diff --git a/nipbox.nim b/nipbox.nim index bf172c9..3cc2cf6 100644 --- a/nipbox.nim +++ b/nipbox.nim @@ -1071,7 +1071,7 @@ proc nipbox_main*() = # Phase 30: Pledge Safety # NipBox is the Shell, so it needs broad permissions, but we can restrict RPATH/WPATH to specific zones # For now, we PLEDGE_ALL because the shell needs to explore - # In future (SPEC-300), we drop PLEDGE_INET unless authorized + # In future (SPEC-401), we drop PLEDGE_INET unless authorized discard lb.pledge(PLEDGE_ALL) # Initialize the Biosuit diff --git a/recipes/nipbox/nipbox-shell.kdl b/recipes/nipbox/nipbox-shell.kdl new file mode 100644 index 0000000..2b84c46 --- /dev/null +++ b/recipes/nipbox/nipbox-shell.kdl @@ -0,0 +1,26 @@ +// recipes/nipbox/nipbox-shell.kdl +// Multi-call binary with echo/cat/ls/cp, linked to libnexus.a. + +package "nipbox-shell" { + version "0.1.0" + description "Sovereign Userland Shell" + + binary "nipbox" { + source "src/nipbox.nim" + type "multicall" + + commands { + cmd "echo" + cmd "cat" + cmd "ls" + cmd "cp" + cmd "mv" + cmd "rm" + } + + link { + library "libnexus.a" + static true + } + } +} diff --git a/recipes/nipbox/nipbox-variants.kdl b/recipes/nipbox/nipbox-variants.kdl new file mode 100644 index 0000000..5175c2d --- /dev/null +++ b/recipes/nipbox/nipbox-variants.kdl @@ -0,0 +1,32 @@ +// recipes/nipbox/nipbox-variants.kdl +// USE flags for minimal/desktop modes. + +variants "nipbox-profiles" { + + profile "minimal" { + description "Minimal command-line environment" + use { + gui false + network true + ipv6 false + debug false + } + packages { + include "nipbox-shell" + } + } + + profile "desktop" { + description "Full desktop environment support" + use { + gui true + wayland true + opengl true + audio true + } + packages { + include "nipbox-shell" + include "nexbox/nexbox-desktop" + } + } +}