{"id":51307568,"url":"https://github.com/chasebryan/-wuci-ji","last_synced_at":"2026-07-01T01:00:43.833Z","repository":{"id":366075096,"uuid":"1274975127","full_name":"chasebryan/-wuci-ji","owner":"chasebryan","description":"无此机(Wuci-ji); x86_64 assembly research into machine code, execution boundaries, syscalls, memory, and precise low-level control.","archived":false,"fork":false,"pushed_at":"2026-06-27T07:21:21.000Z","size":955,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-06-27T08:10:29.554Z","etag":null,"topics":["assembly","binary-analysis","computer-architecture","cryptography","elf","execution-model","low-level","machine-code","syscalls","systems-programming","wuci-ji","x86-64"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/chasebryan.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-06-20T05:19:16.000Z","updated_at":"2026-06-27T08:04:14.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/chasebryan/-wuci-ji","commit_stats":null,"previous_names":["chasebryan/-wuci-ji"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/chasebryan/-wuci-ji","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chasebryan%2F-wuci-ji","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chasebryan%2F-wuci-ji/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chasebryan%2F-wuci-ji/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chasebryan%2F-wuci-ji/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/chasebryan","download_url":"https://codeload.github.com/chasebryan/-wuci-ji/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chasebryan%2F-wuci-ji/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34988714,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-30T02:00:05.919Z","response_time":92,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["assembly","binary-analysis","computer-architecture","cryptography","elf","execution-model","low-level","machine-code","syscalls","systems-programming","wuci-ji","x86-64"],"created_at":"2026-07-01T01:00:35.666Z","updated_at":"2026-07-01T01:00:43.819Z","avatar_url":"https://github.com/chasebryan.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cimg width=\"2172\" height=\"724\" alt=\"wsj-banner-github\" src=\"https://github.com/user-attachments/assets/3e20bf66-1376-46b0-9f25-0ec619bf7224\" /\u003e\n\n# Wuci-Ji / 无此机\n\n\u003cp align=\"center\"\u003e\n  \u003cstrong\u003eSealed artifacts. Receipt-bound release. Public evidence.\u003c/strong\u003e\u003cbr\u003e\n  A defensive x86_64 assembly research machine for turning security claims into\n  deterministic proof lanes.\n\u003c/p\u003e\n\n\u003e [!IMPORTANT]\n\u003e Wuci-Ji is a research/proof artifact. It is not production cryptography, not a\n\u003e general runtime sandbox, not post-quantum secure, not production authority,\n\u003e and not independently audited.\n\n## What This Is\n\nWuci-Ji explores a narrow question: can a small artifact machine make its own\nsecurity claims executable, reviewable, and hard to overstate?\n\nThe repository composes sealed WJSEAL artifacts, authorization receipts, Gate\nopen/release checks, public witness bundles, ledger history, signed local\ninstallation evidence, and Daylight protocol-state evidence into one inspectable\nresearch system.\n\n| It aims to prove | It refuses to claim |\n| --- | --- |\n| Artifact bytes were sealed, warranted, checked, and surfaced through explicit proof lanes. | Production cryptography, production authority, or independent audit status. |\n| Public evidence bundles exclude private material and can be committed into deterministic history. | General OS containment or runtime sandboxing from CAGE/Witness/Gate alone. |\n| Quantum-risk labels and migration debt are explicit. | Quantum safety from classical signatures or placeholder post-quantum stubs. |\n| Install proof reads signed local manifests and a copied local root key. | Remote install authority, remote-code shell pipelines, or fixture authority as production trust. |\n\n## Read First\n\n| Need | Entry point |\n| --- | --- |\n| Current handoff checkpoint | [BUILD_NOTES.md](BUILD_NOTES.md) |\n| Exact