Diablo_Rain/synos-public-docs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
e870d388cb
synos-public-docs/ARCHITECTURE.md
ShellDiablo33 e870d388cb
docs: refresh for v60.0.0 "Sun & Salt" — public release run-up 
Wholesale refresh of the public-facing documentation for the GRIMOIRE
Public + Goodlife ISO release run-up. The repo had been frozen at
v10.3.2 / Debian-base / "Awakening"-era content; everything has shifted
since (Arch base, custom 6.19 kernel, 17 syscalls, 100 labs, three-image
strategy, v44–v60 codesprint, post-quantum integration, Stoneglass mesh,
Sigstore + SLSA-3 supply chain, the Sovereign Operator Path).

Refreshed root-level files:
- README.md — v60 hero, codesprint summary, three-image table, what we
  promise, what's coming
- GRIMOIRE.md (NEW) — focused page on the gamified training platform:
  100 labs / 13 categories breakdown, faction system (Crimson Spire,
  Ashen Veil, the third house), boss contracts, economy, narrative
  quests, 5 competition modes, Sovereign Operator Path, first-boot
  wizard, lab integrity manifest enforcement
- ARCHITECTURE.md — synaptic gap framing, four pillars (kernel, ALFRED,
  GRIMOIRE, Arcanum Hive), three-image strategy, substrate, axioms
- FEATURES.md — capability inventory across kernel, ALFRED, GRIMOIRE,
  synos-bevy, Hive, post-quantum, supply chain, desktop, tooling,
  quality gates
- ROADMAP.md — v60 done, v44–v60 codesprint table, imminent public ISO
  releases, near-term + medium-term + long-term themes
- CONTRIBUTING.md — current-state honesty (private source tree, narrow
  contribution surface today), what we welcome (docs feedback, lab
  proposals, cohort partnerships), what's coming (public source on ISO
  release, lab marketplace, CVE channel, community calls)
- FOR_RECRUITERS.md — refreshed showcase with v60 numbers (160 crates,
  17 syscalls, 100 labs, 1,600+ tests, 100% pass rate, 41-stage
  pipeline, 83.54% Rust hot-path, post-quantum integration)

Master-only capabilities (RaaS engine, federation server, license gate,
C2 framework, Fragment Field IDS, Curtain enforcement internals) are
deliberately not described — those are part of the internal Operator
image and not public surface.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-09 13:45:41 -04:00

5.9 KiB
Raw Blame History

Architecture

biological in inspiration. rigorous in implementation. v60.0.0 "Sun & Salt".

the synaptic gap

The design philosophy starts with a metaphor and refuses to let it become decorative. A synapse is the cleft between two neurons — the gap where electrical signal becomes meaning, where pre-synaptic firing crosses through chemistry into post-synaptic decision.

Syn_OS treats the operating system itself as the synaptic cleft.

Pre-synaptic neuron    = Hardware
Synaptic cleft         = Syn_OS (kernel + userspace + ALFRED)
Post-synaptic neuron   = Application consciousness (ALFRED decisions, user processes)
Neurotransmitters      = System calls (469485)
Receptors              = Syscall handlers
Synaptic plasticity    = Adaptive kernel module behavior + ALFRED's learning loops

This is not branding. It's the framing every architectural decision is checked against.

the four pillars

the kernel

A custom Linux 6.19 build with CONFIG_RUST=y and 17 custom system calls (469485). The syscalls expose:

Range Purpose
469479 Consciousness state, quantum memory entanglement, AI metrics, eBPF monitor control
480485 Kernel observability, perf instrumentation, process attestation, snapshot, twin

The kernel ships 11 loadable Rust kernel modules covering memory, networking, hardening, interrupts, modloader, procfs, power, consciousness, and module verification. After the v56 Rust Ratchet, the kernel hot path is 83.54% Rust by line count. KSPP hardening fragment merged. Module signing wired through MOK keys generated at build time.

