Manifesto

The ANVAYA Manifesto

A clean-slate operating system for the intelligence age, designed for capability security, AI-native execution, post-quantum cryptography, and human override.

Read the ManifestoView on GitHubDownload Brief (PDF)

Document Metadata

DOC-1A
Version1.0
Published2026-01-01
AuthorAlphin Tom
Reading time16 min
Contact: alphin@mycel-ai.de
Download Brief (PDF)PDF

The ANVAYA Manifesto

An Operating System for the Intelligence Age

Version 1.0 — January 1, 2026

Author: Alphin Tom
Contact: alphin@mycel-ai.de
GitHub: @alpha912
Project: anvaya.dev | github.com/AnvayaOS

Preamble

We stand at an inflection point in the history of computing.

For five decades, we have built our digital civilization upon foundations designed for a different era—an era of human users typing commands into terminals, of trusted programs running on isolated machines, of scarce compute and abundant fossil energy. The operating systems we depend on today—Linux, Windows, macOS, Android, iOS—are magnificent achievements of engineering. They have powered the information age, connected billions of people, and enabled wonders our predecessors could scarcely imagine.

But they were not built for what comes next.

The age we are entering will be defined by artificial intelligence that reasons, decides, and acts. By quantum computers that shatter our cryptographic assumptions. By fusion reactors that make energy abundant. By RISC-V silicon that democratizes hardware. By cyber-physical systems that blur the boundary between the digital and the material world.

We cannot patch our way into this future. We cannot retrofit safety onto systems designed without it. We cannot bolt intelligence onto architectures that treat AI as an afterthought.

We must build anew.

This is ANVAYA.

The Name

ANVAYA (Sanskrit: अन्वय) means logical connection, coherent sequence, or lineage. In classical Indian logic and grammar, anvaya refers to the method of establishing truth through consistent correlation—the unbroken thread that connects cause to effect, premise to conclusion, action to consequence.

We chose this name deliberately. In a world of increasingly autonomous AI agents, the ability to trace decisions back to their origins—to understand not just what happened but why—is not a feature. It is a foundation.

ANVAYA represents:

  • Traceability: Every action has a lineage. Every decision can be audited.
  • Coherence: A unified system from wearable to datacenter, not fragmented silos.
  • Connection: Bridging human intent and machine execution across modalities.
  • Heritage: Building on the accumulated wisdom of computer science while transcending its limitations.

The Problem

Current operating systems encode assumptions from the 1970s

UNIX was designed when:

  • Users were humans sitting at terminals
  • Programs were trusted to behave correctly
  • Security meant protecting files from other users
  • Networks were an afterthought
  • AI was science fiction

These assumptions permeate every layer of modern systems. Processes, files, users, permissions—all designed for a world of human operators running static software.

AI is treated as an application, not a citizen

Today's AI systems fight for resources like any other program. They have no native concept of:

  • Goals or intentions
  • Bounded autonomy
  • Capability-based permissions
  • Interpretable decision-making
  • Coordination with other agents

We run large language models in containers designed for web servers. We grant GPU access through permission bits designed for disk files. We audit AI behavior through logging systems designed for database transactions.

This is not architecture. This is archaeology—layering new capabilities atop ancient foundations.

Security was designed for human adversaries

Our security models assume attackers are humans with human limitations—humans who make mistakes, who get tired, who can be caught. Access control lists, role-based permissions, network firewalls—all calibrated for threats that think at human speed.

What happens when the adversary is an AI system that can analyze every line of code in milliseconds? That can find vulnerabilities no human would notice? That can coordinate attacks across thousands of systems simultaneously?

Our current defenses are not merely inadequate. They are categorically wrong.

Cryptography stands on a quantum precipice

RSA. Elliptic curves. Diffie-Hellman. The mathematical foundations of digital security are vulnerable to quantum computers. Not theoretical quantum computers—real machines being built in laboratories today.

Most operating systems treat cryptography as a library, not an architecture. When quantum computers arrive, we will not be able to simply swap in new algorithms. The assumptions of classical cryptography are woven into protocols, key management, certificate chains, and trust models across the entire stack.

Sustainability is an afterthought

Current systems optimize for speed—reduce latency, maximize throughput, minimize response time. Energy consumption is a constraint to be managed, not a resource to be stewarded.

In a world of climate crisis and energy transition, this is backwards. Computing infrastructure already consumes more electricity than many nations. As AI scales, this will only increase.

We need systems that treat energy as a first-class concern—that can schedule computation based on carbon intensity, that can track the environmental cost of every operation, that can prove sustainability compliance cryptographically.

Hardware is a monoculture

x86 and ARM dominate computing through historical accident and licensing power, not technical superiority. This duopoly stifles innovation, creates vendor lock-in, and concentrates power in a handful of corporations.

