不是又一个聊天框。是装在你 Mac 上的运行时:你说一句话,它跨模型编排、在系统级沙箱里真办事、全程留痕、还能接入整个 MCP 生态。Not another chat box. A runtime on your Mac: say one sentence, and it orchestrates across models, does real work inside a system sandbox, keeps every step on the record, and plugs into the whole MCP ecosystem.
AIOS 自己判断这一步该交给谁:便宜快的活走 DeepSeek,要造物走千问,深推理升级到更强模型,某家挂了自动切换。你只说目标,它决定怎么调度。AIOS decides who handles each step: cheap-and-fast goes to DeepSeek, generation to Qwen, deep reasoning escalates to a stronger model, and a cool-down fallback kicks in when a provider fails. You state the goal; it routes the work.
真执行最怕"放手就闯祸"。AIOS 用系统级 Seatbelt 沙箱把它关进笼子:默认断网、敏感目录(密钥/钱包/浏览器)读不到、越界写直接拒。危险命令先过安全闸——规则能硬拦的(rm -rf / 及各种绕过写法)永远拦死,模糊的交给模型复核,整条链都失败就回退问你。The scary part of real execution is "let go and it breaks things." AIOS cages it in a system Seatbelt sandbox: network off by default, secret dirs (keys/wallets/browser) unreadable, out-of-bounds writes denied. Dangerous commands pass a gate first — what rules can hard-deny (rm -rf / and its bypass variants) is always denied; the ambiguous goes to an LLM review; if the whole chain fails, it falls back to asking you.
一个操作系统,要能装别人写的程序。AIOS 现在是 MCP 客户端:任何讲 Model Context Protocol 的服务,写进一行配置就接进来,工具自动注入、按信任分级(直接跑 / 先问 / 屏蔽)。会话复用不冷启动、子进程崩了自动重建、一个挂了不拖累其他。这是"成为 AI 的操作系统"的第一块地基。An operating system has to run programs other people wrote. AIOS is now an MCP client: any service that speaks the Model Context Protocol drops in via one config line, its tools auto-injected and governed by trust level (run / ask / deny). Sessions are reused (no cold start), crashed children self-heal, and one bad server never blocks the rest. This is the first foundation stone of becoming the OS for AI.
编排、沙箱、生态之外,内核里还跑着这些子系统。Beyond orchestration, sandbox and ecosystem, these subsystems run in the kernel.
把一句话变成可执行任务图:理解 → 检查 → 规划 → 执行 → 观察 → 修复 → 验证。多数 Agent 死在缺"观察+验证",这条循环是脊柱。Turns one sentence into an executable task graph: understand → inspect → plan → act → observe → repair → verify. Most agents die without observe+verify; this loop is the spine.
每个工具调用都落 trace.tool.v1:用了什么、多久、在不在沙箱、过没过闸——密钥和路径自动脱敏。可审计、可回滚。Every tool call writes trace.tool.v1: what ran, how long, sandboxed or not, which policy — keys and paths auto-redacted. Auditable, reversible.
记得住你的习惯和常用文件,存在 ~/.aios/memory.md,你能随时看、随时改。越用越懂你。Remembers your habits and frequent files in ~/.aios/memory.md — readable and editable by you anytime. The more you use it, the better it knows you.
框选屏幕任意区域,原生 OCR 读出文字(中英),接着问:解读、翻译、总结。看不懂的界面,指一下就行。Box any region of your screen; native OCR reads the text (EN/中文) and you ask on top of it — explain, translate, summarize. Point at any UI you don't get.
Tauri 2 + Rust,几 MB 常驻不卡。⌥Space 唤起、用完收回、回复逐字流式蹦出。平时不打扰。Tauri 2 + Rust, a few MB, always-on and light. ⌥Space to summon, dismiss when done, replies stream token by token. Out of your way otherwise.
崩溃能恢复、连接超时会降级、锁中毒能自愈;收到更新提示可一键升级。会照顾自己的系统,才敢交给你日常用。Recovers from crashes, degrades on timeout, heals poisoned locks; one-click update when a new build lands. A system that looks after itself is one you can rely on daily.
不用翻菜单、找设置、记路径——说出来就行。No menus, no settings hunt, no paths to remember — just say it.
MCP 落地的那一刻,"开放生态"不再是 PPT,而是今天就能接的东西。The moment MCP shipped, "open ecosystem" stopped being a slide and became something you can connect today.
开发者把 Agent / 工具接进来Developers plug in agents & tools今天就能,via MCPavailable today, via MCP
用户挑选、组合需要的能力Users pick and compose skills信任分级,敢用trust-graded, safe to run
企业定制自己的 AI WorkforceEnterprises build an AI workforce沙箱 + 留痕,可审计sandboxed + traced, auditable
AIOS 负责中立编排、安全与交付AIOS handles neutral orchestration, safety & delivery操作系统,不站队the OS, taking no sides