Local-first
By default, nothing leaves the device. The default execution tier runs entirely on local hardware, with no network involved — the private path is the path of least resistance, not an opt-in buried in settings.
AI-native operating system
NexaCore OS treats inference, model orchestration, and intelligent agents the way classical systems treat processes and files — as kernel-level primitives. Intelligence runs locally by default. When a task needs more compute than one machine has, the system federates with other instances over a peer-to-peer mesh of attested nodes.
Why a new operating system
The operating systems most people use were architected for a world without large models. AI capabilities are bolted on afterwards, reached through cloud APIs owned by a handful of companies. The implicit price is your data: prompts, documents, and context become someone else's telemetry.
We accept this because the alternative usually looks like running a small model on a laptop with a fraction of the capability. NexaCore OS proposes a different arrangement — one where the operating system itself is the orchestrator, and the network is made of peers rather than landlords.
NexaCore OS is an AI-native operating system: a custom microkernel, written in Rust from scratch, whose kernel and runtime treat AI inference, model orchestration, and agents as first-class system services — on par with sockets and files.
Three commitments shape every design decision. Intelligence runs locally by default. Privacy is enforced by cryptography, not by a policy that can be quietly changed. Scale comes from cooperation between peers, not from renting capacity.
What is different
NexaCore OS avoids adjectives that cannot be checked. Every property below names the specific mechanism that produces it.
By default, nothing leaves the device. The default execution tier runs entirely on local hardware, with no network involved — the private path is the path of least resistance, not an opt-in buried in settings.
Personal data is tokenized at the system-call boundary, and mesh payloads are wrapped in envelopes only the destination's verified hardware can open. A non-compliant node cannot produce valid traffic — the cryptography will not let it.
Inference, embeddings, classification, and transcription are exposed as system calls, the same way reading a file is. Applications request intelligence from the OS rather than shipping data to a remote API.
When local compute is not enough, NexaCore OS federates with other instances over a peer-to-peer mesh: collective compute among people running the same software, coordinated without a central server.
Joining the mesh requires an attestable Trusted Execution Environment — Intel TDX or AMD SEV-SNP at launch. Peers prove what code they are running before any payload is exchanged. There is no best-effort fallback.
Unix-style ambient permissions are replaced by capability tokens: scoped to one action and resource, short-lived, attenuable, and revocable. A program that was not granted a capability cannot perform the action — full stop.
Current build · v0.3.0-alpha.1 · 2026-05-20
How compute scales
NexaCore OS chooses the smallest tier that can serve a request. Each step outward is explicit, and each preserves the same privacy guarantees.
Runs entirely on your device. No network involved. Used for sensitive data and offline work.
Your own devices on the same network discover one another and split a model across them, encrypted end to end.
An opt-in peer-to-peer network of attested nodes. A Mixture-of-Experts design activates only a small slice of a large model per token, so cross-node traffic stays low.
Available only with explicit, per-request consent, when no other tier can serve the task. Never silent, never the default.
Privacy is not a setting in a menu. It is the only thing the protocol knows how to do.
NexaCore OS · design principle
Where the project stands
NexaCore OS is closing Phase 1 (the microkernel proof of concept) and has entered Phase 2 (the AI runtime) in parallel. The list below describes what runs today, not what is planned.
The kernel boots bare-metal on x86-64 via UEFI and renders an interactive graphical desktop. It brings up multiple CPU cores (live INIT-SIPI, cross-CPU context switching, TLB shootdown), runs user-space drivers for NVMe, VirtIO-net, and e1000e on real hardware, and serves a from-scratch AI inference pipeline — a transformer with GGUF model loading and a byte-level tokenizer — from a Ring 3 process, verified on hardware.
Block-device request/response plumbing, interrupt wiring for drivers, and the end-to-end NVMe storage loop are the active workstream. The peer-to-peer mesh, the agent framework, and the wider standard library are scaffolded and advancing. Concrete TEE backends (TDX, SEV-SNP) replace the development mock as the security layer matures.
Go deeper
The technical deep dive covers the microkernel and its system-call ABI, the AI runtime, the cryptographic privacy mechanisms, and ncScript — the capability-gated scripting language — with real, runnable examples.