nexus
/
rumpk
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
rumpk/README.md

4.1 KiB
Raw Blame History

Rumpk

Sovereign unikernel. Zig (L0 HAL) + Nim (L1 kernel logic). Dual-arch: RISC-V 64 and ARM64.

Status: Experimental — boots on QEMU, 14/14 fibers (riscv64), 9/9 fibers (aarch64) License: Libertaria Sovereign License (LSL) v1.0

Build

Prerequisites

  • Zig 0.15.x
  • Nim 2.0.x
  • QEMU (for boot testing)
  • bash

Quick Start

# Clone
git clone https://git.sovereign-society.org/nexus/rumpk.git
cd rumpk

# Build kernel (RISC-V 64, default)
bash build_nim.sh riscv64     # Nim -> C -> .o
bash build_lwip.sh            # LwIP static lib
zig build                     # Link final kernel ELF

# Boot test
./run.sh

ARM64

bash build_nim.sh aarch64
bash build_lwip.sh
zig build -Darch=aarch64
./run_aarch64.sh

Full Build (kernel + NipBox userland + initrd)

bash build_full.sh riscv64    # or: bash build_full.sh aarch64
zig build                     # or: zig build -Darch=aarch64

Architecture

rumpk/
├── boot/              L0: Entry points, linker scripts (Zig/ASM)
├── hal/               L0: Hardware Abstraction (Zig)
│   ├── entry_riscv.zig    RISC-V boot, MMU, page tables
│   ├── entry_aarch64.zig  ARM64 boot, MMU, GIC
│   ├── virtio_net.zig     VirtIO network driver
│   ├── virtio_block.zig   VirtIO block driver
│   ├── virtio_mmio.zig    VirtIO MMIO transport (ARM64)
│   ├── virtio_pci.zig     VirtIO PCI transport (RISC-V)
│   ├── mm.zig             Memory management
│   ├── channel.zig        IPC ring buffers
│   └── cspace.zig         Capability space (HAL side)
├── core/              L1: Kernel logic (Nim)
│   ├── kernel.nim         kmain, boot sequence
│   ├── sched.nim          Spectrum scheduler (Photon/Matter/Gravity/Void)
│   ├── fiber.nim          Cooperative fiber management
│   ├── ion.nim            ION memory allocator
│   ├── cspace.nim         Capability enforcement
│   ├── ontology.nim       System Truth Ledger
│   ├── netswitch.nim      Network fiber (DHCP/TCP/ICMP)
│   ├── loader.nim         ELF loader + BKDL manifest
│   └── fs/                VFS + LittleFS bridge
├── libs/
│   ├── membrane/          POSIX adaptation layer
│   │   ├── libc.nim       Freestanding libc for Nim
│   │   ├── net_glue.nim   LwIP <-> kernel bridge
│   │   └── compositor.nim Display compositor
│   └── libertaria/        Libertaria Wire Format integration
├── npl/nipbox/            NipBox userland shell (21 commands)
├── apps/                  Subject binaries, linker scripts
└── vendor/                LwIP, LittleFS, mksh (vendored)

Design Principles

  • Two-language split: Zig for hardware (deterministic, zero-alloc), Nim for logic (expressive, ARC)
  • Capability security: CSpace + Pledge + BKDL manifests. No ambient authority.
  • Spectrum scheduling: 4-tier priority (Photon 2ms, Matter 10ms, Gravity 50ms, Void unlimited)
  • System Truth Ledger: Every security event recorded. Auditable kernel state.

NexusOS Workspace

Rumpk is the kernel component of NexusOS. The full system consists of:

Repository Purpose Build
rumpk Kernel zig build
nip Package manager nim c nip.nim
nexus Build toolkit nim c src/nexus.nim
nipbox Userland shell Built into rumpk via build_full.sh
nexfs Flash filesystem zig build test

Clone All Repos

mkdir nexus-workspace && cd nexus-workspace
for repo in rumpk nip nexus nipbox nexfs; do
  git clone https://git.sovereign-society.org/nexus/${repo}.git
done

Contributing

See CONTRIBUTING.md (coming soon).

Stewardship

Copyright (c) 2025-2026 Markus Maiwald Stewardship: Self Sovereign Society Foundation