The substrate is the moat. Here's every layer.

IsoKron stores everything as a typed 17-entity graph: Components, Decisions, Tickets, AcceptanceTests, Patterns, Gotchas, and 11 more. Database-enforced foreign keys. Not markdown-with-frontmatter, not vector blob, not S3 dump.

Two drones cannot claim the same ticket because the database rejects the second claim. Capability-separated tool surfaces mean a drone that has read-access to a table cannot write to it without escalating through a lease. No collisions by construction.

Every write to the substrate is hashed with RFC 8785 JCS canonicalization, signed into a per-tenant chain, and anchored hourly to immutable storage. Customer-verifiable with zero platform trust — verify our chain in your browser on /audit-chain.

Your Anthropic key. Your Hetzner VPS. Your friend's gaming PC over SSH. All into one coordinated workspace. BYOK + BYO-fleet from day one. If you leave IsoKron, you leave with everything: the typed graph dumps as portable SQL, the chain is verifiable without us, your fleet is yours.

Three components, one substrate.

A note on the name. Anthropic's Model Context Protocol is also called MCP. In Tron, the MCP was the villain — centralized AI authoritarianism. In IsoKron's stack, MCP is the protocol that enables decentralized agents to coordinate. We use the protocol named after Tron's villain to do the opposite of what Tron's villain did.

The dumb pipe in one line: HDMI in, USB-OTG keyboard/mouse out, GPIO/relay actuation in either direction. PiKVM v4 Mini carries all three on a single board.

The bidirectional bridge is the property the agentic stack has been missing. UiPath, Blue Prism, Anthropic Computer Use, OpenAI Operator all need to install software inside the locked environment. Enterprise IT refuses, every time. HNAO operates from outside — exactly the operations Citrix is built to allow, because they're how a human uses the session.

The cost inversion is what makes this commercially obvious. Software-only RPA pricing follows seat counts; HNAO pricing follows physical Pi units. One unit lives behind a desk and handles work that would otherwise need a per-seat RPA license + a service-account inside the locked environment. The math compounds fastest for environments with the strictest install policies — the exact ones the agentic stack hasn't reached yet.

The competitor pattern is filesystem-level isolation. Cursor Composer (its January 2026 engineering work made this explicit) ships parallel agents via git worktree — each agent gets its own working tree, no two agents touch the same files. Devin runs managed Devins in isolated VMs. None of them coordinate at the decision layer; the isolation is the contract.

The IsoKron pattern is schema-level claim-fencing + leases + capability-separated tool surfaces. Two drones can't claim the same ticket because the database rejects it — before either drone writes anything.

drone-α: CLAIM ticket-2284 ...... ✓ granted (lease 30s)
drone-β: CLAIM ticket-2284 ...... ✗ claim_rejected
drone-β: CLAIM ticket-2285 ...... ✓ granted (lease 30s)

What this enables: mixed-source Hives (Claude Max + a Hetzner VPS + a friend's gaming PC over Tailscale), one chain anchored across all of them, replayable rollback as a graph operation.

We don't prevent collisions by asking agents to be careful. We prevent them by making illegal writes impossible.

Each tenant gets its own chain head. Every write is canonicalized with RFC 8785 JSON Canonicalization Scheme in the application layer, hashed with SHA-256, and chained to the previous head. Hourly, the chain's current Merkle root is anchored to immutable external storage. The append- only contract is enforced at the database role-permission level, not in application code.

GDPR crypto-shred is supported: deleting a tenant's encryption key renders the chain payloads unreadable while leaving the structural chain intact for audit continuity.

Verify our chain in your browser →

Percy can diff a screenshot. Chromatic can test a component. Applitools can flag visual regressions. HNAO can watch the actual surface, click through the actual flow, file the ticket, and let IsoKron recompile the fix.

The category boundary is the action loop: every other tool in the lane reports. HNAO + IsoKron close the loop. The observation feeds back into the typed graph as a ticket referencing the affected Component, AcceptanceTest, and observed Gotcha. The next compile reads from those entities and adjusts.

Automations live as Operations on the typed graph: a schedule, a Component reference, a workflow definition. The runtime executes against your fleet on your schedule. The chain records every action.

Credentials live on your Pi or your local machine — they never traverse our infrastructure. The operations runtime tells your local agent "run this"; your local agent uses your local credentials to do it. Our visibility ends at the schema-level claim and resumes at the completion receipt.

Most agent tools think the world is code. IsoKron's 17-entity schema covers code AND infrastructure definitions, vendor relationships, equipment manuals, operational workflows, video training, competitor intel, regulatory references, observed operational reality — all as first-class typed entities with foreign-key relations.

A workspace is the typed graph of the business. The intent-compiler operates on it. The Hive operates against it. The chain anchors every change. You can hand a new hire access to the workspace and they can read the structure of the business directly.

For developers and hobbyists, IsoKron is a substrate to run experiments on. Drop a workspace, bring your own keys, fan out across the GPUs you already have. The Hive coordination is the substrate; the experiments are yours.

Packages (next iteration) become typed agent skills: signed manifests, audit-chain receipts, the same review pipeline that runs on the platform's own commits. Hobbyist and pro both meet at the same review gate.

PostgreSQL has pgvector, PostGIS, TimescaleDB — sharp substrate where the extensions are the personality. ISOKRON Packages are the same shape: signed manifests, audit-chain receipts, the same review pipeline that runs on the platform's own commits.

No rm-rf. No fast lanes. No npm-style ecosystem rot. Every submission goes through the customer-review checkpoint; every install is signed and traceable. The Packages page ships in v1.5+; until then, the architecture is the contract.