The answer isn’t “will it happen?” It’s already happening. Just not in the way we’re used to.

The Operating System in the Agentic AI Era

I. The history of operating systems is, at its core, a war over the front door

Each generation of operating systems didn’t merely improve kernels. It reorganized the entry point—how humans express intent.

DOS: the command line was the entry point.
Windows / macOS: the desktop GUI became the entry point.
iOS / Android: app icons became the entry point.
The web era: the browser became the entry point.

The strategic heart of an operating system has never been the kernel. It’s the question: how does a user make something happen?

Change the front door, and the entire software ecosystem gets reshuffled.

II. Agents change the way intent is expressed

In the old model, doing something looked like this:

You want something done → open an app → find the feature → click through the workflow.

In the agentic model, the loop becomes:

You want something done → tell an agent → the agent orchestrates the system.

This is not a feature upgrade. It’s the disappearance of the old entry point. Recent “OS-level agent” moments—whether you look at stunning phone demos like Doubao’s, or the grassroots explosion around OpenClaw—make one thing unusually vivid: when users stop opening apps and agents start calling them, apps stop being the front door. They become capability modules.

In that world, the operating system is no longer organized around an “app launcher.” It’s organized around a permission orchestrator.

That is the structural change.

III. When the agent becomes the default entry point, three things happen to the OS

3.1 UI moves to the second row

The UI doesn’t disappear, but it stops being the center of gravity. The interface becomes a governance tool, not an operation tool. It naturally splits into three roles:

a visualization layer
an approval layer
an audit layer

The real execution logic lives in the background orchestration layer. Icons shrink in importance. Menus fade. “Workflows” get flattened.

(1) Visualization layer
In traditional software, the UI is a control panel: you press buttons to cause actions.

In the agent era, actions happen in the background. The UI’s primary job is to tell you what happened:

what the agent plans to do
what it is doing right now
what it has completed

If the agent books your flights, reorganizes your files, refactors your code, or runs a batch of API calls, you don’t click through each step. You supervise the plan and the outcome. The UI becomes closer to an aircraft instrument panel than a steering wheel.

(2) Approval layer
This layer becomes critical the moment agents gain execution authority. Some actions must require explicit human confirmation:

deleting 2,000 files
wiring $5,000
signing a contract
sending sensitive data outside the organization

Now the UI isn’t a collection of “features.” It’s a set of risk checkpoints. Its core function is not “click to do,” but “authorize or deny.”

It must show:

risk level
blast radius
confirm / reject controls

This is the UI as the human’s final vote.

(3) Audit layer
If an agent can execute continuously, you can’t watch every step. The OS must surface accountability:

execution logs
tool and API call traces
permission usage history
resource consumption (tokens, API spend, data egress)
anomaly alerts

This looks less like a classic app UI and more like:

a bank statement
a cloud access log
a flight recorder

The UI becomes an interface for responsibility. It doesn’t help you “do the work.” It helps you know what happened—and assign blame when something goes wrong.

Put side by side, the shift is stark.

Traditional app UI:
menus, buttons, forms, step-by-step workflows

Agent-era UI:
plans, summaries, risk prompts, permission grants, audit trails

You are no longer the operator. You are the supervisor.

And that’s not just an interaction change—it’s philosophical.

Before: humans operate; software executes.
After: agents operate; humans arbitrate.

So the UI naturally migrates toward feedback, authorization, and oversight.

A concrete example
Imagine a future macOS where you say:

“Turn last year’s client invoices into a financial report.”

The agent quietly:

searches files
extracts data
calls spreadsheet tooling
uses email APIs if needed
generates a PDF

And the UI shows only:

a plan of steps
a warning: 3 anomalous files detected
a lock: authorize access to the finance folder?
a result: report generated

You didn’t “open” any app. You supervised. The UI didn’t vanish—it evolved from a control panel into a responsibility panel. And whoever controls that panel controls the final decision.

That is what the OS must defend.

3.2 The permission system becomes the core asset

Classic OS security models are built around:

file permissions
process isolation
sandboxing

But the agent era demands something more dynamic:

just-in-time permission grants
temporary execution authorization
revocable capability interfaces
verifiable execution logs

The OS shifts from a resource management system into a governance system for delegated execution.

3.3 APIs rise; apps fade

When agents are the default gateway, UI value goes down and API value goes up. The ecosystem starts to look like:

foreground: one “super agent”
background: countless capability interfaces

In that world, the App Store itself may morph—from an “app market” into a “skill market.” Users don’t download apps; agents call capabilities. Distribution is rewritten.

