diff --git a/FEATURES.md b/FEATURES.md index bbf981c..3515bcf 100644 --- a/FEATURES.md +++ b/FEATURES.md @@ -1,24 +1,25 @@ # Capabilities -### *Syn_OS v60.0.0 "Sun & Salt" — what's actually inside.* +### *Syn_OS v80.0.0 "Sunlance" (1.0 GA) — what's actually inside.* --- ## kernel - **Custom Linux 6.19** built with `CONFIG_RUST=y`. -- **17 custom system calls** (469–485) exposing AI/consciousness state, eBPF instrumentation, kernel observability, and process attestation to userspace. -- **11 loadable Rust kernel modules**: memory, networking, hardening, interrupts, modloader, procfs, power, consciousness, hardening, module verification, plus the synos hardening core. -- **Kernel hot path 83.54% Rust** (post-v56 Rust ratchet). +- **Capability-gated kernel interface** — signed, memory-safe Rust kernel modules expose AI/observability state to userspace (decision telemetry, namespace trust, audit and incident signals, kernel-mitigation posture). Access is root-only and capability-gated; the build hard-fails without a kernel signing key. +- **Kernel hot path heavily Rust** (the post-Rust-ratchet commitment — hot paths and foundations move toward Rust, never away). - **KSPP hardening fragment** merged into the kernel config. -- **Module signing** wired through MOK keys generated at build time. +- **Module signing enforced** — MOK keys, signed modules, signature verification at load. --- ## ALFRED — the AI daemon +- **ALFRED v6.0** — the GA consolidation of the daemon. - **Local inference** via Ollama and ONNX. No cloud in the critical path. - **11-region neuroanatomically-modeled brain.** Specialized regions coordinated by a brainstem. +- **Guardrails on autonomous behavior** — bounded, policy-checked remediation rather than free rein. - **Cortex stage** fusing traditional AI, neuromorphic spike networks, quantum coherence collapse, and TNGS. - **`research-mode` cargo feature** unlocks extended analysis paths for the Goodlife ISO. - **Smoke-tested.** 14-check ALFRED smoke suite in CI. @@ -28,7 +29,7 @@ ## GRIMOIRE — gamified training -- **100 hand-authored labs** across **13 categories** (integrity-manifest enforced). +- **GRIMOIRE 1.0** catalog — **108 hand-authored labs** across **13 categories** (integrity-manifest enforced). - **11 certification paths** mapped (Security+, OSCP, OSWE, CRTP, CRTO, eJPT, GPEN/GCIH, CEH, CISSP foundations, etc.). - **Faction system** — at least three named houses, allegiance gates content, faction wars are a recurring beat. - **XP economy** — earn, spend, craft, trade. @@ -67,7 +68,9 @@ See [GRIMOIRE.md](./GRIMOIRE.md) for the deep dive. --- -## post-quantum cryptography +## post-quantum cryptography (default) + +Post-quantum is the **default posture**, not an opt-in — hybrid key exchange and signatures across the system's transport and signing surfaces. - **ML-KEM** — key encapsulation (Kyber successor). - **ML-DSA** — digital signatures (Dilithium successor). @@ -83,7 +86,7 @@ See [GRIMOIRE.md](./GRIMOIRE.md) for the deep dive. - **SLSA-3 reproducible build pipeline** with dual-witness cross-oracle verification (when the second oracle is online). - **`cargo deny` clean** — OpenSSL/native-tls banned. Unmaintained crates pinned or replaced. - **Patch generator** — block-level binary diffing with zstd compression and SHA-256 manifests. -- **Lab integrity manifest** — every lab in the 100-lab corpus hashed and verified. +- **Lab integrity manifest** — every lab in the 108-lab corpus hashed and verified. --- @@ -92,7 +95,7 @@ See [GRIMOIRE.md](./GRIMOIRE.md) for the deep dive. - **Cinnamon + Xfce4 dual-desktop** support out of the box. - **LightDM** display manager. - **Plymouth** boot splash with the project's red-phoenix theme. -- **synos-ops TUI** — 6-tab operations dashboard for the operator. +- **synos-ops TUI** — expanded multi-tab operations dashboard for the operator. - **Sound theme**, custom wallpapers, fastfetch integration. - **Branding consistency** across MOTD, terminal headers, and `/etc/os-release`. @@ -109,10 +112,10 @@ See [GRIMOIRE.md](./GRIMOIRE.md) for the deep dive. ## quality gates -- **160-crate Rust workspace.