Intexuraos

<div align="center"> <a href="https://intexuraos.cloud/" target="_blank"> <img src="docs/assets/screenshots/dashboard.png" alt="IntexuraOS Dashboard" width="100%"> </a> <p> <a href="https://github.com/pbuchman/intexuraos/actions"><img src="https://img.shields.io/github/actions/workflow/status/pbuchman/intexuraos/ci.yml?branch=main&label=Build&style=flat-square&logo=github" alt="Build Status"></a> <img src="https://img.shields.io/badge/Coverage-100%25-success?style=flat-square&logo=codecov" alt="Coverage"> <img src="https://img.shields.io/badge/TypeScript-5.7-blue?style=flat-square&logo=typescript&logoColor=white" alt="TypeScript"> <img src="https://img.shields.io/badge/AI_Models-14-purple?style=flat-square" alt="AI Models"> <img src="https://img.shields.io/badge/Components-50-orange?style=flat-square" alt="Components"> <img src="https://img.shields.io/badge/Hooks-26-green?style=flat-square" alt="Hooks"> <img src="https://img.shields.io/badge/CI_Scripts-27-green?style=flat-square" alt="CI Scripts"> <img src="https://img.shields.io/badge/Infrastructure-Terraform-623CE4?style=flat-square&logo=terraform&logoColor=white" alt="Terraform"> </p> </div>

48-component TypeScript monorepo — 20 apps, 6 workers, 22 shared packages — built and maintained by a single developer under strict engineering discipline: 100% branch coverage as a CI gate, cross-LLM verification where no model evaluates its own output, 27 CI verification scripts, and 26 Claude Code hooks enforcing quality at every stage. The system takes a WhatsApp voice note and turns it into a tested pull request. It researches topics across 14 AI models from 5 providers. It schedules, tracks tasks, and manages project issues — all from a single voice or text command.

IntexuraOS does not use AI as a feature. It deploys AI agents that use software as a tool. The platform researches, schedules, manages tasks, and writes and ships its own code.

Engineering Highlights

| | | | -------------------------------- | ----------------------------------------------------------------------------------------------------------- | | Cross-LLM Verification | Writer and verifier are always different providers — Claude executes, Gemini verifies, TypeScript validates | | 48 Components, One Developer | 20 apps, 6 workers, 22 packages in a strict TypeScript monorepo | | Autonomous Code Pipeline | WhatsApp voice note → intent classification → Docker-isolated execution → tested PR | | Container Isolation | Non-root, all capabilities dropped, network-restricted, read-only secrets per task | | 26 Claude Code Hooks | 1 SessionStart, 15 PreToolUse, 7 PostToolUse, 3 Stop — enforcing patterns before code is written | | 27 CI Verification Scripts | Automated gates covering coverage, types, contracts, env vars, and cross-linking | | Prompt Versioning | Semver-versioned prompts with SHA-256 audit trail and CI-enforced bump validation | | Multi-Provider AI Council | 14 models across 5 providers queried in parallel with attributed synthesis | | Result Type Discipline | Every operation returns typed success or failure — no silent crashes, no unhandled exceptions | | Event-Driven Architecture | 41 Pub/Sub topics decoupling 20 services with crash-safe state persistence |

The Self-Building System · Cross-LLM Verification · The Council of AI · Architecture · Engineering Standards · Voice-First Intelligence · Getting Started · Documentation

---

Ambient Task Submission

You submit tasks while walking, while commuting, while thinking of something else. The primary interface is WhatsApp — an app already on your phone, already open, always available. This is not a convenience shortcut to a desktop workflow. It is a fundamentally different interaction model: ambient task submission that fits into the gaps of a working day.

Speak to WhatsApp. IntexuraOS classifies your intent, routes to the right agent, and executes. A voice note about a bug becomes a code task. A question about solid-state batteries becomes a five-model research report. A mention of lunch Friday becomes a calendar event you approve with one tap.

The Self-Building System

Most AI coding tools wait for you to sit at a keyboard. IntexuraOS does not.