claim boundary | [docs/SECURITY_BOUNDARY.md](docs/SECURITY_BOUNDARY.md) |\n| Fresh-machine continuation | [docs/MACHINE_PASSOFF.md](docs/MACHINE_PASSOFF.md) |\n| Proof and test targets | [docs/BUILD_TARGETS.md](docs/BUILD_TARGETS.md) |\n| Threat model | [docs/THREAT_MODEL.md](docs/THREAT_MODEL.md) |\n| Production blockers | [docs/PRODUCTION_READINESS.md](docs/PRODUCTION_READINESS.md) |\n| Daylight workspace | [daylight-equation/](daylight-equation/) |\n| Daylight v14C+ execution package | [daylight/v14c-plus/](daylight/v14c-plus/) |\n\n## Daylight C+ / v14C+\n\nDaylight v14C+ is a deterministic execution package, not a manually asserted\nscore. The package under [daylight/v14c-plus/](daylight/v14c-plus/) regenerates\nthe candidate score from a frozen ledger, frozen corpus snapshot, exact rational\narithmetic, q-evaluator rules, and a reproducibility receipt:\n\n```text\nNoProof(x) -\u003e NoClaim(x) -\u003e NoRelease(x)\nNoEvidence(x) -\u003e NoScore(x) -\u003e NoRelease(x)\nNoTrace(x) -\u003e NoTrust(x)\nManualScore(x) -\u003e Reject(x)\n```\n\nRun the focused C+ lane:\n\n```sh\nmake daylight-cplus-test\nPYTHONPATH=daylight/v14c-plus python3 -m src.cli score --ledger daylight/v14c-plus/examples/ledger.seed.jsonl --corpus daylight/v14c-plus/examples/corpus.seed.jsonl --out daylight/v14c-plus/examples/expected-scorecard.v14c-plus.json\nPYTHONPATH=daylight/v14c-plus python3 -m src.cli verify-scorecard daylight/v14c-plus/examples/expected-scorecard.v14c-plus.json\n```\n\nThe expected generated candidate score is `998,200M / 1,000,000M`. It remains a\ncandidate score until non-fixture release gates pass.\n\n## Daylight v15 Meridian\n\nDaylight v15 Meridian under [daylight/v15-meridian/](daylight/v15-meridian/) is the\nsuccessor to v14C+. It fixes the one design weakness in v14C+: q-values were\nasserted `target` constants gated only by evidence *presence*, so a reviewer could\nnarrate any target up to a perfect score. Meridian makes every q-value\nevidence-derived (`q_i = closed-obligation weight / 1000`) and has the verifier\n*re-derive* the q-vector from a pinned obligation registry plus the sealed\nclosed-obligation set, so editing a number is rejected rather than trusted. See\n[docs/WUCI_DAYLIGHT_V15_MERIDIAN.md](docs/WUCI_DAYLIGHT_V15_MERIDIAN.md) for the\ndesign and [docs/DAYLIGHT_V15_MERIDIAN_SOFTWARE_ARTIFACT.md](docs/DAYLIGHT_V15_MERIDIAN_SOFTWARE_ARTIFACT.md)\nfor the installable CLI, library API, schemas, and release-gate use.\n\nMeridian exposes `score`, `verify-scorecard`, `frontier`, `attestation-template`,\n`explain`, `gate`, `doctor`, `artifact`, and the `seal`/`open`/`envelope-inspect`\nencryption commands through its source-tree CLI; `make daylight-meridian-package`\nchecks the package metadata and entrypoint offline.\n\nMeridian also encrypts. The Meridian Authorized Envelope binds a vector-checked\nRFC 8439 ChaCha20-Poly1305 AEAD to the obligation logic: `NoEvidence -\u003e NoSeal`\nand `Open = bottom` unless the caller's evidence re-derives a verifying scorecard\nthat satisfies the sealed policy. Seal with `--min-score 1000000` and the secret\nopens only under a perfect Meridian state. See\n[docs/WUCI_DAYLIGHT_V15_MERIDIAN_ENVELOPE.md](docs/WUCI_DAYLIGHT_V15_MERIDIAN_ENVELOPE.md).\n\nThe **Meridian Vault** turns that envelope into a usable, offline encrypt/decrypt\nstore for any host: `vault init`, `seal`, `open`, `list`, `status`, and `autoseal`\n(also reachable as `wj vault ...` on Wuci-OS). A vault binds a frozen evidence base\nplus a policy; sealing needs verifying evidence and opening is fail-closed, so data\nrefuses to open on a host whose Daylight v15 evidence no longer verifies. It is\nnon-destructive by default (originals kept). See\n[docs/WUCI_DAYLIGHT_V15_MERIDIAN_VAULT.md](docs/WUCI_DAYLIGHT_V15_MERIDIAN_VAULT.md).