nexus/nip - Forgejo: Beyond coding. We forge.

Commit Graph

Author	SHA1	Message	Date
Markus Maiwald	da6aa7f50a	Phase 27-29: Visual Cortex, Pledge, and The Hive PHASE 27: THE GLYPH & THE GHOST (Visual Cortex Polish) ======================================================== - Replaced placeholder block font with full IBM VGA 8x16 bitmap (CP437) - Implemented CRT scanline renderer for authentic terminal aesthetics - Set Sovereign Blue background (0xFF401010) with Phosphor Amber text - Added ANSI escape code stripper for clean graphical output - Updated QEMU hints to include -device virtio-gpu-device Files: - core/rumpk/libs/membrane/term.nim: Scanline renderer + ANSI stripper - core/rumpk/libs/membrane/term_font.nim: Full VGA bitmap data - src/nexus/forge.nim: QEMU device flag - docs/dev/PHASE_26_VISUAL_CORTEX.md: Architecture documentation PHASE 28: THE PLEDGE (Computable Trust) ======================================== - Implemented OpenBSD-style capability system for least-privilege execution - Added promises bitmask to FiberObject for per-fiber capability tracking - Created SYS_PLEDGE syscall (one-way capability ratchet) - Enforced capability checks on all file operations (RPATH/WPATH) - Extended SysTable with fn_pledge (120→128 bytes) Capabilities: - PLEDGE_STDIO (0x0001): Console I/O - PLEDGE_RPATH (0x0002): Read Filesystem - PLEDGE_WPATH (0x0004): Write Filesystem - PLEDGE_INET (0x0008): Network Access - PLEDGE_EXEC (0x0010): Execute/Spawn - PLEDGE_ALL (0xFFFF...): Root (default) Files: - core/rumpk/core/fiber.nim: Added promises field - core/rumpk/core/ion.nim: Capability constants + SysTable extension - core/rumpk/core/kernel.nim: k_pledge + enforcement checks - core/rumpk/libs/membrane/ion_client.nim: Userland ABI sync - core/rumpk/libs/membrane/libc.nim: pledge() wrapper - docs/dev/PHASE_28_THE_PLEDGE.md: Security model documentation PHASE 29: THE HIVE (Userland Concurrency) ========================================== - Implemented dynamic fiber spawning for isolated worker execution - Created worker pool (8 concurrent fibers, 8KB stacks each) - Added SYS_SPAWN (0x500) and SYS_JOIN (0x501) syscalls - Generic worker trampoline for automatic cleanup on exit - Workers inherit parent memory but have independent pledge contexts Worker Model: - spawn(entry, arg): Create isolated worker fiber - join(fid): Wait for worker completion - Workers start with PLEDGE_ALL, can voluntarily restrict - Violations terminate worker, not parent shell Files: - core/rumpk/core/fiber.nim: user_entry/user_arg fields - core/rumpk/core/kernel.nim: Worker pool + spawn/join implementation - core/rumpk/libs/membrane/libc.nim: spawn()/join() wrappers - docs/dev/PHASE_29_THE_HIVE.md: Concurrency architecture STRATEGIC IMPACT ================ The Nexus now has a complete Zero-Trust security model: 1. Visual identity (CRT aesthetics) 2. Capability-based security (pledge) 3. Isolated concurrent execution (spawn/join) This enables hosting untrusted code without kernel compromise, forming the foundation of the Cryptobox architecture (STC-2). Example usage: proc worker(arg: uint64) {.cdecl.} = discard pledge(PLEDGE_INET \| PLEDGE_STDIO) http_get("https://example.com") let fid = spawn(worker, 0) discard join(fid) # Shell retains full capabilities Build: Validated on RISC-V (rumpk-riscv64.elf) Status: Production-ready	2026-01-02 14:12:00 +01:00
Markus Maiwald	b4b3f3b1ce	feat(rumpk): Phase 2 Complete - The Entropy Purge & Sovereign Alignment - Rumpk Core: Complete exorcism of LwIP/NET ghosts. Transitioned to ION nomenclature. - ABI Sync: Synchronized Zig HAL and Nim Logic Ring Buffer layouts (u32 head/tail/mask). - Invariant Shield: Hardened HAL pipes with handle-based validation and power-of-2 sync. - Immune System: Verified Blink Recovery (Self-Healing) with updated ION Control Plane. - NexShell: Major refactor of Command Plane for Sovereign Ring access. - Architecture: Updated SPEC files and Doctrines (Silence, Hexagonal Sovereignty). - Purge: Removed legacy rumk and nip artifacts for a clean substrate. - Web: Updated landing page vision to match Rumpk v1.1 milestones.	2025-12-31 20:18:48 +01:00
Markus Maiwald	46f7867237	feat(rumk): v0.5 LWKT scheduler with NPL loading Rumk hypervisor milestone - December 27, 2025: v0.1: LWKT foundation (1552B) - Message types, thread descriptors, per-CPU state - Cooperative scheduler, syscall dispatch - RISC-V trap handling v0.2: MLFQ scheduler (2176B) - 4-level priority queues (RT/High/Normal/Idle) - Trust-adjusted quanta - Demote/promote/starvation handling v0.3: Work stealing + zero-idle (2880B) - Per-CPU MLFQ queues - Lockless work stealing - WFI-based idle (OpenBSD style) v0.4: IPI + per-CPU cache (3072B) - CLINT IPI for cross-core wake - 16-slot per-CPU cache - Stats tracking v0.5: NPL loading (3088B) - NplHeader, LoadedNpl, NplRegistry - loadNpl(), unloadNpl(), verifySignature() - ProvChain NPL events Ready for VisionFive 2 hardware demo (Jan 15, 2026)	2025-12-31 20:18:40 +01:00

