What is Nexus OS?
Nexus OS is a clean-slate operating system built for sovereignty, correctness, and permanence. It runs on everything from 8-bit microcontrollers to radiation-hardened satellite hardware to workstation-class desktops — all from a single codebase.
The Problem
Every mainstream OS carries decades of accumulated design debt. Linux is a 30-million-line monolith where a GPU driver crash kills the entire system. Windows is a legacy compatibility layer pretending to be an OS. macOS is a walled garden. QNX is proprietary and stagnant.
None of them were designed for a world where:
- A sensor on Mars needs to run for 15 years without a reboot
- A military system requires provable, auditable trust chains
- A developer wants to hot-swap a crashed driver without losing state
- A decentralized network needs identity-centric transport, not IP addresses
The Solution
Nexus OS is a Liquid OS Factory — not a distribution, but a system that builds systems.
Three Doctrines
Every design decision in Nexus enforces three non-negotiable principles at the hardware level:
Absolute Provenance — Every binary, every module, every driver has a cryptographic identity (Variant-CID). You can trace any artifact back to its source, its build, its author. No unsigned code runs. Ever.
Deterministic Ledger — ProvChain logs every boot, every module load, every heartbeat to an immutable audit trail signed with Ed25519. The system has a perfect memory.
Computable Trust — Security is not a policy document. It is computed. Pledge/unveil constraints plus signed package tracks equal automatic, enforceable trust boundaries.
The Strategy: Graft. Evolve. Sovereignize.
Nexus does not reject existing ecosystems — it consumes them strategically:
Graft: The build system ingests foreign artifacts (Linux drivers, BSD security tools, Alpine userland) via
nipadapters. It sanitizes them, applies security constraints, and outputs deterministic packages.Evolve: Once bootstrapped, grafted components are replaced one by one with sovereign implementations — ION Rings replace POSIX pipes, UTCP replaces TCP/IP for internal traffic, NexFS replaces traditional filesystems.
Sovereignize: The endgame is zero dependencies on Linux or BSD code. A pure, mathematically provable unikernel ecosystem authenticated by ProvChain.
Architecture at a Glance
| Layer | Component | Role |
|---|---|---|
| Kernel | Rumpk | 280KB unikernel, 12 syscalls, event-driven |
| Hypervisor | Rumkv | Type-1 hypervisor (EL2/Ring-1/M-Mode) |
| Storage | NexFS | Dual-axis filesystem, CAS, DAG versioning |
| Network | Membrane + UTCP | Userland TCP/IP + sovereign transport |
| Security | Capability Algebra | 7 verbs, pledge/unveil, ProvChain |
| Display | Surface Manager | Sovereign compositor, zero-copy |
| Packaging | nip | Universal package manager, NipCells |
| Signal | SignalForge | Audio/video/radio processing |
Languages
- Nim — Primary language for kernel logic, metaprogramming, scheduler. ARC for deterministic memory, ORC for cycle-safe userland.
- Zig — Hardware abstraction layer, C interop, bare-metal drivers, freestanding adapters.
No C. No C++. No Rust. No GNU toolchain.
Target Architectures
- RISC-V 64 (primary)
- ARM64 (AArch64)
- x86_64
One Codebase, Many Targets
A single nexus build command produces any system profile:
nexus build --profile=tiny # 256B-32KB, 8-bit MCU
nexus build --profile=micro # 180KB-1.2MB, embedded/satellite
nexus build --profile=core # 4-8MB, workstation/server
nexus build --profile=fleet # 8-40MB, cluster/quantum farmNo forks. No rewrites. No legacy debt.
See Architecture Overview for the full layer diagram, or dive into any component section from the sidebar.