cloudiy

Introduction

HTTP connected documents.

SMTP connected mail.

TCP/IP connected machines.

Blockchains connected value.

cloudiy connects compute.

The Internet connected computers. Blockchain connected value. AI connected intelligence. What was still missing is an open protocol connecting compute. Cloudiy is that protocol: any identity can provide computational resources, and any identity can consume them, through one universal API.

HTTP made the location of a document irrelevant: you ask for a URL, never a server. cloudiy makes the location of computation irrelevant: you declare a workload and the capabilities it needs, and the protocol resolves discovery, placement, isolated execution and settlement. If HTTP standardized exchanging information between computers, cloudiy standardizes exchanging computational capacity between them.

Cloudiy is not a cloud provider, not a marketplace, not a GPU rental platform. You describe what you need; the protocol decides how it runs. Docker, VMs, drivers and networking are implementation details behind swappable interfaces. The end state is that running code somewhere else feels like calling a function:

# the north star, location-free execution result = cloudiy.run( function=my_function, cpu=8, memory="32GB", gpu="cuda", )
  • Everything is a Resource: CPU, memory, GPU, VRAM, storage, bandwidth, and future hardware, without redesign.
  • Everything is an Identity: human, AI agent, company, DAO or another protocol: indistinguishable by design.
  • Capabilities are first-class: request cuda:12.8 and pytorch, never "machine X".
  • The unit of execution is the Workload: declared, scheduled, isolated, measured, destroyed. Resources return automatically.

Nobody asks which server hosts a website. Soon nobody will ask which machine ran a workload. cloudiy is not a product at the end of that road, it is the layer other products are built on, the way HTTP carried far more than websites.

And payment follows proof

Uniquely among compute networks, settlement can be tied to the work itself: release_verified releases USDC only after the chain re-verifies the provider's ed25519 signature over the result. Not "the dashboard says it ran". Proof.

Architecture

cloudiy is layered so that each layer only knows the one below it: the protocol defines the nouns, the scheduler turns a declaration into a placement, and the runtime executes it in isolation. Container engines live at the very bottom, behind a trait, they are implementation, never protocol.

THE EXECUTION STACK
Application · AI agent anything that needs compute SDK Rust · Python · JS · MCP tools Scheduler filters + scorers, runs on the consumer's side Runtime isolated execution behind a trait, Docker · gVisor · Kata · WASM Provider node executes, signs the result (ed25519), earns USDC signed result the application never sees Docker, drivers, networking or escrow
THE DOMAIN MODEL
Identity human · agent · company · DAO · contract declares Workload WHAT to run, image or kernel, limits, budget requires Capabilities cuda:12.8 · pytorch · linux · arm64 Resources cpu · memory · gpu · vram · storage · custom:* an open set, TPU, FPGA, NPU or quantum hardware need no redesign

The four layers

1 · Protocol domain
Resources • Identities • Capabilities • Workloads, pure concepts, zero infrastructure
2 · Scheduler
Modular filters + scorers over heterogeneous nodes, sovereign, client-side policy (RFC-0005)
3 · Runtime
One trait: prepare / run / destroy in mandatory isolation. Firecracker, Kata, gVisor and WASM slot in without touching schedulers or SDKs. Docker is the first implementation, not part of the protocol.
4 · Settlement
x402 quotes • USDC escrow on Solana • behind interfaces, any chain could implement them

Reference implementation

The reference implementation is a Rust workspace: protocol (pure domain), scheduler (filter/scorer pipeline), runtime (Runtime trait), common (wire, keys, signing), sdk, and the unified cloudiy binary. Transport is P2P QUIC via iroh (dial-by-NodeID, NAT hole-punching, end-to-end encryption), with an HTTP/WebSocket gateway for browsers.

CloudiyOS

CloudiyOS is the protocol's reference interface, not a separate product. It consumes the same SDKs and gateway available to everyone, anyone can build a different UI on top of the protocol.

CloudiyOS is the network rendered as an operating system in the browser. You log in with a Solana wallet and land on a desktop backed by your own persistent, identity-bound virtual machine, one Docker container plus a named volume that survives stop/start, reachable over the P2P network.

  • My Virtual Machine: compose CPU / RAM / GPU / storage; specs update as you attach hardware.
  • App Store: ready-to-run model endpoints (Ollama, vLLM, SDXL, ComfyUI, LTX-Video, Whisper, Axolotl…).
  • Hardware Store: rent a whole machine or individual parts, or offer your own machine's parts to the network.
  • Terminal: a real PTY shell into your VM (xterm.js over the gateway WebSocket).

A local gateway bridges the browser to the P2P network so the OS runs against real nodes:

$ cloudiy os --web-dir web CloudiyOS gateway on http://127.0.0.1:4600, same-origin /api/* + WebSocket shell

Open the gateway origin and everything, model endpoints, the terminal, the wallet-signed escrow deposit, talks to live providers. Served statically (e.g. on Vercel), the same page runs as an interactive preview.

