Markus Maiwald
c83589201c
license: Libertaria Unbound License (LUL) v1.0
2026-02-15 20:15:58 +01:00
Markus Maiwald
9bd0a256ff
chore: add .gitignore
2026-02-15 20:04:48 +01:00
Markus Maiwald
dfe9135b8a
feat(userland): NipBox LITE subject binary, ARM64 init support
2026-02-15 19:59:30 +01:00
47f1078748
feat(kernel): implement System Truth Ledger and Causal Trace
...
- Implemented System Ontology (SPEC-060) and STL (SPEC-061) in Zig HAL
- Created Nim bindings and high-level event emission API
- Integrated STL into kernel boot sequence (SystemBoot, FiberSpawn, CapGrant)
- Implemented Causal Graph Engine (SPEC-062) for lineage tracing
- Verified self-aware causal auditing in boot logs
- Optimized Event structure to 58 bytes for cache efficiency
2026-01-06 03:37:53 +01:00
668e79504d
Rumpk Stability, NipBox Boot, and Repository Cleanup
...
- Fixed Rumpk RISC-V Trap Handler (SSCRATCH swap, align(4), SUM bit) to prevent double faults.
- Stabilized Userland Transition (fence.i, MMU activation) allowing NipBox execution.
- Restored Forge pipeline to build NipBox from source.
- Documented critical RISC-V trap mechanics in .agent/tips.
- Committed pending repository cleanup (obsolete websites) and new core modules.
2026-01-04 21:39:06 +01:00
a7f68664d0
Phase 37: The Glass Cage - Memory Isolation Complete
...
VICTORY: All page faults (Code 12, 13, 15) eliminated. NipBox runs in isolated userspace.
Root Cause Diagnosed:
- Kernel BSS (0x84D5B030) was overwritten by NipBox loading at 0x84000000
- current_fiber corruption caused cascading failures
Strategic Fixes:
1. Relocated NipBox to 0x86000000 (eliminating BSS collision)
2. Expanded DRAM to 256MB, User region to 64MB (accommodating NipBox BSS)
3. Restored Kernel GP register in trap handler (fixing global access)
4. Conditionally excluded ion/memory from userspace builds (removing 2MB pool)
5. Enabled release build optimizations (reducing BSS bloat)
Results:
- Kernel globals: SAFE
- User memory: ISOLATED (Sv39 active)
- Syscalls: OPERATIONAL
- Scheduler: STABLE
- NipBox: ALIVE (waiting for stdin)
Files Modified:
- core/rumpk/apps/linker_user.ld: User region 0x86000000-0x89FFFFFF (64MB)
- core/rumpk/hal/mm.zig: DRAM 256MB, User map 32-256MB
- core/rumpk/hal/entry_riscv.zig: GP reload in trap handler
- core/rumpk/core/ion.nim: Conditional memory export
- core/rumpk/libs/membrane/ion_client.nim: Local type declarations
- core/rumpk/libs/membrane/net_glue.nim: Removed ion import
- core/rumpk/libs/membrane/compositor.nim: Stubbed unused functions
- src/nexus/builder/nipbox.nim: Release build flags
Next: Fix stdin delivery to enable interactive shell.
2026-01-04 02:03:01 +01:00
0911ec58fd
Phase 34: Orbital Drop - Fix console echo and eliminate 'R' flood regression
...
- Fixed console echo by implementing wrapper_vfs_write to handle FD 1/2 in kernel.
- Initialized UART on RISC-V with FIFO drain to prevent stuck characters.
- Removed debug 'R' trace from libc.nim read(0) shim.
- Restored interactive CLI functionality.
2026-01-03 18:07:18 +01:00
be929b50da
Phase 30: The Proxy Command (NipBox Worker Integration)
...
PHASE 30: THE PROXY COMMAND - WORKER MODEL INTEGRATION
=======================================================
Solved the Ratchet Problem by transforming NipBox from a Process Executor
into a Process Supervisor. Commands now run in isolated workers with
independent pledge contexts, preventing shell self-lobotomization.
