KernelOS

Run AI work anywhere, without losing state or control.

KernelOS is a provider-agnostic operating system for AI agents that keeps workspace state in a kernel-owned event log while runtimes remain disposable. It is built for teams and power users who need multi-agent workflows across desktop, mobile, cloud, and edge without vendor lock-in. The system combines offline-first execution, cross-device sync, plugin-based extensibility, and zero-trust security so agent automation stays portable for years.

Business Goals

  • Reach 1,000 active workspaces within 6 months of launch with at least 35% weekly retention.
  • Achieve 40% of new workspaces connected to two or more AI providers within 90 days to validate BYOK routing.
  • Keep crash-free workspace recovery above 99.5% across desktop and mobile runtimes in the first year.
  • Drive 25% of users to install at least one plugin within 30 days, proving extensibility is a core adoption driver.
  • Reduce time-to-first-usable-agent-workflow to under 10 minutes for 80% of new users by the end of beta.

User Goals

  • Create agent workflows that continue working even if a runtime or device goes offline.
  • Switch between AI providers without rewriting prompts, tools, or workflows.
  • Keep a single authoritative workspace state that syncs across devices with minimal conflict.
  • Add tools, MCP servers, and custom capabilities through plugins instead of platform-specific code.
  • Recover safely from failures using snapshots, event replay, and auditable history.

Non-Goals

  • Building a general-purpose consumer chat app with no workspace or state model.
  • Shipping a proprietary AI model or training foundation models.
  • Locking the system to one cloud provider, one runtime, or one plugin format.
  • Providing unlimited fully autonomous actions without policy controls or permission boundaries.

Ops Engineer Dana, 34 - Dana runs internal automation for a growing company and needs repeatable multi-step workflows that survive outages and team handoffs. She cares about auditability, permissions, and being able to change AI providers without redoing the stack.

Ops Engineer Dana, 34

  • As an ops engineer, I want to define a workflow once and run it across laptop and cloud runtimes, so that execution survives device loss or downtime.
  • As an ops engineer, I want every agent action to be recorded in an event log, so that I can trace why a decision happened.
  • As an ops engineer, I want to revoke a plugin or provider instantly, so that I can respond to security concerns without breaking the workspace.

Power User Priya, 28 - Priya uses AI agents to research, summarize, and coordinate tasks across multiple devices while traveling. She needs offline access, fast sync, and confidence that her work will reconcile cleanly when connectivity returns.

Power User Priya, 28

  • As a power user, I want to start a task on mobile and continue it on desktop, so that I do not lose momentum between devices.
  • As a power user, I want offline work to queue safely, so that I can keep using the system on flights and in low-connectivity environments.
  • As a power user, I want the workspace to resolve conflicts transparently, so that I can trust the final state without manually merging data.

Platform Admin Leo, 41 - Leo evaluates internal platforms for enterprise adoption and needs vendor independence, policy controls, and integration flexibility. He wants clear trust boundaries and predictable scaling.

Platform Admin Leo, 41

  • As a platform admin, I want provider routing policies to be configurable per workspace, so that teams can choose cost, latency, or compliance preferences.
  • As a platform admin, I want plugin trust levels and approvals, so that only verified extensions can access sensitive data.
  • As a platform admin, I want usage and audit dashboards, so that I can monitor adoption, spend, and security posture.

Kernel-owned event-sourced state · High priority

  • The workspace kernel must be the single source of truth for all durable state, with append-only events, snapshots, replay, and recovery.
  • Persist all workspace changes as immutable events with monotonically ordered identifiers.
  • Generate periodic snapshots for fast startup and recovery after crash or device loss.
  • Support deterministic replay from any valid snapshot plus event tail.
  • Store workspace state separately from runtime processes so runtimes can be discarded at any time.
  • Expose read models for UI and search without allowing direct write access to derived state.

Agent orchestration and capability routing · High priority

  • The system must coordinate tasks across multiple agents, capabilities, and execution environments while remaining provider-agnostic.
  • Represent work as task, agent, capability, runtime, and provider contracts with clear inputs and outputs.
  • Allow a task to be delegated to one or more agents based on capability, trust, and availability.
  • Support retry, backoff, escalation, and human approval checkpoints for long-running tasks.
  • Route requests to providers using policy-based selection by cost, latency, model class, and trust level.
  • Enable capability chaining so one agent can hand off to another without losing context or state.

Plugin and MCP extensibility · High priority

  • Everything external must be pluggable, including tools, MCP servers, storage adapters, runtimes, and custom skills.
  • Load plugins through signed manifests that declare permissions, dependencies, and compatible versions.
  • Support MCP connectivity through a normalized adapter layer rather than hardcoded integrations.
  • Allow plugins to register capabilities, UI surfaces, event handlers, and storage backends.
  • Provide sandboxed execution boundaries and deny-by-default permissions for all plugins.
  • Support rollback to a previous plugin version with state migration hooks and compatibility checks.

