Alpha — Under active development

An autonomous
nervous system
for Linux

HOSA detects, contains, and stabilizes system collapse in milliseconds — before your monitoring even notices. Endogenous resilience for every node.

Get Started GitHub
The Problem

The Lethal Interval

Your server crashes in 2 seconds. Your monitoring detects it in 100. That gap is where systems die — and HOSA lives.

💀 Without HOSA

  • Memory leak starts. Prometheus scrapes every 15s — sees nothing.
  • OOM-Killer fires at t=40s. Payment service dies mid-transaction.
  • CrashLoopBackOff. Customers get 502 errors.
  • Alert fires at t=100s — 60 seconds after the first crash.

🛡 With HOSA

  • Memory leak starts. HOSA detects anomaly acceleration in 1 second.
  • Applies memory.high containment at t=2s. No process killed.
  • System degraded but alive. All transactions preserved.
  • Operator gets webhook with full dimensional context at t=2s.

Timeline of a Collapse — Memory Leak @ 50MB/s

t=0s

Leak Starts

Memory leak begins in payment-service. Rate: ~50MB/s.

mem: 61% DM = 1.1 Level 0

Prometheus last scraped 8s ago. Next scrape in 7s. Data shows: "healthy."

t=1s

HOSA Detects

DETECTED IN 1s

Mahalanobis Distance crosses vigilance threshold. Sampling rate increased from 100ms to 10ms.

DM = 2.8 dDM/dt = +1.6 Level 0→1

Prometheus: no scrape in this interval. Zero awareness.

t=2s

HOSA Contains

CONTAINED IN 2s

Dominant contributor identified: /kubepods/pod-payment-service-7b4f. Action: memory.high reduced from 2G → 1.6G. Webhook dispatched.

DM = 4.7 d²DM/dt² = +0.5 Level 1→2

Prometheus: next scrape in 5s. Still showing stale data from t=-8s.

Lethal Interval: 2 seconds

HOSA detected and contained the anomaly before any external monitoring system could collect its first data point post-leak.

t=4s

Containment Holding

Derivative decelerating — containment is working. No escalation needed.

dDM/dt = +1.2 ↓ d²DM/dt² = −0.45

Prometheus: scrapes now. Sees mem=1.47GB. Rule says >1.8GB for 1m. Result: OK (!)

t=8s

System Stabilized

STABLE

Memory at 74% — plateau reached. Derivative near zero. System degraded but functional. All transactions preserved. No process killed.

DM = 6.2 dDM/dt ≈ 0 Level 2
Counterfactual — what happens without HOSA
t=40s

OOM-Kill

💀 CRASH

payment-service killed mid-transaction. Data corrupted. CrashLoopBackOff begins. Customers receive 502 errors.

t=100s

Prometheus Alert Fires

⚠ TOO LATE

Alert fires 60 seconds after the first crash. The for 1m condition is finally satisfied. On-call engineer paged. Postmortem begins.

How It Works

Bio-Inspired Autonomous Resilience

Like the human reflex arc — your spinal cord retracts your hand from fire in milliseconds, then notifies your brain. HOSA does the same for your servers.

🧬

Multivariate Detection

No static thresholds. HOSA learns the behavioral profile of your node — how CPU, memory, I/O, and network correlate — and detects deviations using the Mahalanobis Distance. It sees patterns that per-metric alerts miss.

Kernel-Space Collection

Metrics collected via eBPF probes attached directly to kernel tracepoints. No polling, no scraping, no agents-calling-agents. Data flows through ring buffers with microsecond latency.

📈

Predictive Derivatives

HOSA doesn't just measure where you are — it calculates velocity and acceleration of deviation. It detects that you're heading toward collapse, not just that you've arrived.

🛡️

Graduated Response

Six response levels from passive observation to autonomous quarantine. Proportional to severity. No binary kill switches. Throttle first, contain second, isolate only as last resort.

🔌

Zero External Dependencies

No TSDB, no message broker, no cloud API required for its primary function. Communication with orchestrators is opportunistic — used when available, never required.

📋

Auditable Decisions

Every autonomous action is logged with its mathematical justification — DM value, derivative, threshold crossed, target cgroup, action taken. Full transparency. No black boxes.

Graduated Response

Six Levels of Autonomous Action

Inspired by biological threat response. Proportional force — from silent observation to network isolation.

LevelNameActionReversibility
0 Homeostasis None. Suppress redundant telemetry. Heartbeat only.
1 Vigilance Increase sampling rate. Log locally. No intervention. Automatic
2 Soft Containment renice non-essential processes. Webhook notification. Automatic
3 Active Containment CPU/memory throttling via cgroups. Partial load shedding via XDP. Auto w/ hysteresis
4 Severe Containment Aggressive throttling. Block inbound traffic except healthchecks. Freeze non-critical cgroups. Sustained recovery
5 Quarantine Network isolation. Freeze non-essential processes. Environment-aware recovery mode. Manual
Architecture

The Perceptive-Motor Cycle

Three layers — sensory (eBPF), cortex (math), motor (cgroups/XDP) — operating in a continuous loop with microsecond kernel↔user transitions.

Kernel Space eBPF
📡

Sensory Probes

  • Tracepoints (sched, mm, net)
  • Kprobes
  • PSI Hooks

Actuators

  • XDP (packet filtering)
  • Cgroup controllers (cpu, memory)
  • Process signals
eBPF Ring Buffer
BPF Maps
User Space Go
🧠

Predictive Cortex

  1. Receive events from ring buffer
  2. Update state vector x(t)
  3. Update μ and Σ incrementally (Welford)
  4. Calculate DM(x(t)) — Mahalanobis Distance
  5. Apply EWMA smoothing → M(t)
  6. Calculate dD̄M/dt and d²D̄M/dt²
  7. Evaluate against adaptive thresholds
  8. Determine response level (0–5)
  9. Send actuation command via BPF maps → back to Kernel
📡

Opportunistic Communication

Webhooks Prometheus metrics Local audit log

Used when available. Never required.

Quick Start

Coming Soon

We're actively building the first public release.
Star the repo to get notified when it drops.

🚧

Under Construction

HOSA is currently in alpha development. Installation instructions, pre-built binaries, and quick-start guides will be available here once the first public release is ready.

Watch on GitHub
Documentation

Deep Dive

From concepts to implementation details.

💡

Core Concepts

Endogenous Resilience, the Lethal Interval, and why local autonomy matters.

 🏗️

Architecture

The perceptive-motor cycle, warm-up calibration, and system design decisions.

 📐

Math Model

Mahalanobis Distance, Welford updates, EWMA, derivatives, and regime taxonomy.

 🛡️

Response System

Six graduated levels, cgroups actuation, XDP load shedding, quarantine modes.

 ⚙️

Configuration

Parameters, safelists, environment detection, and tuning guide.

 📄

Whitepaper v2.1

Full academic foundation — 52 pages covering theory, taxonomy, and validation plan.