# Proposal Group Archive

This page is retained as a compact grouping aid for older links and sidebar
navigation. The canonical status table is [Proposal Index](index.md); update
that page first when a proposal changes role.

The public sidebar now nests proposal documents under the proposal index
instead of exposing every long-form design page as a top-level entry.

## Active Support

| Proposal | Status | Purpose |
| --- | --- | --- |
| [mdBook Documentation Site](mdbook-docs-site-proposal.md) | Partially implemented | Defines the documentation site structure, status vocabulary, and curation rules for architecture, proposal, security, and research pages. |

## Future Runtime And Deployment

| Proposal | Status | Purpose |
| --- | --- | --- |
| [Go Runtime](go-runtime-proposal.md) | Future design | Plans a custom `GOOS=capos` userspace port and runtime services for Go programs. |
| [Lua Scripting](lua-scripting-proposal.md) | Partially implemented | Defines Lua as a capability-scoped userspace runner with curated libraries and exact grants. Phase 0 and Phase 1 host bindings are in tree; Phase 2+ remains future work. |
| [Cloud Metadata](cloud-metadata-proposal.md) | Future design | Describes cloud bootstrap inputs and manifest deltas without importing cloud-init. |
| [Cloud Deployment](cloud-deployment-proposal.md) | Partially implemented | Records QEMU boot, ACPI/PCI/MSI-X discovery, the landed cloudboot image/harness, and the first GCP imported-image serial-console boot proof. Provider NIC/storage drivers, cloud clocking, AWS/Azure proofs, and aarch64 deployment remain future work. |
| [Browser/WASM](browser-wasm-proposal.md) | Future design | Explores a browser-hosted capOS model using WebAssembly and workers. |

## Future Security, Policy, And Lifecycle

| Proposal | Status | Purpose |
| --- | --- | --- |
| [User Identity and Policy](user-identity-and-policy-proposal.md) | Partially implemented | Defines user/session identity and policy layers over capability grants. Current implementation covers anonymous/operator/guest `UserSession` metadata, bootstrap credential/session flows, broker-issued shell bundles, and seed-account configuration; durable accounts, external bindings, session revocation, quotas, and broader ABAC/MAC remain future work. |
| [Cryptography and Key Management](cryptography-and-key-management-proposal.md) | Future design | Defines key, signing, encryption, and vault capabilities for later security services. |
| [Certificates and TLS](certificates-and-tls-proposal.md) | Future design | Defines X.509, trust store, ACME, and TLS configuration capabilities. |
| [OIDC and OAuth2](oidc-and-oauth2-proposal.md) | Future design | Defines federated login, OAuth2 clients, token capabilities, and broker integration. |
| [Volume Encryption](volume-encryption-proposal.md) | Future design | Defines encryption-at-rest for system and user volumes. |
| [System Monitoring](system-monitoring-proposal.md) | Future design | Defines scoped observability capabilities for logs, metrics, traces, health, status, crash records, and audit. |
| [Formal MAC/MIC](formal-mac-mic-proposal.md) | Future design | Defines a formal access-control and integrity model for later proof work. |
| [Live Upgrade](live-upgrade-proposal.md) | Future design | Designs service replacement while preserving handles, calls, and authority. |
| [GPU Capability](gpu-capability-proposal.md) | Future design | Sketches isolated GPU device, memory, and compute authority. |

## Future Domains

| Proposal | Status | Purpose |
| --- | --- | --- |
| [Language Models and Agent Runtime](llm-and-agent-proposal.md) | Future design | Defines model, embedding, and agent-runner capabilities. |
| [Realtime Voice Agent Shell](realtime-voice-agent-shell-proposal.md) | Future design | Extends the agent-shell path for realtime voice and media sessions. |
| [capOS As A Robot Brain](robot-brain-proposal.md) | Future design | Defines capability-oriented robotics service graphs and actuator boundaries. |
| [Contributor Quest Mechanics](contributor-quest-mechanics-proposal.md) | Future design | Defines contribution-linked game badges and bounded perks. |
| [Public Release and Maintainer Boundaries](public-release-boundaries-proposal.md) | Future design | Defines public release posture and maintainer-load boundaries. |

## Rejected Or Superseded

| Proposal | Status | Purpose |
| --- | --- | --- |
| [Endpoint Badges as Service Identity](rejected-endpoint-badges-proposal.md) | Rejected | Post-mortem for the seL4-style endpoint badge identity model that was superseded by Service Object Capabilities, then by Session-Bound Invocation Context. |
| [Service Object Capabilities](service-object-capabilities-proposal.md) | Superseded | Historical service-minted object capability model; the landed synthetic routing/lifecycle proof remains low-level coverage, but the implemented replacement is Session-Bound Invocation Context. |
| [Cap'n Proto SQE Envelope](rejected-capnp-ring-sqe-proposal.md) | Rejected | Records why ring SQEs stay fixed-layout transport records instead of becoming Cap'n Proto messages themselves. |
| [Sleep(INF) Process Termination](rejected-sleep-inf-termination-proposal.md) | Rejected | Records why infinite sleep should not replace explicit process termination, while preserving typed status and future `sys_exit` removal as separate lifecycle work. |