Skip to main content

Key Features

Aurora OS combines production-grade kernel engineering with modern UI/UX polish, delivering a unique operating system experience.

BPE/U Engine

BPE/U Architecture The Browser Processing Engine/Unit (BPE/U) is Aurora’s secret sauce for running a complete OS in the browser.
The BPE/U emulates a complete virtual CPU with:
  • Registers: General-purpose (RAX, RBX, RCX, RDX), stack (RSP, RBP), instruction pointer (RIP)
  • Flags: Zero, sign, overflow, carry flags for arithmetic operations
  • Memory Management: Virtual address space with 4-level paging emulation
  • Interrupts: Timer interrupts, keyboard interrupts, syscall interrupts
Implementation: wasm-runtime/pwa/bpe/bpe-core.js
// Simplified BPE/U CPU state
const CPU = {
  regs: { rax: 0, rbx: 0, rcx: 0, rdx: 0, rsp: 0, rbp: 0, rip: 0 },
  flags: { zero: false, sign: false, overflow: false, carry: false },
  memory: new Uint8Array(256 * 1024 * 1024), // 256MB virtual RAM
};
Browser syscalls are mapped to native kernel syscalls:
Browser APIKernel SyscallImplementation
IndexedDBsys_open, sys_read, sys_writePersistent file storage
localStoragesys_read, sys_writeConfiguration files
WebSocketsys_socket, sys_connectNetwork I/O
WebCryptosys_randomSecure random generation
OPFSsys_mountOrigin Private File System
Implementation: wasm-runtime/pwa/bpe/bpe-syscall.js
The BPE/U implements a real boot sequence just like bare metal:
1

BIOS POST

  • Initialize virtual hardware (CPU, memory, devices)
  • Run POST (Power-On Self Test)
  • Detect memory size from browser capabilities
  • Load bootloader from OPFS
2

Bootloader (Limine Emulation)

  • Parse kernel ELF headers
  • Set up initial page tables
  • Load kernel into virtual memory at 0xFFFFFFFF80000000
  • Jump to kernel entry point
3

Kernel Initialization

void kernel_main(void) {
    gdt_init();           // Global Descriptor Table
    idt_init();           // Interrupt Descriptor Table  
    pic_init();           // Programmable Interrupt Controller
    phys_init();          // Physical memory allocator
    paging_init();        // Virtual memory
    heap_init();          // Kernel heap
    vfs_init();           // Virtual File System
    tmpfs_mount("/");     // Root filesystem
    sched_init();         // Process scheduler
    init_spawn();         // PID 1
}
Implementation: kernel/src/main.c:101-136
4

Login Screen

  • Load user accounts from OPFS
  • Display authentication prompt
  • Validate credentials with WebCrypto (PBKDF2 + AES-GCM)
  • Initialize desktop environment
Total boot time: < 2 seconds on modern hardware.

Hybrid Kernel Architecture

Aurora uses a hybrid kernel that balances performance and modularity.
Critical subsystems stay in-kernel for performance:

Memory Management

  • Physical Allocator: Bitmap-based, memory-map aware (kernel/src/mm/phys.c)
  • Paging: 4-level page tables with higher-half mapping (kernel/src/mm/paging.c)
  • Heap: Free-list allocator with slab caches (kernel/src/mm/heap.c, kernel/src/mm/slab.c)
  • COW: Copy-on-write for fork (kernel/src/mm/fault.c)

Process Management

  • Scheduler: CFS-inspired with priority queues (kernel/src/proc/sched_preempt.c)
  • Process Model: fork, exec, exit, waitpid (kernel/src/proc/process.c)
  • Signals: User-space signal handlers (kernel/src/proc/signal.c)
  • Syscalls: 38 syscall handlers via SYSCALL/SYSRET (kernel/src/proc/syscall.c)

Virtual File System

  • VFS Layer: Unified interface for all filesystems (kernel/src/fs/vfs.c)
  • tmpfs: In-memory filesystem for / and /tmp (kernel/src/fs/tmpfs/tmpfs.c)
  • ext2: Read/write support for Linux filesystems (kernel/src/fs/ext2/ext2.c)
  • FAT: DOS/Windows filesystem support (kernel/src/fs/fat/fat.c)

Security Features

Aurora implements defense-in-depth with multiple security layers.

KASLR

Kernel Address Space Layout Randomization
  • Randomizes kernel load address on each boot
  • Makes ROP/JOP attacks harder
  • Implementation: kernel/src/security/kaslr.c

ASLR

Address Space Layout Randomization
  • Randomizes user process memory layout
  • Stack, heap, libraries at random addresses
  • Implementation: kernel/src/security/aslr.c

Stack Canaries

Stack Smashing Protection
  • Compiler flag: -fstack-protector-strong
  • Detects buffer overflows before return
  • Implementation: kernel/src/security/canary.c

Module Signing

Cryptographic Module Verification
  • All loadable modules must be signed
  • Validates signatures before execution
  • Implementation: kernel/src/security/modsign.c

Process Isolation

Sandboxed Execution
  • Each process has its own page table
  • Kernel memory inaccessible from userspace
  • Implementation: kernel/src/security/isolation.c

Capabilities

Fine-Grained Access Control
  • Token-based permissions (no root user)
  • Least-privilege by default
  • Rust implementation: rust/caps/src/lib.rs

Modern UI/UX

Every interaction is polished to perfection.

