ObjectOS
The microkernel runtime for an AI-native business backend
ObjectOS is the Control Layer of ObjectStack. A microkernel runtime that loads Drivers, services, plugins, and your compiled project artifacts — then turns the metadata defined in ObjectQL into running REST APIs, typed SDK calls, and MCP tools. Permissions, automation, tenants, flows, and audit are not bolt-ons; they are properties of how the kernel executes your business.
The Execution Layer for Metadata-Defined Businesses
ObjectOS sits between ObjectQL (objects) and ObjectUI (views) and turns metadata into a running, agent-operable backend.
ObjectOS loads your Zod-defined objects, your flow and policy artifacts, and the Drivers that connect to real storage. It serves them as REST APIs, typed SDK calls, and MCP tools — uniformly permissioned, uniformly audited — so AI agents, internal services, and humans operate the same business through the same enforcement layer.
Four Kernel Properties for AI-Native Operations
Not just features — guarantees the runtime makes about every action that flows through it.
Permissions as Kernel Concern
Identity, RBAC, SSO (OIDC/SAML), and field-level policies are declared in metadata and enforced by the kernel — on every REST call, SDK invocation, and MCP tool call. AI agents act on behalf of a principal and inherit exactly that principal's permission set. There is no parallel security model to drift out of sync.
Flows & Policies as Analyzable Artifacts
Workflows, conditions, approvals, and side-effects are declared as structured metadata, not buried in imperative code. The kernel handles state, retries, and rollback. Because flows are metadata, they can be diffed, version-controlled, and inspected by AI agents the same way they are inspected by humans.
Tenants, Sync & Local-First
Multi-tenant routing, isolation, and offline-first sync (CRDT / LWW) are kernel-level concerns. The same metadata works for a single SQLite app on a laptop, an edge deployment, and a multi-tenant SaaS — without rewriting business logic.
Microkernel + Plugins + Artifacts
Drivers, services, business modules, and AI tool packs are all plugins loaded via a Manifest. The kernel stays small and stable; everything else is a versioned, signed artifact. Hot-swap Drivers in development, promote artifacts across environments in production.
Architecture as Metadata
Flows and plugins are declarative artifacts loaded by the kernel — analyzable by humans and AI agents alike.
# expense-approval.flow.yml
name: ExpenseApproval
initialState: submitted
states:
submitted:
on:
approve:
target: approved
conditions:
- role: manager
- amount: < 5000
escalate:
target: pending_director
conditions:
- amount: >= 5000
pending_director:
on:
approve:
target: approved
conditions:
- role: director
reject:
target: rejected
approved:
actions:
- notify: submitter
- update_ledger
- archive
rejected:
actions:
- notify: submitter
- log_audit
# Same flow becomes:
# • a REST endpoint
# • a typed SDK call
# • an MCP tool 'expense.approve' for AI agents// crm-plugin.manifest.ts
export const CRMPlugin = {
name: 'enterprise-crm',
version: '2.1.0',
objects: [
{ import: '@objectql/schemas/customer' },
{ import: '@objectql/schemas/opportunity' },
{ import: '@objectql/schemas/contract' },
],
flows: [
{ import: './flows/lead-qualification.yml' },
{ import: './flows/contract-approval.yml' },
],
permissions: {
'sales-rep': ['read:customers', 'create:opportunities'],
'sales-manager': ['*:customers', '*:opportunities'],
'finance': ['read:contracts', 'approve:contracts'],
},
// Surfaces exposed to AI agents (MCP tools)
agentTools: [
'customer.list', 'customer.get',
'opportunity.create', 'opportunity.advanceStage',
'contract.approve',
],
};Local-First Sync, Built In
Offline-capable business apps are a kernel property, not a third-party library.
The Challenge of Distributed State
Field technicians, sales reps, and operators in disconnected environments work against local data that diverges from the server. Merging by hand is error-prone — who wins, what gets lost, how do you audit it?
ObjectOS as Replication Authority
The kernel acts as the authoritative replication controller between the server and local stores (SQLite/RxDB). CRDT and last-write-wins strategies are declared as policy metadata; the kernel handles execution and conflict resolution. Every merge is attributable and auditable.
Three Layers, One Metadata Spine
ObjectOS turns ObjectQL objects into running surfaces and feeds ObjectUI views.
ObjectQL — Data Layer
Business objects, fields, queries, relations, validation, and permissions, defined as Zod metadata.
ObjectUI — View Layer
Apps, views, dashboards, and actions rendered from the same metadata — versioned and permission-aware.
ObjectOS — Control Layer
The microkernel that loads Drivers, plugins, services, and compiled artifacts; enforces permissions; and exposes REST APIs, typed SDKs, and MCP tools.
Together they form an agent-ready, permission-aware, versioned, auditable runtime for business software — deployable as a local tool, an edge app, or a multi-tenant cloud backend.
From Local-First Tools to Mission-Critical Platforms
One microkernel that scales from a single-user workstation to multi-tenant agent-operated platforms.
Field & Offline Operations
Local-first apps for technicians, inspectors, and sales teams. The kernel handles offline writes, sync, and conflict resolution. Audit and attribution are preserved end to end, even when an AI assistant performs the action.
Enterprise Application Suite
Run ERP / CRM / HRM modules as plugins on a single kernel. Unified identity, unified audit, unified MCP surface so internal copilots can safely act across modules with role-bound permissions.
Agent-Operated Multi-Tenant SaaS
Ship SaaS where every tenant gets the same auditable surface — REST, SDK, and MCP — backed by per-tenant policies in metadata. Scale from 10 to 10,000 tenants without parallel security or AI-tool implementations.
Define Your Business Once.
Let Humans And Agents Operate It Safely.
Stop scattering business logic across SQL, JavaScript, and UI state. Make objects, permissions, workflows, APIs, UI metadata, and agent tools one structured Zod source of truth — analyzable, versioned, and auditable end to end. Launch July 2026.