Now closing on 1.0 — self-heal shipped & VM-validated
Fresh where it counts.
Stable to the CORE.
The rock-solid foundation of Debian Stable, with fresh tooling for productivity, AI development, and enterprise deployment — and boot-time rollback so a bad update is never fatal.
A bad update, handled
live recoveryWhy FoundryOS
Stability you can trust. Freshness you can use.
Debian Stable is the most trusted desktop foundation in the world — and it ships deliberately old packages. FoundryOS resolves that tension with layering instead of compromise, then makes the whole machine impossible to permanently break.
A bad update is never fatal
Every change is snapshotted. If an update breaks the system, reboot and pick the previous snapshot straight from the bootloader — back to a working machine in seconds, no rescue USB.
It heals itself
A boot-counting engine watches for trouble. Consecutive unhealthy boots are automatically routed to the last-known-good snapshot — the machine recovers before you have to.
apt can't delete your desktop
A self-preservation guard refuses any transaction that would rip out the desktop or core system — on both the apt and offline-update paths. No other apt-based distro ships this.
Breakage is explainable
A deterministic substrate journals every change and health-checks every boot, so the system tells you what changed and what likely broke — then fixes the culprit instead of nuking the whole update.
Encrypted, verified, and hard-gated
Full-disk LUKS2 encryption and UEFI Secure Boot are baked in. Every release must also pass a full headless VM install — accessibility-tree-driven, fully encrypted, with snapshot rollback exercised — before the publish pipeline will sign it. No override flag exists.
Ready for the org
Active Directory join and domain login work out of the box, with an image IT can standardize — without giving up Debian's stability or recoverability.
The design in one picture
Four layers. One cardinal rule.
Freshness flows down from the top; stability is protected at the bottom. A package belongs in the highest layer that can host it — so newer software can never contaminate the base.
Apps
Flatpak (Flathub) — browsers, IDEs, productivity, comms
Dev environments
Distrobox / Podman — bleeding-edge AI, CUDA, Python
Hardware enablement
Curated overlay — Mesa, kernel, NVIDIA, firmware
Base OS
Debian 13 Trixie — frozen · Btrfs + snapper + GRUB rollback
If an update ever breaks the system, you reboot, pick the previous snapshot directly from the bootloader, and you're back to a working machine in seconds.
See it
A clean GNOME desktop — with tools for the hard parts.
GNOME on Wayland out of the box, and FoundryOS's own apps for the things a desktop should never make you open a terminal for: snapshots, health, updates, and the Freshness catalog.


Snapshots
Browse every snapshot, see the exact package diff, mark known-good, and restore — no terminal.

Health
Rule-based boot diagnosis that names the likely culprit and the one command to fix it.

Updates
See what's pending, what needs a reboot, and apply with a snapshot recorded automatically.

Freshness
Install verified-newer kernels, drivers, and Mesa from the catalog — each one tested.
Foundry Control
Everything FoundryOS adds, in one place.
One first-party settings hub for the things that make FoundryOS different — each one off until you choose it, every risky change spelled out in plain language, and all of it lockable by IT for a fleet.
Recovery
Switch on automatic rollback and choose how many bad boots trigger it — or have the machine boot the last good snapshot and let you promote the fix yourself.
Software
Opt in to fresher backports beyond the verified catalog, behind a clear risk dialog. The tested catalog always stays available.
AI assistant
Optional diagnosis that runs on-device or on your own network — never in the cloud unless you deliberately wire it up. With it off, nothing about your system is ever sent anywhere.
Smartcard & web auth
Register a PIV/CAC/YubiKey into your browsers for corporate sign-in — without ever touching how you log in to the machine.

The Freshness catalog
Newer software, only when it's proven safe.
Security fixes flow automatically. Feature and version jumps require your explicit consent — and a curated Freshness catalog tracks which fresher packages have actually been tested against the FoundryOS base.
We want that catalog to be deep and constantly re-verified. That testing runs on real machines and AI tooling — which costs money. Donations fund automated verification, so the approved catalog gets richer for everyone.
Help grow the catalog →The flywheel
- 1
Donations offset tokens
Community support covers the AI + compute cost of testing fresher packages.
- 2
Automated verification runs
Each candidate is installed, snapshotted, boot-health-checked, and rolled back in a clean VM.
- 3
Catalog gets richer
Proven packages join the approved Freshness catalog — fresh and safe.
- 4
Everyone benefits
You get newer software on a base that still can't be broken.
Lean install.
Built to stay.
Debian Stable frozen at the core, fresher software in layers you opt into, and none of the bloat. Free, open source, and built in the open — try it in a VM or on real hardware today.