v1.0 · 2027 Q4github →

One ISO. Two install profiles. Six layers.

The kernel is a hard fork of Linux 6.12 LTS. Five existing subsystems get capability-aware modifications; three new subsystems get added. The userspace replaces systemd with coconutd. The shell is a Wayland compositor in Rust.

§ 02.1 — the stack

Hover any layer. The kernel layer is where the work is.

hover · focus · or tap a row · L0 + L1 are where Coconut OS does its work · L2 already ships

§ 02.2 — the agent syscall surface

Eight new syscalls — the full agent API.

agent_spawn

(manifest, cap_set) → aid

agent_attest

(aid) → attestation_chain

agent_quota

(aid, kind, budget) → 0 | -E…

agent_cap_grant

(aid, cap) → 0 | -E…

agent_cap_revoke

(aid, cap) → 0 | -E…

agent_cap_present

(aid, cap) → 0 | -E…

agent_audit_query

(filter) → audit_chain_segment

agent_memory_tier

(aid, tier, request) → addr | -E…

full signatures · error code matrices · ABI commitments land with the LLD drop · syscall range is reserved through LKML at Sprint 1

§ 02.3 — the agent state machine

Eight first-class kernel states. Process abstraction can't carry these.

happy pathcap-deny branchexit

eight first-class kernel states · canonical transitions shown · the full edge graph + transition guards land with the LLD drop

A process abstraction cannot express "the agent is alive but its capability set just got revoked". Coconut OS makes these states first-class kernel state, visible via agent_audit_query and renderable in Coconut Center.

held back

Transition guards, allowed predecessors per state, and the exact AID-to-PID mapping rule are pinned in the LLD. Public preview shows the state set; full edge semantics drop with the LLD.

← prev · spec § 01

The thesis

The unit of compute is no longer the Unix process. The OS substrate has to be rebuilt around…

next · spec § 03 →

Capabilities, audit chain, attestation

DAC reduced to a compatibility layer. The capability bundle is the primary access-control ob…