PlatformArchitectureShell
Command Surface Competitive Analysis
Cmd+K should be measured against Raycast-class command products, not against a
Purpose
Cmd+K should be measured against Raycast-class command products, not against a basic website search box. This document defines what Prox OS should learn from Raycast, Alfred, Spotlight, Linear, Superhuman, and adjacent command surfaces while keeping the product direction larger than a launcher.
Cmd+K is the Global Command Surface for Prox OS. Its north star is not only "find and open"; it is summon, generate, open, connect, and execute inside a visible, auditable, data-sovereign OS Space.
Competitive Frame
| Product or surface | What users expect | What Prox OS should learn | What Prox OS should not copy | Prox OS edge |
|---|---|---|---|---|
| Raycast | Fast keyboard launcher, extension store, commands, snippets, AI helpers, and polished result previews. | Command speed, compact density, extension distribution, local muscle memory, quick actions, and trustworthy command metadata. | Treating commands as only local productivity utilities or hiding automation authority behind extension convenience. | Space-aware summoning, app/agent visibility, permission previews, audit logs, and data-source wiring. |
| Alfred / LaunchBar | Local search, workflows, clipboard, snippets, and power-user automation. | Zero-lag entry, fuzzy ranking, keyboard ergonomics, fallback search, and composable workflows. | Local-only assumptions and opaque workflow permissions. | Browser OS runtime context, app manifests, connector scopes, and future cloud/local hybrid execution. |
| Apple Spotlight | Universal system search with app, file, web, and setting results. | Default system muscle memory, simple ranking, and low-friction entry. | Becoming a shallow index without command verbs. | Results can become windows, widgets, agents, Space layouts, and reviewable actions. |
| Linear command menu | Contextual product actions inside a focused workflow. | Action verbs, scoped context, fast navigation, and predictable keyboard flow. | Making commands only app-local. | Cmd+K can combine Shell, current app, current Space, docs, agents, and registry results. |
| Superhuman command menu | Email-specific command speed and expert workflow shortcuts. | Fast command phrasing, command confirmation, and low visual noise. | Domain-specific narrowness. | Prox OS can route commands across apps, data, connectors, and agents. |
| VS Code Command Palette | Extension-driven command provider model. | Provider contracts, command discovery, keyboard-first work, and extension contribution points. | Developer-tool-only mental model. | App manifests and future agent registries can expose commands to non-code Spaces. |
| Slack shortcuts and workflows | Team actions, workflow triggers, and app integrations. | Clear verbs, app integrations, and workflow affordances. | Chat-first command dependency. | Cmd+K is a shell-level surface, not a message box. |
Product Bar
| Bar | Requirement |
|---|---|
| Speed | Open instantly, keep focus in the input, support predictable keyboard navigation, and avoid expensive providers on first paint. |
| Ranking | Prefer exact app names, active Space context, recent windows, registered app manifests, and explicit command verbs before broad search. |
| Preview | Show what will happen before action: app, route, Space target, permission posture, disabled/future state, and execution risk. |
| Provider boundary | Shell, app, Studio Engine, docs, search, agent, and connector providers should contribute through typed contracts rather than hardcoded route lists. |
| Permission posture | Connect and Execute commands must surface scopes, cost, audit, and confirmation needs before mutation. |
| Space awareness | Summon and Generate should target the current Space or make the target Space explicit. |
| Failure handling | Missing manifests, unavailable connectors, disabled agents, and offline providers should degrade without breaking the Shell. |
Verb-by-verb Differentiation
| Verb | Raycast-class baseline | Prox OS target |
|---|---|---|
| Summon | Open apps, windows, snippets, and extension views. | Bring app windows, widgets, agents, layouts, or app groups into the current Space. |
| Generate | AI command creates text, snippets, or lightweight assets. | Draft an app shell, agent workspace, Space layout, manifest, or reviewable branch proposal. |
| Open | Launch apps, routes, files, and extension commands. | Open registered apps, docs, routes, restored windows, Space resources, and platform tools through manifests. |
| Connect | Integrations usually live inside extension settings or workflow builders. | Create typed edges between apps, data sources, connectors, agents, and permissions with review. |
| Execute | Run local commands, scripts, or extension actions. | Execute only approved actions with permission preview, manual confirmation, audit logs, cost limits, and revocation. |
Architecture Implications
| Area | Implication |
|---|---|
| App Registry | Open and Summon results must resolve through registered manifests rather than arbitrary route strings. |
| Agent Registry | Future agent results need visible identity, scopes, budgets, run status, and audit posture. |
| Command providers | Providers should be lazy, scoped, typed, and cancellable so Cmd+K stays fast. |
| Search | Search can feed results into Cmd+K, but search should not own command execution. |
| Permissions | Connect and Execute need permission preview surfaces before they mutate data, spend budget, or call tools. |
| Audit Log | Sensitive commands should produce user-readable audit events. |
| Spaces | Command results need a target Space, active Space context, or a clear cross-Space action label. |
v0.1 Guidance
| Do | Do not |
|---|---|
| Make future command capability visible through disabled or preview-labeled cards. | Claim real agent execution, workflow automation, or connector mutation before it exists. |
| Keep existing app opening reliable and registry-driven. | Hardcode a parallel app launcher list inside the command UI. |
Use clear safety labels such as Requires permission, Coming later, and Audit log required. | Hide risk behind exciting action verbs. |
| Treat Raycast as the speed and polish benchmark. | Treat Raycast as the final product boundary. |
Review Checklist
- Does Cmd+K still open fast with no heavy provider blocking first paint?
- Are app launches still manifest-driven?
- Do disabled future actions explain why they are disabled?
- Do Execute-like commands show permission, audit, and confirmation posture?
- Does the command result make the target Space or active context visible?
- Are provider errors contained without crashing the Shell?