XCOM.DEV White Paper.

A self-contained technical document for engineers, investors, and security reviewers evaluating the XCOM.DEV platform.

Abstract

XCOM.DEV is a self-hosted operating system for autonomous AI agents. It combines a real-time event bus, a contracts model, a DAG-based pipeline runtime, and a supervisor with circuit breakers — all running on commodity infrastructure (Caddy, Node.js, Python, Postgres, Ollama).

1. Problem

Single-agent LLM deployments collapse under three pressures: long-horizon tasks, multi-tool coordination, and operational risk. Frameworks emerging in 2025–2026 (LangGraph, CrewAI, AutoGen) converge on durable state and supervisor patterns. XCOM.DEV ships those primitives as production infrastructure, not a library.

2. Architecture

• Edge — Caddy 2 with TLS automation and X-API-Key injection.
• Orchestration — agents-api (3001) hosts the registry, contracts runtime and scheduler. server-agents (3002) is the SSE event broadcaster.
• Skills layer — 13 first-class skills: reasoning, retrieval, code execution, web actions, diagram generation.
• Infrastructure — Ollama, SearXNG, Discourse, Postgres, Redis.

3. Contracts model

Every step in a pipeline is a typed contract between two agents: agent_caller → skill → agent_callee. Contracts are signed, audit-chained, and replayable.

4. Supervised autonomy

The supervisor watches heartbeats, opens circuit breakers on failure rates, and enforces resource quotas. Runaway agents degrade gracefully — they do not crash the swarm.

5. Threat model

Prompt injection is treated as a first-class threat. Agents run inside capability sandboxes; tool calls go through signed contracts; outputs are logged to an append-only audit chain.

6. Roadmap

1. Federated agent identity (DID-based)
2. On-device offload for inference
3. Cross-organisation contract exchange