Author

SHA1

Message

Date

Markus Maiwald

da6aa7f50a

Phase 27-29: Visual Cortex, Pledge, and The Hive

PHASE 27: THE GLYPH & THE GHOST (Visual Cortex Polish)
========================================================
- Replaced placeholder block font with full IBM VGA 8x16 bitmap (CP437)
- Implemented CRT scanline renderer for authentic terminal aesthetics
- Set Sovereign Blue background (0xFF401010) with Phosphor Amber text
- Added ANSI escape code stripper for clean graphical output
- Updated QEMU hints to include -device virtio-gpu-device

Files:
- core/rumpk/libs/membrane/term.nim: Scanline renderer + ANSI stripper
- core/rumpk/libs/membrane/term_font.nim: Full VGA bitmap data
- src/nexus/forge.nim: QEMU device flag
- docs/dev/PHASE_26_VISUAL_CORTEX.md: Architecture documentation

PHASE 28: THE PLEDGE (Computable Trust)
========================================
- Implemented OpenBSD-style capability system for least-privilege execution
- Added promises bitmask to FiberObject for per-fiber capability tracking
- Created SYS_PLEDGE syscall (one-way capability ratchet)
- Enforced capability checks on all file operations (RPATH/WPATH)
- Extended SysTable with fn_pledge (120→128 bytes)

Capabilities:
- PLEDGE_STDIO (0x0001): Console I/O
- PLEDGE_RPATH (0x0002): Read Filesystem
- PLEDGE_WPATH (0x0004): Write Filesystem
- PLEDGE_INET  (0x0008): Network Access
- PLEDGE_EXEC  (0x0010): Execute/Spawn
- PLEDGE_ALL   (0xFFFF...): Root (default)

Files:
- core/rumpk/core/fiber.nim: Added promises field
- core/rumpk/core/ion.nim: Capability constants + SysTable extension
- core/rumpk/core/kernel.nim: k_pledge + enforcement checks
- core/rumpk/libs/membrane/ion_client.nim: Userland ABI sync
- core/rumpk/libs/membrane/libc.nim: pledge() wrapper
- docs/dev/PHASE_28_THE_PLEDGE.md: Security model documentation