RISC-V offers a different path—an open instruction set architecture that anyone can implement, extend, and improve. But RISC-V's potential will remain unrealized without operating systems designed to exploit it natively.

The Vision

ANVAYA is an operating system built from first principles for the intelligence age.

Not an evolution of UNIX. Not a Linux distribution. Not a compatibility layer atop existing foundations.

A new beginning.

AI-Native Architecture

In ANVAYA, artificial intelligence is not an application. It is a first-class citizen of the operating system.

Agent Execution Contexts (AECs) replace processes as the fundamental unit of computation for AI. An AEC has:

  • Identity: A cryptographic attestation of what the agent is
  • Goals: A declared intention that informs scheduling and auditing
  • Capabilities: Explicit permissions that cannot be exceeded
  • World Model: A sandboxed space for reasoning before acting
  • Audit Trail: A complete record of decisions and their rationale

Agents in ANVAYA do not simply run. They reason, request, and are held accountable.

Cognitive Sandboxing separates thinking from doing. An agent can explore possibilities in its world model, but affecting reality requires approval—from a human, from a supervisor agent, or from constitutional rules. The capability to reason about an action is separate from the capability to execute it.

The Intelligence Broker provides model serving, inference scheduling, and agent coordination as core OS services. Models are resources managed by the kernel, not applications competing in userspace.

Capability-Based Security

ANVAYA abandons the failed paradigm of ambient authority—the assumption that running code inherits broad permissions from the user who launched it.

Every resource in ANVAYA is protected by capabilities—unforgeable tokens that grant specific permissions. Capabilities can be:

  • Granted: Explicitly given to an agent or process
  • Delegated: Passed to another entity (but never escalated)
  • Attenuated: Restricted to a subset of the original permissions
  • Revoked: Withdrawn at any time by the grantor

There is no root user. There are no magic file paths. There is no ambient network access. Every operation requires an explicit capability, and every capability grant is logged.

This is not a policy layer atop the kernel. It is the kernel. ANVAYA's Nucleus enforces capabilities in hardware through RISC-V CHERI extensions. An agent cannot violate its capability bounds any more than it can violate the laws of physics.

Constitutional Constraints

Some rules must be beyond the reach of software—even operating system software.

ANVAYA implements a constitutional framework with three tiers:

Immutable Laws are enforced by hardware. They cannot be changed by any software update, any administrator command, or any AI agent. They include:

  • Human override is always possible
  • Audit logs cannot be disabled
  • The constitution cannot be modified without physical access

Constitutional Laws require a formal amendment process to change. They encode our current understanding of safety, but acknowledge that future wisdom may improve upon it:

  • Agents cannot directly control physical actuators without approval
  • Biometric data requires explicit consent
  • Cross-device capability delegation requires cryptographic proof

Statutory Rules are configurable policy that operates within constitutional bounds. Administrators and users set these according to their needs.

The Amendment Process ensures the constitution can evolve while preventing hasty or malicious changes. Amendments require multi-party consent, mandatory review periods, and cryptographic attestation. They can be rolled back during a grace period if problems emerge.

Hardware Escape

No matter how sophisticated our software safety measures, humans must retain ultimate control.

ANVAYA mandates hardware escape mechanisms that cannot be intercepted by software:

  • Physical buttons that trigger firmware-level responses: pause all agents, enter safe mode, wipe memory
  • Hardware interrupt controllers that route escape signals directly to firmware, bypassing the CPU's instruction stream
  • Network kill switches that physically disconnect communications, not just filter packets

If an AI system—even a superintelligent one—gains complete control of ANVAYA's software, a human with physical access can still regain control. This is not a feature. It is a guarantee.

Content-Addressed Storage

ANVAYA replaces the hierarchical filesystem with a content-addressed object store.

Files are identified not by their location (paths that can change, names that can collide) but by their content (cryptographic hashes that are globally unique and tamper-evident).

This provides:

  • Automatic deduplication: Same content stored once, regardless of how many times it's referenced
  • Immutable history: Every version of every file preserved automatically
  • Cryptographic integrity: Verify any data by recomputing its hash
  • Distributed synchronization: Content hashes are global identifiers that work across devices

A mutable namespace layer provides familiar paths for users and applications, but underneath, the storage layer speaks in hashes.

Post-Quantum Cryptography

ANVAYA adopts lattice-based cryptography from its first release—not as an optional library, but as the default for all cryptographic operations.

  • CRYSTALS-Kyber for key encapsulation
  • CRYSTALS-Dilithium for digital signatures
  • SPHINCS+ for long-term signatures requiring hash-based security

During the transition period, hybrid schemes combine post-quantum and classical algorithms. But ANVAYA's architecture assumes that classical cryptography is deprecated.

