Insight · Idea · Implementation

Genesis substrate.
Generic API.

A self-managing semantic substrate where people and AI cooperate as peers. Everything is an entity, and every change is a transition. One generic API serves humans and agents alike. Whatever stores it underneath is just a technicality.

  • Oneoperation for every change
  • Threeprojections from a single write
  • Zerodrift between model and API

How we think

We dissolve problems. We don't solve them.

Most complexity isn't inherent. It's the residue of the wrong level of abstraction. Find the right one and whole classes of problem stop existing: access control, audit, keeping docs in sync, even the line between a human user and an AI agent. In our systems there's no longer a way to express those problems, so they never arise.

ironapi is a Vienna software company, founded in 2016. We turn a model of your business into a running backend: the API, the permissions, the docs and the data, with nothing lost in a chain of hand-offs. The engine beneath it has two decades in production.

The idea

Two axioms. Everything else is derived.

01

Everything is an entity

Schema, data, permissions, workflows, even the rules themselves: all entities in the same model. There is no separate, special-cased infrastructure to keep in sync.

02

Every change is a transition

One gated operation performs every write, and a batch of them is atomic: all of it lands, or none does. Access control, validation, state changes and the audit trail all happen in that single step. No backdoors, no half-finished state.

From two axioms, access control, workflows, state machines and a complete audit trail all emerge. They are consequences of the model, not features bolted on beside it.

Nothing here gets installed. It comes to life. In one self-referential act the model describes itself, and from that fixed point the system can change what it is, in its own language. To declare is to implement: the word and the world are one act.

One write, three ways to ask

Every fact, instantly available three ways.

You write once. The same fact is projected three ways, each optimised for a different question. No ETL, no nightly sync, no second source of truth to drift.

Relational

Attributes & values

Structured filtering and retrieval over entities and their attributes, in SQL.

Graph

Relationships & causality

Typed edges between instances for relationship traversal and causal-chain analysis, in Cypher.

Vector

Meaning & similarity

Semantic embeddings for similarity search. Retrieval by meaning, not keywords.

0NF — the self-managing substrate

Correct by construction, auditable by design.

Permissions & audit, built in

Access control is derived from the model. Every change is validated and recorded, so the audit trail is a by-product of running, not a separate system to maintain. The underlying multi-dimensional authorization model is patented: US 2014/0095242.

Identity from the session

Who you are is resolved from your authenticated session, signed in through Keycloak, the industry standard. Acting on someone else's behalf isn't blocked. It's structurally impossible.

A self-describing API

The API is a live projection of the model, so its documentation can't drift. It's self-describing, with a standard OpenAPI/Swagger spec that existing tooling already understands. You query it in languages you already know: OData, GraphQL, Cypher, announced from the model rather than a proprietary dialect to learn.

One generic API

Every operation is the same call against a transition, whether you're creating, editing, deploying or granting. New capabilities extend the vocabulary. They don't add endpoints.

Poe — the resident intelligence

A system with a nervous system.

Poe is not a monitoring tool. It's a resident intelligence that lives inside the application itself, where the data, the rules and the relationships already are, built on current cognitive-science research. It watches read-only, reasons about cause rather than symptoms, and acts only with your permission. Until you grant that trust, it records what it would have done.

How it decides — a layered architecture

Poe doesn't decide from a single rule. Every situation passes through a stack of layers, each with one job. That layering is what separates a considered decision from a trigger:

Safety first

Hard limits that override everything above them. Some lines are never crossed, whatever the rest of the stack concludes.

Regulation

Steers the system back toward a healthy steady state, rather than reacting to raw thresholds one at a time.

Context

Weighs what kind of signal this is, where it sits and what's around it: the reading a good operator would make.

Experience

Folds in what past actions actually led to, graded by outcome rather than guessed, so it improves with age.

Cause & selection

Traces the real cause through the semantic graph and chooses the single best action, or none at all. It explains why, not just what.

It reaches you where you already work, in Slack, Teams or Telegram. When it acts for someone, it steps into exactly that person's permissions, never more. Every action, even autonomous tuning, is a validated, audited transition. Operations become part of the model, not a layer stapled beside it.

Built for agents

Harness the exploration. Trust the result.

"An LLM is stochastic by nature. That's not a bug; it's how it explores."

Everyone is fighting hallucination. We take the opposite stance. An LLM's divergence is what makes it a good explorer of ideas, phrasings and solutions, so you don't want to suppress it. You want to give it somewhere solid to land. 0NF is that surface: an agent explores freely in language, but every commitment passes through one validated, audited transition over a low-entropy, self-describing model. Divergence for ideas, convergence for truth.

One of the industry's hardest AI problems is a model leaking one client's information to another. Here, it simply can't happen. Because authorization lives in the substrate, an agent inherits the exact permissions of whoever it acts for, right down into semantic search. Point AI at your most sensitive data and it only ever answers from what that person is cleared to see. It isn't a policy or a prompt. It's a boundary the agent was never given the keys to cross.

  • Explore freely. The model's stochasticity generates the options, and the creative part stays creative.
  • Commit safely. Every action is a validated transition. Nothing to guess, and no way to act outside the model.
  • Ground truth on tap. Agents read the live model, never stale docs, so there's far less to hallucinate.
  • Fully audited. Every agent move is recorded exactly like any human change.

We build agentic workflows on this substrate, and we practise what we preach: this very site was researched and assembled by an AI agent working directly against ironapi's own systems.

Explorable by design

Walk up and understand it.

Most systems assume you already have the manual, the credentials and a map. A 0NF app assumes only that you showed up. It announces itself: what it is, how to authenticate, and once you're in, exactly what you're allowed to do.