\n\n```sh\nmake daylight-meridian-test\nmake daylight-meridian-frontier\nmake daylight-meridian-artifact\nmake daylight-meridian-perfect-demo\nmake daylight-meridian-envelope-test\nmake daylight-meridian-vault-demo\nmake daylight-meridian-ci\n```\n\nMeridian's honest internal ceiling is `998,900M / 1,000,000M` (`+700M` over v14C+,\nevery point earned by added internal evidence). The residual `1,100M` is held by\nexternal obligations the harness cannot self-issue (external red-team, post-quantum\nand crypto audit, independent replication, external falsification, and independent\naudits). A perfect `1,000,000M` is reachable only by closing those with genuine\nnon-harness external attestations; claiming it from inside the repository is exactly\nthe overclaim `ManualScore(x) -\u003e Reject(x)` forbids.\n\n## System Shape\n\n```text\nsealed artifact\n      |\nauthorization receipt\n      |\nGate contract check\n      |\ncontrolled plaintext release\n      |\npublic witness bundle\n      |\nledger history + Daylight review boundary\n```\n\n| Surface | Role | Boundary |\n| --- | --- | --- |\n| Envelope | WJSEAL artifact sealing/opening through the current assembly path. | Secrecy and final-output safety are assembly-owned. |\n| Warrant | Deterministic fixture quorum receipt for review workflows. | Fixture authority only. |\n| Gate / Root / Anchor | Flat and rooted contract checks for open/release, plus fail-closed publish/trust decision evidence. | Positive publish/trust authority remains unimplemented; denial evidence is not production authority. |\n| Witness | Public, keyless release evidence bundle. | Excludes private keys, plaintext binaries, and private transcripts. |\n| Ledger | Hash-only transparency history for witness bundles. | Local deterministic history, not an operated public log service. |\n| HARDEN | Verifier identity, safe I/O, fixture quarantine, action policy, and public-file hardening. | Defensive perimeter checks only. |\n| CAGE | Artifact legitimacy airlock around public evidence. | Not OS runtime containment. |\n| QCAGE | Quantum-aware evidence labels, digest vectors, and migration-debt checks. | Not a post-quantum safety claim. |\n| INSTALL | Noninteractive signed local install proof lane. | Requires a local copied root key and signed manifests. |\n| WJ-next / Golden Lock | Composition models for transcript and review boundaries. | Model gates, not production cryptography. |\n| Daylight | Typed protocol-state, score boundary, evidence, and Rust review lanes. | Research evidence, not external certification. |\n\n## Quick Orientation\n\nFrom macOS or another non-Linux host, these targets give a fast local read of\nthe current project shape:\n\n```sh\nmake build-linux\nmake machine-passoff-test\nmake wuci-daylight-bridge-test\nmake wjnext-model-test\n```\n\nNative `make test` requires Linux x86_64 with GNU `as`/`ld`. The full native\nlane also expects the current assembly X25519 BMI2/AVX instruction surface. See\n[docs/BUILD_TARGETS.md](docs/BUILD_TARGETS.md) for Linux, qemu, Daylight, Gate,\nCAGE, QCAGE, HARDEN, INSTALL, and high-attestation lanes.\n\n## Command Deck\n\nRun shared build/proof lanes serially unless the Make target already composes\nthe dependencies.\n\nBuild the Linux artifact:\n\n```sh\nmake build-linux\n```\n\nRun the core Daylight/WUCI bridge:\n\n```sh\nmake wuci-daylight-bridge-test\n```\n\nRun Daylight protocol-state and cap-removal checks:\n\n```sh\nmake daylight-v06-protocol-state-test\nmake daylight-v06-cap-removal-test\n```\n\nRun Gate proof lanes:\n\n```sh\nmake gate-boundary\nmake gate-workflow\nmake gate-policy-matrix\nmake gate-receipt-contract\nmake gate-contract-asm\nmake gate-contract-zig\n```\n\nInspect sealed WJSEAL artifacts without keys or plaintext release:\n\n```sh\ntools/wuci-prism inspect sealed.wj\ntools/wuci-prism inspect sealed.wj --json\ntools/wuci-prism manifest sealed.wj\ntools/wuci-prism explain sealed.wj\ntools/wuci-prism boundary sealed.wj\ntools/wuci-prism inspect sealed.wj --ticker always\n```\n\nWuci-Prism emits `wuci-prism-report-v1` public evidence for visible WJSEAL\nstructure, artifact hashes, and Gate-required status. It does not decrypt,\nunlock, recover, accept secret keys, verify AEAD tags, or release plaintext.