IV. Why big platforms don’t fully open the gates

Because once an agent becomes the default entry point:

OS vendors lose the privileged control that UI once provided
the app ecosystem gets abstracted into a capability layer
revenue models face renegotiation

If every iPhone app becomes a background capability and the user interacts primarily through an agent, do app icons still matter? Does the 30% toll still feel defensible?

Entry-point control is profit control. That is why platform players ship agent features cautiously and incrementally.

When a product like Doubao pushes toward OS-level agency and triggers visible pushback, it’s not mysterious what it threatens. But the direction is hard to reverse: once consumers taste the productivity of an OS-level agent, they rarely want to go back to tapping through menus.

V. OpenClaw is a preview of an “ungoverned OS”

OpenClaw is, in essence, a simplified shell of an agent operating system.

It lacks mature permission governance. It lacks compliance frameworks. It lacks serious auditing. And yet it demonstrates a key fact:

model + permission orchestration + local execution is already enough to simulate a micro-OS.

That is why it shocks people. Not because it invented new intelligence, but because it shows what happens when you attach intelligence to execution without governance.

VI. The real future shape

When agents become the default gateway, the operating system becomes:

a permission allocation platform
an execution-log platform
a capability marketplace
a risk-control hub

UI gets simpler. Apps become invisible. Capabilities become modular.

The user sees a conversational entry point. Underneath is a governance engine for delegated action.

VII. Final judgement

Agents will not eliminate operating systems. They will force operating systems to evolve—from “resource schedulers” into “arbiters of delegated execution.”

The core asset in the agent era is the power to define boundaries:

what can be done
by whom
under what permissions
with what logs and accountability

Whoever defines those boundaries becomes the next platform.

https://liweinlp.com/category/english

My answer: not immediately. But its structural profits will be quietly, steadily eroded—and the way it happens is subtle enough that many people won’t notice until the numbers start to move.

In the mobile era, we got used to a simple truth: if you control the home screen, you control the money. The App Store was never just a software catalog. It was a tollbooth placed at the one place users had to pass through.

That premise is what the Agent era challenges.

I. The App Store Doesn’t Really Sell Apps—It Sells Gatekeeping
The App Store’s core asset has never been “distribution” in the neutral, technical sense. Distribution is a commodity now. What the App Store truly owns is the gate:

the default user entry point
the power to route attention and traffic
control of the payment rail
the right to tax the ecosystem

In the classic mobile loop, the sequence looks like this:

user → opens an app → uses a service
platform controls the entry point → takes ~30%

That structure works for one reason: the user must consciously open the app. As long as the app icon is the front door, the platform owns the doorframe—and can charge rent.

II. The Fatal Change in the Agent Era: Apps Stop Being the Entry Point
Once an agent becomes the default gateway, the flow changes into something like:

user → tells the agent → agent dispatches capabilities → calls an app’s backend APIs

The key shift is psychological as much as architectural: the user no longer “opens an app.” The app becomes a background capability provider.

And when the user can’t even tell which app is being used, two things happen at once:

brand gravity weakens
entry-point value decays

Traffic follows the new front door. Whoever controls the agent increasingly controls attention and intent. And that is the App Store’s structural threat in one sentence.

III. The App Store Won’t Disappear—But It Can Be Hollowed Out
This won’t look like a dramatic collapse. It will look like slow “hollowing,” where the storefront still exists, but its economic center of gravity shifts. Three changes are likely.

First: fewer UI-heavy apps.
A large class of utility apps—especially those built around routine workflows—will be absorbed into agent behavior:

calendar coordination
lightweight editing
information aggregation
copy-and-paste data movement

These become invisible background functions. Users may not know which product is powering the result, and they won’t care—until someone asks who gets paid.

Second: the commission logic gets challenged.
If an agent can complete a purchase by calling a cloud API directly—without going through an in-app purchase flow—the traditional platform toll lane can be bypassed.

The 30% model works best when the platform owns the transaction surface. Agents, by design, prefer capability surfaces: web APIs, service endpoints, programmable commerce. That route is harder to tax.

Third: a “skills market” starts to replace an “apps market.”
It’s not hard to imagine an ecosystem that looks more like:

agent skill marketplaces
capability modules / plugins as tradable units
API ecosystems designed for agent orchestration

In that world, the store doesn’t vanish. It mutates. It stops selling “apps” as user-facing products and starts selling “capabilities” as agent-callable services. That’s a form shift—not an extinction event.

