Framework design upload

2026-02-08 07:53:24 -06:00
commit a59d4b6515
32 changed files with 430 additions and 0 deletions
--- a/freebsd/README.md
+++ b/freebsd/README.md
@@ -0,0 +1,3 @@
+# FreeBSD mapping
+
+See `mapping.md`.
--- a/freebsd/mapping.md
+++ b/freebsd/mapping.md
@@ -0,0 +1,18 @@
+# FreeBSD mapping notes (draft)
+
+## Isolation domains
+- Use **jails** to isolate tools/workers.
+- Map `domain_id` to a jail instance.
+
+## Capabilities
+- Use **Capsicum** to restrict tool runners.
+- Capabilities are represented as scoped grants in the cognitive kernel and realized via Capsicum + pre-opened descriptors.
+
+## Eventing
+- Use **kqueue** for event-driven IO in the cognitive runtime.
+- Provenance logs are append-only files (optionally per-domain datasets on ZFS).
+
+## Resource control
+- rctl, login classes, cpuset can enforce limits.
+- Budgeting logic lives in the cognitive runtime; enforcement uses kernel primitives.
+
--- a/freebsd/prototypes/.DS_Store
+++ b/freebsd/prototypes/.DS_Store
--- a/freebsd/prototypes/capsicum-tools/.keep
+++ b/freebsd/prototypes/capsicum-tools/.keep
--- a/freebsd/prototypes/event-bus/.keep
+++ b/freebsd/prototypes/event-bus/.keep
--- a/freebsd/prototypes/jail-domain/.keep
+++ b/freebsd/prototypes/jail-domain/.keep