Ten-revision arc · Rev.2 implemented

From constitutional core
to autonomous AI-OS.

The Revision 2 constitutional core is no longer just a contract — it is implemented: 11 layers L0-L10 as 19 Rust crates, 4,475 tests, all gates green. Revision 3 specifies five governed planes (S16-S28). Revisions 4 through 10 are the path to ship: it boots, it thinks, it is usable, it scales, it is trusted, it is an ecosystem, and finally it runs itself.

19 Rust Crates Rev.2 L0–L10 implemented
4,475 Tests Passing 0 failed; all cargo gates green
11 Layers REAL (E2+) Evidence-backed, not just spec
0 Deferred Surfaces M20 discharged the last
THE TEN-REVISION ARC

Ten revisions from the origin vision to an autonomous AI-native OS. Rev.1-Rev.3 are done — the vision, an implemented constitutional core, and a spec-complete plane set. Rev.4-Rev.10 build a real shipping distribution and ecosystem on top of it, never a rewrite of the core.

Rev Epoch What it delivers
Rev.1
Vision Origin
The original architecture vision and canonical contract — typed actions, a policy kernel and an append-only evidence log on a Linux substrate.
Rev.2
Constitutional core Implemented
The 11-layer L0-L10 model as working Rust — 19 crates, 4,475 tests, all gates green. The cognitive shell, policy kernel and evidence log exist in code.
Rev.3
Five governed planes Spec complete
S16-S28: security hardening, app capsules, kernel portability, driver/firmware capsules and the native AI terminal — CONTRACT-grade, 644 records, 34 invariants.
Rev.4
Bootable distribution Planned
It boots. A recovery-safe installer ISO, a dedicated kernel pipeline, and the §22 golden path on real hardware — the move from crates to a running OS.
Rev.5
Live cognition Planned
It thinks. The cognitive core live with local models (Ollama / vLLM), external models only through the Vault Broker, a real intent → action → policy → verify → evidence loop on a live machine.
Rev.6
Daily-driver desktop Planned
You can use it. KDE Plasma as the real desktop, Web / CLI / voice surfaces, governed app capsules running Linux, Windows (Wine/Proton) and Android apps day to day.
Rev.7
Fleet, cluster & cloud Planned
It scales. Containers and Kubernetes as governed capsules, fleet and cluster remote execution, many machines under one policy and one evidence chain, cloud images.
Rev.8
Certified hardening Planned
It is trusted. Measured boot, SELinux/STIG/NIST/CIS validated, FIPS, EU AI Act technical controls evidenced at E4/E5, and a real third-party security assessment.
Rev.9
Ecosystem & marketplace Planned
It is an ecosystem. Public signed repositories, the publisher trust chain in production, a capsule marketplace, an app passport, and an SDK for third-party developers.
Rev.10
Autonomous AI-OS Planned
It runs itself. Autonomous fleet operations, self-healing, cross-machine cognition and constitutional governance at scale — the AI-native OS vision fully realized.
REVISION STATUS

Rev.2 — Constitutional Core

Implemented
  • 11 layers L0-L10 as working Rust — 19 crates (aios-action … aios-distribution)
  • 4,475 workspace tests, 0 failed; all four cargo gates green (check / test / clippy -D warnings / fmt)
  • Cognitive core, policy kernel, capability runtime, AIOS-FS, vault, renderers, network, hardware, distribution — all REAL (E2+)
  • M20 discharged the last deferred surfaces — L5 cognitive RPCs and 22 Tier-3 verification primitives are now real
  • Not yet a bootable ISO — that is Rev.4

Rev.3 — Five Governed Planes

Spec complete
  • Explicit security posture — four profiles + FIPS_STRICT overlay, measured boot, SELinux MAC, STIG/NIST/CIS control map
  • Governed app capsules — bounded, rollbackable, evidenced; Windows apps via per-app Wine/Proton capsules
  • Kernel personality & portability — Linux gold path; BSD/RTOS/microVM/WASI/unikernel via signed KernelCapabilityMatrix
  • Driver & firmware capsules — drivers as high-risk capsules: solved, lab-tested, signed, canary-booted, rollbackable
  • Native AI control plane — three terminal modes LX / MIX / AI, typed-action fabric, EU AI Act technical controls

Rev.3 Closed Vocabulary

Locked
  • 644 typed evidence records (closed enum)
  • 34 constitutional invariants (24 + 10 new)
  • 13 plane sections S16-S28
  • 0 orphan records, 0 consumes cycles, 0 layer inversions