IV. The Real Conflict Isn’t the App Store—It’s Who Owns the Default Agent
The strategic question is not whether an App Store survives. The strategic question is: who becomes the default agent?

If it’s Apple’s agent, the App Store is absorbed and reinterpreted inside a new orchestration layer.

If it’s an OpenAI/Anthropic-style agent, the platform can be partially bypassed—relegated to infrastructure while value capture migrates elsewhere.

If it’s a local, open-source agent (think OpenClaw-like trajectories), then platform rent extraction weakens: the platform remains in the chain, but with far less bargaining power.

Once entry-point control shifts, profit follows. This is the true reason platforms are anxious. It’s not a debate about UX. It’s a battle over who owns the choke point.

V. Why Big Platforms Move So Carefully on Agents
This is why the largest platforms push agents with visible caution. They are walking a tightrope.

If their agent is too strong:

users open fewer apps
platform commission pressure increases
developer economics get restructured

If their agent is too weak:

users migrate to third-party agents
entry-point control gets stolen
the platform becomes a “hardware shell” around someone else’s brain

It’s a delicate game. The likely strategy is not “build an agent that replaces apps,” but “build an agent that strengthens the existing ecosystem while preventing displacement.”

Agents won’t directly destroy the App Store. But they can demote it—from an entry-point platform into a capability supply market.

Entry-point value compresses. Profit formulas get rewritten. And the ultimate winner is not the party who sells apps, but the party who defines the orchestration rules.

VI. The Final Question
The mobile internet era rewarded whoever controlled the entry point.

The agent era will reward whoever controls intent interpretation and execution scheduling.

When a user says just one sentence—“get this done for me”—the person (or system) deciding where the request gets routed is the one deciding where the money flows.

At that moment, the most valuable asset is no longer the app icon on the home screen.

It’s the agent in the background doing the dispatch.

https://liweinlp.com/category/english

I. OpenClaw is a structural event.

What makes OpenClaw shocking isn’t a new algorithm. It’s the fact that it exposes a new reality:

LLM capability + local execution privileges + open-source scaffolding is already enough to rewrite how software gets produced.

When a solo developer can stitch together an agent with something close to “OS-level permissions” using off-the-shelf models and open frameworks, it tells us something uncomfortable yet important: raw capability is no longer scarce. The scarce variable is now composability—the ability to combine tools, permissions, and workflows into outcomes.

And composability isn’t linear. It’s exponential. When your building blocks are callable functions, “more blocks” doesn’t add—it multiplies.

II. Why “80% of software” gets swallowed

Once agents can:

understand natural language intent directly,
break a task into steps automatically,
call tools dynamically,
and correct their own execution paths in real time,

a huge category of “workflow-frozen software” starts losing value fast.

For decades, software has trained humans to adapt to software. You open the right app, learn the right menu tree, follow the prescribed workflow, and hope your problem fits the box. The agent era flips the direction: software adapts to human intent.

That shift has a brutal implication: the core of software stops being UI, menus, and fixed workflows. The core becomes APIs and capability interfaces. Everything in the middle—the layers whose main job is turning workflows into a clickable experience—gets compressed.

Many products won’t “die.” They’ll be absorbed.

Tools that are mostly UI-wrapped procedures.
SaaS products that are largely data shuttling.
Systems whose main value is rigid rule execution.

Agents don’t need to replace them by competing head-on. They can simply embed them as invisible steps in an orchestration graph.

III. The moat is moving

Traditional software moats looked like:

complex feature depth,
data lock-in,
sticky workflows,
custom enterprise integrations.

But in an agent world, features can be composed on demand, workflows can be generated dynamically, and data can be surfaced through standardized interfaces. The moat migrates to things that are harder to synthesize by “tool composition” alone:

high-quality proprietary data assets,
specialized vertical knowledge,
security, compliance, and governance maturity.

Put bluntly: software shifts from selling features to selling capability access and safe execution.

In the agent era, the winning product is less “a beautiful UI” and more “a reliable interface to real power—with guardrails.”

IV. Startups are being rewired

The classic playbook for software startups was familiar:

pick a scenario,
build a product,
polish the UX,
retain users,
scale subscriptions.

The agent-era playbook is different:

pick a high-value capability domain,
expose it as an agent-callable interface,
integrate into the skills ecosystem,
create value through execution, not clicks.

Entrepreneurship shifts from “building an app” to building callable capability modules.