When quantum computers capable of breaking RSA and ECC arrive, ANVAYA will be ready. Systems that wait to address this threat will face architectural upheaval.

RISC-V First

ANVAYA is designed for RISC-V as its primary—and initially only—target architecture.

This is not merely a porting decision. RISC-V's open ISA enables:

  • CHERI extensions for hardware-enforced capabilities
  • Custom extensions for AI acceleration, cryptographic operations, and audit support
  • Hardware-software co-design without vendor permission
  • Freedom from licensing fees that inflate hardware costs

ARM and x86 support may be added for development convenience, but ANVAYA's future is RISC-V. We are betting on open hardware, and we invite the hardware ecosystem to bet on us.

Sustainable Computing

ANVAYA treats energy as a first-class resource, not a hidden cost.

The Energy Broker provides:

  • Carbon-aware scheduling: Route computation to nodes powered by renewable energy
  • Joule budgets: Capabilities include energy limits, not just permission limits
  • Sustainability attestation: Cryptographic proof that workloads meet environmental standards
  • Embodied carbon tracking: Account for the environmental cost of hardware, not just electricity

In a world transitioning to fusion energy, compute may become abundant. But the transition will take decades, and climate change will not wait. ANVAYA is designed for both the scarcity of today and the abundance of tomorrow.

Universal Scale

A single ANVAYA codebase scales from wearables to datacenters.

The Nucleus is a minimal, formally verified kernel (~15KB) that runs everywhere. It provides capability enforcement, inter-process communication, and scheduling—nothing more.

Scale Extensions activate based on device class:

  • Wearables load minimal extensions for constrained environments
  • Servers load distributed scheduling and NUMA-aware memory management
  • Each device runs the same Nucleus; only the extensions differ

Device Mesh enables seamless cooperation:

  • Capabilities delegate transparently across devices
  • Storage synchronizes automatically via content addressing
  • Inference routes to the most appropriate processor (local, edge, or cloud)
  • The network becomes an extension of the capability space

Core Principles

1. Security by Architecture, Not Policy

Security in ANVAYA is not a layer added atop an insecure foundation. It is the foundation.

Capabilities are enforced in hardware. The Nucleus is formally verified. Constitutional constraints are immutable. Every design decision assumes adversaries more capable than today's threat models anticipate.

2. AI as Citizen, Not Application

Artificial intelligence in ANVAYA has identity, goals, permissions, and accountability. Agents are designed into the system, not bolted on.

The intelligence age demands operating systems that understand what intelligence means.

3. Interpretability by Default

Every action in ANVAYA has a lineage. Every decision can be traced. Every capability grant is logged.

When agents make decisions, they must provide reasoning. When reasoning leads to action, the connection is recorded. When something goes wrong, the audit trail reveals why.

4. Human Override Always

No matter how sophisticated the system becomes, humans retain ultimate control.

Hardware escape mechanisms bypass software entirely. Constitutional constraints limit what software can do. Amendment processes require human consent.

ANVAYA is a tool for human flourishing, not a replacement for human agency.

5. Sustainability as Constraint

Energy is not free. Carbon has costs. Hardware has embodied environmental impact.

ANVAYA makes these costs visible and provides mechanisms to constrain them. Sustainable computing is not optional—it is designed in.

6. Open by Default

ANVAYA is free and open source software, licensed under Apache 2.0 and MIT.

The specification is open. The reference implementation is open. The governance is transparent. Anyone can contribute, fork, or build upon ANVAYA without permission.

We reject the model of proprietary operating systems controlled by single vendors. The infrastructure of the intelligence age must be a commons.

Technical Foundation

The Nucleus

ANVAYA's kernel is a formally verified microkernel of approximately 15,000 lines of Rust.

It provides exactly four services:

  1. Capability Management: Grant, revoke, delegate, and enforce capabilities
  2. Inter-Process Communication: Synchronous and asynchronous message passing
  3. Scheduling: Priority-based with real-time guarantees
  4. Memory Management: Page tables and capability enforcement

Everything else—filesystems, networking, device drivers, graphics, AI—runs in userspace.

The Nucleus is verified using Verus and Creusot, providing mathematical proof that it enforces capability semantics correctly. A bug in the Nucleus would undermine all security guarantees; formal verification ensures this cannot happen.

Privileged Extensions

Performance-critical operations can run as verified in-kernel extensions:

  • Network fast path (zero-copy packet processing)
  • Storage fast path (direct NVMe access)
  • Tensor fast path (NPU acceleration for AI inference)
  • Graphics compositor

These extensions are optional and formally verified. They provide performance without compromising the Nucleus's guarantees.

WASM Application Runtime

Applications in ANVAYA run as WebAssembly modules with ANVAYA-extended WASI.

