This page classifies proposal documents by current role so readers do not
confuse implemented behavior, active design direction, future architecture,
and rejected alternatives.
Proposal Status Purpose
Service Architecture Partially implemented Defines authority-at-spawn, service composition, exported capabilities, and the init-owned service graph direction. Storage and Naming Accepted design Defines capability-native storage, namespaces, boot-package structure, and future persistence instead of a global filesystem. Error Handling Partially implemented Defines the two-level transport/application error model and the current CQE transport error namespace. Security and Verification Partially implemented Defines the security review vocabulary, trust-boundary checklist, and practical verification tracks used by capOS. mdBook Documentation Site Partially implemented Defines the documentation site structure, status vocabulary, and curation rules for architecture, proposal, security, and research pages.
Proposal Status Purpose
Networking Partially implemented Plans the in-kernel QEMU virtio-net smoke and the later userspace NIC, network stack, and socket capability architecture. SMP Future design Defines the future multi-core scheduler, per-CPU state, AP startup, and TLB shootdown direction. Userspace Binaries Partially implemented Describes native userspace binaries, capos-rt, language support, POSIX compatibility, and runtime authority handling. Go Runtime Future design Plans a custom GOOS=capos path, runtime services, memory growth, TLS, scheduling, and network integration for Go. Shell Future design Describes native, agent-oriented, and POSIX shell models over explicit capabilities instead of ambient paths. Boot to Shell Queued future milestone Defines text-only console and web-terminal login/setup, password verifier and passkey authentication, and the authenticated native shell launch path after manifest execution, terminal input, native shell, session, broker, audit, and credential-storage prerequisites are credible. System Monitoring Future design Defines capability-scoped logs, metrics, health, traces, crash records, and audit/status views. User Identity and Policy Future design Defines users, sessions, guest profiles, and policy layers for RBAC, ABAC, and MAC over capability grants. Cloud Metadata Future design Describes cloud instance bootstrap through metadata/config-drive capabilities and manifest deltas. Cloud Deployment Future design Plans hardware abstraction, cloud VM support, storage/network boot dependencies, and later aarch64 deployment work. Live Upgrade Future design Defines service replacement without dropping capabilities or in-flight calls through retargeting and quiesce/resume protocols. GPU Capability Future design Sketches capability-oriented GPU, CUDA, memory, and driver isolation models. Formal MAC/MIC Future design Defines a formal mandatory-access and mandatory-integrity model plus future proof obligations. Browser/WASM Future design Explores running capOS concepts in a browser using WebAssembly and worker-per-process isolation.
Proposal Status Purpose
Cap’n Proto SQE Envelope Rejected Records why ring SQEs stay fixed-layout transport records instead of becoming Cap’n Proto messages themselves. Sleep(INF) Process Termination Rejected Records why infinite sleep should not replace explicit process termination, while preserving typed status and future sys_exit removal as separate lifecycle work.
When a proposal becomes implemented, rejected, or stale, update this index in
the same change that changes the proposal or corresponding implementation.
Long proposal files may describe target behavior; this index is the first
status checkpoint before a reader opens those documents.