Providers

Providers don't rent computers, they contribute resources. Install the node, and it detects your hardware. You choose the slice to share; the rest stays private:

# macOS / Linux — one line, no Rust toolchain (Windows: irm .../install.ps1 | iex) $ curl -fsSL https://cloudiy.cloud/install.sh | sh # or, for developers: cargo install cloudiy $ cloudiy share --share-cpu 8000 --share-memory 32768 Announcing resources: {cpu: 8000m, memory: 32768MB, gpu: 1, vram: 24576MB} Announcing capabilities: docker, wgsl, linux, x86_64, cuda:12.8, isolation:container Node online, ID 9846…b1ec

The Node ID (an ed25519 key) is your address on the network, no port forwarding, no public IP (QUIC hole-punching via iroh). Your Solana keypair receives USDC payouts. Add --require-payment --rpc-url <url> to accept only jobs backed by a verified on-chain escrow, --directory <id> to get listed for discovery, and --runtime runsc|kata-runtime for stronger isolation of untrusted workloads.

Consumers & SDKs

Consumers declare workloads: what to run, which resources, which capabilities. Never a machine, never a driver:

$ cloudiy run --to 9846…b1ec --image pytorch/pytorch --cap cuda --cpu 8 --memory-mb 32768 -- python app.py Signature verified, result signed by the node you dialed (ed25519) Workload completed · logs returned · settled via x402/escrow

Or from an app / AI agent, via SDK (Rust · Python · JS):

# python, the whole integration from cloudiy import Client client = Client.connect("9846…b1ec") out = client.run(image="ollama/ollama", cpu=8, memory_mb=32768, cap=["cuda"])

Workloads run in mandatory isolation (namespaces, cgroups, no host execution) and the environment is destroyed at the end, resources return to the pool. The Python SDK is zero-dependency and exposes as_tool_schema() so an LLM can call remote compute as a function. Without payment the node answers Payment Required with its x402 USDC quote.

AI agents & MCP

Cloudiy is agent-native: cloudiy mcp serves the whole network as MCP tools over stdio. Any MCP client, Claude Code, IDEs, autonomous agents, can discover providers, get an x402 quote, lock USDC in escrow, run a workload and release payment against the on-chain signature check. No API keys, no accounts, no signup.

# give any agent a compute wallet with a hard budget $ claude mcp add cloudiy -- cloudiy mcp --max-spend-usdc 0.5

Eight tools cover the full consumer loop:

cloudiy_list_providersVerified provider announcements: resources, capabilities, price, health.
cloudiy_quoteA provider's x402 quote, price, USDC mint, escrow program, payout key.
cloudiy_pay_escrowLock USDC on-chain for a provider, inside the server's spend caps.
cloudiy_run_jobRun a kernel and get the ed25519-signed result with its proof.
cloudiy_launchLaunch an OCI container; the client-side scheduler places it.
cloudiy_deployDeploy a template recipe or image with env vars, the agent's own deploy, no dashboard or API key.
cloudiy_release_verifiedPay the provider only after the chain re-verifies its result signature.
cloudiy_refundRecover escrowed funds after the deadline if the job never ran.

Safety rails: devnet by default (--allow-mainnet to opt out), a per-job cap and a cumulative session cap on escrowed USDC, and a --read-only mode that removes every transaction-signing tool. Agents that don't speak MCP can use the zero-dependency Python SDK's as_tool_schema() instead.

Zero idle, by design. Centralized serverless GPU forces a trade-off, pay for idle capacity, or accept cold-start latency. cloudiy does neither: because you pay per request in USDC, there is no idle to bill. Nothing runs, and nothing is charged, between calls, the scheduler places each call on a live node and settles on-chain.

Models

A model on cloudiy is a public inference endpoint: a container from the App Store recipe catalog, placed on a live provider and reachable over plain HTTP. There is no model registry to trust and no account to open, the endpoint is just compute that happens to serve a model, priced per request in USDC.

Ready-to-run runtimes

The catalog ships the runtimes teams actually deploy, each a configurable recipe with its own version, GPU, disk and environment variables:

vLLM, OllamaOpenAI-compatible LLM serving: chat and completions over HTTP.
SDXL, ComfyUIImage generation, from a single call or a full node graph.
LTX-VideoText and image to video generation.
WhisperSpeech to text transcription.
AxolotlFine-tuning jobs: your dataset in, adapter weights out.

Calling a model

Every endpoint answers Payment Required with its x402 USDC quote, the caller pays and retries, and the request runs. No key, no idle: nothing is billed between calls.

# call a served model, pay per request in USDC over x402 $ curl -s https://<endpoint>/v1/chat/completions \ -H "content-type: application/json" \ -d '{"model":"llama-3.1-8b","messages":[{"role":"user","content":"hi"}]}' HTTP/1.1 402 Payment Required x402: 0.0004 USDC on Solana # pay, retry, the provider signs the result and escrow releases on the on-chain check

Deploy your own from the App Store, or let an agent do it with cloudiy_deploy. Either way the result carries the provider's ed25519 signature, so payment settles only against a proof of the work.