In a world where agents orchestrate work, owning the right tool interface is like owning a critical interchange on a highway system. You don’t need to be the entire city. You just need to sit on the route everything passes through.

V. Investment logic is being repriced

Investors used to ask:

How many users do you have?
What’s your ARR?
What’s your SaaS retention?

Increasingly, the questions will mutate into:

Can your capability be orchestrated by agents?
Do you control a defensible data interface?
Is your execution verifiably safe—auditable, permissioned, compliant?

Valuation logic will follow. Pure “feature SaaS” gets pressured. Execution infrastructure and governance layers get rewarded.

Because in the agent era, the truly expensive asset isn’t UI. It’s the right to execute—safely.

VI. Local agents are a transitional form

OpenClaw’s explosion also reveals something practical: demand for action-oriented AI is already there. People don’t just want a model that answers. They want a system that does things.

But local deployment is likely a bridge, not the destination. At scale—especially in enterprises—agents will converge toward:

cloud integration,
enterprise-grade governance,
least-privilege architectures,
compliance and audit systems.

Individuals can unlock power by removing constraints. The commercial world must do the opposite: it has to constrain power before it ships.

The long-term winners won’t be those most willing to grant authority. They’ll be those best at granting authority safely.

VII. Software won’t disappear. It will become invisible.

OpenClaw’s creator suggested that “maybe 80% of software will lose its value.” The number may be rhetorically inflated. But the direction is right.

Software doesn’t vanish. It goes dark.

Users stop operating software directly. Agents operate software on their behalf. Products shift from foreground experiences to background capability modules.

That’s not a collapse. It’s an industrial migration.

VIII. The real watershed isn’t OpenClaw. It’s what it forces us to talk about next.

OpenClaw isn’t the endpoint. It’s the first public, living demonstration of something many suspected:

LLMs are already capable of executing real-world tasks—if you give them the keys.

For the past two years, the mainstream conversation was “intelligence augmentation.” In the next few years, the dominant conversation will be delegated execution:

Who sets the boundaries of capability?
Who defines execution permissions?
Who bears responsibility when things go wrong?

Those questions—more than model size or benchmark scores—may determine where the next generation of tech giants comes from.

Closing

The significance of OpenClaw isn’t what it did. It’s what it made obvious:

the software era is ending, and the capability era is beginning.

And in the capability era, what’s truly scarce isn’t the model. It’s controllable execution power.

Authority and safety are natural enemies. The biggest winners will be the ones who can make them coexist—without pretending the tension isn’t real.

https://liweinlp.com/category/english

In the Agent era, the most common confusion is not technical — it’s architectural. We keep mixing abstraction layers, and then we end up debating terms that were never meant to be equivalent:

Is a plugin basically an app?
Is a special agent the new app?
What’s the difference between an API and a skill?
Is a general agent a tool, or a platform?

If we don’t separate layers, these questions will keep looping forever. So here’s a clean mental model: a six-layer stack from intent down to execution.

Human Intent → General Agent → Special Agent → Skill → Plugin → API

General Agent is the default entry point and the scheduler. It interprets natural language goals, decomposes complex tasks, decides which specialists to call, determines which capabilities to invoke, sequences execution, and manages permissions. Structurally, it resembles what browsers were in the web era, what desktop operating systems were in the PC era, and what iOS SpringBoard was in mobile: the “front door” where intent is translated into actions. It is not necessarily a specialist — it is the orchestrator.

Special Agents are domain experts: coding agents, math agents, legal agents, research agents, trading agents, and so on. Functionally, they look like “apps” because they are optimized around a task domain — specific knowledge, specific toolchains, and domain-specific execution strategies. But structurally, they are no longer the entry point. In the agent era, the entry point is owned by the General Agent.

Apps belong to the mobile-era abstraction. The traditional loop is user-driven: the user opens an app, navigates a UI, and triggers actions. In the agent era, the loop becomes orchestration-driven: the user expresses intent once, the General Agent dispatches the work, specialists and tools execute, and the result returns. Apps won’t disappear overnight, but many will lose their role as the primary interface. Some will degrade into background capabilities; others will survive as “special agents with UI.”

Then come the lower layers that people often collapse into one.

Skills are capability declarations — a semantic contract the model can understand. They describe what can be done, which parameters are required, what outputs are produced, and which permissions are needed. Skills live in the language layer; they don’t execute code. They exist so the model can plan.

