Local-First AI-Native Privacy-First

The framework browser extensions never had.

Exo is a modular application framework for browser extensions and browser-native apps. Declarative DOM modeling. Typed lifecycle. Events, middleware, caching, triggers, and an architecture that actually respects the surface you're building on.

Join the Alpha Read the Vision
Alpha — v0.1
Exo Fiddle // Try the framework in your browser

Write extension code. Preview the popup. Export a ready-to-load .zip. No build step. No install. Just code.

Exo Fiddle// Interactive Playground
Previewpopup.html
Console
Exo Fiddle ready.
The Problem

Extensions are the most powerful surface in computing. The tooling treats them like an afterthought.

Every extension starts the same way. You wire up background scripts. You wrestle content scripts into isolated worlds. You hand-roll messaging between contexts. Then you realize nothing syncs, nothing survives, and nothing scales.

Context Fragmentation

Background scripts, content scripts, popups, options pages — four contexts that pretend the others don't exist.

State Chaos

Your state doesn't sync. Your storage calls collide. Your service worker dies mid-task and takes your in-memory data with it.

DOM Fragility

Your injection breaks on the next site update. Selectors rot. Mutation observers become duct tape within weeks.

Manifest Friction

Permissions you forgot to declare. Host patterns that don't match. A manifest format that fights you at every step.

No Architecture

No lifecycle. No middleware. No conventions. Every extension reinvents the same infrastructure puzzle — differently, every time.

No Framework

WXT pushed DX forward. Plasmo introduced modern bundling. But the ecosystem still lacks a unified application model.

You're not building software. You're solving infrastructure — every single time. It lacks a framework.

Capabilities

Exo is the architecture your extension always needed.

Exo gives browser extensions what Laravel gave backends and Next.js gave frontends: a real application model. Declare your triggers. Model your pages. Wire your middleware. Write business logic, not glue code.

Splice // DOM Modeling

Model any page with typed extractors and reactive DOM bindings. No more fragile selectors and manual mutation observers.

class IssuePage extends Page {
  @Extract('.title') title!: string;
  @Extract('.author') author!: string;
}
Triggers // URL Routing

Declare URL patterns. Exo auto-registers and routes. One decorator, zero boilerplate.

@Trigger('github.com/*/pull/*')
class PullRequest extends Handler {
  async handle() { /* your logic */ }
}
Lifecycle // Predictable Stages

onInstall, onUpdate, onStartup, onContextReady. Predictable stages across every extension context.

@OnInstall()
async setup() {
  await DB.migrate();
  await Cache.warm();
}
Middleware // Composable Pipeline

Auth, logging, validation — applied to triggers, events, jobs, and notifications. Composable and explicit.

@Middleware([Auth, RateLimit])
class ApiHandler extends Handler {
  // protected by default
}
Events // Typed Event Bus

Serializable, persistable, replayable. Built for debugging and auditability across every context.

Event.dispatch(
  new UserAction('clicked', { target })
);
Data // Storage & Caching

IndexedDB ORM for structured storage. remember() caching with TTL. No more hand-rolled persistence.

const user = await Cache.remember(
  'user:1', 3600, () => User.find(1)
);
Philosophy

What Exo believes.

Local-First

Your data never leaves the browser.

Exo works fully offline. IndexedDB for persistence. Local queues for resilience. Cloud enhances -- never replaces. No server dependency. No forced accounts. Your extension runs on its own terms.

  • Offline-first storage with IndexedDB ORM
  • Jobs persist and retry across service worker restarts
  • Cloud sync is opt-in, never mandatory
AI-Native

AI needs context. Extensions are context.

AI copilots live in the browser. They see what you see. Splice models the page. Triggers activate on the right URL. Events replay for debugging. The framework handles the surface -- your AI handles the intelligence.

  • Structured page data via Splice extractors
  • Contextual activation with URL triggers
  • Event replay for debugging AI decisions
Privacy-First

Security is a default, not a feature.

No dynamic code injection. Strict CSP by default. Permissions auto-inferred from code, not hand-declared. Secrets stay server-side via the Gateway. The most secure path is the default path.

  • No remote code execution, ever
  • Manifest permissions auto-generated from AST
  • Gateway proxy keeps API keys off the client
Join the Alpha

The browser is the operating system. Extensions are its native apps.

We're opening Alpha access to a limited number of founding partners. Early adopters get direct influence on the framework's direction, priority support, and access to Exo Cloud.

Read the Full Vision Read the Blog

Exo is free and open source. Cloud features are optional. No credit card required.