Book 4 — OS Backend / Kernel · TaurusX Documentation

Overview

The TaurusX OS Backend is the kernel layer — a set of server-side services that handle routing, execution, safety enforcement, billing, and session management for all four surfaces.

The backend is a Next.js App Router API layer backed by PostgreSQL (via Drizzle ORM), with in-memory caches for hot paths and async workers for long-running tasks. Every surface — mobile, desktop, terminal, and CLI — communicates with the same set of API routes.

The backend is intentionally stateless from the surface perspective. Sessions, context, and state are all managed server-side. Clients send messages; the kernel decides everything else.

Routing Engine v1.0

The Routing Engine is the most important subsystem in the TaurusX kernel. It receives every incoming message and determines:

Which engine to use (based on message complexity, plan tier, and user preference)
Which conversation state applies (based on message content and session history)
Which tone variant to apply (based on state, accessibility flags, and prior interactions)
Whether the message requires a Guardian policy check before response
Whether to invoke the Meta-Agent for planning before responding

Routing happens in under 50ms for standard messages. Complex routing decisions (meta-agent activation, Guardian escalation) add additional latency but are non-blocking from the user's perspective — a partial response begins streaming while routing completes.

Routing Factor	Evaluated From
Engine selection	Message token estimate, plan tier, explicit <engine:> directive
Conversation state	Semantic analysis of message intent and emotional signals
Tone variant	Active state, accessibility flags, prior tone history
Guardian check	Risk scoring of action intent; policy rule evaluation
Meta-Agent trigger	Multi-step intent detection, task complexity estimate

Conversation States

TaurusX uses a six-state machine to classify every message exchange. The active state determines the response strategy — how detailed, how warm, how directive, and how fast.

State	When it activates	Response style
Casual	Informal messages, small talk, greetings	Short, warm, conversational
Supportive	Emotional distress signals, personal difficulty	Slow, gentle, no task pressure
Learning	Questions about concepts, how-things-work	Clear, structured, educational
Technical	Code, configuration, debugging, system work	Precise, detailed, code-first
Executive	Strategic planning, decisions, complex goals	Structured, outcome-focused
Guardian	Safety concern, policy violation, risk event	Neutral, explanatory, non-alarmist

State transitions happen automatically between messages. A conversation can move from Casual to Technical to Supportive within the same session. See the State Machine guide for full transition rules.

Tone Model

The tone model translates an active state into a specific communication style. Tone is applied at the prompt level — it shapes how the engine structures its response before any text is generated.

Tone variants available in TaurusX v1.0:

Warm — conversational, friendly, no jargon
Precise — clear, no filler, information-dense
Gentle — slow, non-urgent, affirming (Supportive state)
Technical — structured, code-preferred, reference-quality
Directive — action-focused, step-by-step (Executive state)
Neutral — factual, no emotional charge (Guardian state)

Full documentation is in the Tone & Accessibility guide.

Engine Abstraction

The TaurusX kernel wraps all AI model calls behind an internal engine abstraction layer. No surface ever calls an AI provider directly — all calls go through the kernel's engine router.

This abstraction provides:

Model-agnostic routing (swap providers without changing surface code)
Consistent token usage and billing across all surfaces
Fallback chains — if the primary engine is unavailable, the kernel reroutes automatically
Plan-tier enforcement — free plan users cannot access enterprise-tier engines

See the full Engine Abstraction Layer guide.

Kernel Architecture

The kernel is structured as a set of layered services, each independently deployable:

Layer	Responsibility
Session layer	Authentication, session management, device trust
Routing Engine	Intent routing, state machine, tone selection
Agent Engine	Agent dispatch, task execution, run tracking
Workflow Engine	Workflow triggers, step orchestration, scheduling
Guardian layer	Risk scoring, policy evaluation, circuit breakers
Billing layer	Plan enforcement, cycle tracking, usage metering
Persistence layer	PostgreSQL via Drizzle ORM; Redis cache for hot paths

The persistence layer uses a Drizzle schema with typed repositories for each domain. Direct SQL queries are disallowed in route handlers — all database access goes through the repository layer for consistent validation and audit logging.

Guardian Integration

Guardian is not a separate service — it is woven into every layer of the kernel. Every action that leaves the kernel (agent runs, workflow triggers, API calls, data writes) passes through the Guardian policy evaluation pipeline.

The Guardian pipeline has five stages:

Intent validation — semantic analysis of what the action is trying to do
Permission check — RBAC evaluation against the user's role and plan
Risk classification — scoring from 0 (safe) to 10 (blocked)
Circuit breaker check — rate and pattern-based anomaly detection
Audit write — immutable log entry regardless of outcome

The Guardian audit log is available in the Continuum interface under Governance → Audit.

Engine Abstraction Layer →State Machine →Tone & Accessibility →