Plugins are execution wrappers — the part that actually runs. They encapsulate API calls or local system access, handle authentication and permissions, manage errors, and return structured results. If skills are “what can be done,” plugins are “how it gets done.”

APIs are the lowest-level interfaces — the protocol surface that exposes underlying systems as callable endpoints. APIs do not think, decide, plan, or schedule. They are passive responders. If you like metaphors: electricity is the capability; the API is the wall socket.

So who is the “new app”?

From a task-function perspective: Special Agent ≈ the new app.
From an entry-point perspective: General Agent ≈ the new operating system.
From an execution-unit perspective: Plugin ≈ the new software primitive.

In other words, the mobile-era “app” is being decomposed into entry-point control, capability interfaces, and execution wrappers. The most strategic control point shifts to orchestration: whoever controls the General Agent controls the new default entry point.

Finally, a quick note on industry evolution. Early agent architectures were plugin-first: LLM + plugins = an executor. OpenAI even explored a “plugin store” storyline, reminiscent of app stores. The reason that pattern didn’t become the dominant ecosystem isn’t that plugins are useless. It’s that plugins are dangerous: they hold real privileges, and in an agent loop they can be triggered automatically, not necessarily by a human click. Discovery and scheduling are also harder when the “buyer” is a model. Most importantly, plugins expand what can be done — but the harder bottleneck is deciding what should be done, in what order, under what constraints.

That is why skills emerged as a lighter semantic layer, and why modern architectures insert governance and orchestration between the model and execution. Plugins didn’t disappear; they moved downward in the stack.

This isn’t “plugins failed.” It’s the software unit migrating. The new game is not only capability — it’s orchestration.

https://liweinlp.com/category/english

The agent era just hit a visible inflection point, and OpenClaw is a useful (and slightly terrifying) case study.

What’s striking about OpenClaw is not a technical breakthrough. It didn’t train a new model. It didn’t propose a new reasoning mechanism. It didn’t “beat” scaling laws.

It did something simpler—and far more consequential: it connected an already-strong LLM to real-world execution privileges.

Browser control. Filesystem access. Shell execution. API orchestration.

The model always had the “brain.” What changed is that we finally handed it the “keys.”

That’s why OpenClaw feels like a capability explosion. The intelligence didn’t suddenly appear; it was already there. We just didn’t dare to give it OS-level agency. OpenClaw shows us, in a vivid and unfiltered way, what happens when we do.

There’s also a psychological accelerant here: local deployment.

When something runs on your own machine, it creates a strong sense of sovereignty—“my process, my disk, I can kill it anytime, worst case I pull the plug.” That physical sense of control is real, but the safety inference often isn’t.

Local deployment improves visibility and the feeling of controllability. It does not automatically reduce the attack surface. Prompt injection doesn’t disappear because the agent is local. Permission creep doesn’t shrink because the hardware sits on your desk. Visibility can create calm; calm can be mistaken for security. That “controllability illusion” is arguably a major reason agentic systems are suddenly easier for people to accept.

The deeper reason this moment feels explosive, though, is composition.

In the traditional software world, capability composition is slow and human-driven—projects, teams, tickets, code, deployment, an entire lifecycle of a software development and deployment. In the “LLM + skills” world, composition becomes real-time, automated, and continuous. An agent can run 24/7, try pathways, fail, self-correct, and recombine tools endlessly. When capabilities are modular functions or skills, combinatorics becomes the growth engine. Explosion is not a metaphor; it’s the natural math of composition.  Hence the explosion.

It’s also telling that an open-source / individual-driven project became the flashpoint. Large companies have strong reasons not to grant OS-level permissions lightly: legal liability, brand risk, regulatory pressure, and security maturity constraints. Individuals and small teams have fewer brakes. With fewer constraints, capabilities surface faster, making it a clearer window into the future agent world.

All of this reframes the real safety problem.

LLMs are the brain. Agents are the hands.

The brain-safety conversation has been loud for two years. The hand-safety conversation is just beginning, a much riskier and more challenging one. A wrong answer is frustrating. A wrong action can be irreversible. Killing a process isn’t governance. Pulling the plug isn’t governance. Governance means boundary verification and least-privilege execution designed into the architecture, not added as a last-minute guardrail.

We may still debate whether “AGI” is here. But one thing is already clear: we’ve entered the era of automated action. 2025-2026 marks the phase transition from generative AI era into agentic AI.  The central challenge now is not purely technical—it’s designing a workable balance between delegated power and embedded safety, before the diffusion of OS-level agency outpaces the diffusion of governance.