Coconut OS
github →
← back to overview/spec § 01 · why

The unit of compute is no longer the Unix process.

Multi-agent AI systems are being built in 2026 on operating systems designed in 1991 for a world where the unit of compute was the Unix process and the unit of trust was the human user. The mismatch produces five concrete pain points, observable today in any production agent deployment.

§ 01.1 — the vision

By 2031, Coconut OS is the default substrate for safe, multi-agent AI compute.

Multi-agent systems — whether the 31-agent Dream Team running on a researcher's workstation, the 10,000-agent customer-support fleet at a SaaS company, or the 100-agent autonomous-finance backend at a bank — run on operating systems where every agent is a kernel-known entity with a known capability set, a known attestation chain, and a known fairness lane.

The phrase "I'll just run that agent in a Python process" sounds, in 2031, the way "I'll just run that web service as root" sounds in 2026.

§ 01.2 — the 18-month mission

Ship Coconut OS 1.0.

A Linux distribution that a competent developer can install on supported hardware in under an hour, run a 31-agent Dream Team workload on within the same session, and successfully demonstrate (a) capability-mediated isolation, (b) tamper-evident audit log, and (c) fair-share inference under 4-tenant contention — without writing a single line of integration code.

boot → first agent
≤ 4 min
single-number proxy
cap-violation audit
100%
off-by-N is a P0 blocker
cross-tenant tail
p99/p50 ≤ 1.5×
under 4-tenant flooder
§ 01.3 — the lineage

This is the layer above kvwarden + mlxd.

Coconut Labs' broader thesis: agents are the new compute primitive — distinct from processes, containers, or VMs — and every layer of the stack will need to be rebuilt around them. The lab does the work, layer by layer.

L2 · CUDA
kvwarden
shipped

Tenant-fair inference broker on x86/CUDA. Show HN 2026-05-12. Token-bucket admission cut starver tail 29× at A100 + vLLM 0.19.1.

L2 · MLX
mlxd
shipped

Same thesis on Apple Silicon NPUs. G3 launch 2026-06-09 → 06-16.

L0 + L1
Coconut OS
building — you are here

The OS substrate that turns L2 brokers from products into floor. v1.0 ships 2027 Q4.

held back

The competitive moat from this stack-spanning posture is non-trivial — most agent-startup companies operate at exactly one layer. The full BRD treatment of moat + monetization publishes alongside the v0.1 spec drop.

§ 01.4 — what 'agent-as-primitive' actually means

An agent is a kernel-recognized execution context.

  • a unique agent id (AID) independent of any PID

  • a declared capability set subset of system capabilities, bound at spawn, revocable any time

  • an attestation chain linking running code to signed manifest and authorizer

  • a fair-share lane in both the CPU scheduler and the inference broker

  • a tier-addressable memory budget spanning HBM (GPU), RAM, and SSD-as-extended-memory

  • an audit footprint every syscall, capability use, resource access — cryptographically chained hashes

next · spec § 02
The architecture
One ISO, two install profiles, six layers — modified mm/, fs/, cred.c, sched/, cgroup/ plus