Architecture

ThoxMicroV Architecture

ThoxMicroV is a toolkit that runs ThoxOS, our custom Linux operating system that demonstrates the full capabilities of Intel platforms and NVIDIA platforms for Edge AI workloads. It incorporates Intel-developed Linux patches that have not yet been upstreamed, NVIDIA’s Linux packages and frameworks for AI and quantum computing, and our kernel optimizations — streamlining integration for development partners, cloud-to-edge migrators, and operating system vendors and technology partners.

Layer 1 — The toolkit

Every layer from the kernel up is what the ThoxMicroV toolkit assembles. The two platform families share the upper layers; the patch sets below differ.

L1Application workloads (containers, models, services)
L2ThoxOS userland (containerized AI runtime, mesh agent, MagStack daemon)
L3THOX.ai kernel optimizations
L4NVIDIA AI/quantum frameworks + Intel-developed patches (not yet upstream)
L5Linux kernel baseline
L6Hardware: Intel-class edge platform / NVIDIA-class edge AI platform

Layer 2 — The operator console

How operators reach a device running ThoxOS.

Browser (xterm.js) ──WSS+JWT──► Exec Relay ──docker/IPC──► Device (thoxosctl shell)
        │                                                          │
        └──HTTPS──► Next.js Management Console                     │
                          │                                        │
                          ├──Supabase Auth + RLS──┐                │
                          │                       │                │
                          └──HTTPS──► Coordinator │                │
                                          │       │                │
                                          └──Peer rendezvous──► Device mesh (WireGuard)

Architecture surfaces

ThoxMicroV Toolkit

ThoxOS Custom Linux Operating System

Control Plane

Agent Relay

Device Registry

Access Grants

Intel Runtime Variant

NVIDIA Jetson Runtime Variant

Kernel Optimization Layer

AI and Advanced Compute Framework Support

Audit Events

Terminal Session Flow

K3s and Container Workloads

Local AI Runtime Integration

Partner Integration Model

ThoxMicroV provides the toolkit and management layer for ThoxOS microvisors. ThoxOS is the custom Linux operating system foundation. The ThoxMicroV backend handles identity, approval workflows, device registration, audit events, access grants, and secure terminal relay. The ThoxOS agent runs on each device and maintains an outbound connection to the control plane.

Module boundaries

Module	Owns	Consumes	Boundary kind
ThoxMicroV toolkit	Patch ledger, build scripts, ThoxOS image	Linux kernel, Intel patches, NVIDIA frameworks	Build-time
Web management console	Next.js app, RLS schema, exec-relay sidecar	Supabase, device REST	Operator console
Coordinator	Peer rendezvous metadata only	None of the device’s plaintext	Cloud service
Device runtime	Mesh participation, inference, MagStack pairing, audit emission	ThoxOS userland	On-device

Data boundaries

Surface	Direction	Trust boundary
Browser ↔ Next.js	HTTPS	Public
Next.js ↔ Supabase	HTTPS + service-role JWT	Server-only secret
Browser ↔ exec-relay (/exec)	WebSocket + 5-min HS256 JWT	Token scoped to (profile_id, device_id)
exec-relay ↔ docker daemon	UNIX socket (read-only)	Sandbox-only; production runs relay on-device
Next.js ↔ runtime REST	HTTP (loopback or LAN)	Trusted: behind WireGuard mesh in production
Next.js ↔ coordinator admin	HTTPS + admin key	Server-only secret; never sent to browser

Identity and permissions

Role	Reads	Writes
pending	nothing (gated by /verify or /login)	nothing
viewer	own profile, granted devices	nothing
operator	+ open terminal, run inference	own grants
admin	every row across the schema	profiles, devices, grants, audit (insert)
service role	everything (RLS bypassed)	everything

Coordinator never sees plaintext.

Tokens are scoped per (user, device) and expire in 5 minutes.

Service role bypasses RLS — kept server-only, never sent to the browser.