Kernel Phases (K0-K6)

Complete overview of the six kernel development phases, their status, components, test counts, and dependency graph.

WeftOS is built in incremental phases (K0 through K6). Each phase adds a layer of OS capability to the kernel. K0 through K2b are complete with 373+ passing tests. K3 through K6 have types and traits implemented with Phase 1 logic complete.

Phase Summary

Phase	Name	Status	Tests	Key Deliverables
K0	Foundation	Complete	45+	Boot state machine, event logging, config, errors
K1	Process and Supervision	Complete	80+	PID allocation, process table, supervisor, RBAC
K2	IPC and Communication	Complete	130+	Message envelopes, A2A routing, pub/sub, cron, health, services
K2b	Hardening	Complete	30+	Chain-logged lifecycle, signal handling, DashMap fixes
ExoChain	Cryptographic Audit	Complete	60+	Hash chain, resource tree, gate backends
K3	WASM Sandbox	Complete	--	Wasmtime runner, fuel metering, 27-tool catalog
K3c	ECC Cognitive Substrate	Complete	83	Causal DAG, cognitive tick, HNSW, impulse queue
K4	Containers	Complete	--	Container lifecycle, config, health propagation
K5	App Framework	Complete	--	Manifest parsing, app lifecycle, agent spawning
K6	Mesh Networking	Phase 1 Complete	133	Transport traits, discovery, cross-node IPC, replication

Total test count: 560+ (479 baseline + 83 ECC).

K0: Kernel Foundation

Status: COMPLETE (45+ tests)

Establishes the kernel lifecycle with a boot state machine and structured event logging.

Component	File	Tests	Description
Kernel boot state machine	`boot.rs`	14	`Booting -> Running -> Halted` lifecycle
Boot event logging	`console.rs`	12	`BootEvent`, `BootPhase`, `KernelEventLog`
Configuration extension	`config.rs`	8	`KernelConfigExt` trait for config access
Error types	`error.rs`	11	`KernelError` enum + `Display` implementations

K0 wraps AppContext<P> in a Kernel<P: Platform> struct with structured startup and shutdown. The KernelState enum (Booting, Running, ShuttingDown, Halted) manages the lifecycle state machine.

K1: Process and Supervision

Status: COMPLETE (80+ tests)

Introduces PID-based agent tracking, lifecycle supervision, and the capability-based security model.

Component	File	Tests	Description
Process table	`process.rs`	22	PID allocation, `ProcessState` state machine
Agent supervisor	`supervisor.rs`	35	Spawn/stop/restart with resource limits
Capability model	`capability.rs`	24	RBAC, `IpcScope`, `SandboxPolicy`, `ResourceLimits`

The process table uses DashMap<Pid, ProcessEntry> for lock-free concurrent access. Each process tracks state (Starting, Running, Suspended, Stopping, Exited), capabilities, and resource usage.

K2: IPC and Communication

Status: COMPLETE (130+ tests)

Adds typed inter-process communication with message envelopes, agent-to-agent routing, pub/sub topics, and system services.

Component	File	Tests	Description
Kernel IPC	`ipc.rs`	18	`KernelMessage` envelopes, `MessageTarget`, `MessagePayload`
A2A routing	`a2a.rs`	28	Per-agent inboxes with capability checks
Topic pub/sub	`topic.rs`	14	`TopicRouter` with subscriptions
Agent work loop	`agent_loop.rs`	22	Command processing, gate integration
Cron scheduler	`cron.rs`	12	Job registration, tick handling
Health system	`health.rs`	10	Aggregated health checks
Service registry	`service.rs`	16	Named lifecycle management

K2 establishes the internal API surface. The A2ARouter manages per-agent inboxes using DashMap, with capability-based access control on every send.

K2b: Hardening

Status: COMPLETE (30+ tests)

Hardens K0-K2 with chain-logged lifecycle events, signal handling, and concurrency fixes.

Component	Area	Tests	Description
Chain-logged lifecycle	`agent_loop.rs`	8	`ipc.recv`, `ipc.ack`, `agent.spawn` events
Signal-based stop/restart	`daemon.rs`	4	SIGTERM/SIGHUP handlers
CLI display	`commands/`	6	`agent inspect`, `chain detail` output
DashMap deadlock fix	`a2a.rs`	3	Concurrent access safety
GovernanceGate	`gate.rs`	7	Governance-to-GateBackend adapter
Gate wiring	`daemon.rs`	2	GovernanceGate replaces None

K2.1: Symposium Changes

Status: PENDING

Breaking changes and quick wins from the K2 Symposium (22 decisions, 10 approved changes):

Decision	Change	Description
D3	C1	`SpawnBackend` enum added to `SpawnRequest`
D11	C6	Post-quantum dual signing (Ed25519 + ML-DSA-65)
D14	C8	`SpawnBackend::Tee` variant (returns `BackendNotAvailable`)
D1	--	`ServiceEntry` as first-class registry concept
D19	--	Breaking IPC changes: `MessageTarget::Service(name)` routing

ExoChain Subsystem

Status: COMPLETE (60+ tests)

Provides an append-only hash-linked event log with SHAKE-256 integrity, Ed25519 signing, and a resource tree facade.

