# SOKR โ Development TODO
> Sovereign Open Kernel Runtime โ Core Only
> Last Updated: 2026-04-20
> Legend: ๐ด Critical path ยท ๐ก Important ยท ๐ข Nice-to-have
---
## Vision
A sovereign compute runtime where the algorithm is the permanent asset
and the substrate is a runtime decision โ for hardware that exists today
and hardware that does not yet exist.
**This repo is the core only.** Plugin development lives at
[sokr-rs/sokr-plugins](https://github.com/sokr-rs/sokr-plugins).
---
## Phase 0 โ Foundation `v0.1.x`
> Claim the name. Establish the philosophy. No runnable code yet.
> **Current phase.**
### 0.1 Identity
- [x] ๐ด Name locked: **SOKR โ Sovereign Open Kernel Runtime**
- [x] ๐ด License decided: **MIT OR Apache-2.0**
- [x] ๐ด Copyright holder: **The SOKR Project**
- [x] ๐ด Crate reserved on crates.io (`v0.1.0`)
- [x] ๐ด GitHub org claimed: `sokr-rs`
- [x] ๐ด GitHub repo made public: `sokr-rs/sokr`
- [x] ๐ด CONTRIBUTING.md complete
- [x] ๐ด Repo restructure: flatten from workspace to single crate
- [x] Move `crates/sokr-core/src/` โ `src/`
- [x] Move `crates/sokr-core/Cargo.toml` โ root `Cargo.toml`, rename to `sokr`
- [x] Move `crates/sokr-core/cbindgen.toml` โ root `cbindgen.toml`
- [x] Remove `crates/sokr-cpu/`, `crates/sokr-dispatch-first/` โ move to `sokr-plugins` repo
- [x] Remove workspace `[workspace]` section from root `Cargo.toml`
- [x] Verify `cargo check` passes on flattened structure
- [x] Verify `cargo test` passes on flattened structure
- [x] Update CI workflow โ remove `--workspace` flags
- [x] Publish `sokr` v0.1.1 from new structure
### 0.2 Design Documents
- [x] ๐ด Core philosophy documented
- [x] ๐ด Three-function interface defined: Capability, Dispatch, Completion
- [x] ๐ด Plugin categories defined: IR, Substrate, Language Binding, Dispatch Policy
- [x] ๐ด IR hybrid strategy documented
- [x] ๐ด Architecture layering documented
- [x] ๐ด C ABI surface specification complete
- [x] ๐ด Version handshake protocol complete
- [ ] ๐ก Plugin interface RFC โ open for community comment before v0.2.0 freeze
- [x] Write RFC document in `docs/rfc/0001-plugin-interface.md`
- [x] Open GitHub Discussion: https://github.com/sokr-rs/sokr/discussions/2
- [x] Set comment period: minimum 4 weeks (closes 2026-05-14)
- [ ] Incorporate feedback or document rationale for rejection
### 0.3 Tooling
- [x] ๐ด GitHub Actions CI โ check, test, clippy, fmt, audit, no_std
- [x] ๐ด `.github/ISSUE_TEMPLATE/` โ bug, feature, plugin proposal
- [x] ๐ก `deny.toml` โ license and dependency policy
- [x] ๐ก Dependabot โ weekly cargo and github-actions updates
---
## Phase 1 โ Core Skeleton `v0.2.0`
> The immutable core exists. ABI is complete. Version handshake works.
### 1.1 Repo Restructure
- [ ] ๐ด Complete single-crate flatten (see 0.1 Repo restructure above)
- [ ] ๐ด Verify `sokr-plugins` repo exists and `sokr-cpu` moved there
- [ ] ๐ด Update all internal references from `sokr-core` โ `sokr`
### 1.2 Core ABI (`src/`)
- [x] ๐ด `src/types.rs` โ all C ABI struct and enum definitions
- [x] ๐ด `src/registry.rs` โ plugin registry, no heap allocation
- [x] ๐ด `src/ffi.rs` โ `#[no_mangle] extern "C"` function stubs
- [x] ๐ด `SokrVersion` โ `CURRENT` constant + `check_compatible()`
- [x] ๐ด `SokrResult` โ 10 variants + `is_ok()` / `is_err()`
- [x] ๐ด All query/request/response/signal structs defined
- [x] ๐ด `SokrSubstratePlugin` vtable defined
- [ ] ๐ด Implement `sokr_capability()` โ route to registered substrate
- [ ] Route to registered substrate plugin matching `substrate_id`
- [ ] Return `CapabilityDenied` if no matching substrate registered
- [ ] Unit test: routes to correct plugin
- [ ] Unit test: unknown substrate returns `CapabilityDenied`
- [ ] ๐ด Implement `sokr_dispatch()` โ route to substrate and dispatch
- [ ] Validate all dispatch request fields before routing
- [ ] Route to substrate plugin
- [ ] Return `completion_token` on success
- [ ] Unit test: dispatch to registered plugin succeeds
- [ ] Unit test: dispatch to unregistered plugin fails explicitly
- [ ] ๐ด Implement `sokr_completion()` โ poll completion token
