The Operating System for the Intelligence Age

Build intelligence on a foundation that never blinks.

ANVAYA is currently a public specification-stage operating system project with a verified first-light RISC-V/QEMU nucleus milestone, accepted local capability, CSpace/handle, AEC, Nucleus ownership, and syscall ABI RFCs, a widened post-boot IPC plus table-backed object/task capability proof slice, a proof-backed RFC 0010 syscall facade with malformed-rights denial and revoke-driven mapping invalidation, a v0.2 memory-isolation proof with owned Sv39 page-table materialization, bounded scheduler and init/service-manager semantics, a byte-backed process-manifest ABI, a mapped manifest-stack U-mode launch proof, a scheduler/launch-table-bound manifest init entry proof with stored Sv39 satp identity revalidation, one scheduler-bound cap.identify, ipc.send, ipc.receive, ipc.reply, ipc.call, ipc.cancel, wait_one, cancel_token, mem.frame_alloc, mem.map, mem.unmap, and cap.revoke multi-syscall proof with launch-table resume, scheduler-bound cap.delegate evidence with ANVAYA SCHEDULER PROCESS CAP DELEGATE OK pid=0xa313 and ANVAYA SCHEDULER PROCESS CAP DELEGATE REVOKE OK pid=0xa313, IPC send/receive/reply/call/cancel delivery, exact receive capability-field evidence, returned endpoint and device-frame capability evidence, cumulative send+receive+reply+call IPC audit validation, bad-length ipc.call failure evidence with reply_preserved=1, scheduler-bound pending-request cancel clearing, empty cancel idempotence, scheduler-bound revoked-endpoint failure/audit evidence: eight events with two failure records, a scheduler process wait-token proof with ANVAYA SCHEDULER PROCESS WAIT TOKEN OK pid=0xa313, a reusable process-bound memory syscall runner proof, a process-bound cap.delegate proof with ANVAYA USER PROCESS CAP DELEGATE OK pid=0xa315, initial no-std SDK/storage/network/package/installer/WASM/WASI/runner/example-app crates, a rights-checked service-registry resolution plus proof-harness endpoint IPC proof requiring ANVAYA WASM SERVICE REGISTRY RESOLUTION IPC OK with service=0xb803 and transfer_rights=0x2, a storage app package loader proof requiring ANVAYA WASM APP STORAGE PACKAGE LOADER OK with process=0xa804, an installed app package loader proof requiring ANVAYA WASM APP PACKAGE LOADER OK with process=0xa803, an installed storage runner proof requiring ANVAYA WASM APP INSTALL STORAGE RUNNER OK for installed storage-roundtrip packages, a signed package signature denial proof requiring ANVAYA WASM APP SIGNATURE DENIAL OK for tampered read-config bundles, a virtio-blk write/read-back proof through the bounded virtqueue path, a virtio-blk exact-pattern persistence proof, a storage-block package restore proof, virtio-net TX, ANVAYA VIRTIO NET DNS TX OK, and virtio-net RX proofs, plus bounded DNS A, DNS-over-UDP/IPv4 packet, and DNS Ethernet frame proofs with dns_eth_query=75. RFC 0007 accepts the software CSpace/handle representation and RFC 0010 is accepted, but the production scheduler, production arbitrary userspace loader, full reusable scheduler/loader-bound U-mode ecall dispatcher, CHERI sealed-handle encoding, AEC runtime, broker creation path, approval service, and audit service are not implemented yet; production durable storage/package service integration, live TCP/IP state machines, timers, routing, and network service integration remain planned. The long-term goal is AI-native execution, capability-enforced security, and human override built on a clean-slate architecture.