Payments & Escrow

Settlement is USDC on Solana, behind interfaces. Pricing is quoted over HTTP via the x402 protocol: a node answers 402 Payment Required with its USDC price and the client retries with proof, no accounts, no API keys. For real value transfer, funds are locked in an on-chain escrow and the provider verifies the deposit before executing.

The escrow flow

  • 1. pay: the consumer funds an escrow (create_job), locking USDC in a program-owned vault.
  • 2. run: the provider verifies the escrow on-chain (right job id, mint, payout, amount) and executes, returning a signed result.
  • 3. release: the consumer releases the escrow, paying the provider minus a 4% protocol fee.
  • 4. refund: after the deadline, unspent funds return to the consumer.

Program and status

The escrow program (Anchor) is live on devnet: 9zMBC7JDA8SJ2mk3ATYqRuJvn14MQyZVg9q3XPnzc1TN. The full loop is verified end-to-end on devnet. In CloudiyOS, the same create_job is signed directly by your wallet (Phantom), deposit USDC to a provider without leaving the browser; keys never leave the wallet.

$ cloudiy pay --to 9846…b1ec --amount 0.05 --rpc-url https://api.devnet.solana.com Escrow funded · job 3f9a… · account 7Qm…kZ2 $ cloudiy run --to 9846…b1ec --escrow 7Qm…kZ2 --job-id 3f9a… ... $ cloudiy release --escrow 7Qm…kZ2 Released · provider paid 0.048 · fee 0.002 · Job → Released

Trustless settlement

Every result is signed by the node that produced it, and the escrow can require that proof on-chain before paying out. This is release_verified: unique among compute networks: payment is cryptographically bound to a provider-signed result, not to a dashboard's word.

  • 1. The provider signs cloudiy/result/v1 ‖ job-id ‖ sha256(output) with its network identity key (the same ed25519 key behind its Node ID).
  • 2. The escrow stored that node key at create_job time, the consumer chose who to pay before the work started.
  • 3. release_verified(output_hash) makes the Solana Ed25519 precompile re-verify the signature inside the same transaction; the contract checks the signer is the escrow's node key and the message matches.
  • 4. Settlement is permissionless: anyone holding the proof can settle, but the payout addresses are fixed on-chain, a settler can't redirect a cent.
THE SETTLEMENT FLOW
Consumer create_job → locks USDC + provider's node key Escrow vault (on-chain) program-owned · refundable after the deadline Provider verifies escrow · runs · signs job ‖ sha256(output) Ed25519 precompile re-verifies on-chain release_verified · tampered or wrong signer → rejected Provider paid 96% in USDC Protocol fee 4% on-chain settlement is permissionless: anyone with the proof can settle, payout addresses are fixed on-chain no signature → no payment

Token-incentive networks verify hardware off-chain and pay on trust. Cloudiy pays in USDC against an on-chain proof that the provider you chose signed the result: adversarially tested on devnet (tampered signatures and wrong-signer proofs are rejected by the contract).

Two ways to settle, by trust model. The proof establishes provenance: which node produced a result, so release_verified is at its strongest when the output is independently checkable (a deterministic kernel with run --replicas quorum, where the signed hash is cross-checked against agreeing providers). For opaque, single-provider work, the consumer-consent path, plain release, signed by the consumer only after they verify the result they received, is the protection against a provider that under-delivers. The CLI's run --release verifies the result locally before it settles.

Discovery

You can dial a provider directly by Node ID, or discover many through a directory node: a lightweight bootstrap registry that relays signed provider announcements. Directories can't forge or alter an entry: every announcement is ed25519-signed by the announcing node, and consumers verify the signature before trusting a single field.

# run a directory node $ cloudiy directory # providers announce onto it, consumers list across one or more $ cloudiy share --directory <directory-id> $ cloudiy providers --via <directory-id>

The scheduler picks a placement across the discovered pool when you don't name a node. Multiple directories can be listed and merged; unreachable ones are skipped.

CLI reference

shareProvider mode, share this machine's CPU/RAM/GPU with the network.
runConsumer mode, run a workload on a remote node and verify the signed result.
pay / release / refundFund, release (pay provider − 4%), or refund an on-chain USDC escrow.
vm / shell / tunnelManage your persistent VM on a provider, open a PTY shell, or forward a port.
osRun the CloudiyOS gateway, local HTTP/WebSocket bridge to the P2P network.
mcpServe the network as MCP tools, agents discover, pay, run and verify under a spend cap.
directory / providersRun a discovery directory, or list live providers across directories.
info / idPrint a node's info, or your own network identity.

Roadmap

Shipped
  • Protocol v0.1, resources, capabilities, workloads
  • Docker runtime + modular scheduler
  • P2P (iroh QUIC) + HTTP/WebSocket gateway
  • Persistent identity-bound VMs, PTY shell, tunnels
  • x402 + USDC escrow: pay → run → release on devnet
  • Wallet-signed escrow deposit in CloudiyOS
  • Directory discovery + SDKs (Rust · Python · JS)
Next
  • Published GPU worker images + first NVIDIA nodes
  • Hosted directory + default discovery
  • Escrow on mainnet, real USDC
  • On-chain reputation + TEE-attested execution
  • Streaming payments; Firecracker / WASM runtimes