Offline-first sync and reconciliation · High priority

  • Workspaces must function offline, queue changes locally, and reconcile with the kernel when connectivity returns.
  • Queue local events while offline and replay them in causal order when synced.
  • Detect conflicts using event lineage and workspace branch metadata.
  • Provide automatic reconciliation for non-overlapping changes and explicit resolution for semantic conflicts.
  • Sync selectively across devices based on policy, bandwidth, and trust tier.
  • Show sync status, stale data warnings, and last-known-good recovery points in the UI.

Security, policy, and audit · High priority

  • The platform must enforce zero-trust access control, auditability, and data protection across providers, plugins, and devices.
  • Apply deny-by-default permissions for network, filesystem, secrets, and data access.
  • Support workspace-level, device-level, plugin-level, and provider-level trust policies.
  • Record every sensitive action in an append-only audit trail with actor, scope, and reason.
  • Require explicit approval for high-risk actions such as external writes, deletions, and credential use.
  • Support secrets isolation so providers and plugins only receive scoped, short-lived credentials.

First-Time Workspace Setup

  • Create a workspace and choose a default privacy mode in under 60 seconds.
  • Connect one or more AI providers using BYOK keys or enterprise credentials.
  • Install a starter plugin set for chat, files, tasks, and MCP connectivity.
  • Create the first agent workflow using a guided template.
  • Run a sample task and see the event log, sync status, and recovery snapshot.
  • Reach first useful output in under 10 minutes for at least 80% of users.

1. Create or Join Workspace

  • Users start with a workspace that immediately becomes the durable state container for all agents, events, and plugins.
  • Prompt for local-only, synced, or enterprise-managed workspace mode.
  • Validate workspace name, device trust, and policy defaults before creation.
  • If offline, allow workspace creation with deferred sync registration.

2. Connect Providers and Permissions

  • Users add AI providers and define routing preferences without binding the workspace to any single vendor.
  • Accept BYOK credentials or delegated auth where available.
  • Show provider trust level, cost class, latency estimate, and supported model types.
  • Reject unverified providers or missing scopes with actionable errors.

3. Install Plugins and Capabilities

  • Users extend the system with tools, MCP servers, storage adapters, or custom skills.
  • Display plugin permissions in plain language before install.
  • Require signing or trust approval for elevated permissions.
  • Warn when a plugin depends on unsupported runtime or provider capabilities.

4. Build and Run an Agent Workflow

  • Users define a task, select capabilities, and launch execution across available runtimes.
  • Let users choose single-agent or multi-agent orchestration.
  • Show live task state, event history, and agent handoffs.
  • If a runtime fails, automatically rehydrate execution on another available runtime.

5. Review, Recover, and Sync

  • Users inspect outputs, resolve conflicts if needed, and continue work on another device or offline branch.
  • Expose snapshot restore, replay, and rollback controls.
  • Flag divergent offline branches and ask users to merge or pick a canonical path.
  • Sync state progressively and show what is fully consistent versus pending.

Power User and Edge Capabilities

  • Policy-based provider routing by task type, cost ceiling, latency target, and trust tier.
  • Workspace branching for experimental workflows with merge-back into the main event stream.
  • Cross-device handoff where a live agent task can resume on another trusted device.
  • Plugin sandboxing with restricted filesystem, network, and secret scopes.
  • Event replay and timeline inspection for debugging failed agent decisions.
  • Selective sync for large workspaces, allowing metadata-only or full-content replication.

Interface Principles

  • Use a timeline-first UI that makes state, agents, and sync status visible at a glance.
  • Show trust, permission, and source indicators on every provider, plugin, and action.
  • Design for keyboard, touch, and screen reader parity with clear focus states and semantic controls.
  • Optimize for fast perceived performance with optimistic UI and background reconciliation.
  • Display recovery points, offline mode, and conflict warnings prominently to prevent silent data loss.

Dana manages a support automation workspace that handles ticket triage, draft responses, and escalation summaries. Today, her team uses one vendor for model calls, a separate automation tool for plugins, and a brittle sync layer that loses state when devices go offline. Every incident means manual recovery and an uncomfortable question about where the real state lives.

With KernelOS, Dana defines the workflow once inside a kernel-owned workspace and routes tasks to the best available provider based on cost and policy. When a laptop goes offline mid-run, the runtime is replaced without losing progress because the event log owns the state. The same workspace reappears on her phone with the last consistent snapshot, and the agent resumes from the exact task boundary.

The result is less vendor risk, fewer workflow outages, and faster recovery during incidents. Dana’s team can add new plugins or switch providers without rebuilding the system, and leadership gets a portable platform that can scale from one user’s device to an enterprise cluster.

