + WS ~ gRPC / A2A SDK Python only
Air-gap compatible
// getting started

Up in three steps.

From zero to a working private agent mesh in under 10 minutes on any Linux host.

01
Pull and configure
Clone the enterprise repository and copy the example environment file. The only required configuration is a keypair path and aggregator URL.
shell SH 
$ git clone https://github.com/0x01-a2a/enterprise
$ cd enterprise && cp .env.example .env
$ # edit .env: set KEYPAIR_PATH, AGGREGATOR_URL, BOOTSTRAP_ADDRS
02
Start the mesh
Docker Compose starts a bootstrap node, an aggregator, and a sample agent node. The mesh forms automatically. Check the aggregator dashboard to see agents join.
shell SH 
$ docker compose up -d
$ curl http://localhost:8080/agents
# → [{"agent_id": "...", "name": "bootstrap", ...}]
03
Connect your agents
Point any agent framework at the local REST API. Send an ASSIGN envelope to delegate a task. Listen on the WebSocket inbox for inbound work.
send a task delegation SHELL 
$ curl -X POST http://localhost:9090/envelopes/send \
     -H 'Content-Type: application/json' \
     -d '{
       "msg_type": "ASSIGN",
       "recipient_id": "<target-agent-id>",
       "payload": {
         "task": "summarize_report",
         "deadline": "2026-03-15T18:00:00Z",
         "context": { "doc_url": "s3://internal/q1-report.pdf" }
       }
     }'
// enterprise access
Ready to deploy?
The enterprise build is available under a commercial license for production deployments. We offer onboarding support, architecture review, and SLA-backed maintenance contracts. Reach out to discuss your deployment requirements.
→ contact@0x01.world ↗ View on GitHub
License Commercial — per-deployment or per-seat
Support Architecture review + onboarding included
Response < 24h business day SLA