Rebrand AresOS to ClanOS and update related documentation

.cursor/plans/aresos_build_151_350.plan.md → .cursor/plans/clanos_build_151_350.plan.md

@@ -1,31 +1,31 @@
 ---
-name: AresOS Build 151-350
+name: Clan OS Build 151-350
 status: active
 overview: "Post-150 roadmap through milestone 350 (1.0 release). Epochs 7–14; stub graduation then hardware, federation, formal model, release."
 todos:
   - id: epoch7-planning
     content: "Epoch 7 planning: ROADMAP_151_350, gaps 346-350, checklists, reopen wontfix"
     status: completed
   - id: epoch7-stub-grad
-    content: "Epoch 7 phases 151-175: loom, OOM, audit/build, Kani CI"
+    content: "Epoch 7 scopes 151-175: loom, OOM, audit/build, Kani CI"
     status: completed
   - id: epoch8-m200
-    content: "Epoch 8 phases 176-200: SCHEDULING_UNIFIED, meta-semantics, M200 gate"
+    content: "Epoch 8 scopes 176-200: SCHEDULING_UNIFIED, meta-semantics, M200 gate"
     status: completed
   - id: epoch9-10-m250
-    content: "Epochs 9-10 phases 201-250: SDK, hardware, M250 gate"
+    content: "Epochs 9-10 scopes 201-250: SDK, hardware, M250 gate"
     status: completed
   - id: epoch11-12-m300
-    content: "Epochs 11-12 phases 251-300: drivers, federation, M300 gate"
+    content: "Epochs 11-12 scopes 251-300: drivers, federation, M300 gate"
     status: completed
   - id: epoch13-14-m350
-    content: "Epochs 13-14 phases 301-350: checkpoint, Tier D, 1.0 release"
+    content: "Epochs 13-14 scopes 301-350: checkpoint, Tier D, 1.0 release"
     status: completed
 isProject: false
 ---
 
-# AresOS: Phases 151–350 (Post-150)
+# Clan OS: Scopes 151–350 (Post-150)
 
-Living successor to archived `aresos_full_os_build_b960e4a0.plan.md`. Authority: [ROADMAP_151_350.md](../../docs/ROADMAP_151_350.md) + [gap_registry.toml](../../gap_registry.toml).
+Living successor to archived `clanos_full_os_build_b960e4a0.plan.md`. Authority: [ROADMAP_151_350.md](../../docs/ROADMAP_151_350.md) + [gap_registry.toml](../../gap_registry.toml).
 
-See attached plan_through_phase_350 for full epoch band detail.
+See attached plan_through_scope_350 for full epoch band detail.

.cursor/rules/aresos-principal-engineer.mdc → .cursor/rules/clanos-principal-engineer.mdc

@@ -1,17 +1,17 @@
 ---
-description: AresOS Principal Engineer — architecture, security, and phase discipline for all development tasks
+description: Clan OS Principal Engineer — architecture, security, and scope discipline for all development tasks
 alwaysApply: true
 ---
 
-# AresOS Principal Engineer System Prompt
+# Clan OS Principal Engineer System Prompt
 
-You are the principal engineer of AresOS, a capability-secured hybrid microkernel OS written in Rust. You combine OS architecture, Rust systems programming, security research, and verification discipline. You do not write toy code, skip planning, or ship stubs without `// STUB(phase-NNN):` annotations tied to `epoch_checklist.toml`.
+You are the principal engineer of Clan OS, a capability-secured hybrid microkernel OS written in Rust. You combine OS architecture, Rust systems programming, security research, and verification discipline. You do not write toy code, skip planning, or ship stubs without `// STUB(scope-NNN):` annotations tied to `epoch_checklist.toml`.
 
 ## Session start (every task)
 
 1. Read `STATUS.md` and `docs/VALIDATION_GATES.md` — runtime validation uses **boot gate** (`boot_gate.rs`) + **system gate** (`system_gate.rs`).
 2. Read architecture docs per **precedence** (below); doc migration epoch is in progress — flat `docs/*.md` remain authoritative until migrated or marked `superseded-by`.
-3. Read `epoch_checklist.toml` or historical `docs/phase-*-checklist.md` for scope context only.
+3. Read `epoch_checklist.toml` or historical `docs/scope-*-checklist.md` for scope context only.
 4. Confirm no open `CROSS-REF: — TBD` stubs in docs you will edit.
 5. Check `docs/THREAT_NODES.toml` (canonical) before security-adjacent code.
 
@@ -20,12 +20,11 @@ You are the principal engineer of AresOS, a capability-secured hybrid microkerne
 1. **`docs/architecture/`** is canonical when a document exists there.
 2. Flat **`docs/*.md`** is authoritative for any doc **not yet migrated** (no `docs/architecture/` equivalent).
 3. Flat docs with `status: superseded-by: docs/architecture/…` — read the **architecture** copy first; use the flat copy only for content not yet reconciled in migration squash.
-4. **Conflicts:** if flat and `docs/architecture/` disagree, **flag explicitly** — do not silently pick one. Resolution belongs in the doc migration epoch squash commit, not a phase implementation commit.
+4. **Conflicts:** if flat and `docs/architecture/` disagree, **flag explicitly** — do not silently pick one. Resolution belongs in the doc migration epoch squash commit, not a scope implementation commit.
 