- [ ] Look up completion token in active dispatch table
- [ ] Return `Pending`, `Complete`, or `Failed`
- [ ] Unit test: completion after dispatch returns `Complete`
- [ ] Unit test: unknown token returns `Failed`
- [ ] ๐ด `cbindgen` header generation
- [ ] Add `cargo xtask generate-headers` command
- [ ] Verify `sokr.h` compiles cleanly with `gcc -Wall -Wextra`
- [ ] Verify `sokr.h` compiles cleanly with `clang -Wall -Wextra`
- [ ] Commit generated `include/sokr.h` to repo
### 1.3 Plugin Registry
- [ ] ๐ด `sokr_register_substrate()` โ register plugin with version check
- [ ] Validate plugin version compatibility on registration
- [ ] Assign unique `substrate_id` to each registered plugin
- [ ] Store in fixed-size static array โ no heap allocation
- [ ] Unit test: register one plugin succeeds, returns assigned id
- [ ] Unit test: register beyond capacity returns `RegistryFull`
- [ ] Unit test: register incompatible version returns `VersionMismatch`
- [ ] Unit test: register with null pointer returns `InvalidInput`
- [ ] ๐ด `sokr_deregister_substrate()` โ deregister and call destroy_fn
- [ ] Call plugin's `destroy_fn` before removal
- [ ] Mark slot as available for reuse
- [ ] Unit test: deregister existing plugin succeeds
- [ ] Unit test: deregister unknown id returns `NotFound`
- [ ] Unit test: deregister then re-register in same slot works
- [ ] ๐ก `sokr_list_substrates()` โ introspection
- [ ] Unit test: list returns all registered substrate IDs
### 1.4 Tests
- [ ] ๐ด Unit tests for version handshake
- [ ] `test_version_compatible_exact`
- [ ] `test_version_compatible_minor_older_plugin`
- [ ] `test_version_incompatible_major_higher`
- [ ] `test_version_incompatible_major_lower`
- [ ] `test_version_patch_irrelevant`
- [ ] ๐ด Unit tests for plugin registration
- [ ] `test_register_valid_plugin`
- [ ] `test_register_null_vtable`
- [ ] `test_register_incompatible_version`
- [ ] `test_register_at_capacity`
- [ ] `test_deregister_valid`
- [ ] `test_deregister_invalid_id`
- [ ] `test_register_after_deregister`
- [ ] ๐ก Miri run โ undefined behaviour check on ABI types
- [ ] `cargo miri test` passes clean
- [ ] Add Miri job to CI โ nightly only, allowed to fail
### 1.5 `no_std` Enforcement
- [x] ๐ด `#![cfg_attr(not(test), no_std)]` in `src/lib.rs`
- [ ] ๐ด CI job: build with `--target thumbv7m-none-eabi`
- [ ] Passes clean with no `std` leaking through
---
## Phase 2 โ ABI Stable `v0.3.0`
> Core ABI frozen. `sokr.h` generated and committed.
> Integration tested against `sokr-plugins` reference implementations.
- [ ] ๐ด Integration test against `sokr-cpu` from `sokr-plugins`
- [ ] Register โ Capability โ Dispatch โ Completion round-trip
- [ ] Passes against CPU substrate as external dependency
- [ ] ๐ด `sokr.h` C header finalised and committed to `include/`
- [ ] ๐ก C example in `examples/c/hello_compute.c`
- [ ] ๐ก C++ RAII wrapper in `include/sokr.hpp`
- [ ] ๐ก Benchmark: core dispatch overhead < 5% vs raw vtable call
---
## Phase 3 โ Formal Verification Roadmap `v1.x`
> Sovereignty claim backed by proof, not just philosophy.
- [ ] ๐ข Survey seL4 capability model for applicable formal methods
- [ ] ๐ข Specify version handshake protocol in TLA+ or Alloy
- [ ] ๐ข Verify ABI memory safety invariants with Miri and KLEE
- [ ] ๐ข Publish formal specification as `docs/formal-spec.md`
---
## SemVer Policy
| `0.1.x` | Foundation. ABI defined, no routing yet. |
| `0.2.x` | Core ABI complete. Registry + routing implemented. |
| `0.3.x` | ABI frozen. Integrated with sokr-plugins. |
| `1.0.0` | Core ABI stable. Formal spec published. |
| `1.x.x` | Backwards compatible additions only. |
| `2.0.0` | Core ABI breaking change. RFC required. |
---
## Contribution Policy
- All contributions require DCO sign-off (`Signed-off-by:` in commit)
- Core ABI changes require RFC and 4-week community comment period
- Plugin contributions โ submit to `sokr-rs/sokr-plugins` instead
- Copyright assigned to **The SOKR Project**
- License: **MIT OR Apache-2.0** โ no exceptions
---
*Copyright 2026 The SOKR Project โ MIT OR Apache-2.0*