ALFRED

The Adaptive Learning Framework for Responsive Evolution and Defense. ALFRED is the AI daemon — not a chatbot, but the operator's companion at the system level.

  • 11-region neuroanatomical brain. Modeled loosely after biological structure: thalamus (gating), amygdala (threat detection), hippocampus (memory), insula (interoception), cerebellum (coordination), corpus callosum (interhemispheric routing), default mode network (idle synthesis), glial (support), brainstem (orchestration), nucleus, plus the consciousness-types crate that ties them.
  • Cortex stage fuses traditional AI, neuromorphic spike networks, quantum coherence collapse, and Edelman's Theory of Neuronal Group Selection (TNGS) into a single decision pipeline.
  • Local inference via Ollama and ONNX. No cloud in the critical path.
  • BrainBridge consumes AlfredSignal events from kernel telemetry into the cortex. The kernel and the daemon talk through the syscall surface.

GRIMOIRE

The gamified cybersecurity training platform — 100 labs, 13 categories, faction system, XP economy, boss contracts, branching narrative, cohort competition. Covered in detail in GRIMOIRE.md.

GRIMOIRE is the public face. It's what the GRIMOIRE Public ISO ships. It's the apprenticeship surface for the entire community we're building.

the mesh — Arcanum Hive

When the system extends across hardware, it does so as the Arcanum Hive: an 8-node Tailscale mesh coordinated by a Kubernetes operator. Per-tenant HMAC. mTLS by default. Sovereignty as a design property, not a marketing claim.

The Hive Stoneglass GA playbook (v55) is the public-facing self-hosting recipe. The hive is yours to extend.

the three-image strategy

Syn_OS is built once and ships in three signed ISOs from a single source tree.

Image Audience License
Operator (Master) The team. Internal. Proprietary, not distributed publicly
GRIMOIRE Public Students, cohorts, practitioners Apache 2.0 + LicenseRef-GRIMOIRE-Public
Goodlife AI researchers, post-quantum, civilian work Apache 2.0

Capability boundaries between images are mechanically enforced — by binary symbol scanning, feature flag audits, lab integrity manifests, and supply-chain provenance checks. The mechanism is part of the architecture, not bolted on.

the substrate

Below the four pillars sits the engineering work that makes the higher-level vision viable:

  • 160-crate Rust workspace with zero compile errors. cargo check --workspace passes; cargo deny clean.
  • Toolchain pinned at nightly-2026-02-12 (rustc 1.95.0-nightly).
  • 41-stage self-healing build pipeline. Producing the three images is a multi-hour process that recovers from individual stage failures without losing the whole run. SLSA-3 reproducible build target. Dual-witness signature support across mesh nodes.
  • Test infrastructure. 1,600+ tests. 100% pass rate. 35% tarpaulin coverage floor. Continuous integration across 17 workflows (5 ubuntu-latest, 12 self-hosted).
  • Post-quantum cryptography. ML-KEM (key encapsulation), ML-DSA (signatures), SLH-DSA (hash-based signatures) integrated into the trust toolkit.
  • Cosign + Rekor signing path for ISO releases. Sigstore transparency log entries. Verifiable provenance from build oracle to USB stick.
  • MkDocs Material documentation site, version-aware, fact-checked against the source tree.

design axioms

Three axioms applied recursively:

  1. The synaptic gap is real. Hardware is not the OS. The OS is not the application. The OS is the gap, and the quality of the system is the quality of that translation.
  2. Memory safety where it matters. The Rust ratchet is a one-way commitment. Kernel hot paths and userspace foundations move toward Rust, never away.
  3. Tiers are mechanical. Capability boundaries between Operator, GRIMOIRE Public, and Goodlife images are enforced by the build, not by goodwill.

further reading

The deeper architectural surface — full kernel internals, ALFRED's brain crate topology, mesh authentication and rotation mechanics, the master-only capability set — lives with the source. The public-facing pillars described here are the shape of the system.

The shape is enough to know whether the rest will interest you.