Topics Index

This page is generated from document front matter fields during mdbook builds:

• status
• description
• topics

Quick Orientation

• Backlog — Detailed task decompositions.
• Build, Boot, and Test — Build, ISO, QEMU, host-test commands.
• capOS Repository Harness Engineering — Repository-local harness engineering for making capOS legible, checkable, and safer for long-running coding agents.
• Changelog — Historical milestone reports.
• Current Status — What works, what is partial.
• Design Risks and Open Questions — Consolidated index of long-horizon design risks.
• Introduction — Top-level book entry.
• Proposal Index — Proposal status table.
• Repository Map — Source-tree subsystem index.
• Research Index — Design consequences pulled from the survey.
• Roadmap — Long-term architectural plan.
• What capOS Is — One-page system model.

Capabilities, IPC, and Authority

• Authority Accounting — Authority accounting rules for capability transfer and resource charges.
• Cap’n Proto Error Handling — Prior-art on capnp-rpc error semantics.
• Capability Model — Core capability object model, cap tables, schema interface IDs, grants, receiver metadata, and transfer.
• Capability Ring — Shared-memory capability ring ABI, dispatch paths, and completion semantics.
• Delegated Subject Context — Future delegated-subject and act-on-behalf-of capability model.
• Error Handling — Transport and application error model for capability calls and CQE results.
• IPC and Endpoints — Endpoint IPC, capability transfer, direct handoff, and shared-memory data paths.
• OS Error Handling — Cross-OS error-model comparison.
• Rejected: Cap’n Proto SQE Envelope — Rationale for keeping ring SQEs fixed-layout instead of Cap’n Proto envelopes.
• Rejected: Endpoint Badges as Service Identity — Post-mortem of the rejected seL4-style endpoint badge service identity model.
• Resource Accounting and Quotas — Resource profiles, quota ledgers, donation, reservation, and fail-closed accounting semantics.
• Service Architecture — Capability-based service composition, authority-at-spawn, exports, and service graph policy.
• Service Object Identity Migration — Superseded large-chunk migration plan for service object identity, retained as historical context after the active direction changed to session-bound invocation context.
• Session-Bound Invocation Context — Implementation plan for one-session-per-process invocation context and session-keyed shared services.
• Session-Bound Invocation Context — Session-bound invocation context and privacy-aware disclosure model replacing service-object identity migration.
• Stage 6 Capability Semantics — Stage 6 capability work.
• Superseded: Service Object Capabilities — Superseded service-minted object capability model that was replaced by session-bound invocation context.
• System Info Capability — SystemInfo capability for MOTD, host metadata, help topics, and shell bundle integration.
• Userspace Authority Broker — Userspace shell-bundle broker and lifecycle-control authority model.

Boot, Manifests, and Init

• Boot Flow — Kernel boot, manifest handoff, init launch, and QEMU boot-proof flow.
• Boot to Shell — Login, setup, session, credential, and broker path from boot into the native shell.
• Cloud Metadata — Cloud metadata and config-drive bootstrap through scoped configuration capabilities.
• Configuration — How operators extend the default capOS boot manifest with a gitignored system.local.cue overlay.
• Hardware, Boot, and Storage — Hardware bring-up backlog.
• Manifest and Service Startup — Manifest encoding, service graph validation, bootstrap grants, and init-side spawning.
• Run Targets, Init Mandate, and Default-Run Integration — Run-target governance.
• System Configuration and Operator Extensibility — Layered CUE configuration model for operator boot-manifest overlays, host-user injection, and per-user toolchain caches.

Process Model, Threading, and Scheduling

• Completion Rings And Threaded Runtimes — Io_uring-style transports under threaded runtimes.
• In-Process Threading — In-process thread lifecycle, scheduler references, ThreadControl, and ParkSpace integration.
• NO_HZ, SQPOLL, and Realtime Scheduling — Linux NO_HZ, io_uring SQPOLL, CPU isolation, PREEMPT_RT, SCHED_DEADLINE, and seL4 MCS grounding for capOS timer and realtime design.
• Out-of-Kernel Scheduling — Userspace scheduling prior art.
• Park Authority — ParkSpace wait/wake authority, ABI, and shared park-word constraints.
• Process Model — Process isolation, ELF loading, bootstrap ABI, lifecycle, and spawn authority.
• Rejected: Sleep(INF) Process Termination — Rationale for explicit process termination instead of infinite-sleep lifecycle semantics.
• Ring v2 For Full SMP — Per-thread ring, completion routing, SQPOLL ownership, and full-SMP transport model.
• Scheduling — Preemption, run queues, blocking waits, timer wakeups, and SMP scheduler proof points.
• SMP — Per-CPU state, AP startup, scheduler ownership, TLB shootdown, and multi-core roadmap.
• SMP Phase C — SMP backlog.
• Tickless and Realtime Scheduling — Tickless idle, SQPOLL nohz CPU isolation, request deadlines, scheduling contexts, and realtime islands.
• x2APIC And APIC Virtualization — Interrupt routing on modern x86.