Component	File	Tests	Description
Hash chain manager	`chain.rs`	28	SHAKE-256, Ed25519, witness chains
Resource tree facade	`tree_manager.rs`	18	Atomic tree+chain+mutation ops
Gate backends	`gate.rs`	14	`CapabilityGate`, `GovernanceGate`

K3: WASM Sandbox

Status: COMPLETE (types, Wasmtime runner, fuel metering, sandbox tests pass)

File: wasm_runner.rs (~1,639 lines)

Key deliverables:

27-tool catalog with builtin_tool_catalog()
WasmToolRunner with fuel metering, memory limits, timeout config
WasmSandboxConfig with configurable limits
Tool lifecycle: Build -> Deploy -> Execute -> Version -> Revoke
ExoChain audit logging for all lifecycle events

K3 Symposium scorecard: 8.1/10 overall, rated "Ready for K4".

K3c: ECC Cognitive Substrate

Status: COMPLETE (83 tests)

Adds the Ephemeral Causal Cognition (ECC) substrate behind the ecc feature flag.

Component	File	Tests	Description
Causal DAG	`causal.rs`	22	Typed/weighted edges, BFS traversal
Cognitive tick	`cognitive_tick.rs`	20	Adaptive interval, drift detection
Cross-references	`crossref.rs`	12	UniversalNodeId (BLAKE3), bidirectional store
Calibration	`calibration.rs`	10	Boot-time benchmarking, p50/p95
HNSW service	`hnsw_service.rs`	11	Thread-safe HnswStore wrapper
Impulse queue	`impulse.rs`	8	HLC-sorted ephemeral causal events

See ECC for the full deep dive.

K4: Containers

Status: COMPLETE (config validation, lifecycle management, health propagation)

File: container.rs (~600 lines)

Key components:

ContainerManager with start/stop/health lifecycle
ContainerConfig with image, ports, volumes, env, restart policy
ContainerState state machine: Created -> Running -> Stopped -> Failed
Health check integration with HealthSystem

K5: App Framework

Status: COMPLETE (manifest parsing, install/start/stop lifecycle, agent spawning)

File: app.rs (~980 lines)

Key components:

AppManager with install/start/stop/uninstall methods
AppManifest parsed from weftapp.toml
AgentSpec, ServiceSpec, ToolSpec for component definitions
AppState machine: Installed -> Starting -> Running -> Stopping -> Stopped -> Failed

K6: Mesh Networking

Status: Phase 1 COMPLETE (types, traits, TCP/WS transport, 136 tests)

3,543 lines across 14 new files implementing all types, traits, protocol messages, and in-process logic. See Mesh Networking for the full deep dive.

Phase Dependency Graph

K0 (Foundation)
 |
 v
K1 (Process + Supervision)
 |
 v
K2 (IPC + Communication) -----> ExoChain (chain, tree, gate)
 |                                    |
 v                                    v
K2b (Hardening) <----- chain logging integration
 |
 v
K3 (WASM Sandbox) + K3c (ECC)
 |
 v
K4 (Containers)
 |
 v
K5 (App Framework + Clustering)
 |
 v
K6 (Mesh Networking + Replication)

Integration Checklist

Every new K-phase must satisfy these requirements:

Chain logging for all state changes
Tree registration in standard namespace
Gate check before privileged operations
Tests with chain verification
CLI commands in clawft-weave
Feature flag if external dependency
Documentation in docs/weftos/

Implementation Priority

Ordering per K2 Symposium decision D21: K3 -> K4 -> K5 -> K6, with iteration. K3-K6 are a development cycle, not a strict waterfall.

Priority	Phase	Estimated Effort	Key Dependency
1	K3 WASM sandbox + ServiceApi	~25h	wasmtime crate
2	K4 Containers + ChainAnchor	~20h	Docker/Podman on host
3	K5 App framework + Clustering	~35h	K3/K4 complete
4	K6 Deep Networking + Replication	~40h	SPARC spec, transport design

Kernel Phases (K0-K6)

On this page