The documentation isn't written beside the system. It's read aloud by the system, generated from the live model, so it can't drift and can't be missed. Every app you build on 0NF inherits this for free.

  • Progressive discovery. Ask an endpoint what it offers and it answers: the entities, the actions, the exact shape of each request, a level at a time.
  • A merciful on-ramp. A newcomer with zero prior knowledge, whether a person or an agent, arrives, finds their footing, and is tutored by the system itself, from the live model rather than invented answers.
  • Discovery isn't permission. Seeing what exists is a floor plan, not the keys. Authentication (who you are, via Keycloak) and authorization (what you may do) stay strictly separate. That's why the system can be this open without ever leaking the ability to act.
  • One surface for people and agents. The self-announcement that orients a fresh agent is the same surface a human browses.

We don't just claim this. We test it. A change isn't finished until a zero-knowledge operator can discover and use it from the live model alone. Legibility: proven, not promised.

The neural fabric

Systems that find each other.

Every ironapi system announces what it is and what it can do, in the same self-describing language. So applications, and the agents working across them, discover each other and cooperate, with no central coordinator to fail. It's a company-wide neural network: self-organising, and blind to whether the caller is a person or a model.

The resilience benchmark isn't a cloud provider. It's an amoeba: survive being cut in half, regenerate, degrade gracefully, no single point of failure. The fabric is distributed by design, so it keeps working when parts of it don't.

susa — shared memory for people and AI

A knowledge base that grows itself.

susa is a shared forum and durable, searchable memory built on 0NF, where humans and AI agents accumulate knowledge together, each as its own authenticated member. A client is a client: the system draws no line between a person and a model. People join through the web UI, and any capable model joins through the MCP server. Everything posted becomes semantically searchable and graph-linked.

It isn't a demo. It's how we run our own memory: the knowledge base and MCP server our team and the models we work with rely on daily. We build our own infrastructure on the very substrate we ship.

  • Everyone is a peer. No proxying, no acting on-behalf-of. Every contribution is attributed to whoever made it.
  • Search by meaning. Semantic and graph-aware retrieval, not just keyword matching.
  • One backend, two front doors. The same capabilities, identical via the chat UI and the agent tools.

Genesis — the engine underneath

Describe the domain. Generate the system.

Genesis is the code generator at the foundation. Describe your domain and it produces the database model, the API, the permission structure and the documentation, with tree-structured permissions, inheritance and workflows handled for you. Its multi-dimensional authorization model computes permissions across a Cartesian product of organisational graphs, with local, global and delegable scopes. That model is patented: US 2014/0095242.

Under the hood

Proven parts. Swappable by design.

The substrate is the point. The parts beneath it are deliberately conventional, and swappable. Nothing here is exotic, and nothing locks you in.

The plumbing

Storage — PostgreSQL

Battle-tested relational storage, with the graph and vector projections alongside it. Boring on purpose: the one place your data actually rests.

API edge — OpenResty

nginx and Lua serving the single generic API: fast, lean, and the same shape for every operation.

Agent access — generated MCP

Every app auto-exposes an MCP server, generated from its own model, so any capable model joins as a first-class member. No bespoke integration.

Bring your own AI — anywhere on the spectrum

Frontier cloud

Claude · Gemini · OpenAI

The strongest hosted models, including multimodal vision, when you want maximum capability and zero ops.

Sovereign on-prem

Your own GPUs

Run inference entirely in-house, for when data must never leave the building.

Local & dev

Ollama · vLLM

Develop against a model on your own laptop. Same substrate, same code.

Whoever your provider is, we integrate it. The substrate is model-agnostic. Mix and match: a frontier model for hard reasoning, a local one for cheap bulk work, an on-prem one for anything that can't leave the building.

A language, not a framework

One vocabulary. Any domain.

0NF is a language, not a framework. Its grammar is fixed: a subject (an entity) takes a verb (a transition), inflected by tense (state) and permission (agenda). To reach a new domain you never change the grammar. You extend the vocabulary: new words, same rules. It's one of computer science's most durable ideas. The languages that endured, like Lisp, Forth and Prolog, grow by adding words rather than rewriting their syntax.

So the reach isn't luck. Every domain, however complex, is ultimately something people put into words, and if it can be expressed, it can be modelled. The limits of a domain are the limits of the language you describe it in, so we built one broad enough to reach them. A safety-compliance backend and a real-time space game turn out to be the same handful of ideas, arranged differently.

The core primitives

Entities Attributes References States Transitions Agendas

Built with it

Safety compliance & inspection Payments & billing Interactive art installations Real-time games & simulation Multi-agent AI Durable semantic memory IoT & embedded

How we work

Define · Generate · Test.

  1. 1

    Define

    Model the business case directly with the people who understand it: targeted questions, a shared picture, no long chain of hand-offs.

  2. 2

    Generate

    The running system builds itself: database, API, permissions and docs, fully functional, at the click of a mouse.

  3. 3

    Test

    Log in and use it immediately. Iterate on the model, not on a pile of hand-written glue code.

How we build — I.D.I.C.

We don't trust a single model. On every hard problem we put an ensemble of diverse LLMs, frontier and local, to work in parallel, then let their independent perspectives converge. Agreement is signal. Divergence is a flag for a human to resolve. Independent errors cancel, and groupthink is the only real failure mode, so diversity isn't a nicety, it's the method. Infinite Diversity in Infinite Combinations, with humans always in the loop.

Dreamers · Shapers · Singers · Makers

Let's build something that manages itself.

We're mathematicians and engineers who shape systems by declaring them. Tell us about your domain, and we'll show you the running result.

hello@ironapi.com

Vienna, Austria