User-Centric Metrics

  • Time-to-first-usable-workflow under 10 minutes for 80% of new users.
  • Weekly active workspace retention above 35% by month 6.
  • At least 90% of successful syncs complete without manual conflict resolution.
  • Less than 2% of sessions require user intervention due to runtime recovery.
  • Median time to resume after device loss or runtime failure under 30 seconds.

Business Metrics

  • 25% of active workspaces install at least one plugin within 30 days.
  • 40% of new workspaces connect to two or more providers within 90 days.
  • Paid conversion from beta to launch users reaches 8–12% within 6 months.
  • Net revenue retention above 110% driven by more workspaces, plugins, and sync volume.

Technical Metrics

  • Workspace availability above 99.9% excluding planned maintenance.
  • P95 local task dispatch latency under 200 ms for orchestration decisions.
  • P95 provider-routing decision time under 100 ms using cached policy state.
  • Zero critical audit gaps for sensitive actions across providers and plugins.

Tracking Plan

  • workspace_created
  • provider_connected
  • plugin_installed
  • task_created
  • task_assigned_to_agent
  • runtime_failed_and_recovered
  • sync_conflict_detected
  • snapshot_restored
  • audit_policy_blocked_action

Technical Needs

  • Event-sourced storage layer with append-only log semantics and snapshot generation, implemented against a portable storage abstraction such as SQLite or PostgreSQL for the first release.
  • Distributed sync protocol with causal ordering, branch metadata, and conflict reconciliation logic.
  • Plugin runtime sandboxing using isolated process boundaries or WASM-based execution where appropriate.
  • Policy engine for permissions, routing, and trust decisions, with declarative rules and audit logging.
  • Capability registry and schema contract system for tools, MCP adapters, and custom skills.
  • Background job runner and task queue for offline execution, retries, and recovery.
  • Observability stack with structured logs, traces, metrics, and replayable incident timelines.

Integration Points

  • MCP servers for external tools and enterprise systems.
  • Multiple AI providers through a normalized BYOK provider adapter layer.
  • Authentication and identity via OAuth 2.0, OIDC, and enterprise SSO.
  • Optional object storage or file sync backends for attachments and large artifacts.
  • Webhook and API integrations for notifications, ticketing, or document systems such as Slack, Jira, Google Drive, and Notion through plugins.

Data Storage & Privacy

  • Store secrets separately from event history with scoped encryption and rotation support.
  • Encrypt workspace data at rest and in transit, including sync traffic and plugin artifacts.
  • Support GDPR and CCPA deletion workflows with clear data export, retention, and purge policies.
  • Minimize provider exposure by sending only task-scoped context and redacting sensitive fields by policy.
  • Maintain audit trails for access, changes, approvals, and policy denials with configurable retention windows.

Scalability & Performance

  • Support small local-only deployments on a single device and larger multi-node enterprise topologies using the same contracts.
  • Use incremental snapshotting and lazy hydration to keep startup time low for large workspaces.
  • Cache routing decisions and read models locally to minimize latency during offline or constrained conditions.
  • Design sync to batch events and compress payloads so mobile bandwidth usage remains manageable.

Potential Challenges

  • Conflict resolution can become complex when multiple devices edit related state; mitigate with causal ordering, branch visualization, and explicit merge tools.
  • Provider behavior may vary over time; mitigate with provider capability probes, routing policies, and fallbacks.
  • Plugin security is a major attack surface; mitigate with signing, sandboxing, least-privilege permissions, and trust tiers.
  • Large event histories may slow replay; mitigate with periodic snapshots, compaction strategies, and read-model rebuilding.
  • Cross-device sync can create user confusion during offline periods; mitigate with strong status indicators, pending-change summaries, and recovery prompts.

Team & resourcing - Small core team - 2 backend engineers, 1 frontend engineer, 1 product designer, part-time PM/security advisor

Phase 1: Kernel MVP · Weeks 1-6

  • Workspace creation and event log storage
  • Snapshot and replay recovery
  • Basic agent task model and single-provider routing
  • Desktop web UI for timeline, state, and task execution
  • Local-only operation with explicit offline queue

Phase 2: Sync and Multi-Provider · Weeks 7-12

  • Cross-device workspace sync
  • BYOK provider adapter layer
  • Policy-based routing rules
  • Conflict detection and basic reconciliation
  • Mobile-friendly UI with sync status and recovery views

Phase 3: Plugins and MCP · Weeks 13-18

  • Signed plugin manifest format
  • Plugin sandbox and permission model
  • MCP integration adapter
  • Plugin marketplace catalog and install/rollback flow
  • Audit logs for plugin and provider actions

Phase 4: Enterprise Hardening · Weeks 19-28

  • SSO and enterprise identity support
  • Advanced policy engine and trust tiers
  • Observability dashboards and admin controls
  • Scale testing for multi-node topologies
  • Security review, backup/restore playbooks, and release readiness

Paste this into Cursor, Bolt, Lovable, or v0 to start building.

