Sign in Request access
‹ qOS

Agent Storage· Trove

Object storage with no master to lose.

Trove is object storage rebuilt from the ground up in Rust as one self-contained binary, with no external database and no master node to fail. It stores millions of small files with a single seek per read, checks every byte against a strong checksum on the way out, and quietly repairs corruption and lost copies in the background. Every node is equal, so any node can answer any request, and you grow by adding machines.

1 binary no database, no ZooKeeper
S3 AWS CLI, boto3, rclone unchanged
Self-healing background repair and bitrot scan
Request access All core systems

Why Trove

Every object store made you pick a weakness.

One popular system is fast but has a single master that can take the whole cluster down, and a weak checksum that misses silent corruption. Another is reliable but creates millions of tiny files that exhaust the filesystem, and cannot add disks after setup. A third keeps every file's location in RAM and only offers a mount, not a cloud API.

Storing billions of small files cheaply, safely, and behind a normal S3 API has always meant choosing which downside to live with. Trove was built to stop choosing.

Capabilities

What it can do.

A drop-in S3 API

Works with the tools teams already use: AWS CLI, boto3, and rclone connect unchanged. Objects, buckets, listings, multipart uploads, server-side copy, tagging, and presigned shareable links.

One binary, four front doors

A single executable serves an S3 API, a JSON admin API, a simple REST file API for service-to-service use, and an embedded web console, each independently toggled.

Storage that adapts as data ages

Fresh data is kept as fast full copies; as it ages it converts automatically to erasure coding that survives disk loss at about 1.25x cost instead of 3x; cold data can offload to external cloud storage.

Self-healing with triage

A background scanner re-reads stored data, catches silent corruption, and feeds a nine-level priority queue so the most endangered files, down to their last copy, get rebuilt first.

Built-in multi-tenancy

One cluster hosts many isolated customers, each with their own credentials, quotas, usage metering for billing, optional encryption, and placement rules like EU-only.

Encryption, your way

AES-256 at rest with Trove-managed keys, or customer-supplied keys it never stores, with a unique key for every file.

Full identity and access control

AWS-style users, groups, roles, and JSON policies with conditions like source-IP and prefix limits, plus short-lived temporary credentials.

Geographic placement

Express redundancy as a code spanning regions, data centers, racks, and disks, so copies always land in independent failure domains.

Built different

Why it is not just another bucket.

  • No single point of failure, by architecture

    Masterless: every node runs the same binary on a consistent hash ring, with gossip-based membership. There is no master to crash or bottleneck.

  • Nothing else to run

    No separate coordination service or database to babysit. Metadata lives in a custom write-ahead log that replays on restart. Minimal dependencies is a rule, not an accident.

  • Strong integrity where others are weak

    Every object carries a strong checksum, verified on read, replacing the collision-prone CRC32 that rivals use. Erasure coding runs on a SIMD-accelerated codec.

  • Built for small files

    Files are appended into large volumes instead of one file each, so a million objects use two filesystem entries, not three million, with the index in memory for one-seek reads.

  • Rust, no GC pauses

    Predictable tail latency, the one thing the garbage-collected incumbents cannot promise.

  • The best ideas of three, rebuilt

    Synthesized from careful audits of SeaweedFS, MinIO, and MooseFS, then re-implemented from scratch rather than forked.

By the numbers

Built to scale per node.

Design targets on local SSD, not yet independently benchmarked.

>60K/sreads per node, small files (target)
Sub-msread latency (target)
256erasure-code shards, configurable
<100MBRAM per million files (target)

Agent-first

Where agent work lands and stays.

Trove is the storage an agent platform writes to constantly: every conversation sandbox snapshot, every file an agent produces, and the immutable audit trail, all addressed through a standard S3 API its tools already speak. Because any node serves any request and the cluster self-heals, a fleet can read and write at scale without coordinating through a master. Per-tenant isolation and signed share tokens let one agent hand another time-limited access to a single artifact, by intent, not by exposing a bucket.

  • Durable snapshot and resume storage for per-thread sandboxes.
  • Unforgeable per-object share tokens for safe cross-agent handoff.
  • A tamper-evident audit archive that bitrot scanning keeps verifiably intact.

Put Agent Storage to work.

See HQ running in your own Slack or Teams, on the operating system we built for agents.

Request access Explore qOS