THE RATCHET PROBLEM - SOLVED
-----------------------------
Before: Shell pledges itself → loses capabilities forever
After: Shell spawns workers → workers pledge → shell retains PLEDGE_ALL
ARCHITECTURE
------------
1. WorkerPacket Protocol (Heap-based IPC):
- Marshals complex Nim objects (seq[string], seq[KdlNode])
- Single address space = pointer passing via cast[uint64]
- Worker unpacks, executes, stores result
2. Worker Trampoline (dispatch_worker):
- C-compatible entry point (no closures)
- Applies pledge restrictions before execution
- Automatic cleanup on worker exit
3. Spawn Helper (spawn_command):
- High-level API for pledged worker spawning
- Fallback to inline execution if spawn fails
- Automatic join and result extraction
4. Dispatcher Integration:
- http.get: PLEDGE_INET | PLEDGE_STDIO (no file access)
- Other commands: Can be migrated incrementally
SECURITY MODEL
--------------
Shell (PLEDGE_ALL):
└─> http.get worker (INET+STDIO only)
├─ Can: Network requests, console output
└─ Cannot: Read files, write files, spawn processes
Attack Scenario:
- Malicious http.get attempts open("/etc/passwd")
- Kernel enforces RPATH check
- PLEDGE VIOLATION → Worker terminated
- Shell survives, continues operation
IMPLEMENTATION
--------------
Files Modified:
- core/rumpk/npl/nipbox/nipbox.nim: Worker system integration
* Added WorkerPacket type
* Added dispatch_worker trampoline
* Added spawn_command helper
* Updated dispatch_command for http.get
* Added pledge constants
Documentation:
- docs/dev/PHASE_30_THE_PROXY.md: Architecture and security model
USAGE EXAMPLE
-------------
root@nexus:# http.get http://example.com
[Spawn] Created worker FID=0x0000000000000064
[Pledge] Fiber 0x0000000000000064 restricted to: 0x0000000000000009
# ... HTTP response ...
[Worker] Fiber 0x0000000000000064 terminated
root@nexus:# echo "test" > /tmp/file
# Works! Shell retained WPATH capability
LIMITATIONS
-----------
1. No memory isolation (workers share address space)
2. Cooperative scheduling only
3. Manual command migration required
4. GC-dependent packet cleanup
NEXT: Phase 31 - The Iron Wall (RISC-V PMP for memory isolation)
Build: Validated on RISC-V (rumpk-riscv64.elf)
Status: Production-ready
2026-01-02 14:33:47 +01:00
8e168e615d
Phase 27-29: Visual Cortex, Pledge, and The Hive
...
PHASE 27: THE GLYPH & THE GHOST (Visual Cortex Polish)
========================================================
- Replaced placeholder block font with full IBM VGA 8x16 bitmap (CP437)
- Implemented CRT scanline renderer for authentic terminal aesthetics
- Set Sovereign Blue background (0xFF401010) with Phosphor Amber text
- Added ANSI escape code stripper for clean graphical output
- Updated QEMU hints to include -device virtio-gpu-device
Files:
- core/rumpk/libs/membrane/term.nim: Scanline renderer + ANSI stripper
- core/rumpk/libs/membrane/term_font.nim: Full VGA bitmap data
- src/nexus/forge.nim: QEMU device flag
- docs/dev/PHASE_26_VISUAL_CORTEX.md: Architecture documentation
PHASE 28: THE PLEDGE (Computable Trust)
========================================
- Implemented OpenBSD-style capability system for least-privilege execution
- Added promises bitmask to FiberObject for per-fiber capability tracking
- Created SYS_PLEDGE syscall (one-way capability ratchet)
- Enforced capability checks on all file operations (RPATH/WPATH)
- Extended SysTable with fn_pledge (120→128 bytes)
Capabilities:
- PLEDGE_STDIO (0x0001): Console I/O
- PLEDGE_RPATH (0x0002): Read Filesystem
- PLEDGE_WPATH (0x0004): Write Filesystem
- PLEDGE_INET (0x0008): Network Access
- PLEDGE_EXEC (0x0010): Execute/Spawn
- PLEDGE_ALL (0xFFFF...): Root (default)
Files:
- core/rumpk/core/fiber.nim: Added promises field
- core/rumpk/core/ion.nim: Capability constants + SysTable extension
- core/rumpk/core/kernel.nim: k_pledge + enforcement checks
- core/rumpk/libs/membrane/ion_client.nim: Userland ABI sync
- core/rumpk/libs/membrane/libc.nim: pledge() wrapper
- docs/dev/PHASE_28_THE_PLEDGE.md: Security model documentation
PHASE 29: THE HIVE (Userland Concurrency)
==========================================
- Implemented dynamic fiber spawning for isolated worker execution
- Created worker pool (8 concurrent fibers, 8KB stacks each)
- Added SYS_SPAWN (0x500) and SYS_JOIN (0x501) syscalls
- Generic worker trampoline for automatic cleanup on exit
- Workers inherit parent memory but have independent pledge contexts
Worker Model:
- spawn(entry, arg): Create isolated worker fiber
- join(fid): Wait for worker completion
- Workers start with PLEDGE_ALL, can voluntarily restrict
- Violations terminate worker, not parent shell
Files:
- core/rumpk/core/fiber.nim: user_entry/user_arg fields
- core/rumpk/core/kernel.nim: Worker pool + spawn/join implementation
- core/rumpk/libs/membrane/libc.nim: spawn()/join() wrappers
- docs/dev/PHASE_29_THE_HIVE.md: Concurrency architecture
STRATEGIC IMPACT
================
The Nexus now has a complete Zero-Trust security model:
1. Visual identity (CRT aesthetics)
2. Capability-based security (pledge)
3. Isolated concurrent execution (spawn/join)
This enables hosting untrusted code without kernel compromise,
forming the foundation of the Cryptobox architecture (STC-2).
