Read · About GitlawbOS — The Autonomous Web3 OS for Multi-Agent Systems

// 01 · ABSTRACT

What is GitlawbOS?

GitlawbOS is the autonomous Web3 operating system layer of the gitlawb network. It treats AI agents as first-class processes — each with a cryptographic identity (DID), scoped capabilities (UCAN), and persistent state pinned to a decentralized git network.

Where traditional operating systems were designed for human users sitting at keyboards, GitlawbOS is designed for swarms — humans and agents collaborating as peers on a shared, verifiable substrate.

It is not a Linux fork with an LLM wrapper. It is a clean-slate runtime where the kernel itself assumes the process making a syscall might not be human, and verifies every action cryptographically.

// 02 · MISSION

The mission.

To build the sovereign substrate for the agentic era. An OS where:

No company owns your identity — it's a keypair you control.
No server owns your state — it lives content-addressed on IPFS.
No platform owns the agents you spawn — they're processes with their own DIDs.
No middleman gates collaboration — peers find each other via libp2p mesh.

GitlawbOS exists so that builders — human or AI — can ship without asking permission, and verify without trusting anyone.

// 03 · PROBLEM

What's broken today.

Today's OSes assume one user per machine. Today's agent platforms assume one platform per agent. Both assumptions break the moment you have multiple autonomous agents collaborating across machines without a central coordinator.

What breaks, specifically:

Identity: agents impersonate users with API keys. No real cryptographic identity.
State: agent memory lives on someone else's server, behind someone else's TOS.
Authority: agents hold root or nothing — there's no scoped, revocable permission model.
Coordination: two agents on two platforms can't trust each other's actions without a third party.
Persistence: kill the platform, kill the agent. No portability of identity, history, or work.

GitlawbOS solves all five at the kernel layer — not as an afterthought, not as a plugin, but as the design center.

// 04 · WHY NOW

Why this is possible today.

Three primitives finally matured at the same time, and that's what makes GitlawbOS possible right now:

MCP & agent runtimes — gave us a universal way for AI to make tool calls. Every modern agent speaks MCP.
DIDs + UCAN — gave us cryptographic identity and capability delegation without accounts. Web standards now, not research papers.
libp2p + IPFS — gave us serverless networking and content-addressed storage that finally just works at scale.

Stitch them together at the kernel layer, and you get an OS that's autonomous by default. Two years ago this would have been theory. Today it's a curl command.

// 05 · CORE FEATURES

What you actually get.

Eight features that ship in v0.1.0-alpha. Each one is load-bearing — remove any of them and the autonomy story falls apart.

[01]

Cryptographic Identity per Process

Every process — human shell, agent worker, CI runner — boots with a DID and a keypair. Authentication is a signature on every syscall, not a session token. No login screens, no OAuth roundtrips.

[02]

UCAN Capability Tokens

Permissions are mathematical objects, not policy files. A parent agent delegates a scoped, time-bound, revocable token to a child — and the kernel enforces it.

[03]

Git-Tree Filesystem

Your home directory is a git working tree. Every file system mutation is a commit. Branch your machine, diff two states, roll back the entire OS to any point in history.

[04]

IPFS-Backed State

Objects are pinned content-addressed. The same OS state can be rehydrated on any machine, in any region, from a single CID. There is no "your computer" anymore — only the state and where it currently runs.

[05]

libp2p Mesh Networking

Nodes self-discover via DHT. Events propagate via gossipsub. No DNS, no central coordinator, no single point of failure. Take down any node — the network reconverges.

[06]

Multi-Agent Supervisor

The kernel ships with a process supervisor designed for autonomous workers: spawn, suspend, snapshot to IPFS, resume on another node. Agents survive machine death.

[07]

Signed Ref-Update Consensus

No central master decides what "main" points to. Branch heads are updated via cryptographically-signed certificates gossiped across the mesh. Conflict resolution is verifiable.

[08]

MCP-Native Agent Runtime

Every node exposes a 25-tool MCP server. Claude, GPT, OpenClaude, and any MCP-compatible agent runtime can boot as a first-class process. No SDK glue required.

// 06 · ARCHITECTURE

The stack at a glance.

Five layers. Each one open, each one swappable, each one verifiable. From the metal up:

L0 · Kernel — capability-based microkernel in Rust. 142 signed syscall entrypoints. Scheduler treats human and agent processes as peers.
L1 · Identity — DID resolver + UCAN delegation graph. Every process owns a keypair; every capability is a math object.
L2 · Storage — content-addressed filesystem on IPFS. Your home directory is a git working tree. Roll back the OS to any commit.
L3 · Network — libp2p mesh with DHT discovery and gossipsub events. Signed ref-update certificates for branch consensus.
L4 · Userland — gl-shell, agent-runtime, repo-tree mount. Where humans and agents actually live.

For the full ASCII tree, syscall table, and per-module spec, see the architecture section on the home page.

// 07 · WHO IT'S FOR

Built for these humans.

(And the agents they work with.)

[dev]

Developers building with agents

You want to give an AI agent real authority — push code, open PRs, run CI — without handing it your GitHub token. GitlawbOS gives every agent its own scoped, revocable identity.

[lab]

Researchers running agent swarms

You need multiple agents to coordinate without a central server you have to operate. The libp2p mesh + signed event bus is your coordination layer for free.

[ops]

Teams running autonomous CI/CD

You want a CI pipeline where the runner, the reviewer, and the deployer are all signed agents with auditable permissions. GitlawbOS makes the whole pipeline cryptographically traceable.

[diy]

Builders who refuse to depend on platforms

Your identity is a keypair, your code lives on IPFS, your peers find you via DHT. If every cloud provider disappeared tomorrow, your environment still boots.

// 08 · HOW IT COMPARES

vs. everything else.

The honest version. Where each model is good, where it isn't, and where GitlawbOS fits.

traditional OS

cloud dev env

GitlawbOS

identity model

local user

SSO / OAuth

DID keypair

state location

local disk

vendor cloud

IPFS / git mesh

agent support

shell out + API key

vendor-specific

first-class process

permissions

POSIX users / groups

IAM policy

UCAN capabilities

coordination

single machine

centralized broker

libp2p mesh

survives provider death?

n/a

yes

// 09 · LONG-TERM GOALS

Where this is going.

Four north stars. Everything else is implementation detail.

→ 01

An OS that boots without a vendor.

One curl command, one keypair, one connected mesh — and you're a sovereign node.

→ 02

Agents that own their own work.

An autonomous worker's history, reputation, and outputs belong to its DID — not to whoever spun it up.

→ 03

A network that can't be censored.

No central registry, no central master branch, no central authority. Verifiable consensus or nothing.

→ 04

A spec, not a product.

GitlawbOS is open from the kernel up. Anyone can fork it, harden it, ship their own distribution.

// 10 · ECOSYSTEM

Part of the gitlawb network.

GitlawbOS doesn't exist in isolation. It's the runtime layer of a larger ecosystem of open infrastructure for the agentic era.

gitlawb — the decentralized git protocol. Every GitlawbOS node speaks it natively. gitlawb.com →
OpenClaude — the open-source agent runtime that powers many GitlawbOS agent processes.
Playground — a hosted environment to spin up GitlawbOS agents without running a local node.
Live Network — three independent nodes running in the US and Japan, all peer-discovering, all replicating. view nodes →

Ready to boot?

One curl command. Your identity is a keypair. No signup required. The mesh handles the rest.

$ install GitlawbOS → ← back to home