04663318f3
feat(kernel): implement Sv39 fiber memory isolation and hardened ELF loader
2026-01-05 16:36:25 +01:00
18ce029070
feat(rumpk): Achieve interactive Mksh shell & formalize Sovereign FSH
...
CHECKPOINT 7: Nuke LwIP, Fix Stack
🎯 PRIMARY ACHIEVEMENTS:
- ✅ Interactive Mksh shell successfully boots and accepts input
- ✅ Kernel-side LwIP networking disabled (moved to userland intent)
- ✅ C-ABI handover fully operational (argc, argv, environ)
- ✅ SPEC-130: Sovereign Filesystem Hierarchy formalized
🔧 KERNEL FIXES:
1. **Nuked Kernel LwIP**
- Disabled membrane_init() in kernel.nim
- Prevented automatic DHCP/IP acquisition
- Network stack deferred to userland control
2. **Fixed C-ABI Stack Handover**
- Updated rumpk_enter_userland signature: (entry, argc, argv, sp)
- Kernel prepares userland stack at 0x8FFFFFE0 (top of user RAM)
- Stack layout: [argc][argv[0]][argv[1]=NULL][envp[0]=NULL][string data]
- Preserved kernel-passed arguments through subject_entry.S
3. **Fixed Trap Return Stack Switching**
- Added sscratch swap before sret in entry_riscv.zig
- Properly restores user stack and preserves kernel stack pointer
- Fixes post-syscall instruction page fault
4. **Rebuilt Mksh with Fixed Runtime**
- subject_entry.S no longer zeros a0/a1
- Arguments flow: Kernel -> switch.S -> subject_entry.S -> main()
📐 ARCHITECTURAL SPECS:
- **SPEC-130: Sovereign Filesystem Hierarchy**
- Tri-State (+1) Storage Model: /sysro, /etc, /run, /state
- Declarative Stateless Doctrine (inspired by Clear Linux/Silverblue)
- Ghost Writer Pattern: KDL recipes -> /etc generation
- Bind-Mount Strategy for legacy app grafting
- Database Contract for /state (transactional, encrypted)
🛠️ DEVELOPER EXPERIENCE:
- Fixed filesystem.nim to fallback to .nexus/ for local builds
- Prevents permission errors during development
🧪 VERIFICATION:
Syscalls confirmed working: write (0x200, 0x204), read (0x203)
NEXT: Implement proper TTY/PTY subsystem for full job control
Co-authored-by: Voxis Forge <voxis@nexus-os.org>
2026-01-05 01:14:24 +01:00
f2be3d08ac
Voxis Forge: Rumpk Stability, NipBox Boot, and Repository Cleanup
...
- Fixed Rumpk RISC-V Trap Handler (SSCRATCH swap, align(4), SUM bit) to prevent double faults.
- Stabilized Userland Transition (fence.i, MMU activation) allowing NipBox execution.
- Restored Forge pipeline to build NipBox from source.
- Documented critical RISC-V trap mechanics in .agent/tips.
- Committed pending repository cleanup (obsolete websites) and new core modules.
2026-01-04 21:39:06 +01:00
7169dc05d4
Phase 27-29: Visual Cortex, Pledge, and The Hive
...
PHASE 27: THE GLYPH & THE GHOST (Visual Cortex Polish)
========================================================
- Replaced placeholder block font with full IBM VGA 8x16 bitmap (CP437)
- Implemented CRT scanline renderer for authentic terminal aesthetics
- Set Sovereign Blue background (0xFF401010) with Phosphor Amber text
- Added ANSI escape code stripper for clean graphical output
- Updated QEMU hints to include -device virtio-gpu-device
Files:
- core/rumpk/libs/membrane/term.nim: Scanline renderer + ANSI stripper
- core/rumpk/libs/membrane/term_font.nim: Full VGA bitmap data
- src/nexus/forge.nim: QEMU device flag
- docs/dev/PHASE_26_VISUAL_CORTEX.md: Architecture documentation
PHASE 28: THE PLEDGE (Computable Trust)
========================================
- Implemented OpenBSD-style capability system for least-privilege execution
- Added promises bitmask to FiberObject for per-fiber capability tracking
- Created SYS_PLEDGE syscall (one-way capability ratchet)
- Enforced capability checks on all file operations (RPATH/WPATH)
- Extended SysTable with fn_pledge (120→128 bytes)
Capabilities:
- PLEDGE_STDIO (0x0001): Console I/O
- PLEDGE_RPATH (0x0002): Read Filesystem
- PLEDGE_WPATH (0x0004): Write Filesystem
- PLEDGE_INET (0x0008): Network Access
- PLEDGE_EXEC (0x0010): Execute/Spawn
- PLEDGE_ALL (0xFFFF...): Root (default)
Files:
- core/rumpk/core/fiber.nim: Added promises field
- core/rumpk/core/ion.nim: Capability constants + SysTable extension
- core/rumpk/core/kernel.nim: k_pledge + enforcement checks
- core/rumpk/libs/membrane/ion_client.nim: Userland ABI sync
- core/rumpk/libs/membrane/libc.nim: pledge() wrapper
