The Operating System for the Intelligence Age
New foundations for machines that reason, decide, and act.
ANVAYA is a clean-slate, capability-first operating system project for agentic workloads, built in the open on RISC-V. It is evidence-first by design: every release ships code, tests, and repeatable QEMU evidence, and nothing is claimed that a boot log cannot show.
As of the v1.0.0 "QEMU-Proven Milestone", all five 1.0 completion gates are closed to their software scope (Gates B and D partial — external audit and physical A/B open). The Nucleus's accepted capability invariants are formally verified by bounded-exhaustive proofs (plus Kani harnesses), with the unsafe-Rust TCB measured at 0.44% versus Asterinas 14%. Post-quantum crypto — ML-KEM, ML-DSA, and SLH-DSA, each KAT-verified against the official NIST ACVP vectors — is demonstrated across every trust surface with no demonstrated classical-only path, over a CHERIoT-style capability profile and a DICE-style measured boot. A device mesh, an SCI-accounted energy broker, an intent-router interface layer, and a PQC-signed package manager complete the stack. Honest scope: v1.0.0 is proven under QEMU and is not a production-deployed release — it does not claim a physical-hardware boot, an external third-party audit, or a hardware root of trust; the operational package signature is still Ed25519 and the audit chain a SHA-256 hash chain (hybrid rekey tracked). Each is a documented open item.
$ ANVAYA SCHEDULER PROCESS RUNTIME HELPER OK pid=0xa313 dispatches=37 returns=37
$ ANVAYA SYSCALL IRQ BIND OK task=0x11 irq=0x21 denials=3
$ ANVAYA SYSCALL IRQ ACK OK task=0x11 irq=0x21 seq1=1 seq2=2 denials=3
$ ANVAYA SYSCALL TRAP RETURN OK task=0x11 cause=0 resolution=0 denials=5
$ ANVAYA PROCESS DISPATCH REGISTRY OK satp=0x8a11... hits=2 denials=3
$ ANVAYA PROCESS DISPATCH SRET CONTINUE OK ecalls=3 continues=2 hits=3
$ ANVAYA VIRTIO BLK PERSISTENCE OK sector=1 pattern_mismatches=0
$ ANVAYA SERVICE LOADER IPC CONTINUITY PERSISTENCE COMPARE OK boots=2 failures=0
$ ANVAYA LIVE STORAGE SERVICE OK content_id_prefix=... roundtrip=1
$ ANVAYA LIVE NETWORK SERVICE OK name=live.anvaya.dev address=203.0.113.10
$ ANVAYA LIVE SIGNED SERVICE OK entry=0x40001000 signature_denial=1
$ ANVAYA LIVE PERSISTED PACKAGE OK sector=4 signature_denial=1
$ ANVAYA MULTI FRAME STACK OK pages=2
$ ANVAYA LIVE WASI SERVICE OK app=read-config host_grants=1
$ ANVAYA LIVE SDK LAUNCH OK apps=10 profile_derived=1
$ ANVAYA LIVE CATALOG COMPLETE OK apps=12 non_guest=10 guest=2
$ ANVAYA LIVE NET RX SERVICE OK sender=10.0.2.2 resolved=1
$ ANVAYA LIVE TCP DATA OK sent=15 acked=15 received=15
$ ANVAYA LIVE TCP RETRANSMIT OK attempts=2
$ ANVAYA LIVE STORAGE NAMESPACE OK listed=1 object_len=16
$ ANVAYA LIVE AUDIT CONTINUITY OK total=6 failures=0
$ ANVAYA LIVE IPC DENIAL OK total=7 failures=1
$ ANVAYA LIVE MEM SYSCALL OK bytes=4096
$ ANVAYA PRODUCTION ALLOCATOR OK reused=2 denials=3
$ ANVAYA FRAME REFCOUNT OK shared=3 reclaimed=1 reused=1
$ ANVAYA LIVE TIMER RETRANSMIT OK timer_sourced=1 attempts=1
$ ANVAYA WASM RICHER OPS OK arith=42 compare=2 div=42 ops=19
$ ANVAYA WASM I64 OK wide_add=1 wide_div=1 ops=23
$ ANVAYA WASM F32 OK add_eq=1 ieee754=1
$ ANVAYA WASM F64 OK add_eq=1 ieee754=1
$ ANVAYA WASM CONVERT OK chain=42 uext=9 ops=8
