Presentation

Download VyomaOS.pptx

18-slide dark-tech-themed presentation covering VyomaOS architecture, security model, app ecosystem, and roadmap. Designed for conferences, meetups, and technical reviews.

Slide Overview

1. Title

VyomaOS — The WASM-First Operating System

Capability-Secure · 18 MB · < 5s Boot · 200+ WASM Apps

2. The Problem

Modern OSes carry 40 years of legacy attack surface:

C Userland

Shared libraries, POSIX quirks, shell injection. Every app inherits all of it.

Coarse Permissions

Android/Linux DAC: either you have access, or you don’t. No fine-grained capability model.

Non-Deterministic Binaries

ELF binaries vary by libc/arch. No reproducibility guarantee. Supply chain attacks thrive.

3. The Vision

A fully capable general-purpose OS built entirely on WASM.

From 18 MB embedded appliance → Full desktop OS — same security model at every scale.

WASM-native package manager

Fine-grained permission model

Deterministic binaries

Minimal kernel (2.3 MB)

4. Architecture

Linux 5.10 (allnoconfig, 2.3 MB)
  └── Wasmtime (WASI Preview 2)
        └── Rust Supervisor (PID 1, 697 KB)
              └── 200+ WASM Apps (1–10 KB each)

Metric	Value
Supervisor binary	697 KB
Linux kernel	2.3 MB
Full initramfs	18 MB
Boot time	< 5s
Concurrent apps	200+

5. Capability Security

Apps declare capabilities in vyoma.toml. Undeclared = never wired up.

Capability	Effect
`stdio`	stdin/stdout/stderr
`filesystem`	Mount `/data` (persistent)
`network`	WASI sockets (TCP)
`display`	Framebuffer + VYOMA_DRAW
`shell`	@supervisor: commands
`mouse`	Mouse input events

6. The Supervisor

Rust PID 1 — 697 KB static binary with six core modules:

Manifest Parser

Reads vyoma.toml, enforces capability schema

Scheduler

One thread per app, concurrent spawn + lifecycle

IPC Broker

@app: message routing, broadcast, reply

Display Driver

DRM/virtio-gpu framebuffer, VYOMA_DRAW parser

Input Router

Raw TTY mode, per-keypress dispatch

Process Manager

ps, kill, restart, reload, log, watchdog

7. Display System

Line-oriented VYOMA_DRAW: protocol from app stdout → supervisor renders to framebuffer.

VYOMA_DRAW:fill_rect:<x>,<y>,<w>,<h>,<rgba>
VYOMA_DRAW:draw_text:<x>,<y>,<rgba>,<size>,<text>
VYOMA_DRAW:flush

Font sizes: s = 4x8, m = 8x16, l = 16x32

8. IPC Broker

Every message flows through the supervisor:

Pattern	Format	Description
Unicast	`@app: msg`	Route to one app
Broadcast	`@broadcast: msg`	All running apps
Reply	`@reply: msg`	Back to last sender
Control	`@supervisor: cmd`	Built-in commands

9. App Ecosystem

200+ WASM apps across six categories:

Productivity: text-editor, notes, kanban, calendar, spreadsheet
Developer: code-editor, hex-editor, json-viewer, terminal
System: system-monitor, file-manager, settings, app-store
Games: chess, tetris, snake, minesweeper, asteroids
Visualization: fractal, fourier, oscilloscope, fluid
Creativity: paint-pro, music-composer, pixel-art, photo-editor

All 1–10 KB each. Zero native deps.

10. Build System

Docker-based hermetic builds. SHA-256 verified. Fully reproducible.

make kernel → make supervisor → make apps → make rootfs → make run

Per-app stamp files for incremental builds. make test runs build + unit tests + smoke test.

11. Performance Numbers

< 5s

Boot time (QEMU, 10 apps)

2.3 MB

Linux kernel

697 KB

Supervisor binary

18 MB

Complete initramfs

1–10 KB

Average app size

200+

Concurrent apps

12–13. Comparison & Roadmap

17 phases complete. VyomaOS vs Alpine, Docker, MirageOS — see the Comparison Matrix and Roadmap pages.

14–16. Current Work & Dev Experience

Windowing system with focus borders, title bar accents, click-to-focus, drag-to-move, keyboard shortcut overlay. Four-step developer workflow: create → declare → build → boot.

17–18. Vision & Closing

Every feature a modern OS ships — delivered as WASM apps. App store, package manager, desktop shell, multi-user auth, hardware drivers, OTA updates.

The runtime IS the OS boundary.

Download the full slide deck (VyomaOS.pptx)