- docs/dev/PHASE_28_THE_PLEDGE.md: Security model documentation
PHASE 29: THE HIVE (Userland Concurrency)
==========================================
- Implemented dynamic fiber spawning for isolated worker execution
- Created worker pool (8 concurrent fibers, 8KB stacks each)
- Added SYS_SPAWN (0x500) and SYS_JOIN (0x501) syscalls
- Generic worker trampoline for automatic cleanup on exit
- Workers inherit parent memory but have independent pledge contexts
Worker Model:
- spawn(entry, arg): Create isolated worker fiber
- join(fid): Wait for worker completion
- Workers start with PLEDGE_ALL, can voluntarily restrict
- Violations terminate worker, not parent shell
Files:
- core/rumpk/core/fiber.nim: user_entry/user_arg fields
- core/rumpk/core/kernel.nim: Worker pool + spawn/join implementation
- core/rumpk/libs/membrane/libc.nim: spawn()/join() wrappers
- docs/dev/PHASE_29_THE_HIVE.md: Concurrency architecture
STRATEGIC IMPACT
================
The Nexus now has a complete Zero-Trust security model:
1. Visual identity (CRT aesthetics)
2. Capability-based security (pledge)
3. Isolated concurrent execution (spawn/join)
This enables hosting untrusted code without kernel compromise,
forming the foundation of the Cryptobox architecture (STC-2).
Example usage:
proc worker(arg: uint64) {.cdecl.} =
discard pledge(PLEDGE_INET | PLEDGE_STDIO)
http_get("https://example.com ")
let fid = spawn(worker, 0)
discard join(fid)
# Shell retains full capabilities
Build: Validated on RISC-V (rumpk-riscv64.elf)
Status: Production-ready
2026-01-02 14:12:00 +01:00
d9d6f0b82d
feat(membrane): enable userspace networking and tcp handshake (Phase 16)
2026-01-01 20:24:17 +01:00
1fe99d26e7
feat(rumpk): dignified exit & sovereign vfs
...
- Resolved Sovereign Trap exit fault by refactoring kernel exit logic
- Implemented persistent Subject fiber with kload loop for clean respawns
- Fixed File not found loop by fixing initrd embedding with proper RISC-V ABI flags
- Eliminated 30KB truncation of initrd restoring full 80KB archive visibility
- Enhanced TarFS driver with robust path normalization
- Implemented exit syscall in libc_shim.zig with CMD_SYS_EXIT and nexus_yield
- Created hello.c and libnexus.h for userland testing
- Updated ion.nim and kernel.nim to handle CMD_SYS_EXEC and CMD_SYS_EXIT
- Ensured bin/nipbox is correctly copied to rootfs before packaging
2025-12-31 21:54:44 +01:00
30fa024367
feat(rumpk): Sovereign Core Stabilization & Membrane IPC Hardening
...
- NexShell: Hardened command transmission via atomic ION packets, fixed fragmentation issues.
- NipBox: Expanded 'Sovereign Coreutils' with 'ls' and enhanced 'matrix' control.
- GPU/Retina: Optimized VirtIO-GPU driver, improved polling and framebuffer synchronization.
- Membrane: Stabilized libc shims (clib.c, libc.nim) and ION client logic.
- Kernel: Refined fiber scheduler and watchdog metrics.
- Forge: Cleanup and optimization of build scripts and manifests.
2025-12-31 20:18:49 +01:00
b3d9c2a49d
feat(rumpk): Phase 2 Complete - The Entropy Purge & Sovereign Alignment
...
- Rumpk Core: Complete exorcism of LwIP/NET ghosts. Transitioned to ION nomenclature.
- ABI Sync: Synchronized Zig HAL and Nim Logic Ring Buffer layouts (u32 head/tail/mask).
- Invariant Shield: Hardened HAL pipes with handle-based validation and power-of-2 sync.
- Immune System: Verified Blink Recovery (Self-Healing) with updated ION Control Plane.
- NexShell: Major refactor of Command Plane for Sovereign Ring access.
- Architecture: Updated SPEC files and Doctrines (Silence, Hexagonal Sovereignty).
- Purge: Removed legacy rumk and nip artifacts for a clean substrate.
- Web: Updated landing page vision to match Rumpk v1.1 milestones.
2025-12-31 20:18:48 +01:00
46e7be6837
feat(rumpk): Phase 7 Verified - Subject Zero Launch
...
- Implemented Sovereign Syscall Table at 0x801FFF00
- Added cooperative yielding (s_yield) for Guest/Kernel concurrency
- Initialized Guest RX Ring and flows in Kernel
- Bridged LwIP in Guest via net_glue and ion_client overrides
- Validated TCP handshake and data transmission (Subject Zero -> Host)
- Confirmed 'Hello from the Membrane!' via UART and Network
2025-12-31 20:18:48 +01:00
Markus Maiwald