Features

A ground-up OS built on WebAssembly, Rust, and a minimal kernel.

Capability-Secure by Default

The supervisor only wires up WASI imports that are declared in each app's vyoma.toml manifest. If an app does not declare network access, there is no network interface to syscall. No seccomp, AppArmor, or SELinux needed.

  • Manifest-declared capabilities
  • Zero-trust app model
  • No filtering layer overhead

WASM Runtime (wasm32-wasip2)

Every application compiles to WebAssembly using WASI Preview 2. Binaries are deterministic and byte-identical across all build hosts and architectures. The Wasmtime runtime executes apps with minimal overhead.

  • Deterministic builds
  • Cross-platform binaries
  • Wasmtime 43.0.0 runtime

Rust Supervisor (PID 1)

A static musl-linked Rust binary serves as PID 1. It handles app lifecycle, IPC brokering, display compositing, input routing, and process management. 62+ subsystem modules cover everything from GPIO to OTA updates.

  • ~2.9 MB static binary
  • 62+ subsystem modules
  • Concurrent app scheduler

Multi-Platform Profiles

Six platform profiles target different hardware: MCU (128 KB RAM, wasm3), IoT/Robotics (ARM64, WAMR AOT), Mobile (ARM64, Wasmtime JIT), Desktop (x86-64, Wasmtime JIT), and Server (headless, Wasmtime JIT).

  • MCU to server coverage
  • Profile-specific runtimes
  • Hardware abstraction layer

IPC & Windowing

Apps communicate through a supervisor-brokered IPC system using @app: message format. The VYOMA_DRAW protocol enables framebuffer rendering with fill_rect, draw_text, draw_glyph, and draw_image commands.

  • Supervisor-brokered routing
  • VYOMA_DRAW protocol v2
  • Composited window manager

Minimal Linux Kernel

The kernel is compiled with allnoconfig plus only the drivers VyomaOS needs: virtio, 9P, DRM, fbcon. No networking stack, no USB, no excess filesystem drivers. At 2.3 MB it boots in under 2 seconds.

  • 2.3 MB kernel image
  • allnoconfig baseline
  • <2s boot to supervisor