Rev.2 Contract Pack

Locked
  • 11 layers L0-L10 + XX cross-cutting
  • 52 contract-grade sub-specs
  • 24 constitutional invariants
  • 52,000+ specification lines
  • INV-002 enforced at 6 mechanical sites

Rev.2 Closed Vocabularies

Locked
  • 427 RecordTypes (S3.1 master enum)
  • 32 PropertyTypes (S2.4 verification)
  • Pinned IDs, additive evolution only
  • Reject-on-unknown across IDL surface

Rev.4 → Rev.10 — The Path to Ship

Planned
  • Rev.4 bootable ISO + installer — it boots
  • Rev.5 live cognition + local models — it thinks
  • Rev.6 daily-driver desktop — it is usable
  • Rev.7 fleet / cluster / cloud — it scales
  • Rev.8 certified hardening + compliance — it is trusted
  • Rev.9 ecosystem + marketplace; Rev.10 autonomous AI-OS
REVISION 3 SECTIONS

Thirteen plane sections, S16 through S28, each CONTRACT-grade and traceable. They group into five governed planes: security posture, governed app capsules, kernel portability, driver and firmware capsules, and the native AI control plane.

Section Plane Scope
S16 Security Hardening & Compliance Four posture profiles + FIPS_STRICT overlay, measured boot, SELinux MAC, STIG/NIST/CIS control map, SBOM/VEX, GDPR crypto-shred.
S17 App Capsule Runtime Every app a bounded capsule with rollback and evidence — install, run, and remove without leaking state.
S18 Kernel Personality & Portability Linux gold path; alternate kernels admitted only through a signed KernelCapabilityMatrix with canary boot.
S19 Driver & Firmware Capsule Plane Drivers as high-risk capsules: solved, lab-tested, signed, canary-booted, rollbackable — never a raw vendor script.
S20 Native AI Control Plane Terminal Three terminal modes LX / MIX / AI over a typed-action fabric. AI proposes, never executes.
S21 Package Rosetta — Universal App Lab Package-agnostic intake with shadow install and package passport across deb/rpm/flatpak/snap/appimage/nix/oci/source.
S22 Workstation / Gaming / Video Profile Windows apps and games via per-app Wine/Proton capsules; creator and gaming workloads as governed profiles.
S23 Mobile Renderer & Touch Shell Mobile and voice surfaces over the shared UI schema, same policy and evidence as the desktop.
S24 Container & Kubernetes-Native Plane Containers and Kubernetes workloads as first-class governed capsules under the same typed-action fabric.
S25 Fleet / Cluster Remote Execution Cluster and fleet operations with the same policy, approval, and append-only evidence as a single host.
S26 Backup / DR Capsule Mobility Backup, disaster recovery, and capsule mobility — recovery never depends on cognition being available.
S27 AI Evaluation & Model Governance AI evaluation harness and model governance; EU AI Act technical controls expressed as typed, evidenced gates.
S28 Constitutional Time Plane Time as a governed, evidenced dimension across the planes — append-only, tamper-evident temporal record.
IMPLEMENTATION WAVES

The Rev.2 core is implemented. Rev.3 lands in eight waves R3-W1..R3-W8 — security and boot before anything trusts the machine, then capsules, the AI terminal, drivers, kernels, and the higher planes — feeding the Rev.4+ shipping path above.

Wave Title Outcome
R3-W1 Security & measured boot Posture profiles, TPM + firmware dual chain, IMA/EVM, dm-verity, SELinux MAC plane land first (S16).
R3-W2 App capsules Bounded app capsules with rollback and evidence; capsule lifecycle and state isolation (S17).
R3-W3 Native AI terminal Three terminal modes LX / MIX / AI over the typed-action fabric. AI proposes, never executes (S20).
R3-W4 Driver & firmware plane Drivers as high-risk capsules — solved, lab-tested, signed, canary-booted, rollbackable (S19).
R3-W5 Kernel portability Signed KernelCapabilityMatrix, adaptive kernel forge, canary boot for alternate personalities (S18).
R3-W6 Package Rosetta Package-agnostic intake, shadow install, package passport, Wine/Proton capsules (S21, S22).
R3-W7 Form factors Mobile renderer, touch and voice shells over the shared UI schema (S23).
R3-W8 Cluster, DR, evaluation, time Containers/Kubernetes, fleet/cluster, backup/DR, AI evaluation, constitutional time (S24-S28).
DECISIONS LOCKED ACROSS REV.2 AND REV.3

Constitutional core, then platform

Rev.2 locks the constitutional Linux distro. Rev.3 builds a governed, AI-native OS platform on top of it — five planes, never a rewrite of the core.