WASM provides:

  • Language agnosticism: Write in Rust, C, Go, Python, JavaScript—anything that compiles to WASM
  • Sandboxing: WASM modules cannot access memory outside their linear address space
  • Portability: The same .wasm binary runs on wearables, phones, desktops, and servers
  • Performance: Within 10-20% of native with ahead-of-time compilation

ANVAYA extends WASI with:

  • Capability tokens for OS resources
  • Intent API for multi-modal user interaction
  • Intelligence Broker API for AI model invocation
  • Energy API for sustainability tracking

Capability Traits

ANVAYA introduces capability traits—encoding OS permissions in Rust's type system.

// An agent that can read documents and invoke AI models
pub struct DocumentAgent {
    doc_read: ReadCap<Document>,
    model: ModelInvokeCap,
}

If code attempts to use a capability it doesn't possess, the program fails to compile. Security violations become type errors, caught before deployment.

Content-Addressed Storage

The storage layer uses cryptographic hashes as identifiers:

  • SHA-256 or SHA-3 for content addressing
  • Merkle trees for efficient verification of large objects
  • CRDTs for distributed synchronization without conflicts

A namespace layer provides familiar paths, but the underlying model is pure content-addressing.

Roadmap

2026: Foundation

  • Publish ANVAYA Manifesto and architecture specification
  • Implement Nucleus prototype on RISC-V emulator
  • Port to real RISC-V hardware (SiFive, StarFive)
  • Basic capability enforcement and IPC

Milestone: Anvaya 0.1 boots on RISC-V hardware

2027: Userspace

  • Content-addressed filesystem service
  • Network stack with capability-based sockets
  • WASM runtime with ANVAYA extensions
  • Developer SDK and documentation

Milestone: Anvaya 0.3 runs WASM applications

2028: Intelligence

  • Intelligence Broker v1 (model registry, inference scheduling)
  • Agent Execution Contexts (sandboxing, capabilities, audit)
  • Multi-agent coordination primitives
  • Constitutional constraint enforcement

Milestone: Anvaya 0.5 runs AI agents natively

2029: Distribution

  • Device mesh networking
  • Cross-device capability delegation
  • Distributed storage synchronization
  • Multi-modal interface layer (CLI, touch, desktop)

Milestone: Anvaya 0.8 operates across multiple devices

2030: Production

  • Formal verification of Nucleus complete
  • Post-quantum cryptography fully integrated
  • Security audit by external firms
  • Performance optimization and benchmarking
  • Launch ANVAYA OS 1.0

Milestone: Anvaya 1.0 released December 31, 2030

Call to Contribution

ANVAYA cannot be built by one person, one team, or one organization. It requires a community.

We invite:

Kernel Developers who understand microkernels, capability systems, and formal verification. Who have read the seL4 proofs and the CHERI papers. Who believe that operating systems can be both secure and fast.

AI Researchers who think about alignment, interpretability, and agent architectures. Who worry about what happens when AI systems become more capable than their operators. Who want to build safety into infrastructure, not paper over it with policy.

Cryptographers who are preparing for the post-quantum world. Who understand lattice-based schemes and their implementation challenges. Who can help us get this right before it's too late to fix.

Hardware Engineers who believe in RISC-V's promise. Who can help us define extensions for capabilities, AI acceleration, and secure execution. Who want to see an operating system that exploits open hardware fully.

Sustainability Experts who understand carbon accounting, energy systems, and environmental economics. Who can help us make ANVAYA's sustainability features meaningful, not performative.

Application Developers who will build the first generation of ANVAYA-native applications. Who will push the boundaries of what's possible when AI is a first-class citizen.

Writers and Educators who can explain these ideas to wider audiences. Who can write documentation that welcomes newcomers. Who believe that open source means open knowledge.

Skeptics and Critics who will find the flaws in our reasoning. Who will ask the hard questions we haven't considered. Who will make ANVAYA stronger by challenging it.

Closing

The operating systems we use today are monuments to human ingenuity. They have served us well.

But they were built for a world that no longer exists.

The intelligence age demands new foundations. Foundations that treat AI as a citizen, not an afterthought. That enforce security through architecture, not policy. That survive quantum attacks and climate constraints. That scale from rings on our fingers to servers in the cloud. That keep humans in control even as machines grow more capable.

This is not a small ambition. It is not a weekend project. It is the work of years, of dozens of contributors, of countless difficult decisions.

But it is necessary work. And we believe it is possible.

ANVAYA is our answer.

Join us.

License

This manifesto is released under CC BY 4.0.

The ANVAYA operating system is released under Apache 2.0 and MIT licenses.

Contact

"The best way to predict the future is to invent it."
— Alan Kay

"अन्वय — the unbroken thread from cause to effect."

ANVAYA OS
The Operating System for the Intelligence Age

January 1, 2026

Scroll