Memory and Resource Accounting

• DMA Isolation — DMA isolation model for device memory, IOMMU policy, and capability-scoped hardware access.
• Go VirtualMemory Contract — VirtualMemory cap contract for Go.
• Memory Management — Physical frames, address spaces, user buffers, MemoryObject, and VirtualMemory contracts.
• OOM Handling and Swap — Memory-pressure, OOM, anonymous-memory budgeting, and optional encrypted swap policy.
• Resource Accounting and Quotas — Resource profiles, quota ledgers, donation, reservation, and fail-closed accounting semantics.

Userspace Runtime, Languages, and Binaries

• Browser/WASM — Browser-hosted capOS experiment using WebAssembly and worker-per-process isolation.
• Go Runtime — Go runtime plan for GOOS=capos, memory growth, TLS, scheduling, and networking.
• libcapos-service — Userspace service framework for lifecycle, endpoint loops, readiness, shutdown, metrics, context, and resource hooks.
• LLVM Target — Requirements for a custom LLVM target triple.
• Lua Scripting — Capability-scoped Lua runner with curated libraries and explicit grants.
• Runtime, Networking, and Shell — Runtime/network/shell backlog.
• Userspace Binaries — Native userspace binary model, capos-rt authority handling, and language/POSIX support.
• Userspace Runtime — capos-rt entry ABI, heap, CapSet lookup, ring client, and typed userspace capability clients.

Shells and Interactive Surfaces

• Boot to Shell — Login, setup, session, credential, and broker path from boot into the native shell.
• capOS-Hosted Agent Swarms — capOS-hosted OpenClaw-like personal agents, agent swarms, harness controls, memory, retrieval, and research agenda.
• Interactive Command Surfaces — Structured command-session model for native interactive applications over typed invocations.
• Language Models and Agent Runtime — Language-model, embedder, agent-runner, and browser-agent capability interfaces.
• Realtime Voice Agent Shell — Realtime audio agent shell model across browser media, provider sessions, and brokered tools.
• Shell — Native, agent-oriented, and POSIX shell models over explicit capability grants.
• SSH Shell Gateway — SSH terminal gateway design preserving TerminalSession and broker-issued shell boundaries.
• System Info Capability — SystemInfo capability for MOTD, host metadata, help topics, and shell bundle integration.
• Telnet over TLS Shell — TLS-protected Telnet TerminalSession gateway with client certificates and credential fallback.

Networking

• libcapos-service — Userspace service framework for lifecycle, endpoint loops, readiness, shutdown, metrics, context, and resource hooks.
• Networking — Network capability architecture from virtio-net smoke to TCP sockets and terminal handoff.
• Pingora — Proxy/server framework as a userspace runtime case study.
• SSH Shell Gateway — SSH terminal gateway design preserving TerminalSession and broker-issued shell boundaries.
• Telnet over TLS Shell — TLS-protected Telnet TerminalSession gateway with client certificates and credential fallback.

Storage, Persistence, and Naming

• Hardware, Boot, and Storage — Hardware bring-up backlog.
• IX-on-capOS Hosting — IX as a package corpus, content-addressed build/store model, and a capability-native build-service surface for capOS.
• Storage and Naming — Capability-native storage, namespaces, boot packages, volumes, and persistence model.
• Volume Encryption — Encryption-at-rest model for system and user volumes with recovery and KMS options.

