AgentOS: An Innovative Architecture for Running Large Language Models as OS Processes

AgentOS is a lightweight operating system kernel written in Go that treats large language models (LLMs) as independent long-running processes, enabling secure interaction with the environment via strict JSON system calls. This innovative architecture redefines AI Agent systems.

Basic Information:

• Author/Maintainer: pipelinelord
• Source: GitHub (https://github.com/pipelinelord/AgentOS)
• Release Time: 2026-06-12

Currently, LLMs are often used as simple request-response APIs. AgentOS challenges this paradigm by treating LLMs as 'CPUs' in a lightweight OS kernel, where each AI Agent runs as an independent process with its own Process Control Block (PCB), state management, memory pointers, and IO buffers—similar to traditional OS processes. The core design draws from traditional OS architecture but replaces CPU threads with LLM context windows.

AgentOS's kernel consists of 5 core components:

1. Process Manager: Maintains an AgentPCB for each running Agent, tracking PID, state, memory pointers, and IO buffers to manage concurrent Agents.
2. Scheduler: A background loop that evaluates process states and triggers LLM execution for RUNNING Agents, ensuring efficient resource use.
3. Syscall Dispatcher: Parses JSON system calls from LLMs and routes them to hardware drivers—core of the security model.
4. Hardware Drivers: Sandboxed interfaces for accessing resources like Docker, file systems, networks, and ChromaDB.
5. Global Message Bus: Enables inter-process communication (IPC) between Agents for collaboration.

Each Agent runs in a continuous event loop managed by the scheduler:

1. Context Building: Collects system instructions, role definitions, and historical records (IPC messages, events, syscall results).
2. LLM Inference: Sends the context to LLMs (e.g., Gemini-1.5-flash), which generate responses containing formatted [SYS_CALL::...] JSON blocks.
3. Dispatch: Parses syscalls—invalid syntax adds errors to context; valid ones are routed to handlers.
4. Execution: Handlers interact with drivers or internal components to perform operations.
5. State Update: Execution results are added to the Agent's context, restarting the loop.

AgentPCB: Tracks PID, status (RUNNING/SLEEPING/TERMINATED), permissions (RBAC), and IO buffers for state management.

Agents must use predefined JSON system calls to interact with the environment. Key syscalls include:

• Process Management: SPAWN_AGENT (create sub-processes), SYS_EXIT (terminate), SEND_MSG/RECV_MSG (IPC).
• Execution: EXEC_CMD (run bash/powershell via Docker/local).
• File System: FS_READ/FS_WRITE (sandboxed path access).
• Network: NET_FETCH (HTTP GET with 5MB limit and timeout).
• Vector DB: MEM_WRITE/MEM_READ (ChromaDB operations).
• Time: SYS_SLEEP (block execution for specified time).

This strict interface ensures Agent behavior is predictable and secure, even if LLMs produce unexpected outputs.

AgentOS's design offers several key benefits:

1. Security Isolation: LLMs are encapsulated as processes with JSON syscalls, isolating them from system resources.
2. Predictability: Event loop execution and strict syscalls make Agent behavior easier to debug.
3. Scalability: Supports multiple concurrent Agents with IPC for complex workflows.
4. Resource Management: Fine-grained control over Agent resource usage.
5. Long-Running Agents: Enables continuous operation to respond to asynchronous events.

AgentOS applies traditional OS principles to AI, providing a new perspective on AI-infrastructure integration. It's a valuable project for developers building secure, long-running, collaborative AI Agent systems.