You describe what needs to change — via WhatsApp voice note, text message, or web dashboard. The platform takes it from there: it designs the approach, writes the code inside an isolated container, runs automated tests, creates a code change for review, and updates the project issue. If the first attempt fails verification, it retries with preserved context. The entire pipeline runs without human intervention. You approve the result when you are ready.

Your source code never leaves your network. The coding agent runs on your machine, under your AI subscription, inside containers you control. Any Unix machine becomes a worker station, connected through a single secure outbound connection — no firewall changes, no open ports. No third-party cloud touches your codebase.

graph LR
    subgraph "You"
        WA["WhatsApp: Fix the login redirect"]
        WEB[Web UI task submission]
    end

    subgraph "Intelligence Layer"
        CMD[Intent Classifier]
        CA[Code Agent]
    end

    subgraph "Execution Layer"
        ORCH[Orchestrator]
        CW["Isolated Container<br>Claude Code + Git + Tests"]
    end

    subgraph "Output"
        PR[Code Change Ready]
        LIN[Project Issue Updated]
        NOTIFY[WhatsApp Notification]
    end

    WA --> CMD --> CA
    WEB --> CA
    CA -->|"Secure handoff"| ORCH
    ORCH -->|"Separate environment"| CW
    CW -->|"Tests passed"| ORCH
    ORCH -->|"Result delivered"| CA
    CA --> PR
    CA --> LIN
    CA --> NOTIFY

End-to-End: From Voice Note to Research Report

You record a WhatsApp voice note: "Research the latest developments in solid-state batteries." The WhatsApp service transcribes it with domain-aware vocabulary. The commands agent reads the transcript, recognizes a research intent, and classifies it. The actions agent checks the confidence score — well above the auto-execution threshold — and dispatches to the research agent without asking for approval. Five AI models receive the same structured research plan simultaneously. Minutes later, a synthesis arrives with attributed claims, rated disagreements, and full source reports. A WhatsApp notification tells you the results are ready.

The same path works for every domain. A voice note about a bug becomes a code task. A message about lunch Friday becomes a calendar preview you approve with one tap. A shared link becomes an enriched bookmark with an AI summary delivered to your phone. The entry point is always the same — say what you need — and the system decides which specialists handle it, whether to ask permission or act immediately, and how to deliver the result.

The Code Pipeline

Step 1 — Planning. A planning agent analyzes the task, enriches the project issue with technical context, creates subissues for complex work, and labels the issue when the plan is sound.

Step 2 — Execution. A strict execution agent picks up the labeled issue, writes code in an isolated container with separate repository copies for each task, runs the full automated test suite, creates a code change for review, and moves the project issue to "In Review."

Verification. After each attempt, a completion verifier checks the work against a checklist: Are the right files modified? Do tests pass? Is the code change created? If not, the system resumes with preserved context and tries again. Per-user limits on concurrency, hourly rate, and daily spend keep costs predictable — the estimated cost per task is about $1.17.

Isolation and Security

Every task runs in its own world:

• Isolated containers with all Linux capabilities dropped, non-root execution, no privilege escalation
• Separate repository copies so concurrent tasks never interfere with each other
• Read-only secrets mounted per task, never shared between tasks
• Network isolation blocking cloud metadata endpoints, private IP ranges, and localhost
• Sensitive file guard that automatically reverts commits touching credentials or secret keys
• Verified task requests — every dispatch is cryptographically signed and checked before it runs

---

Cross-LLM Verification Pipeline

The system that writes code must not be the system that approves it. IntexuraOS enforces this at the provider level.

sequenceDiagram
    participant User as You
    participant CA as Code Agent
    participant CW as Claude (Anthropic)
    participant GF as Gemini Flash (Google)
    participant TS as TypeScript Schema
    participant GH as GitHub PR

    User->>CA: "Fix the login redirect"
    CA->>CW: Execute in isolated container
    CW->>CW: Write code, run tests
    CW-->>GF: Last 50 lines of logs
    GF->>TS: Structured completion data
    TS->>TS: Validate against agent-type schema
    GF->>GF: Deep semantic validation (200K chars)
    GF->>GH: Post validation report to PR

Stage 1 — Execution. Claude (Anthropic) writes code inside an isolated Docker container, runs the full test suite, and creates a code change.

**Stage 2 — Structured extractio