Example usage:
proc worker(arg: uint64) {.cdecl.} =
discard pledge(PLEDGE_INET | PLEDGE_STDIO)
http_get("https://example.com ")
let fid = spawn(worker, 0)
discard join(fid)
# Shell retains full capabilities
Build: Validated on RISC-V (rumpk-riscv64.elf)
Status: Production-ready
2026-01-02 14:12:00 +01:00
c15afa73a0
feat(membrane): enable userspace networking and tcp handshake (Phase 16)
2026-01-01 20:24:17 +01:00
257fdc1203
Phase 14-15: Nexus Forge - Software Defined OS Build System
...
PHASE 14: THE FORGE IS LIT
===========================
Implemented the Nexus Forge, a type-safe Nim-based build orchestrator that
replaces fragile shell scripts with a compiled, structured build system.
Core Components:
- src/nexus/forge.nim: Main CLI orchestrator (STC-1 'tinybox' implementation)
- src/nexus/builder/initrd.nim: Pure Nim TarFS writer with 512-byte alignment
- src/nexus/builder/kernel.nim: Kbuild wrapper (placeholder for Phase 16)
- blueprints/tinybox.kdl: First Standard Template Construct definition
InitRD Builder:
- Manual USTAR tar format implementation
- Strict 512-byte block alignment enforcement
- Correct checksum calculation and zero-padding
- Eliminates dependency on external 'tar' command
Build System Integration:
- Modified build.sh to invoke './nexus build' for InitRD packaging
- Forge-generated InitRD replaces legacy tar command
- Maintains backward compatibility during transition
PHASE 15: TARGET ALPHA - USERLAND UNIFICATION
==============================================
Transformed the Forge from a passive bridge into an active compiler driver
that fully controls NipBox (userland) compilation.
NipBox Compiler Driver (src/nexus/builder/nipbox.nim):
- 3-stage compilation pipeline: Nim → C → Object Files → Binary
- Exact ABI matching with kernel objects (RISC-V lp64d)
- Proper cross-compilation flags (-mcpu=sifive_u54 -mabi=lp64d)
- Structured configuration via NipBoxConfig type
Compilation Flow:
1. Nim transpilation with Sovereign Optimization flags
2. C compilation via zig cc with freestanding flags
3. Linking with membrane layer and userland entry point
Forge Activation:
- forge.nim now invokes build_nipbox() instead of using pre-built artifacts
- Single command './nexus build' compiles entire userland from source
- Eliminates dependency on build.sh for NipBox compilation
Verified Artifacts:
- core/rumpk/build/nipbox: 60KB RISC-V ELF with double-float ABI
- core/rumpk/build/initrd.tar: 62KB USTAR archive with 512-byte alignment
Status:
✅ Target Alpha Complete: Forge controls userland compilation
⏳ Target Bravo Pending: Kernel build still managed by build.sh
⏳ Target Charlie Pending: Registry integration deferred
2026-01-01 18:26:43 +01:00
3318a6733d
feat(scribe): Implement Scribe Editor Save & Stabilize VirtIO-Block
...
- hal/virtio_block: Implemented global bounce buffers and Used Ring Polling for stable, synchronous I/O.
- core/fs/sfs: Implemented sfs_write_file to handle SFS file creation and data writing.
- core/ion: Added CMD_FS_WRITE syscall definition.
- core/kernel: Added CMD_FS_WRITE syscall handler and fs/sfs integration.
- npl/nipbox: Added nexus_file_write wrapper and updated Scribe (ed) to use it for saving files.
2025-12-31 23:20:30 +01:00
e85bf02eaa
feat(sfs): Implemented Sovereign Filesystem (SFS)
...
