feat(ruvix): implement CLI, kernel shell, and PBFT consensus (#261)
* feat(ruvix): implement ADR-087 RuVix Cognition Kernel Phase A
Implements the complete Phase A (Linux-hosted) RuVix Cognition Kernel
with 9 crates, 760 tests, and comprehensive documentation.
## Core Crates (9)
- ruvix-types: 6 kernel primitives (Task, Capability, Region, Queue, Timer, Proof)
- ruvix-cap: seL4-inspired capability management with derivation trees
- ruvix-region: Memory regions (Immutable, AppendOnly, Slab policies)
- ruvix-queue: io_uring-style lock-free IPC with zero-copy semantics
- ruvix-proof: 3-tier proof engine (Reflex <100ns, Standard <100us, Deep <10ms)
- ruvix-sched: Coherence-aware scheduler with priority computation
- ruvix-boot: 5-stage RVF boot loader with ML-DSA-65 signatures
- ruvix-vecgraph: Kernel-resident vector/graph stores with HNSW
- ruvix-nucleus: Unified kernel entry point with 12 syscalls
## Security (SEC-001, SEC-002)
- Boot signature failure: PANIC immediately, no fallback path
- Proof cache: 100ms TTL, single-use nonces, max 64 entries
- Capability delegation depth: max 8 levels with audit warnings
## Architecture
- no_std compatible for Phase B bare metal port
- Proof-gated mutation: every state change requires cryptographic proof
- Capability-based access control: no syscall without valid capability
- Zero-copy IPC via region descriptors (TOCTOU protected)
## Documentation
- Main README with architecture diagrams
- Individual crate READMEs with usage examples
- Architecture decision records
Co-Authored-By: claude-flow <ruv@ruv.net>
* docs: update ADR-087 status and add RuVix to root README
- Update ADR-087 status from Proposed to Accepted (Phase A Implemented)
- Add implementation status table with all 9 crates and 760 tests
- Document security invariants implemented (SEC-001 through SEC-004)
- Add collapsed RuVix section to root README with architecture diagram
Co-Authored-By: claude-flow <ruv@ruv.net>
* chore: update ruvector-coherence dependency to 2.0.4 for crates.io publish
Co-Authored-By: claude-flow <ruv@ruv.net>
* feat(ruvix): implement ADR-087 Phase B bare metal AArch64 support
Phase B adds bare metal AArch64 support for the RuVix Cognition Kernel:
New crates:
- ruvix-hal: Hardware Abstraction Layer traits (~500 lines)
- Console, InterruptController, Timer, Mmu, PowerManagement traits
- Platform-agnostic design for ARM64/RISC-V/x86_64
- 15 unit tests passing
- ruvix-aarch64: AArch64 boot and MMU support (~2,000 lines)
- _start assembly entry, exception vectors
- 4-level page tables with capability metadata
- System register accessors (SCTLR_EL1, TCR_EL1, TTBR0/1)
- Implements ruvix_hal::Mmu trait
- ruvix-drivers: Device drivers for QEMU virt (~1,500 lines)
- PL011 UART driver (115200 8N1, FIFO, interrupts)
- GIC-400 interrupt controller (256 IRQs, 16 priorities)
- ARM Generic Timer (deadline scheduling)
- Volatile MMIO with memory barriers (DMB, DSB, ISB)
Build infrastructure:
- aarch64-boot/ with linker script and custom Rust target
- QEMU virt runner integration (Cortex-A72, 128MB RAM)
- Makefile with build/run/debug targets
ADR-087 updated with:
- Phase B objectives and new crate specifications
- QEMU virt memory map (128MB RAM at 0x40000000)
- 5-stage boot sequence documentation
- Security enhancements and testing strategy
- Raspberry Pi 4/5 platform differences
Co-Authored-By: claude-flow <ruv@ruv.net>
* feat(ruvix): implement Phases C/D/E and QEMU swarm simulation
This adds full bare metal OS capabilities to the RuVix Cognition Kernel:
