Kinetic Economy
Complete
The Kinetic Economy is Nexus OS's defense against denial-of-service attacks at the system level. Every operation costs energy. Every fiber has a budget. Exceed the budget, and the system fights back.
The Problem
Traditional OS defenses against resource exhaustion are reactive — the system notices it's overloaded and tries to kill the offender. By then, the damage is done.
Nexus takes a proactive approach: every fiber is assigned an energy budget that limits how many operations it can perform per time window. The budget is enforced continuously, not after-the-fact.
Energy Budgets
Each fiber's energy budget is determined by its scheduling spectrum:
| Spectrum | Budget per Window | Window Size | Typical Use |
|---|---|---|---|
| Photon | High | 2ms | Hardware interrupt handlers |
| Matter | Medium | 10ms | Network processing, UI events |
| Gravity | Low | 50ms | Background tasks |
| Void | Minimal | Unlimited | Idle/housekeeping |
Every syscall, every ION Ring write, every capability check consumes energy from the fiber's budget. When the budget is exhausted for the current window, the fiber is suspended until the next window.
The Three-Strike Ratchet
When a fiber consistently exceeds its budget, the system escalates:
| Strike | Action | Effect |
|---|---|---|
| 1 | Warning | Event logged to ProvChain. Fiber continues. |
| 2 | Demotion | Fiber moved to a lower spectrum (e.g., Matter → Gravity) |
| 3 | Termination | Fiber killed and restarted from signed binary |
This ratchet prevents:
- Fork bombs: Can't spawn unlimited fibers — SPAWN costs energy
- Network floods: Can't send unlimited packets — SEND costs energy
- CPU hogging: Can't run unlimited compute — scheduling costs energy
- Memory exhaustion: Can't MAP unlimited memory — MAP costs energy
Why Not Just Kill Immediately?
The three-strike model is deliberate:
Strike 1 catches legitimate bursts — a web server handling a traffic spike is not malicious, it's busy. The warning lets operators investigate.
Strike 2 contains the damage — demoting to a lower spectrum reduces the fiber's impact on the system without killing it. Legitimate services continue at reduced priority.
Strike 3 removes the threat — if a fiber still exceeds its budget after demotion, it is either compromised or fundamentally broken. Kill and restart.
Budget Recovery
Energy budgets replenish at the start of each time window. A fiber that was budget-exhausted in one window starts fresh in the next. This means:
- Bursty workloads are tolerated (budget is consumed, then replenishes)
- Sustained abuse triggers the ratchet (budget exhausted every window)
- Recovery is automatic — no operator intervention needed for transient load spikes
Integration with ProvChain
Every budget event is logged:
- Budget exhaustion (with fiber ID, spectrum, remaining budget)
- Demotion (old spectrum → new spectrum)
- Termination (with strike count and reason)
This provides a complete audit trail for post-incident analysis. If a fiber was killed, you can trace exactly why — down to the specific operation that consumed the last unit of energy.