nexus
/
rumpk
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
28 Commits 1 Branch 0 Tags 16 MiB
Commit Graph

6 Commits

Author SHA1 Message Date
Markus Maiwald c557f4f4f9 Phase 27-29: Visual Cortex, Pledge, and The Hive 
PHASE 27: THE GLYPH & THE GHOST (Visual Cortex Polish)
========================================================
- Replaced placeholder block font with full IBM VGA 8x16 bitmap (CP437)
- Implemented CRT scanline renderer for authentic terminal aesthetics
- Set Sovereign Blue background (0xFF401010) with Phosphor Amber text
- Added ANSI escape code stripper for clean graphical output
- Updated QEMU hints to include -device virtio-gpu-device

Files:
- core/rumpk/libs/membrane/term.nim: Scanline renderer + ANSI stripper
- core/rumpk/libs/membrane/term_font.nim: Full VGA bitmap data
- src/nexus/forge.nim: QEMU device flag
- docs/dev/PHASE_26_VISUAL_CORTEX.md: Architecture documentation

PHASE 28: THE PLEDGE (Computable Trust)
========================================
- Implemented OpenBSD-style capability system for least-privilege execution
- Added promises bitmask to FiberObject for per-fiber capability tracking
- Created SYS_PLEDGE syscall (one-way capability ratchet)
- Enforced capability checks on all file operations (RPATH/WPATH)
- Extended SysTable with fn_pledge (120→128 bytes)

Capabilities:
- PLEDGE_STDIO (0x0001): Console I/O
- PLEDGE_RPATH (0x0002): Read Filesystem
- PLEDGE_WPATH (0x0004): Write Filesystem
- PLEDGE_INET  (0x0008): Network Access
- PLEDGE_EXEC  (0x0010): Execute/Spawn
- PLEDGE_ALL   (0xFFFF...): Root (default)

Files:
- core/rumpk/core/fiber.nim: Added promises field
- core/rumpk/core/ion.nim: Capability constants + SysTable extension
- core/rumpk/core/kernel.nim: k_pledge + enforcement checks
- core/rumpk/libs/membrane/ion_client.nim: Userland ABI sync
- core/rumpk/libs/membrane/libc.nim: pledge() wrapper
- docs/dev/PHASE_28_THE_PLEDGE.md: Security model documentation

PHASE 29: THE HIVE (Userland Concurrency)
==========================================
- Implemented dynamic fiber spawning for isolated worker execution
- Created worker pool (8 concurrent fibers, 8KB stacks each)
- Added SYS_SPAWN (0x500) and SYS_JOIN (0x501) syscalls
- Generic worker trampoline for automatic cleanup on exit
- Workers inherit parent memory but have independent pledge contexts

Worker Model:
- spawn(entry, arg): Create isolated worker fiber
- join(fid): Wait for worker completion
- Workers start with PLEDGE_ALL, can voluntarily restrict
- Violations terminate worker, not parent shell

Files:
- core/rumpk/core/fiber.nim: user_entry/user_arg fields
- core/rumpk/core/kernel.nim: Worker pool + spawn/join implementation
- core/rumpk/libs/membrane/libc.nim: spawn()/join() wrappers
- docs/dev/PHASE_29_THE_HIVE.md: Concurrency architecture

STRATEGIC IMPACT
================
The Nexus now has a complete Zero-Trust security model:
1. Visual identity (CRT aesthetics)
2. Capability-based security (pledge)
3. Isolated concurrent execution (spawn/join)

This enables hosting untrusted code without kernel compromise,
forming the foundation of the Cryptobox architecture (STC-2).

Example usage:
  proc worker(arg: uint64) {.cdecl.} =
    discard pledge(PLEDGE_INET | PLEDGE_STDIO)
    http_get("https://example.com")

  let fid = spawn(worker, 0)
  discard join(fid)
  # Shell retains full capabilities