Kernels are not equal

Linux is the gold path. BSD, RTOS, microVM, WASI, and unikernel are admitted through a signed KernelCapabilityMatrix, never by pretending all kernels behave the same.

Drivers are high-risk capsules

A driver is solved, lab-tested, signed, canary-booted, and rollbackable. The system never just runs the vendor install script as root.

Catalog-bound cognition

The Capability Translator is a compiler over known capability manifests, not a prompt-to-shell system.

Default-deny policy

The Policy Kernel uses hard denies, exact request approvals, simulation, and evidence-linked decisions.

Verification as grammar

Success is typed and checked through typed PropertyTypes such as service.active, package.installed, http.ok, and evidence.exists.

Package-agnostic intake

Package Rosetta does shadow install and issues a package passport across deb, rpm, flatpak, snap, appimage, nix, oci, and source.

INV-002 has six sites

AI proposes, never executes is mechanically enforced across six concrete code sites — never root, never self-approving, never mutating evidence.

Recovery without cognition

L1 boot and recovery never depend on L5 LLM availability. The machine recovers offline, then layers cognition on top.

CANONICAL CONTRACT FILES
  • 003.AI-OS.NET--SPECREV.3/00_MASTER_INDEX.md
  • 003.AI-OS.NET--SPECREV.3/04_invariants.md
  • 003.AI-OS.NET--SPECREV.3/S16_Security_Hardening_Compliance/00_overview.md
  • 003.AI-OS.NET--SPECREV.3/S17_App_Capsule_Runtime/00_overview.md
  • 003.AI-OS.NET--SPECREV.3/S18_Kernel_Personality_Portability/00_overview.md
  • 003.AI-OS.NET--SPECREV.3/S19_Driver_Firmware_Capsule_Plane/00_overview.md
  • 003.AI-OS.NET--SPECREV.3/S20_Native_AI_Control_Plane_Terminal/00_overview.md
  • 003.AI-OS.NET--SPECREV.3/S21_Package_Rosetta_Universal_App_Lab/00_overview.md
  • L0_Governance_Evidence_Safety/01_status_evidence_taxonomy.md
  • XX_Cross_Cutting/01_action_envelope_lifecycle.md
  • L5_Cognitive_Core/02_capability_translator.md
  • L2_AIOS_FS/01_object_model.md
  • L3_AIOS_SGR_Service_Graph_Runtime/03_capability_runtime_grpc.md
  • L4_Policy_Identity_Vault/01_policy_kernel.md
  • L4_Policy_Identity_Vault/02_vault_broker.md
  • L9_Observability_Admin_Operations/01_evidence_log.md
  • L9_Observability_Admin_Operations/02_verification_grammar.md
  • XX_Cross_Cutting/02_proxguard_reference_model.md
REFERENCE EXECUTION CONTRACT
User: "restart nginx and verify the site"

Cognitive Core:
  - routes through latency tier
  - translates intent through capability catalog
  - produces ActionEnvelope.request

Policy Kernel:
  - evaluates exact request hash
  - allow / approval / deny

Capability Runtime:
  - restarts nginx through adapter
  - applies sandbox profile
  - verifies service.active
  - appends evidence receipts
REFERENCE SYSTEM APP
ProxGuard:
  - installs as /aios/apps/proxguard
  - exposes proxguard.service.*, proxguard.dns.*, proxguard.gateway.*, proxguard.audit.*
  - keeps private app state
  - uses AIOS Vault Broker for provider credentials
  - asks L8 before public exposure
  - emits AIOS evidence receipts
  - never bypasses AIOS policy
DEFERRED BY DESIGN

A new kernel from scratch.

A full RTOS replacement for the desktop.

Certification claims without a real assessment — no "STIG certified", no "FIPS validated", no "EU AI Act compliant".

Pretending every kernel personality is equivalent to the Linux gold path.

AI modifying low-level infrastructure without evidence and rollback.

A separate web admin panel that diverges from KDE state.

Open-vocabulary fields in the IDL — every typed surface stays closed-enum.