Identity, Policy, and User Accounts

• Configuration — How operators extend the default capOS boot manifest with a gitignored system.local.cue overlay.
• Delegated Subject Context — Future delegated-subject and act-on-behalf-of capability model.
• Formal MAC/MIC — Formal mandatory access and integrity model for future policy and proof work.
• Local Users, Storage, and Policy — Identity/local-user backlog.
• OIDC and OAuth2 — Federated login, OAuth2 clients, token capabilities, JWKS, DPoP, and broker integration.
• Rejected: Endpoint Badges as Service Identity — Post-mortem of the rejected seL4-style endpoint badge service identity model.
• Service Object Identity Migration — Superseded large-chunk migration plan for service object identity, retained as historical context after the active direction changed to session-bound invocation context.
• Session-Bound Invocation Context — Implementation plan for one-session-per-process invocation context and session-keyed shared services.
• Session-Bound Invocation Context — Session-bound invocation context and privacy-aware disclosure model replacing service-object identity migration.
• System Configuration and Operator Extensibility — Layered CUE configuration model for operator boot-manifest overlays, host-user injection, and per-user toolchain caches.
• User Identity and Policy — User, session, profile, RBAC/ABAC/MAC, and policy-layer model for capability grants.

Cryptography, Certificates, and Trust

• Certificates and TLS — Capability-native X.509, trust store, ACME, pinning, and TLS configuration model.
• Cryptography and Key Management — Capability model for keys, signing, encryption, vaults, entropy, and cryptographic policy.
• OIDC and OAuth2 — Federated login, OAuth2 clients, token capabilities, JWKS, DPoP, and broker integration.
• Telnet over TLS Shell — TLS-protected Telnet TerminalSession gateway with client certificates and credential fallback.
• Volume Encryption — Encryption-at-rest model for system and user volumes with recovery and KMS options.

Security and Verification

• DMA Isolation — DMA isolation model for device memory, IOMMU policy, and capability-scoped hardware access.
• Formal MAC/MIC — Formal mandatory access and integrity model for future policy and proof work.
• Panic Surface Inventory — Panic/unwrap/expect inventory.
• Public Release and Maintainer Boundaries — Public release posture, maintainer boundaries, issue intake, and repository hygiene gates.
• Repository Composition — Repository scope, sibling project split criteria, and cross-repository organization plan.
• Security and Verification — Security/verification backlog.
• Security and Verification — Security review vocabulary, trust-boundary checklist, and verification tracks for capOS.
• Trust Boundaries — The reviewer’s authority-boundary inventory.
• Trusted Build Inputs — Trusted toolchain inventory.
• Verification Workflow — The verification gates used by capOS.

Services, Operations, and Monitoring

• Cloud Deployment — Cloud VM deployment plan covering hardware abstraction, storage, networking, and aarch64.
• Cloud Metadata — Cloud metadata and config-drive bootstrap through scoped configuration capabilities.
• Configuration — How operators extend the default capOS boot manifest with a gitignored system.local.cue overlay.
• libcapos-service — Userspace service framework for lifecycle, endpoint loops, readiness, shutdown, metrics, context, and resource hooks.
• Live Upgrade — Service replacement, capability retargeting, quiesce/resume, and in-flight call handling.
• Rejected: Endpoint Badges as Service Identity — Post-mortem of the rejected seL4-style endpoint badge service identity model.
• Service Architecture — Capability-based service composition, authority-at-spawn, exports, and service graph policy.
• Session-Bound Invocation Context — Session-bound invocation context and privacy-aware disclosure model replacing service-object identity migration.
• Superseded: Service Object Capabilities — Superseded service-minted object capability model that was replaced by session-bound invocation context.
• System Configuration and Operator Extensibility — Layered CUE configuration model for operator boot-manifest overlays, host-user injection, and per-user toolchain caches.
• System Monitoring — Capability-scoped logs, metrics, health checks, traces, crash records, and status views.
• System Performance Benchmarks — Correctness-gated benchmark model for primitives, workloads, and user stories.