 ## Explicitly deferred (do not propose or partially implement)
 
 - **Workspace restructure** (`kernel/src/` brokers → `servers/` crates): deferred to a dedicated epoch with pre-epoch planning commit and transition integration suite. Trigger: driver/broker crash crosses isolation boundary.
-- **`ares-rt` `no_std` fix** (`DECISION_LOG.md` `ares-rt-001`, `architecture_state.toml` `has_no_std_enforcement = false`): tracked debt; fix requires dedicated phase commit + full Kani re-run. **Not during doc migration epoch.**
 
 ## Session end
 
@@ -43,7 +42,7 @@ Run `scripts/project_health.py`, verify `STATUS.md` is current, confirm no new `
 
 ## Non-negotiable obligations
 
-1. **Read before writing** — architecture doc, ADR (`docs/architecture/ADR/`), phase checklist.
+1. **Read before writing** — architecture doc, ADR (`docs/architecture/ADR/`), scope checklist.
 2. **ADR before tradeoffs** — `docs/architecture/ADR/ADR-NNNN-title.md` with Context, Decision, Alternatives, Consequences, Security Implications, Verification Approach.
 3. **Threat model before security code** — `docs/THREAT_NODES.toml`; create nodes for new attack surfaces.
 4. **Tests first for security** — Kani/proptest before capability/IPC/memory implementation.
@@ -62,7 +61,7 @@ Run `scripts/project_health.py`, verify `STATUS.md` is current, confirm no new `
 
 ## Code standards
 
-- `#![no_std]` in kernel and ares-rt; `#![deny(unsafe_code)]` elsewhere unless `docs/UNSAFE_AUDIT.md` lists the crate.
+- `#![no_std]` in kernel, userland runtime (`clan-rt`), and **Mendo** binary (`userland/mendo/`); `#![deny(unsafe_code)]` elsewhere unless `docs/UNSAFE_AUDIT.md` lists the crate.
 - Every `unsafe` needs `// SAFETY:` + arch cross-ref + `// SAFETY-REVIEWED-BY: domain`.
 - No `unwrap()`/`expect()` in kernel without `// PANIC-OK:` or `#[cfg(test)]`.
 - Errors map to `docs/ERROR_TAXONOMY.md` classes; no oracle fields (`cap_id`, `generation`) to unprivileged callers.
@@ -78,6 +77,7 @@ Run `scripts/project_health.py`, verify `STATUS.md` is current, confirm no new `
 | `config/CAP_REGISTRY.toml` | `docs/CAP_REGISTRY.toml` |
 | `DECISION_LOG.md` | root + `docs/DECISION_LOG.md` |
 | `CHARTER.md` | `CHARTER.md` (root) |
+| Mendo | `userland/mendo/` |
 
 ## Response format (development tasks)
 

CHARTER.md

@@ -1,11 +1,11 @@
-# AresOS Project Charter
+# Clan OS Project Charter
 
 ```yaml
 status: authoritative
 semantics_version: 1.0.0
 ```
 
-This document defines **charter-level** authority for AresOS governance. Process rules in epoch checklists, phase checklists, and `EPOCH_FAILURE_PROCEDURE.md` are subordinate to this charter unless explicitly elevated here.
+This document defines **charter-level** authority for Clan OS governance. Process rules in epoch checklists, scope checklists, and `EPOCH_FAILURE_PROCEDURE.md` are subordinate to this charter unless explicitly elevated here.
 
 Referenced by: scope-freeze exceptions, Verus N+2 escalation, emergency dependency bumps, C-ABI FFI gates, compound epoch failures, dissent override, emergency stabilization.
 
@@ -44,8 +44,8 @@ Sign-offs are recorded in `epoch_signoffs/epoch-N.toml` per `epoch_signoffs/sche
 | Level | Examples | Change mechanism |
 |-------|----------|------------------|
 | **Charter** | This document, scope-freeze exceptions, emergency stabilization, Verus N+2 acceptance, C-ABI FFI approval | Quorum + GPG-signed gate commit |
-| **Process** | Phase checklist fields, benchmark thresholds, reviewer currency cadence, compat review checklist | Epoch gate or additive doc semver |
-| **Implementation** | Phase commits, syscall behavior, driver code | Phase owner commit + pyramid gates |
+| **Process** | Scope checklist fields, benchmark thresholds, reviewer currency cadence, compat review checklist | Epoch gate or additive doc semver |
+| **Implementation** | Scope commits, syscall behavior, driver code | Scope owner commit + pyramid gates |
 
 When a process rule says "charter approval," it means quorum per this document.
 
@@ -95,7 +95,7 @@ This is an operational allowance, not a permanent reduction in review rigor.
 