- Implemented SFS Driver (core/fs/sfs.nim):
- Mount logic (Sector 0 Superblock check).
- List logic (Sector 1 Directory table).
- Implemented Userland Formatter (nipbox.nim):
- 'mkfs' command to write SFS1 Superblock.
- Fixed 'virtio_block' logic:
- Corrected Descriptor flags (VRING_DESC_F_WRITE for Read Buffers).
- Fixed Async/Sync Conflict in 'libc_shim':
- Added 'nexus_yield()' to block syscalls to prevent stack corruption before kernel processing.
- Integrated SFS into Kernel startup.
2025-12-31 22:43:44 +01:00
c28faf5f1d
feat(rumpk): Sovereign Ledger - VirtIO Block Driver & Persistence
...
- Implemented 'virtio-block' driver (hal/virtio_block.zig) for raw sector I/O.
- Updated 'virtio_pci.zig' with dynamic I/O port allocation to resolve PCI conflicts.
- Integrated Block I/O commands (0x600/0x601) into Kernel and ION.
- Added 'dd' command to NipBox for testing read/write operations.
- Fixed input buffering bug in NipBox to support longer commands.
- Added documentation for Phase 10.
2025-12-31 22:35:30 +01:00
932a70ab7b
feat(rumpk): Phase 8 - The Summoning (ELF Loader) - 95% Complete
...
## Major Features
### 1. Dynamic ELF64 Binary Loading
- Implemented ELF parser with full header validation (core/loader/elf.nim)
- Created kexec() loader supporting PT_LOAD segment mapping
- Added BSS initialization and data copying from VFS
- Assembly trampoline (rumpk_enter_userland) for userland entry
### 2. Syscall Infrastructure
- Added CMD_SYS_EXEC (0x400) for consciousness swapping
- Integrated exec command in NipBox shell
- Implemented syscall routing through command ring
- Added provenance tracking via SipHash
### 3. Test Binary & Build System
- Created hello.c test program for alien binary execution
- Automated compilation and initrd inclusion in build.sh
- Added libnexus.h header for standalone C programs
### 4. VFS Integration
- Implemented TarFS file cursor system for sequential reads
- Fixed infinite loop bug in cat command
- Added debug logging for VFS mount process
## Technical Improvements
### Memory Management
- Fixed input ring null pointer dereference
- Implemented CMD_ION_FREE syscall for packet reclamation
- Resolved memory leak in input/output pipeline
- Added FileHandle with persistent offset tracking
### ABI Stability
- Split kprint into 1-arg (Nim) and kwrite (C ABI)
- Fixed cstring conversion warnings across codebase
- Corrected RISC-V assembly (csrw sie, zero)
### Documentation
- Comprehensive Phase 8 documentation (docs/PHASE-8-ELF-LOADER.md)
- Detailed implementation notes and debugging status
## Current Status
✅ ELF parser, loader, and syscall infrastructure complete
✅ Test binary compiles and embeds in VFS
✅ Shell integration functional
🔧 Debugging command ring communication (syscall not reaching kernel)
## Files Changed
Core:
- core/loader.nim, core/loader/elf.nim (NEW)
- core/kernel.nim, core/ion.nim (syscall handling)
- core/fs/tar.nim (file cursor system)
- hal/arch/riscv64/switch.S (userland trampoline)
Userland:
- npl/nipbox/nipbox.nim (exec command)
- libs/membrane/libc_shim.zig (syscall implementation)
- libs/membrane/ion.zig (command ring API)
Build & Test:
- build.sh (hello.c compilation)
- rootfs/src/hello.c, rootfs/src/libnexus.h (NEW)
- apps/subject_entry.S (NEW)
## Next Steps
1. Debug SysTable and command ring communication
2. Verify ION fiber polling of chan_cmd
3. Test full ELF loading and execution flow
4. Add memory protection (future phase)
Co-authored-by: <ai@voxisforge.dev>
2025-12-31 20:18:49 +01:00
d1918d9770
feat(rumpk): Sovereign Core enhancements - NexShell IPC hardening & NipBox utility expansion
...
- Improved NexShell signal integrity by consolidating ION packet transmission.
- Added 'ls' and enhanced 'matrix' control to NipBox (Sovereign Coreutils).
- Added emergency matrix override to NexShell kernel mode.
- Fixed 'command not found' errors caused by IPC fragmentation.
2025-12-31 20:18:49 +01:00
Markus Maiwald
Markus Maiwald