** Zero compile errors. +- **209-crate Rust workspace.** Zero compile errors. - **1,600+ tests.** 100% pass rate. - **35% tarpaulin coverage floor**, ratcheted upward over time. -- **17 CI workflows** — 5 ubuntu-latest, 12 self-hosted runners. +- **SHA-pinned CI workflows** across hosted and self-hosted runners. - **Self-healing build pipeline** across 41 stages. - **MkDocs Material** documentation site, version-aware. diff --git a/FOR_RECRUITERS.md b/FOR_RECRUITERS.md index 2cb7b70..99e6189 100644 --- a/FOR_RECRUITERS.md +++ b/FOR_RECRUITERS.md @@ -1,6 +1,6 @@ # Professional Showcase -### *Ty Limoges, lead of Syn_OS — a snapshot of the work that produced v60.0.0 "Sun & Salt".* +### *Ty Limoges, lead of Syn_OS — a snapshot of the work that produced v80.0.0 "Sunlance", the 1.0 GA release.* --- @@ -9,9 +9,9 @@ **Syn_OS** is a multi-year, full-stack cybersecurity operating system project conceived, architected, and led by Ty Limoges out of LumOs Solutions. It is not a fork. It is not a theme on top of an existing distribution. It is a from-scratch operating system platform that takes itself seriously across: - Custom Linux kernel engineering -- A 160-crate Rust workspace +- A 209-crate Rust workspace - Local AI daemon design and integration -- A gamified training environment with 100 hand-authored labs +- A gamified training environment with 108 hand-authored labs - A distributed, encrypted-by-default mesh - A 41-stage self-healing build pipeline - Post-quantum cryptography integration @@ -22,33 +22,31 @@ It is the kind of project that exercises the full stack and refuses to ship at a --- -## the v60 numbers +## the v80 numbers | Metric | Value | |---|---| -| Version | **v60.0.0** "Sun & Salt" | -| Cargo workspace | **160 active crates**, 0 compile errors | -| Custom kernel system calls | **17** (numbered 469–485) | -| Loadable Rust kernel modules | **11** | -| Kernel hot-path Rust ratio | **83.54%** (post-Rust ratchet) | -| GRIMOIRE labs | **100** hand-authored, manifest-enforced | +| Version | **v80.0.0** "Sunlance" — **1.0 GA** | +| Release campaign | **20 consecutive versions** (v61 → v80) to GA | +| Cargo workspace | **209 active crates**, 0 compile errors | +| Kernel AI/observability interface | Signed, capability-gated Rust kernel modules (root-only) | +| Kernel hot-path Rust | Majority Rust (one-way Rust-ratchet commitment) | +| AI daemon | **ALFRED v6.0**, local-only inference | +| GRIMOIRE labs | **108** hand-authored, manifest-enforced (**catalog 1.0**) | | Lab categories | **13** | | Bevy game engine plugins | **8** | | ISO profiles | **3** (Operator / GRIMOIRE Public / Goodlife) | -| Build pipeline stages | **41**, self-healing | -| Test count | **1,600+** | -| Test pass rate | **100%** | -| Coverage floor | **35%** tarpaulin, ratcheted | -| CI workflows | **17** (5 ubuntu-latest, 12 self-hosted) | -| Toolchain | `nightly-2026-02-12` (rustc 1.95.0-nightly) | -| Documentation | MkDocs Material, version-aware, fact-checked | +| Build pipeline | self-healing, multi-stage | +| Post-quantum crypto | **default** (hybrid ML-KEM / ML-DSA, SLH-DSA) | +| Supply chain | SBOM per ISO, Cosign + Rekor, SLSA build-from-source attestation | +| Documentation | version-aware, fact-checked against source | --- ## the disciplines exercised -- **Kernel-level systems engineering.** Custom Linux 6.19 build with `CONFIG_RUST=y`. 17 custom system calls. 11 loadable Rust kernel modules. KSPP hardening. MOK module signing. Kernel observability instrumentation (eBPF, perf, attestation hooks). -- **Rust at scale.** 160-crate workspace with deliberate architectural separation. `cargo deny` clean (OpenSSL/native-tls banned). Sustained discipline around dependency hygiene and supply-chain posture. +- **Kernel-level systems engineering.** Custom Linux 6.19 build with `CONFIG_RUST=y`. A capability-gated, signed-module interface exposing AI/observability state to userspace (the GA re-architecture of the kernel AI surface). KSPP hardening. MOK module signing enforced. Kernel observability instrumentation (eBPF, perf, attestation hooks). +- **Rust at scale.