$ ANVAYA WASM MEM WIDE OK i64=42 float=2 ops=6
$ ANVAYA WASM MEM NARROW OK a=4914 b=-1 ops=6
$ ANVAYA WASM EXTERNAL TOOLCHAIN OK compute=63 source=rustc-wasm32
$ ANVAYA WASM EXTERNAL CALL OK compute=63 funcs=2
$ ANVAYA WASM EXTERNAL LARGE OK compute=154 bytes=261 funcs=3
$ ANVAYA WASM EXTERNAL WASI OK wrote=11 fd=1
$ ANVAYA IP ROUTING OK routes=3 specific_lpm=28
$ ANVAYA IP FORWARDING OK neighbors=2 gateway_hop=10.0.2.2
$ ANVAYA IP ICMP ECHO OK id=0xa15e seq=9 reply_type=0
$ ANVAYA STORAGE SHA256 OK vectors=2 id_bytes=32
$ ANVAYA STARTUP APP LOADER EXEC OK
$ QEMU boot smoke checks passed.
1.0.0
QEMU-Proven Milestone
v1.0.0: all five 1.0 gates (A-E) closed to software scope — formally verified, PQC demonstrated across every surface, benchmarked; QEMU-proven, no physical hardware and no external audit (Gates B & D partial)
0.44%
Unsafe-Rust TCB
551 lines; vs Asterinas 14%, Tock 43.8%
NIST
PQC KAT-verified
ML-KEM/ML-DSA/SLH-DSA vs official ACVP vectors
12
Signed WASM proof apps
deny-by-default capability profiles
3
QEMU evidence suites
smoke, two-boot persistence, app demo
0.7→1.0
milestones shipped
PQC, device mesh, usable/sustainable, production
Trajectory
01 · Jan 1, 2026
Manifesto + architecture published
02 · v0.4.0 ✓
Production Substrate — all six gates closed
03 · v0.5.0 ✓
AI agents run natively — AEC + Intelligence Broker
04 · v0.6.0 ✓
Constitution & human override
05 · v0.7.0 ✓
Post-quantum & hardware-anchored (NIST ACVP KAT)
06 · v0.8.0 ✓
Device mesh — PQC pairing, cross-device caps, CRDT
07 · v0.9.0 ✓
Usable & sustainable — energy broker, intent UI, SDK
08 · v1.0.0 ✓
QEMU-Proven Milestone — formally verified, PQC demonstrated
Proof-Driven Engineering
METHODNo roadmap slideware. Each increment lands with focused code, unit tests, and QEMU boot markers that CI re-asserts on every push — from capability attenuation to two-boot storage persistence.
Capability Boundaries
SECURITYEvery kernel object is reached through explicit, attenuable, revocable capabilities with lineage tracking. Denial paths are proved with the same rigor as success paths.
AI-Native Target
DIRECTIONThe target state is an OS built for agentic workloads: bounded execution, explicit authority, human override, and audit-ready transparency from the nucleus up.
Manifesto
DOC-001The ANVAYA Manifesto lays out the first principles of the Intelligence Age operating system: AI-native execution, capability security, post-quantum cryptography, and sustainable computing at planetary scale.
Implementation Status
STATUSHonest, area-by-area maturity: what is evidence-backed prototype, what is accepted specification, and what remains future work.
Open StatusChangelog
UPDATESEvery verified release, from first light to the sret-continue dispatcher slice, with the exact proof markers each one added.
View UpdatesDocs Index
DOCSCanonical references, policies, methodology, and machine-readable assets for ANVAYA OS.
Open DocsGet Involved
JOINANVAYA is built in the open. We are looking for funders and contributors — kernel and microkernel engineers, AI-systems and alignment researchers, cryptographers preparing for the post-quantum world, and RISC-V hardware partners — to help build the operating system for the intelligence age.
To fund the work or contribute, write to Alphin Tom at dev@mycel-ai.de.