AI, Agents, GPU, and Robotics

• capOS As A Robot Brain — Robotics service graph, actuator gateway, safety monitor, realtime island, and ROS bridge model.
• capOS Repository Harness Engineering — Repository-local harness engineering for making capOS legible, checkable, and safer for long-running coding agents.
• capOS-Hosted Agent Swarms — capOS-hosted OpenClaw-like personal agents, agent swarms, harness controls, memory, retrieval, and research agenda.
• GPU Capability — Capability-oriented GPU access, driver isolation, memory sharing, and CUDA-style compute model.
• Hosted Agent Harnesses — OpenClaw-like harnesses, swarms, memory/wiki systems, and agent orchestration research for capOS-hosted agents.
• Language Models and Agent Runtime — Language-model, embedder, agent-runner, and browser-agent capability interfaces.
• Multimedia Pipeline Latency — Research note.
• NO_HZ, SQPOLL, and Realtime Scheduling — Linux NO_HZ, io_uring SQPOLL, CPU isolation, PREEMPT_RT, SCHED_DEADLINE, and seL4 MCS grounding for capOS timer and realtime design.
• Realtime Multimodal Agent APIs — Research note.
• Realtime Voice Agent Shell — Realtime audio agent shell model across browser media, provider sessions, and brokered tools.
• Robotics Realtime Control — Research note.
• Small LLM Survey — Model candidates for the on-ISO local LLM.
• Tickless and Realtime Scheduling — Tickless idle, SQPOLL nohz CPU isolation, request deadlines, scheduling contexts, and realtime islands.

Demos, Onboarding, and Contributor Surfaces

• Aurelian Frontier — Aurelian Frontier game-depth backlog.
• Aurelian Frontier — Capability-native Aurelian Frontier game design, mission model, content pipeline, and QEMU proof slice.
• Aurelian Frontier (proof slice) — Multi-process Aurelian Frontier smoke proof.
• Contributor Quest Mechanics — Contributor reward mechanics layered on Aurelian Frontier without granting repository authority.
• First Chat Demo — Smallest resident-service proof.
• Game Mechanics Prior Art — Grounded mechanics research for Aurelian Frontier seasonal play, markets, construction, and tactical combat.
• Paperclips Terminal Demo — Clean-room incremental terminal demo.
• Shared-Service Demos — Demo backlog.

Build, Tooling, and Documentation Site

• Build, Boot, and Test — Build, ISO, QEMU, host-test commands.
• capOS Repository Harness Engineering — Repository-local harness engineering for making capOS legible, checkable, and safer for long-running coding agents.
• mdBook Documentation Site — Documentation-site structure, metadata, status vocabulary, and curation workflow.
• Repository Composition — Repository scope, sibling project split criteria, and cross-repository organization plan.
• Repository Map — Source-tree subsystem index.
• Trusted Build Inputs — Trusted toolchain inventory.

Research and Papers

• Papers — Long-form research write-ups.
• Whitepaper Evidence Gaps — Tracks unresolved whitepaper evidence needs and the milestones that close them.
• Whitepaper Outline — Section outline and evidence dependency map for the schema-as-ABI capOS whitepaper.
• Whitepaper Plan — Planning baseline for the future schema-as-ABI capOS whitepaper.

Prior Art and Comparative OS Research

• EROS, CapROS, Coyotos — Persistent capability-system lineage.
• Game Mechanics Prior Art — Grounded mechanics research for Aurelian Frontier seasonal play, markets, construction, and tactical combat.
• Genode — Componentized OS framework.
• Plan 9 and Inferno — Namespace-oriented systems.
• Research Index — Design consequences pulled from the survey.
• seL4 — Microkernel and capability reference.
• Zircon — Handle-based OS reference.

Stage Backlogs and Long-Form Planning

• Aurelian Frontier — Aurelian Frontier game-depth backlog.
• Go VirtualMemory Contract — VirtualMemory cap contract for Go.
• Hardware, Boot, and Storage — Hardware bring-up backlog.
• Local Users, Storage, and Policy — Identity/local-user backlog.
• Proposal Group Archive — Archived proposal cluster.
• Run Targets, Init Mandate, and Default-Run Integration — Run-target governance.
• Runtime, Networking, and Shell — Runtime/network/shell backlog.
• Security and Verification — Security/verification backlog.
• Service Object Identity Migration — Superseded large-chunk migration plan for service object identity, retained as historical context after the active direction changed to session-bound invocation context.
• Session-Bound Invocation Context — Implementation plan for one-session-per-process invocation context and session-keyed shared services.
• Shared-Service Demos — Demo backlog.
• SMP Phase C — SMP backlog.
• Stage 6 Capability Semantics — Stage 6 capability work.
• Whitepaper Evidence Gaps — Tracks unresolved whitepaper evidence needs and the milestones that close them.
• Whitepaper Outline — Section outline and evidence dependency map for the schema-as-ABI capOS whitepaper.
• Whitepaper Plan — Planning baseline for the future schema-as-ABI capOS whitepaper.