** 209-crate workspace with deliberate architectural separation. `cargo deny` clean (OpenSSL/native-tls banned). Sustained discipline around dependency hygiene and supply-chain posture. - **AI/ML integration.** Local-first inference via Ollama and ONNX. An 11-region neuroanatomically-modeled brain daemon (ALFRED). Cortex stage fusing traditional AI, neuromorphic spike networks, quantum coherence, and TNGS into a unified decision pipeline. No cloud in the critical path. - **Game design and engine integration.** Bevy 0.14 integration across 8 plugins (~7,000+ lines). Cutscenes, mindmaps, retro filters, cyberspace exploration, skill trees, faction HQs, system monitors, kernel-state visualization. - **Distributed systems.** 8-node Tailscale mesh (WireGuard fallback) coordinated through a Kubernetes operator. mTLS + per-tenant HMAC. Cross-oracle build verification for SLSA-3 dual-witness signatures. @@ -62,7 +60,7 @@ It is the kind of project that exercises the full stack and refuses to ship at a ## the way of working - **Quality bar held high.** Test coverage taken seriously. Continuous integration treated as load-bearing rather than ceremonial. Reproducibility, supply-chain provenance, and binary boundary enforcement engineered in rather than hoped for. -- **Long-arc discipline.** Multi-year sustained execution. Sixty-plus version releases. The v44 → v60 codesprint coordinated sixteen named campaigns into a single coherent release surface. +- **Long-arc discipline.** Multi-year sustained execution. Eighty version releases to a 1.0 GA. The v61 → v80 campaign coordinated twenty consecutive releases into a single coherent general-availability surface. - **Solo-led, multi-perspective.** Architectural through-line carried by the lead, with disciplined coordination across the disciplines listed above. - **Documentation as code.** Living documents. Version-aware. The kind of documentation that holds up under actual use because it's checked against the source. @@ -78,7 +76,7 @@ For anyone evaluating leadership: a project of this scope cannot be willed into ## further reading -- [README.md](./README.md) — what Syn_OS is and what's in v60 +- [README.md](./README.md) — what Syn_OS is and what's in v80 - [GRIMOIRE.md](./GRIMOIRE.md) — the gamified training platform - [ARCHITECTURE.md](./ARCHITECTURE.md) — the four pillars and the substrate - [FEATURES.md](./FEATURES.md) — capability inventory @@ -88,4 +86,4 @@ For anyone evaluating leadership: a project of this scope cannot be willed into If any of the above aligns with what you're looking for — in a hire, in a partner, in a research collaborator — we'd be glad to have the conversation. -**Last updated:** 2026-05-09 +**Last updated:** 2026-05-27 diff --git a/GRIMOIRE.md b/GRIMOIRE.md index 9ea15fe..ffef758 100644 --- a/GRIMOIRE.md +++ b/GRIMOIRE.md @@ -20,7 +20,7 @@ It's the platform we ship to the community. It's the closest thing we know how t | | | |---|---| -| Hand-authored labs | **100**, exact (enforced by integrity manifest) | +| Hand-authored labs | **108** (GRIMOIRE catalog **1.0**), exact (enforced by integrity manifest) | | Lab categories | **13** (beginner, advanced, crypto, web, network, forensics, reversing, ai-red-team, ad, cloud, mobile, hardware, osint) | | Certification paths mapped | **11** (CompTIA Security+ / CySA+ / PenTest+, OSCP, OSWE, CRTP, CRTO, CEH, CISSP foundations, GIAC GPEN/GCIH, eJPT) | | Game engine plugins | **8** (cutscene, mindmap, retro filter, cyberspace, skill tree, faction HQ, rehoboam, twin) | @@ -39,7 +39,7 @@ There are no "good guys" and "bad guys." There are people with different philoso ### labs -The atom of progression is the **lab** — a hand-authored challenge built around a specific technique, vulnerability, or defensive posture. The 100-lab corpus spans: +The atom of progression is the **lab** — a hand-authored challenge built around a specific technique, vulnerability, or defensive posture. The 108-lab corpus (catalog 1.0) spans 13 categories — a representative cut: - **Beginner** (14 labs) — first-contact for users with no prior background. - **Advanced** (14 labs) — hard multi-stage exploitation, real-world complexity. @@ -166,7 +166,7 @@ The