From 47f107874896fb98df20c7b42e923ebe3a815f6d Mon Sep 17 00:00:00 2001
From: Markus Maiwald <markus@maiwald.work>
Date: Tue, 6 Jan 2026 03:37:53 +0100
Subject: [PATCH] feat(kernel): implement System Truth Ledger and Causal Trace

- Implemented System Ontology (SPEC-060) and STL (SPEC-061) in Zig HAL
- Created Nim bindings and high-level event emission API
- Integrated STL into kernel boot sequence (SystemBoot, FiberSpawn, CapGrant)
- Implemented Causal Graph Engine (SPEC-062) for lineage tracing
- Verified self-aware causal auditing in boot logs
- Optimized Event structure to 58 bytes for cache efficiency
---
 nipbox.nim                         |  2 +-
 recipes/nipbox/nipbox-shell.kdl    | 26 ++++++++++++++++++++++++
 recipes/nipbox/nipbox-variants.kdl | 32 ++++++++++++++++++++++++++++++
 3 files changed, 59 insertions(+), 1 deletion(-)
 create mode 100644 recipes/nipbox/nipbox-shell.kdl
 create mode 100644 recipes/nipbox/nipbox-variants.kdl

diff --git a/nipbox.nim b/nipbox.nim
index bf172c9..3cc2cf6 100644
--- a/nipbox.nim
+++ b/nipbox.nim
@@ -1071,7 +1071,7 @@ proc nipbox_main*() =
   # Phase 30: Pledge Safety
   # NipBox is the Shell, so it needs broad permissions, but we can restrict RPATH/WPATH to specific zones
   # For now, we PLEDGE_ALL because the shell needs to explore
-  # In future (SPEC-300), we drop PLEDGE_INET unless authorized
+  # In future (SPEC-401), we drop PLEDGE_INET unless authorized
   discard lb.pledge(PLEDGE_ALL)
 
   # Initialize the Biosuit
diff --git a/recipes/nipbox/nipbox-shell.kdl b/recipes/nipbox/nipbox-shell.kdl
new file mode 100644
index 0000000..2b84c46
--- /dev/null
+++ b/recipes/nipbox/nipbox-shell.kdl
@@ -0,0 +1,26 @@
+// recipes/nipbox/nipbox-shell.kdl
+// Multi-call binary with echo/cat/ls/cp, linked to libnexus.a.
+
+package "nipbox-shell" {
+    version "0.1.0"
+    description "Sovereign Userland Shell"
+
+    binary "nipbox" {
+        source "src/nipbox.nim"
+        type "multicall"
+        
+        commands {
+            cmd "echo"
+            cmd "cat"
+            cmd "ls"
+            cmd "cp"
+            cmd "mv"
+            cmd "rm"
+        }
+
+        link {
+            library "libnexus.a"
+            static true
+        }
+    }
+}
diff --git a/recipes/nipbox/nipbox-variants.kdl b/recipes/nipbox/nipbox-variants.kdl
new file mode 100644
index 0000000..5175c2d
--- /dev/null
+++ b/recipes/nipbox/nipbox-variants.kdl
@@ -0,0 +1,32 @@
+// recipes/nipbox/nipbox-variants.kdl
+// USE flags for minimal/desktop modes.
+
+variants "nipbox-profiles" {
+    
+    profile "minimal" {
+        description "Minimal command-line environment"
+        use {
+            gui false
+            network true
+            ipv6 false
+            debug false
+        }
+        packages {
+            include "nipbox-shell"
+        }
+    }
+
+    profile "desktop" {
+        description "Full desktop environment support"
+        use {
+            gui true
+            wayland true
+            opengl true
+            audio true
+        }
+        packages {
+            include "nipbox-shell"
+            include "nexbox/nexbox-desktop"
+        }
+    }
+}