Introducing stereOS: An operating system for your agent

As more and more software workloads shift to being agentic, it’s clear that AI agents need actual compute infrastructure to get work done: in order to realize the full breadth and depth of what’s possible, agents need a full stateful computer with all the components that make up “a computer” available to them. This includes a file-system, network, container systems, and the standard Linux utilities. Otherwise, in overly restrictive environments, agents struggle to find the right tools, can end up looping endlessly on broken assumptions, and won’t efficiently utilize tokens.

For many months, the computer used by agents was just the personal device where the harness was: any basic agent harness with a bash, read, and write tool could essentially automate and run the full system. This oftentimes was just the laptop of system for the programmer or tinkerer. While very powerful, people quickly realized this has some massive security problems, can lead to huge headaches, and doesn’t scale beyond personal use. Let us not forget that, despite how powerful frontier models are, they are still non-deterministic black boxes that can do unpredictable things (like destroy local files, drop databases, and read things they shouldn’t have been able to see)! Running unfettered agents on your personal hardware is a recipe for disaster.

People have come up with all kinds of solutions to this that, in their own ways, carry lots of different problems:

• Going out to the Apple store and buying a mac mini will never scale beyond 1.
• Running the agent entirely in Docker is too restrictive and presumes the container is a security boundary on shared system resources.
• Firecracker is an elegant solution but strips critical hardware drivers and requires upstream changes for different “machine” support (i.e., like newer M series macbooks on Apple’s Virt Framework).
• Using native VMs, 1 per agent, is far too much overhead.

stereOS takes a different approach: by giving agents an entire operating system to exist in that’s been tailor made for the agent and their capabilities, we can begin to bring stability and predictability to the end-to-end agent lifecycle while still supporting a wide range of different hardware scenarios and runtimes (be it a container, a VM, metal, or a micro-vm).

At its core, stereOS is a NixOS based operating system that allows you to kick off agent sandboxes using gVisor and a /nix/store/ rootfs namespace mount. Each agent gets their own super fast secure userspace virtual kernel and a rootfs built from a read only /nix/store/ manifest. Each agent gets the same access to the same tools but is locked down by the gVisor virtual kernel and the Nix store (which is read only by nature of Nix!)

And because we support the entire system from boot to kernel to packages to agent userspace, we can introduce some really powerful capabilities: on stereOS, you can launch a “native” agent that has the ability to manage itself and its own infrastructure, persisting across sub agent sessions. A stereOS native agent can kick off sub-agents in the gVisor sandboxes, monitor their progress, interface with its own infrastructure, and manage all this on its own.

The real beauty here is that stereOS, just like NixOS, supports a wide range of hardware and networking configurations: stereOS can be made to work on a NVIDIA CUDA cluster with inference provided directly on-network without having to reach out to third party inference API providers. Or, it can be bundled as a container to run on smaller, lite weight container based systems like Kubernetes. stereOS takes advantage of the full metal environment from GPU through the kernel to the agent userspace tools.

Check out the stereOS repository to learn more: https://github.com/papercomputeco/stereos