Postern Labs
MAINNET BETA. Unaudited · relaxed k=4 regime (trivially forgeable) · k=8 hardening reverted, re-activating with a difficulty fix · very few nodes, 51%-attackable · not a security · for evaluation — not to protect real secrets yet. Full disclaimer →

Get the beta

Everything ships as source. On purpose.

Postern's integrity story is reproducibility: you build what you run, and the same inputs produce the same artifact. So the beta has no download-and-double-click installer yet — and we won't fake one. Here is exactly what you can run today, and how.

Honest status — read before anything else

  • Everything here is pre-production. The Rust product cores are built and test-verified; the UIs, OS images, and cloud/enterprise editions are designs and reference prototypes — each is labelled built vs designed wherever it appears.
  • The underlying protocol now runs a mainnet beta — a designation, not a security claim. The relaxed regime (k=4) currently applies — work is trivially forgeable. The k=8 security hardening of the Module-SIS gate was activated at block 213,000 but reverted: it multiplied mining difficulty ~4096x and the current solo / low hashrate could not find blocks, so the chain stalled. k=8 will re-activate together with a matched difficulty reduction (so block time stays ~30s); until then, no security is claimed. Security is cumulative SHAKE-256 hashcash work (the gate is a structural filter), and the network is nascent: very few nodes, low hashrate → 51%-attackable. It is unaudited — a third-party audit is contracted but not done yet, and the concrete-security analysis and IACR ePrint are still outstanding.
  • The coin is not a security and not an asset. No token sale, no listing effort, no market-making, no price. Disclosed in full: a 17% founder premine (10-year cliff, 40-year vest), structurally passive.
  • Do not use any of this to protect real secrets yet. It is a public beta for evaluation, feedback, and reproduction of our claims.

1 · The web apps

Self-contained HTML — open the file, that's the install.

Each app is one self-contained HTML file — open it live right here, or grab the file from the source tree under apps/ and open it locally (Chrome for the voice features). No build step, no server, no network dependency of its own. Where an AI concierge is offered you bring your own Claude key; every app carries an honest privacy panel.

AppOpenWhat it is
SottoOpen →Privacy-first voice assistant
VedettaOpen →Voice markets lookout — holdings never leave the device
TolmachOpen →Private interpreter + meeting minutes
Postern StoreOpen →Say what you need; it parameterizes the search
ChiaveOpen →Sign in with your wallet — no email, no account
SartoOpen →Onboarding configurator + transparent controls
ConsiglioOpen →Enterprise admin console

2 · Demo videos

What it looks like — labelled for what it is.

Three short videos, each labelled on its own frames. The two Postern OS videos are UI design previews — the OS image they depict is not built yet (same rule as everywhere on this page: no installer exists, and we won't fake one). The Sarto video is a walkthrough of the onboarding web app you can open today from apps/postern-onboard/index.html. Nothing shown here is finished, audited, or a security claim.

Postern OS · mobile — UI design preview. A concept walkthrough of the mobile interface. This is the design, not a recording of a built OS: the mobile image does not exist yet.
Postern OS · desktop — UI design preview. A concept walkthrough of the desktop interface. Same honesty: the desktop image is not built yet; what ships today is the Nix foundation below.
Sarto — onboarding tutorial. A walkthrough of the Sarto web app: configuring Postern and connecting the AI concierge with your own Claude API key (bring-your-own-key; no key of ours, no account). Sarto is beta and unaudited, like everything here.

3 · The reproducible OS

Postern OS — builds from source on Nix hardware.

The os/ directory holds declarative NixOS profiles: a minimal image that boots into a running node as a hardened systemd service (dedicated user, ProtectSystem=strict, syscall filtering), plus desktop, mobile, browser, cloud, and attestation profiles. Because it's Nix, the same inputs produce the same image — that reproducibility is the product.

Honest status: images build from source on a Linux host with Nix and flakes. Prebuilt, signed images are coming; they do not exist yet, and we won't link a binary we haven't built and signed.

How to build & install Postern OS — desktop + mobile (walkthrough). Shows the real build-from-source process (nix build .#iso / .#mobile-image), flashing, and booting on a compatible device. No prebuilt image exists — you build from source, and this process is not yet validated on hardware by us (first target: a PinePhone + a PC). Mainnet-beta, unaudited; not a security claim. Mobile works only on the listed Mobile-NixOS devices — not any Android.
# On a Linux host with Nix + flakes, from the source tree:

# Bootable ISO  ->  ./result/iso/*.iso
nix build .#iso

# Just the node package
nix build .#bloch && ./result/bin/bloch --help

# Try it in a VM without flashing anything
nixos-rebuild build-vm --flake .#bloch-os && ./result/bin/run-*-vm

The desktop and mobile daily-driver editions are designs with foundation profiles — see their honest labels on the products page.

4 · The desktop app

Postern Desktop — Tauri, build from source.

A desktop app for the OS you already run (Linux first; cross-platform): start/stop and monitor a node, hold a wallet (mnemonic shown once, byte-identical addresses to the mobile core), watch the miner, stream the logs. Rust backend, dependency-free web UI.

It builds from source in desktop/ with the standard Rust + Tauri toolchain (cargo tauri build after the Tauri prerequisites for your platform). No prebuilt binaries yet — same rule as the OS.

5 · The source itself

Where the code lives.

The product suite (crates, apps, OS profiles, desktop, mobile) is the Postern Labs source tree — MIT / Apache-2.0 per crate. cargo build --workspace builds the product cores; the crates that need protocol crypto pull it as a pinned git dependency.

The protocol is not ours to host: Bloch-SIS-PoW lives in its own ownerless repository at gitlab.com/blochsispow-group/BlochSISPoW-project — rendered as text, not a link, because this site makes no external requests and the protocol has no official site. See Postern & Bloch — two different things.

Before you run anything

All of it is beta and unaudited. Evaluate it, break it, reproduce our builds, file findings — but do not put real secrets in the vault, real files through the courier, or treat the chain's coins as a store of value. The chain is a mainnet beta: unaudited, 51%-attackable, running the relaxed k=4 regime (trivially forgeable) — the k=8 hardening was reverted and will re-activate with a difficulty fix — and its coins carry no value claim. Not a security, not an asset; use at your own risk.