capOS Documentation

capOS is a research operating system where every kernel service and every cross-process service is a typed Cap’n Proto capability invoked through a shared-memory ring. There is no ambient authority, no global path namespace, and the only remaining syscalls are cap_enter and exit. The current implementation boots on x86_64 QEMU, loads a Cap’n Proto boot manifest, starts manifest-declared services, and exercises ring-native IPC, capability transfer, and init-driven spawning through QEMU smoke binaries.

Use this book as the current system manual. It separates implemented behavior from proposals, research notes, and operational planning files. What capOS Is has the short version of what makes the design unusual.

Start Here

• What capOS Is describes the implemented system model and the main authority boundaries.
• Current Status lists what works today, what is partial, and what remains future work.
• Build, Boot, and Test gives the commands used to build the ISO, boot QEMU, and run host-side validation.
• Repository Map maps the main subsystems to source files.

Deeper References

• Capability Model explains the capability-table and invocation model.
• Authority Accounting records the current transfer/accounting design.
• DMA Isolation, Trusted Build Inputs, and Panic Surface Inventory cover security and verification inventories.
• Research Index links prior-art notes used to shape the design.
• mdBook Documentation Site Proposal defines the documentation structure and status vocabulary.

Operational planning still lives outside the book in ROADMAP.md, WORKPLAN.md, and REVIEW_FINDINGS.md. Treat those as live planning and review records, not stable architecture pages.