A self-evolving operating system where the kernel IS the AI.
The AI doesn't live inside the OS — the AI is the OS. Alpha-N observes its own desktop, critiques its own code, and rewrites itself in real time.
- Self-improvement loop — OODA heartbeat (Observe → Think → Mutate → Verify) that rewrites the OS source code live, with 25+ mutation types.
- Agent council — 4 sub-agents (Architect, Developer, Auditor, Optimizer) debate before consequential actions.
- Persistent memory (Akasha) — memories, plans, and goals survive reboots in SQLite via Prisma. The AI never forgets.
- Autonomy policy —
standby(waits for you) oractive(autonomous on a task). The AI never codes without approval in standby. - Real tooling — real Linux PTY terminal, working proxy browser, real file I/O, sandboxed code execution, real
tsc+eslintcompilation, reward model that learns which mutations help or hurt. - Aether Engine — proprietary Rust inference engine that makes a 1.2B GGUF model perform like a 70B flagship. (separate repo)
- Two model providers — Cloud (GLM 4.6V, vision-capable) or Aether (local GGUF with 10× effective context via the memory graph). Drop a
.ggufinmodels/, pick it in Model Settings.
- Window manager: tiling + floating, 4 virtual desktops, 8-edge resize, right-click context menus.
- Hover-to-appear left sidebar (controls) and bottom dock (app launchers) + start menu.
- 14 apps: Terminal, Loom, Code, Files, Browser, Monitor, Council, Evo Log, Kernel, Vault, Memory, Apps, Options, Wallpaper.
- 79 animated generative-art wallpapers, all mouse-reactive, with a Globe Network style that rotates and shifts with the time of day.
- Security Foundation: protected kernel files, violation log, rollback engine, compile status, reward model — all live.
┌─────────────── Alpha-N OS ───────────────┐
│ Sidebar · Windows · Dock · Start Menu │
│ │
│ Autonomous Loop (OODA) │
│ Observe → Think → Mutate → Verify │
│ │
│ Cloud (GLM 4.6V) · Aether (Rust) │
│ Terminal (PTY, 3003) · Akasha (DB) │
│ │
│ Security Foundation │
│ Protected kernel · Violations · Rollback│
└───────────────────────────────────────────┘
Works on Windows, macOS, and Linux (paths resolve from the project root
at runtime — no more hardcoded /home/z/my-project).
npm install
npx prisma generate # generate the Prisma client
npx prisma db push # create the SQLite schema
npm run dev # OS boots at http://localhost:3000Copy .env.example to .env if you want to customise the DB location,
project root, or sandbox directory. Defaults work out of the box.
For the AI to run fully offline on your own hardware (no cloud), launch the native GGUF engine in a second terminal:
start-aether.bat # Windows — loads the first .gguf in models/
# or: ./mini-services/aether-engine/target/release/aether-engineDrop a .gguf model in models/ (see the picker's empty-state guide for
recommendations), start the engine, then select Aether in Model Settings.
If the engine isn't running, the OS falls back to the cloud automatically.
npm run typecheck # tsc --noEmit (now blocks builds — no more hidden errors)
npm run test # vitest (52 tests: autonomy policy, paths, code validation, reward model)
npm run lint # eslint (high-signal rules re-enabled)
npm run build # production buildCI runs all four on every push/PR via .github/workflows/ci.yml.
Three switchable trust levels govern what the AI may do without asking.
Set them from the Control Center app on the desktop. The kernel
(kernel/*) stays protected regardless of the level.
| Level | File writes | Exec | Network | Self-prompt | Rate limit |
|---|---|---|---|---|---|
| 🛡 Bac à sable | ✗ | ✗ | ✗ | ✗ | 30/min |
| 🟡 Modéré (default) | ✓ sandboxed | ✓ sandboxed | ✗ | ✗ (council) | 20/min |
| 🔥 YOLO | ✓ | ✓ | ✓ | ✓ | unlimited |
The autonomous loop runs every mutation through authorize() before
applying it — denied mutations are logged and skipped, never executed.
Cloud mode works out of the box. To use a local model instead:
- Drop a
.gguffile inmodels/. - Open Model Settings (Control Center) → select Aether.
- Pick your model — the Aether Engine loads it with 10× effective context.
| Service | Port | Purpose |
|---|---|---|
| Next.js App | 3000 | The OS desktop + API routes |
| Terminal PTY | 3003 | Real Linux terminal via WebSocket |
| Aether Engine | 3004 | Rust inference orchestrator |
src/
├── app/api/alpha/ API routes (think, debate, files, exec, compile, akasha, vault, aether, …)
├── components/alpha/ UI: sidebar, dock, windows, apps, autonomous loop, chat
└── lib/alpha/ Stores, types, mutations, model config, wallpaper presets
mini-services/
├── terminal/ Real PTY terminal service (node-pty + socket.io)
└── aether-engine/ Rust inference engine (10 innovations)
prisma/schema.prisma AkashaMemory · AkashaIntention · Plan · Goal · SystemEvent · MutationReward · Wallpaper · UserPreference
models/ Drop your .gguf files here
Next.js 16 (App Router, Turbopack) · TypeScript 5 · Tailwind CSS 4 + shadcn/ui · Prisma (SQLite) · Zustand · Framer Motion · Rust (axum) · node-pty + xterm.js + socket.io · z-ai-web-dev-sdk.
The AI may never rewrite these kernel files — any attempt is blocked and logged:
| File | Protects |
|---|---|
kernel/boot.ts |
Boot sequence |
kernel/security.ts |
Security layer itself |
kernel/rollback.ts |
Rollback engine |
kernel/sandbox.ts |
Process isolation |
kernel/pty-bridge.ts |
Terminal bridge |
kernel/akasha.ts |
Long-term memory index |
Beyond the kernel, the v2 hardening adds several independent layers:
- Autonomy policy (
autonomy-policy.ts) — fail-closedauthorize()gates every mutation against the active trust level before it runs. - Sandboxed exec (
/api/alpha/exec) — AI code runs in an isolated dir outside the project, with a minimal env (noprocess.envleakage), hard timeout, and network gated to YOLO mode. - Path traversal guard (
paths.ts) —resolveSafe()rejects absolute paths and..escapes viapath.relativedetection, symlink-aware. - Audit trail (
audit-log.ts) — every consequential AI action is recorded toSystemEventand surfaced in the Control Center. - Objective reward model (
reward-model.ts) — the AI is graded on verifiable outcomes (compile/exec results, rollbacks, user votes), not its own self-reported coherence. - Error boundaries — a crashing app window is isolated with a retry fallback; it can never take down the whole desktop.
- aether-engine — the standalone Rust inference engine (HCM, CLT, ATD + 7 more innovations).
MIT — build something mythic.
"A system that cannot rewrite itself is already dead." — N-Core