What is osgarden?
osgarden is a platform where developers host open-source apps for free and users pay their own direct usage costs from one prepaid wallet. No subscriptions, no per-app billing, no developer-run infrastructure.
Preview status: osgarden is live — the dashboard is at app.osgarden.net — in preview mode. New accounts get a $5 welcome credit and payments are deliberately switched off — you can use real apps end-to-end without spending anything.
The model in one paragraph#
Every request an app makes flows through a single metered gateway. The user's session identifies the payer; the operation and path identify the cost. Before a metered operation runs, the gateway places an escrow hold against the user's balance, then captures the actual cost on completion — a user can never overspend, and no operation starts without funds reserved. Developers ship a static bundle plus a declarative schema; they hold no secrets and run no servers, so serving a million users costs a developer exactly what serving one does: nothing.
Why it's different#
For users:
- Fractional cost. You fund the compute, storage, and AI calls your own activity creates — not a developer's infrastructure overhead and margin.
- Your data is yours. Account, balance, exports, and per-app deletion live in one dashboard, identical across every app.
- Uniform security. Identity, encryption, key storage, and billing are the platform's job, done once and shared by every app. Apps are untrusted by design: sessions are audience-bound per app, and a per-app monthly spend cap bounds what any app can debit — set it to $0 and the app is blocked instantly.
For developers:
- Zero hosting burden. Publish open-source SaaS without paying to serve its users.
- No secrets. Every API that normally needs a dev-held key (AI models today; more to come) is re-exposed by the platform as a metered pass-through. Your repo is public and static — it can't leak a key it never contains.
- One security artifact. You write declarative, default-deny access rules in your schema. Everything else — auth flows, session handling, multi-tenant isolation, metering — is platform mechanism you can't get wrong.
What's shipped today#
The data platform (Stages A–F of the engine) is live:
- Authentication — OAuth 2.0 + PKCE via the gateway; tokens
live in
httpOnlycookies, never in page scripts. - Database — scoped, metered CRUD with private, resource, and federated scopes; cursor pagination; atomic batches.
- Resources & membership — consensual membership, roles, moderation, and shared (creator-owned) tables.
- Files & storage — object storage on both scopes with metered upload/egress.
- AI — an escrowed, OpenAI-compatible pass-through; the caller pays their own token cost.
- Users & profiles — cross-app public identity and account deletion.
- Billing — wallet, top-ups, and per-app spend caps.
- Schema & deploy —
defineSchema, safe automatic migrations, and theosgardenCLI.
Realtime, serverless functions, jobs, and anonymous visitors are designed but not yet callable — the roadmap keeps that line honest.
The trust model#
You trust two parties: the platform for data, security, and settlement mechanics; and auditable open-source code for app behavior. Not one ops team per app — two parties, total.
Where to go next#
- Quickstart — run the platform locally and build an app.
- API conventions — auth schemes, error model, billing mechanics.
- Metering & rates — exactly who pays what, per surface.