## Phase C: Multi-Core & DMA Support
- ruvix-smp: Symmetric multi-processing (256 cores, spinlocks, IPIs)
- ruvix-dma: DMA controller with scatter-gather
- ruvix-dtb: Device tree blob parser
- ruvix-physmem: Buddy allocator for physical memory
## Phase D: Raspberry Pi 4/5 Support
- ruvix-bcm2711: BCM2711/2712 SoC drivers (GPIO, mailbox, UART)
- ruvix-rpi-boot: RPi boot support (spin table, early UART)
## Phase E: Networking & Filesystem
- ruvix-net: Full network stack (Ethernet/ARP/IPv4/UDP/ICMP)
- ruvix-fs: Filesystem layer (VFS, FAT32, RamFS)
## QEMU Swarm Simulation
- qemu-swarm: Multi-QEMU cluster for distributed testing
- Network topologies: mesh, ring, star, tree
- Fault injection and chaos testing scenarios
## Summary
- 10 new crates, ~27,000 lines of code
- 400+ new tests passing
- ADR-087 updated with Phases C/D/E documentation
- Main README updated with all phases
Co-Authored-By: claude-flow <ruv@ruv.net>
* fix(ruvix): address critical security vulnerabilities CVE-001 through CVE-005
Security fixes applied from deep review audit:
- CVE-001 (CRITICAL): Add compile-time protection preventing
`disable-boot-verify` feature in release builds. This closes
a boot signature bypass vulnerability.
- CVE-002 (HIGH): Add MMIO address validation to GIC driver.
`Gic::new()` now returns `Result<Self, GicError>` and validates
addresses against known platform ranges. Added `new_unchecked()`
for trusted callers.
- CVE-003 (HIGH): Add integer overflow protection in DTB parser.
All offset calculations now use `checked_add()` to prevent
buffer overflow via crafted DTB files.
- CVE-005 (HIGH): Add IPv4 header validation ensuring
`total_length >= header_len` per RFC 791.
Also includes test fixes:
- Mark hardware-dependent tests as `#[ignore]` (MMIO, ARM timer)
- Fix swap32 test assertion in rpi-boot
- Update doctests for new GIC API
All 259 tests pass across affected crates.
Co-Authored-By: claude-flow <ruv@ruv.net>
* feat(ruvix): implement CLI, kernel shell, and PBFT consensus
Implements Phase F features for the RuVix Cognition Kernel:
CLI (ruvix-cli):
- build: Cross-compile kernel for AArch64 targets
- config: Manage kernel configuration files
- dtb: Device tree blob operations (validate, dump, compile, compare, search)
- flash: UART/serial flash operations with progress reporting
- keys: Ed25519 key management with secure storage
- monitor: Real-time kernel metrics dashboard
- security: Security audit and vulnerability scanning
Kernel Shell (ruvix-shell):
- Interactive command parser with history support
- Commands: help, info, mem, tasks, caps, vectors, witness, proofs,
queues, perf, cpu, trace, reboot
- Configurable prompt with trace mode indication
- Shell backend integration with nucleus kernel
PBFT Consensus (qemu-swarm):
- Full PBFT implementation (pre-prepare, prepare, commit phases)
- View change protocol for leader recovery
- Checkpoint mechanism for state synchronization
- Custom serde wrappers for fixed-size byte arrays (Signature, HashDigest)
- Byzantine fault tolerance (f < n/3)
Additional:
- Example RVF swarm consensus demo
- Nucleus shell backend for kernel introspection
- Fixed chrono DateTime type annotation in keys.rs
Co-Authored-By: claude-flow <ruv@ruv.net>
* chore(ruvix): add version specs for crates.io publishing
- Add version = "0.1.0" to ruvix-dtb dependency in CLI
- Add README.md for ruvix-shell crate
Co-Authored-By: claude-flow <ruv@ruv.net>
---------
Co-authored-by: Reuven <cohen@ruv-mac-mini.local>
c88039734a