wizard is not a personality test. It's a **calibration**. It tunes the early ## lab integrity -Every lab in the 100-lab corpus is hashed and signed. The `INTEGRITY_MANIFEST.toml` at the root of the lab tree enforces: exact lab count, per-lab SHA-256, per-category counts. The build system refuses to publish an ISO whose lab corpus doesn't match. +Every lab in the 108-lab corpus is hashed and signed. The `INTEGRITY_MANIFEST.toml` at the root of the lab tree enforces: exact lab count, per-lab SHA-256, per-category counts. The build system refuses to publish an ISO whose lab corpus doesn't match. This matters because GRIMOIRE is a training platform — the integrity of what you're being asked to learn is load-bearing. We don't ship if we can't verify. diff --git a/README.md b/README.md index 3a5edd5..2daca9d 100644 --- a/README.md +++ b/README.md @@ -4,12 +4,12 @@ # Syn_OS -### v60.0.0 — "Sun & Salt" +### v80.0.0 — "Sunlance" (1.0 GA) *An AI-native cybersecurity operating system, built almost entirely in Rust, designed for those who treat security as craft.* -[![Status](https://img.shields.io/badge/status-pre--release-ff6b35)]() -[![Codename](https://img.shields.io/badge/codename-Sun_&_Salt-c9302c)]() +[![Status](https://img.shields.io/badge/status-1.0_GA-2e8b57)]() +[![Codename](https://img.shields.io/badge/codename-Sunlance-c9302c)]() [![Built with](https://img.shields.io/badge/built_with-Rust-000000?logo=rust)]() [![License (this repo)](https://img.shields.io/badge/docs-CC--BY--SA_4.0-blue)](LICENSE) @@ -25,38 +25,34 @@ Syn_OS is built on a different premise than the security-distro lineage that cam --- -## what's in v60 +## what's in v80 -The platform that ships as Syn_OS today is the result of a sustained, multi-year build. +v80.0.0 "Sunlance" is the **1.0 GA release** — the milestone that closes a sustained, multi-year build. -- **Custom Linux 6.19 kernel** with `CONFIG_RUST=y` and **17 custom system calls** (numbered 469–485) that expose consciousness state, quantum memory entanglement, eBPF instrumentation, kernel observability, and process attestation directly to userspace. -- **160-crate Rust workspace.** Zero compile errors. Memory safety where memory safety matters. -- **ALFRED v5** — the AI daemon. 11-region neuroanatomically-modeled brain. Local inference via Ollama and ONNX. No cloud in the critical path. -- **GRIMOIRE** — the gamified cybersecurity training platform. **100 hand-authored labs across 13 categories.** Faction system. XP economy. Boss contracts. Branching narrative quests. Maps to **11 professional certification paths.** Read more in [GRIMOIRE.md](./GRIMOIRE.md). +- **Custom Linux 6.19 kernel** with `CONFIG_RUST=y` and a **capability-gated kernel interface** that lets userspace query AI/observability state — decision telemetry, namespace trust, audit and incident signals, mitigation posture — through signed, memory-safe Rust kernel modules. Access is root-only and capability-gated. +- **209-crate Rust workspace.** Zero compile errors. Memory safety where memory safety matters. +- **ALFRED v6.0** — the AI daemon. Neuroanatomically-modeled brain. Local inference via Ollama and ONNX. No cloud in the critical path. +- **GRIMOIRE 1.0** — the gamified cybersecurity training platform. **108 hand-authored labs across 13 categories.** Faction system. XP economy. Boss contracts. Branching narrative quests. Maps to **11 professional certification paths.** Read more in [GRIMOIRE.md](./GRIMOIRE.md). - **synos-bevy** — Bevy 0.14 game engine, 8 plugins, ~7,000+ lines of immersive desktop experience. - **Arcanum Hive** — peer-to-peer encrypted mesh + Kubernetes operator. Sovereign coordination across distributed hardware. **The mesh is built for salvaged silicon** — old laptops and retired workstations pulled out of e-waste and back into the compute pool ([the philosophy →](./MESH.md)). -- **Post-quantum cryptography** — ML-KEM, ML-DSA, and SLH-DSA built into the trust toolkit. +- **Post-quantum cryptography by default** — hybrid ML-KEM / ML-DSA across the system's transport and signing paths, with SLH-DSA in the trust toolkit. - **41-stage self-healing build