Design System

Based on the Aurora Design spec (Design.md), blending macOS vibrancy with Windows Fluent depth:
Light Theme (AURORA Light)
--bg: #f6f8fb
--surface: #ffffff
--text-primary: #0f1724
--accent: #0066ff
--accent-2: #00c2a8
--glass-tint: rgba(255,255,255,0.7)
--shadow-1: 0 6px 18px rgba(15,23,36,0.08)
Dark Theme (AURORA Dark)
--bg: #0b0f14
--surface: #0f1720
--text-primary: #e6eef6
--accent: #4791ff
--accent-2: #1fd2b6
--glass-tint: rgba(12,16,20,0.5)
--shadow-1: 0 10px 30px rgba(2,6,12,0.6)
Themes switch automatically based on prefers-color-scheme or manual selection.

Applications

Full-featured terminal with xterm.js:
  • Command history: Up/down arrow navigation
  • Tab completion: File and command completion
  • Color support: ANSI escape sequences
  • Scrollback: 10,000 line buffer
  • Copy/paste: Full clipboard integration
Built-in commands: ls, cd, pwd, cat, mkdir, rm, ps, top, help
Modern file explorer with grid and list views:
  • Dual views: Grid (icons) and list (details)
  • Breadcrumb navigation: Click path segments to jump
  • Context menus: Right-click for actions
  • Drag-and-drop: Move/copy files
  • Quick preview: Select file to preview contents
  • Search: Filter by filename
Supports all VFS-mounted filesystems (tmpfs, ext2, FAT).
Code editor with syntax highlighting:
  • CodeMirror: Industry-standard editor
  • Language support: JavaScript, Python, C/C++, Markdown
  • Themes: Material Darker (dark), Default (light)
  • Search/replace: Ctrl+F to find, Ctrl+H to replace
  • Auto-save: Saves to VFS on Ctrl+S
Open files from the File Manager or create new documents.
Real-time system metrics:
  • CPU usage: Per-core utilization with Chart.js
  • Memory: Used vs available with progress bars
  • Network: Rx/Tx bytes per second
  • Process list: PID, name, CPU%, memory%
  • Auto-refresh: Updates every second
Implementation uses BPE/U syscalls to query kernel state.
Beautiful weather display with 5-day forecast:
  • Current conditions: Temperature, feels-like, humidity, wind
  • Hourly forecast: Next 24 hours with icons
  • 5-day forecast: High/low temps, conditions
  • Auto-location: Uses browser geolocation API
  • Manual search: City name search
Powered by OpenWeatherMap API.
Productivity apps with persistence:Notes:
  • Rich text editing with markdown support
  • Auto-save to IndexedDB every 2 seconds
  • Create, edit, delete notes
  • Search notes by title/content
Tasks:
  • To-do list with checkboxes
  • Mark complete/incomplete
  • Delete tasks
  • Persists to localStorage

Persistent Authentication

User accounts survive browser cache clears thanks to OPFS + WebCrypto.
1

Account Creation

On first boot, the OOBE (Out-of-Box Experience) prompts for:
  • Username (2-16 alphanumeric characters)
  • Password (8+ characters, strength meter)
Password is hashed with PBKDF2 (100k iterations, SHA-256).
2

Storage

Account data stored in OPFS (Origin Private File System):
// Simplified account storage
const opfs = await navigator.storage.getDirectory();
const accountFile = await opfs.getFileHandle('accounts.db', { create: true });
const writable = await accountFile.createWritable();
await writable.write(JSON.stringify({
  username: 'alice',
  passwordHash: '...', // PBKDF2 output
  salt: '...', // Random 16 bytes
  created: Date.now()
}));
await writable.close();
OPFS is not cleared by normal cache clearing, only by “Clear all site data”.
3

Login

On subsequent boots:
  1. Load accounts from OPFS
  2. Display username in lock screen
  3. User enters password
  4. Verify with PBKDF2 hash comparison
  5. If valid, decrypt user data and mount home directory
Clearing “All site data” in browser settings will delete accounts. There is no password recovery mechanism.

Performance Optimizations

All animations use hardware-accelerated properties:
/* Good: GPU-accelerated */
.window {
  transform: translateY(0);
  opacity: 1;
  will-change: transform, opacity;
}

/* Bad: Triggers layout/paint */
.window {
  top: 0;
  left: 0;
  width: 800px;
}
Result: 60fps on all animations, even with 10+ open windows.

What’s Missing (Roadmap)

Aurora is under active development. Some features are stubs:
  • Benchmarks: Harnesses exist but return 0 (docs/benchmarks.md)
  • QEMU boot test: Validates ELF structure, not actual boot (tests/qemu/boot-test.sh)
  • Browser terminal routing: Commands execute in JS, not routed through WASM kernel yet
  • Fuzz testing: Targets exist but CI runs them for limited time
See STATUS.md for current implementation status.

Next Steps

Try it Now

Run Aurora in your browser in under 60 seconds

Architecture

Deep dive into kernel subsystems and design decisions

API Reference

Explore syscalls, IPC mechanisms, and driver interfaces

Contributing

Help build the future of operating systems

Build docs developers (and LLMs) love

Get started for freeTalk to us