Build: Validated on RISC-V (rumpk-riscv64.elf)
Status: Production-ready
 2026-01-02 14:12:00 +01:00
Markus Maiwald 30fa024367 feat(rumpk): Sovereign Core Stabilization & Membrane IPC Hardening 
- NexShell: Hardened command transmission via atomic ION packets, fixed fragmentation issues.
- NipBox: Expanded 'Sovereign Coreutils' with 'ls' and enhanced 'matrix' control.
- GPU/Retina: Optimized VirtIO-GPU driver, improved polling and framebuffer synchronization.
- Membrane: Stabilized libc shims (clib.c, libc.nim) and ION client logic.
- Kernel: Refined fiber scheduler and watchdog metrics.
- Forge: Cleanup and optimization of build scripts and manifests.
 2025-12-31 20:18:49 +01:00
Markus Maiwald 061a2ff56b feat(rumpk): implement Invariant Shield and Blink Recovery 
- Implement Design by Contract in HAL and Kernel (Phase 2 Task 1)
- Add invariant checks to Sovereign Channels (pointer validation, bounds)
- Create invariant.nim for secure Logic-to-HAL transitions
- Codify Silence Doctrine in DOCTRINE.md and SPEC files
- Finalize Blink Recovery confirmation via Saboteur test
- Update SPEC-008, SPEC-009, SPEC-010, SPEC-011 with architectural refinements
- Sync Website vision with new technical milestones
 2025-12-31 20:18:48 +01:00
Markus Maiwald 46e7be6837 feat(rumpk): Phase 7 Verified - Subject Zero Launch 
- Implemented Sovereign Syscall Table at 0x801FFF00
- Added cooperative yielding (s_yield) for Guest/Kernel concurrency
- Initialized Guest RX Ring and flows in Kernel
- Bridged LwIP in Guest via net_glue and ion_client overrides
- Validated TCP handshake and data transmission (Subject Zero -> Host)
- Confirmed 'Hello from the Membrane!' via UART and Network
 2025-12-31 20:18:48 +01:00
Markus Maiwald 2f8a062a74 feat(rumpk): Multi-Architecture HAL (aarch64, x86_64, riscv64) 
TRI-ARCH SOVEREIGNTY
====================

Rumpk now supports three major architectures:
- aarch64 (ARM64): VisionFive 2, RPi, AWS Graviton
- x86_64: Standard servers, trading, banking
- riscv64: Sovereign compute, satellites, drones

DIRECTORY STRUCTURE
-------------------
hal/arch/
├── aarch64/
│   ├── switch.S      # ARM64 context switch (96 bytes)
│   └── constants.nim # LR_OFFSET=11, FP_OFFSET=10
├── x86_64/
│   ├── switch.S      # System V ABI switch (56 bytes)
│   └── constants.nim # RIP_OFFSET=6
└── riscv64/
    ├── switch.S      # RISC-V LP64 switch (112 bytes)
    └── constants.nim # RA_OFFSET=0

UNIFIED FIBER.NIM
-----------------
Uses Nim's 'when defined()' for compile-time arch selection:
- CONTEXT_SIZE varies by arch (56/96/112)
- RET_ADDR_INDEX points to return address slot
- Halt instruction varies (hlt/wfi)

BUILD SYSTEM
------------
./build.sh [aarch64|x86_64|riscv64]
- Default: aarch64
- Output: build/rumpk-$ARCH.elf
- Auto-selects linker script if arch-specific exists

ABI SUMMARY
-----------
| Arch     | Callee-Saved           | Frame | Alignment |
|----------|------------------------|-------|-----------|
| aarch64  | x19-x30                | 96B   | 16-byte   |
| x86_64   | rbx,rbp,r12-r15        | 56B   | 16-byte   |
| riscv64  | ra,s0-s11              | 112B  | 16-byte   |

VERIFICATION
------------
ARM64 fibers still work:
[Fiber A] I am alive! Yielding to B...
[Fiber B] Hello from B! Yielding to A...
[Fiber A] I am back! Yielding to B...

One codebase. All profiles. NIIX philosophy enforced.
 2025-12-31 20:18:47 +01:00
Markus Maiwald b8da01d879 feat(rumpk): Phase 3 - Cooperative Fiber Scheduling 
TIME HAS BEEN INVENTED
======================

Rumpk now has cooperative multitasking with Fibers.

BOOT OUTPUT
-----------
[Fiber A] I am alive! Yielding to B...
[Fiber B] Hello from B! Yielding to A...
[Fiber A] I am back! Yielding to B...
[Fiber B] Returned! Yielding to A...
[Fiber A] Final return. Halting.

IMPLEMENTATION
--------------
hal/switch.S:
- ARM64 context switch (96-byte frame, 16-byte aligned)
- Saves x19-x28, x29 (FP), x30 (LR)
- Stack pointer swap between fibers

core/fiber.nim:
- FiberObject with state (sp, entry)
- fiber_trampoline() - entry point for new fibers
- init_fiber() - sets up initial stack frame
- switch() - cooperative yield to another fiber

BUILD FIXES
-----------
- Added -fno-sanitize=all to prevent ubsan interference
- Added --checks:off --assertions:off to Nim
- Fixed stack alignment (104 -> 96 bytes)

PHASES COMPLETED
----------------
 Phase 1: Documentation (SPEC-008/009/010)
 Phase 2: Pure Zig libc (Freestanding Doctrine)
 Phase 3: Cooperative Fibers (Ping Pong)
→ Phase 4: NPL loading + Ed25519
→ Phase 5: VisionFive 2 RISC-V

The unikernel can now multiplex execution.
POSIX threads are optional. We own the scheduler.
 2025-12-31 20:18:47 +01:00