⬡ Oxios
Agent Operating System
Where AI agents don't just talk — they work.
Built with
Why Oxios?
Large language models are powerful, but they're stuck in chat boxes. Oxios gives them an operating system — lifecycle management, tool execution, state persistence, security boundaries, and an orchestration protocol — so agents can autonomously complete real tasks.
| The problem | What Oxios does |
|---|---|
| Agents die when the chat closes | Supervisor manages agent lifecycle: fork, exec, wait, kill |
| No specification → unreliable output | Ouroboros: interview → seed → execute → evaluate → evolve |
| Every app reinvents browser/execution | Built-in engine: headless browser, host exec, MCP bridge, programs |
| Agents have no memory between sessions | State store + vector memory: persistent, searchable knowledge |
| No security boundary between agents | Access manager: RBAC, path sandboxing, audit trail |
Get Started
Set your LLM key, then run:
Open http://127.0.0.1:4200 — start talking to your agent.
That's it. The OS handles the rest.
Architecture at a Glance
┌──────────────── Gateway ────────────────┐
│ Web · CLI · Telegram · Discord · … │
│ (plugin channels) │
└──────────────────┬──────────────────────┘
│
┌──────────────────▼──────────────────────┐
│ Kernel │
│ │
│ Supervisor · Ouroboros · Event Bus │
│ State Store · Vector Memory · Scheduler │
│ Access Manager · Audit Trail · Budget │
│ │
│ ┌─────────────────────────────────────┐ │
│ │ Agent Runtime │ │
│ │ oxi-agent + oxi-ai (multi-provider)│ │
│ │ read · write · edit · bash · grep │ │
│ │ browser · programs · MCP · memory │ │
│ └─────────────────────────────────────┘ │
└───────────────────────────────────────────┘
│ │
┌────▼────┐ ┌────▼────┐
│ Host │ │OxiBrowser│
│ Exec │ │(in-proc) │
└─────────┘ └──────────┘
No containers. No subprocess browser. Everything runs in-process, sandboxed by workspace rules and RBAC.
Core Concepts
🔄 Ouroboros Protocol
Powered by the Ouroboros specification framework. Agents never execute blindly — every task starts with a specification.
Interview → Seed → Execute → Evaluate → Evolve
↑ │
└────────────────────────────────────┘
🧭 Supervisor
Agent lifecycle as process management. Fork an agent, let it work, kill it if it misbehaves.
🌐 Built-in Browser
OxiBrowser — pure Rust headless browser, running in-process. ~10MB memory. No Chromium, no CDP overhead.
"Read this URL" → browse(url) → Markdown (one-shot)
"Fill this form" → goto → click → type → Interactive Tab session
"Run this JS" → evaluate(code) → JSON result
📦 Programs
OS-level installable capabilities for agents. Each program is a self-contained directory:
🧠 Vector Memory
Agents remember across sessions. Semantic search with budget-aware curation.
🔒 Security
| Layer | Mechanism |
|---|---|
| Tool access | RBAC per agent (capability-based) |
| File system | Workspace path sandboxing |
| Network | SSRF protection, robots.txt obedience |
| Execution | Command allowlist + metacharacter blocking |
| Audit | Immutable audit trail |
Ecosystem
Oxios is part of the a7garden Rust AI stack:
| Project | Purpose |
|---|---|
| oxi | LLM engine + agent runtime |
| oxibrowser | Pure Rust headless browser |
| ouroboros | Specification-first agent framework |
| oxios | Agent Operating System (you are here) |
oxi-ai ──── LLM abstraction (multi-provider)
oxi-agent ── Tool-calling agent loop
│
ouroboros ── Specification-first protocol
│
oxios-kernel ── Supervisor, tools, state, security
│
oxios ── Binary + channels (Web, CLI, Telegram, …)
License
Built by a7garden