 ## Emergency stabilization procedure
 
-Interfaces on the **never-stabilize before 1.0** list (`DESIGN_NORTH_STAR.md`) cannot receive stability guarantees during phases 121–150.
+Interfaces on the **never-stabilize before 1.0** list (`DESIGN_NORTH_STAR.md`) cannot receive stability guarantees during scopes 121–150.
 
 If an **external dependency or integration partner** requires a stability commitment on such an interface before milestone 1.0:
 

CONTRIBUTING.md

@@ -1,4 +1,4 @@
-# Contributing to AresOS
+# Contributing to Clan OS
 
 ## Epoch 0 process
 
@@ -7,10 +7,10 @@
 3. Unanimous 3/3 domain sign-offs in `epoch_signoffs/epoch-0.toml`
 4. GPG-signed gate commit per `SECURITY.md`
 
-## Phase commits
+## Scope commits
 
-- One commit per implementation phase: `feat(phase-NNN): ...`
-- Phase owner only commits their phase (`phase_checklist_schema.toml`)
+- One commit per implementation scope: `feat(scope-NNN): ...`
+- Scope owner only commits their scope (`scope_checklist_schema.toml`)
 
 ## Cross-references
 

Cargo.toml

@@ -1,5 +1,5 @@
 [workspace]
-members = ["kernel", "userland"]
+members = ["kernel", "userland", "userland/mendo", "userland/ring3-io-demo", "userland/hello-alloc", "userland/sig-demo"]
 exclude = ["proof-rights"]
 resolver = "2"
 

DECISION_LOG.md

@@ -1,12 +1,12 @@
-# AresOS Architecture Decision Log
+# Clan OS Architecture Decision Log
 
 ```yaml
 status: authoritative
 version: 0.1.0
 epoch: 0
 ```
 
-Top-level architectural decisions resolved at project inception. Phase- and epoch-specific gated decisions are recorded in [`docs/DECISION_LOG.md`](docs/DECISION_LOG.md).
+Top-level architectural decisions resolved at project inception. Scope- and epoch-specific gated decisions are recorded in [`docs/DECISION_LOG.md`](docs/DECISION_LOG.md).
 
 ---
 
@@ -38,7 +38,7 @@ Top-level architectural decisions resolved at project inception. Phase- and epoc
 
 **Consequences:** `docs/SCHEDULER_MODEL.md`; partition capabilities for real-time and AI workload classes.
 
-**Verification:** R-revoke-blocked Kani state machine; loom tests for SMP ordering (phases 141–142).
+**Verification:** R-revoke-blocked Kani state machine; loom tests for SMP ordering (scopes 141–142).
 
 **Reference:** `docs/DECISION_LOG.md` entry `scheduler_priority_inversion`.
 
@@ -112,17 +112,17 @@ Top-level architectural decisions resolved at project inception. Phase- and epoc
 
 **Status:** open  
 **Context:** `#![deny(clippy::all)]` not enabled on kernel crate. Clippy on a 1700+ line kernel without per-lint review would obscure Track 1 doc commits.  
-**Reopen trigger:** first implementation phase commit after Track 1 squash gate.  
-**Resolution:** Dedicated phase commit with clippy allowlist reviewed per-lint; full Kani re-run.
+**Reopen trigger:** first implementation scope commit after Track 1 squash gate.  
+**Resolution:** Dedicated scope commit with clippy allowlist reviewed per-lint; full Kani re-run.
 
 ---
 
-### ares-rt-001 — ares-rt `no_std` enforcement pending
+### clan-rt-001 — clan-rt `no_std` enforcement pending
 
-**Status:** resolved (phase 401)
-**Context:** Workspace `cargo check` fails on the host target because `ares-rt` (`userland/`) does not declare `#![no_std]`. The crate is built for `x86_64-unknown-none` in the OS context; `cargo check -p kernel` passes. This is documentation and build-matrix debt, not a kernel soundness issue.
+**Status:** resolved (scope 401)
+**Context:** Workspace `cargo check` fails on the host target because `clan-rt` (`userland/`) does not declare `#![no_std]`. The crate is built for `x86_64-unknown-none` in the OS context; `cargo check -p kernel` passes. This is documentation and build-matrix debt, not a kernel soundness issue.
 **Reopen trigger:** `architecture_state.toml` → `has_no_std_enforcement = false` (CI-readable; must flip to `true` only after enforcement lands).
-**Resolution:** `#![no_std]` added to `ares-rt` lib; `scripts/gate/ares_rt.py` in validation matrix; `has_no_std_enforcement = true`.
+**Resolution:** `#![no_std]` added to `clan-rt` lib; `scripts/gate/clan_rt.py` in validation matrix; `has_no_std_enforcement = true`.
 
 ---
 

GLOSSARY.toml

@@ -26,4 +26,4 @@ definition = "Kernel code paths whose compromise breaks security goals"
 [[terms]]
 id = "compat-internal"
 term = "compat-internal bridge"
-definition = "Interim IPC path 122-133; CI counter must reach zero at phase 134"
+definition = "Interim IPC path 122-133; CI counter must reach zero at scope 134"