Display
The Nexus display stack provides sovereign graphics composition without X11, Wayland protocol complexity, or traditional window manager baggage. It follows the same isolation principle as the rest of the system — display composition runs in userland, not the kernel.
Components
- Surface Manager — Sovereign compositor with zero-copy rendering
- HUD — Visual filesystem interface
Architecture
┌──────────────────────────────────┐
│ Applications (NPK) │ Submit surfaces via SSP
├──────────────────────────────────┤
│ Surface Manager │ Composites surfaces, 120Hz
│ (Userland Fiber) │ Zero-copy, per-surface pledge
├──────────────────────────────────┤
│ HUD (/Bus/hud/) │ Visual filesystem endpoints
├──────────────────────────────────┤
│ ION Ring (Display Channel) │ Frame delivery
├──────────────────────────────────┤
│ GPU Driver (NPL) │ Framebuffer access
└──────────────────────────────────┘Design Philosophy
The display stack follows the Plan 9 Rio model: everything is a file-like endpoint. Windows are surfaces. Surfaces are resources in /Bus/hud/. Applications submit frames through the Surface Submission Protocol (SSP) over ION Rings.
The Surface Manager decides what goes on screen. Applications have no direct access to the framebuffer. A compromised application cannot:
- Read other applications' display content
- Overlay fake UI elements
- Capture screenshots
- Access the GPU directly
This is display isolation without the overhead of running each application in a separate virtual machine (the Qubes OS approach).