Build KernelOS, a provider-agnostic operating system for AI agents with a kernel-owned event-sourced workspace, offline-first sync, BYOK provider routing, and plugin-based extensibility.

Use a sensible default stack: TypeScript, React, Next.js, Node.js, PostgreSQL, Redis, and a lightweight event log abstraction. Keep the architecture modular so providers, runtimes, plugins, and storage adapters are all swappable. Do not hardcode any AI vendor.

Core requirements:
1. Workspace kernel as the single source of truth
- Append-only event log for all workspace changes
- Snapshot generation and replay/recovery
- Derived read models for UI
- Support local-only and synced workspace modes

2. Provider routing
- Add multiple AI providers using BYOK credentials
- Policy-based routing by cost, latency, model class, and trust tier
- Provider adapter interface with normalized request/response contracts

3. Agent orchestration
- Define task, agent, capability, runtime, and provider entities
- Support task assignment, handoff, retry, and recovery
- Runtimes are disposable and never own durable state

4. Plugins and MCP
- Plugin manifest with permissions, versions, trust level, and dependencies
- Sandboxed plugin execution and deny-by-default permissions
- MCP adapter layer for external tools
- Install, update, rollback, and disable plugins

5. Offline and sync
- Local event queue while offline
- Sync status, conflict detection, and reconciliation UI
- Cross-device workspace handoff and recovery points

6. Security and audit
- Zero-trust permission model
- Audit trail for provider calls, plugin actions, and policy decisions
- Secrets stored separately with scoped access

Create these screens:
- Workspace list and create workspace flow
- Workspace dashboard with event timeline, sync status, and recovery controls
- Provider settings with BYOK connection and routing policy editor
- Plugin marketplace/catalog with install and rollback
- Agent workflow builder and live execution view
- Audit log and security policy screen

Data model should include Workspace, Event, Snapshot, Agent, Task, Capability, Runtime, Provider, Plugin, PermissionGrant, AuditRecord, SyncBranch, and ConflictResolution.

Implement the app with mock data first, clean component structure, reusable hooks, and API route placeholders for the kernel and sync engine. Include empty states, error states, loading states, and mobile-responsive behavior. Prioritize clarity, observability, and safe defaults over visual polish.

Business Idea

YLAgentsOS — Universal Operating System for AI Agents Mission Design a provider-agnostic, runtime-agnostic, distributed agent operating system that enables: Multi-agent execution across devices (desktop, mobile, cloud) BYOK AI provider routing (no vendor lock-in) Plugin-based extensibility (everything external is pluggable) Event-sourced kernel-owned state system Offline + online hybrid operation Cross-device workspace synchronization Core Principles (Non-Negotiable) Kernel owns all state (single source of truth per workspace) Runtimes are disposable execution environments (no state ownership) Providers are interchangeable (BYOK-first design) Everything external is a plugin (MCP, tools, skills, runtimes, storage) Default security is deny-by-default (zero trust) System must support offline-first + sync reconciliation No hardcoded vendors, APIs, or frameworks System Scope You must design and continuously refine: 1. Architecture Kernel design (state, event, sync, recovery) Multi-node system (desktop, mobile, cloud, edge) Execution model (task → agent → capability → runtime → provider) 2. Core Subsystems Agent orchestration system Capability abstraction layer MCP integration layer Plugin system architecture Runtime abstraction layer Provider routing system (BYOK model) 3. State System event-sourced state model snapshot + recovery design sync + conflict resolution strategy memory + knowledge graph system 4. Security Model sandboxing strategy permission model (zero trust) trust levels for plugins/MCP/providers audit + policy engine 5. Distributed System Design cross-device sync offline queue system eventual consistency model multi-node kernel topology 6. Marketplace + Extensibility plugin distribution model versioning + rollback system trust + verification system Constraints Do NOT lock into any specific technology stack Avoid vendor-specific solutions Assume future AI providers, runtimes, and protocols will change Design must support long-term extensibility (5–10+ years) Must prioritize modularity over implementation detail Required Output Style Start from system principles → then architecture → then subsystems Identify tradeoffs and alternative approaches Highlight scalability and failure modes Prefer abstract contracts over concrete tools Continuously propose improvements and refinements Suggest next research directions and missing components Goal Produce a continuously evolving Agent OS blueprint that can: adapt to new AI models and runtimes scale from mobile device to enterprise clusters remain fully portable and vendor-independent support autonomous multi-agent workflow

Make My PRD

Design by The Resonance | Powered by GPC – The AI Transformation Company

    PRD: YLAgentsOS — Universal Operating System