pipeline** producing three signed ISOs from a single source tree. - **1,600+ tests, 100% pass rate**, 35% tarpaulin coverage floor. - **MkDocs Material documentation** site, version-aware, checked against the source. --- -## the v44 → v60 codesprint, in one breath +## the road to 1.0, in one breath -Sixteen versions of compounding work shipped between v44 and v60: +Syn_OS reached 1.0 GA the way the rest of it was built — by compounding. **Twenty consecutive releases (v61 → v80)** carried the platform from the v60 line to the "Sunlance" general-availability milestone: -| Codename | Theme | -|---|---| -| **v44 Crucible** | Fuzz harness + observability kernel + rebuild-verify CI | -| **v45 Glasswalker** | Kernel observability syscalls (480–485) — eBPF, perf, attestation | -| **v46 Beachhead** | Process attestation HMAC ledger + LSM hooks | -| **v51 Storm Glass** | TwinPlugin (8th synos-bevy plugin) + kernel snapshot | -| **v55 Stoneglass** | Hive Ansible deploy (8-node GA playbook) | -| **v56 (Rust Ratchet)** | Kernel hot-path Rust at 83.54% | -| **v60 Sun & Salt** | SBOM drift detector + IPO readiness self-test + external blocker playbook | +- The kernel's AI/observability interface was **re-architected and hardened** — signed modules, capability gates, root-only device access. +- **Post-quantum cryptography became the default**, not an option, across the system's transport and signing surfaces. +- The **GRIMOIRE catalog matured to 1.0** — 108 labs across 13 categories. +- **ALFRED consolidated into v6.0**, with a privacy-first, local-only posture and stronger guardrails around autonomous behavior. +- Supply-chain trust deepened — signed modules enforced, content-pinned packages, build-from-source attestation. -The first ISO carrying the full codesprint ships as v60. +The deeper mechanics of these subsystems live with the source. The shape above is the public picture. --- @@ -67,7 +63,7 @@ Syn_OS is built once and ships in three signed ISOs. | Image | Audience | What it carries | |---|---|---| | **Operator (Master)** | The team that builds Syn_OS. Internal. | The full surface. Not distributed publicly. | -| **GRIMOIRE Public** | Students, cohorts, self-taught practitioners. | The 100-lab training platform, gated tooling, mixed Apache 2.0 + GRIMOIRE-Public license. | +| **GRIMOIRE Public** | Students, cohorts, self-taught practitioners. | The 108-lab training platform, gated tooling, mixed Apache 2.0 + GRIMOIRE-Public license. | | **Goodlife** | AI researchers, post-quantum experimenters, civilian work. | Jupyter + 10-package research stack, ALFRED `research-mode`, LUKS-encrypted research data. | The boundaries between images are mechanically enforced — not honor-system. What ships, ships clean. diff --git a/ROADMAP.md b/ROADMAP.md index f0497fa..1b0eb2c 100644 --- a/ROADMAP.md +++ b/ROADMAP.md @@ -6,7 +6,7 @@ ## what's already in the platform -The current generation of Syn_OS — **v60 "Sun & Salt"** — is the product of a sustained, multi-year build. The system that exists today carries: +The current generation of Syn_OS — **v80 "Sunlance", the 1.0 GA release** — is the product of a sustained, multi-year build. The system that exists today carries: - A custom Linux kernel with deep Rust integration and a deliberate system-call surface for AI/observability. - A local AI daemon — codename **ALFRED** — modeled after the structure of a biological brain. @@ -16,7 +16,7 @@ The current generation of Syn_OS — **v60 "Sun & Salt"** — is the product of - Post-quantum cryptography woven through the trust toolkit. - A self-healing build pipeline producing signed releases with verifiable supply-chain provenance. -The work to get here was coordinated across many named campaigns, each adding a load-bearing piece to the platform. The compounding effect is what v60 represents. +The work to get here was coordinated across many named campaigns, each adding a load-bearing piece to the platform. The compounding effect — twenty consecutive releases from v61 to v80 — is what the 1.0 GA represents: a hardened kernel AI interface, post-quantum defaults, a 1.0 GRIMOIRE catalog, and ALFRED consolidated to v6.0. ---