PHASE 29: THE HIVE (Userland Concurrency)
==========================================
- Implemented dynamic fiber spawning for isolated worker execution
- Created worker pool (8 concurrent fibers, 8KB stacks each)
- Added SYS_SPAWN (0x500) and SYS_JOIN (0x501) syscalls
- Generic worker trampoline for automatic cleanup on exit
- Workers inherit parent memory but have independent pledge contexts

Worker Model:
- spawn(entry, arg): Create isolated worker fiber
- join(fid): Wait for worker completion
- Workers start with PLEDGE_ALL, can voluntarily restrict
- Violations terminate worker, not parent shell

Files:
- core/rumpk/core/fiber.nim: user_entry/user_arg fields
- core/rumpk/core/kernel.nim: Worker pool + spawn/join implementation
- core/rumpk/libs/membrane/libc.nim: spawn()/join() wrappers
- docs/dev/PHASE_29_THE_HIVE.md: Concurrency architecture

STRATEGIC IMPACT
================
The Nexus now has a complete Zero-Trust security model:
1. Visual identity (CRT aesthetics)
2. Capability-based security (pledge)
3. Isolated concurrent execution (spawn/join)

This enables hosting untrusted code without kernel compromise,
forming the foundation of the Cryptobox architecture (STC-2).

Example usage:
  proc worker(arg: uint64) {.cdecl.} =
    discard pledge(PLEDGE_INET | PLEDGE_STDIO)
    http_get("https://example.com")

  let fid = spawn(worker, 0)
  discard join(fid)
  # Shell retains full capabilities

Build: Validated on RISC-V (rumpk-riscv64.elf)
Status: Production-ready

2026-01-02 14:12:00 +01:00

Markus Maiwald

b4b3f3b1ce

feat(rumpk): Phase 2 Complete - The Entropy Purge & Sovereign Alignment

- Rumpk Core: Complete exorcism of LwIP/NET ghosts. Transitioned to ION nomenclature.
- ABI Sync: Synchronized Zig HAL and Nim Logic Ring Buffer layouts (u32 head/tail/mask).
- Invariant Shield: Hardened HAL pipes with handle-based validation and power-of-2 sync.
- Immune System: Verified Blink Recovery (Self-Healing) with updated ION Control Plane.
- NexShell: Major refactor of Command Plane for Sovereign Ring access.
- Architecture: Updated SPEC files and Doctrines (Silence, Hexagonal Sovereignty).
- Purge: Removed legacy rumk and nip artifacts for a clean substrate.
- Web: Updated landing page vision to match Rumpk v1.1 milestones.

2025-12-31 20:18:48 +01:00

Markus Maiwald

46f7867237

feat(rumk): v0.5 LWKT scheduler with NPL loading

Rumk hypervisor milestone - December 27, 2025:

v0.1: LWKT foundation (1552B)
- Message types, thread descriptors, per-CPU state
- Cooperative scheduler, syscall dispatch
- RISC-V trap handling

v0.2: MLFQ scheduler (2176B)
- 4-level priority queues (RT/High/Normal/Idle)
- Trust-adjusted quanta
- Demote/promote/starvation handling

v0.3: Work stealing + zero-idle (2880B)
- Per-CPU MLFQ queues
- Lockless work stealing
- WFI-based idle (OpenBSD style)

v0.4: IPI + per-CPU cache (3072B)
- CLINT IPI for cross-core wake
- 16-slot per-CPU cache
- Stats tracking

v0.5: NPL loading (3088B)
- NplHeader, LoadedNpl, NplRegistry
- loadNpl(), unloadNpl(), verifySignature()
- ProvChain NPL events

Ready for VisionFive 2 hardware demo (Jan 15, 2026)

2025-12-31 20:18:40 +01:00

3 Commits