\nThe progress ticker is a stderr-only rainbow triangle display; it is automatic\non interactive terminals, can be forced with `--ticker always` or\n`WUCI_TICKER=always`, and can be disabled with `--ticker never`. It stays out\nof JSON and manifest stdout. The same ticker switch is available on key Python\nwait lanes for Gate, CAGE, QCAGE, parser corpus replay, and INSTALL hashing or\nproof subprocess stages.\n\nRun defensive perimeter proof lanes:\n\n```sh\nmake harden0-proof\nmake harden-proof\nmake cage-proof\nmake qcage-proof\n```\n\nInstall from a checked-out release with one atomic command:\n\n```sh\ntools/wuci-install\n```\n\nThis copies the repository install root key into the local trust path, verifies\nthe signed install manifest and binary digest vector, runs the install proof\nlanes, installs to `$HOME/.local`, writes an audit receipt, and records a\nKitty/Ghostty terminal setup plan. It detects `kitty` or `ghostty` when already\npresent. If neither terminal is present, it writes\n`$HOME/.local/share/wuci-ji/terminal-setup.json` with platform-specific\npackage-manager argv suggestions, but it does not run package managers, `sudo`,\nor remote installers from inside WUCI-INSTALL.\n\nThe lower-level install target is still available:\n\n```sh\nmake install-local\n```\n\nBuild local self-release evidence:\n\n```sh\nmake self-release-bundle\nmake self-release-witness-bundle\nmake self-release-ledger-bundle\n```\n\nNOXFRAME exposes the same self-release lane inside its bounded console:\n\n```text\nself-release plan\nself-release status\nself-release run all\nself-release shell\n```\n\nThe convenience target writes the self-release, witness, and ledger artifacts\nunder `build/noxframe/`:\n\n```sh\nmake noxframe-self-release\n```\n\nRun the composed high-attestation lane:\n\n```sh\nmake high-attestation-proof\n```\n\nHigh-attestation output is local evidence strengthening only. It is not a claim\nof general runtime sandboxing, production authority, quantum safety, government\nvalidation, or absence of vulnerabilities.\n\nRun NOXFRAME:\n\n```sh\nmake noxframe-launch\n```\n\n`WUCI-NOXFRAME` boots through a quiet Wuci-Ji Systems Substrate splash with the\nprompt: \"Welcome to the Wuci-Ji system substrate, hacker. Would you like to\nenter your system?\" The default boot renderer profiles the terminal first:\nthe rich mechanics-terminal boot requires Kitty, WezTerm, Ghostty, iTerm2, or a\nsimilar terminal. If the launch starts from a generic local terminal and `kitty`\nis installed, NOXFRAME opens a Kitty window and continues there. Generic, tmux,\nSSH, dumb, and unknown terminals otherwise use a reduced-motion screen that\navoids rapid full-screen clearing and prints an install hint instead of forcing\nthe rich renderer. Pass `--no-terminal-handoff` to stay in the current terminal,\n`--boot-renderer gui` to open the explicit stdlib graphical canvas with a\nblack/crimson Wuci-Ji Systems console, box-grid lattice, modular motion\nmatrices, data rails, strategic pink/purple signal accents, and the\n`无此机系统` identity line, `--boot-renderer terminal` to force the current\nterminal, `--no-boot-voice` for visual-only boot, or\n`--no-boot-animation` for the plain prompt. It then clears into a bounded\noperator console in interactive terminals. Use `tools/wuci-noxframe\n--no-console` to run the launch matrix directly.\n\nThe console carries Phase1-style discovery commands: `help --compact`,\n`man \u003ccommand\u003e`, `complete \u003cprefix\u003e`, `capabilities`, and bash-style `TAB`\ncompletion in interactive TTYs. One entered line can contain multiple NOXFRAME\ncommands separated by semicolons, or it can start with `multi`; semicolons\ninside quotes stay inside the command. It implements local\nsubstrate, Phase/Optics, virtual filesystem, text, process, system, history,\nsession, learning, nesting, plugin/WASI catalog, Base1/B1/B2 metadata, and\nquality-check commands while keeping host/network passthrough routes\nnon-executing by default. Formerly reserved host, network, dev, and hardware\nnames now resolve to bounded local handlers or metadata-only dry-runs.\n\nThe NOXFRAME environment is session-local. `env`, `set`, `export`, `unset`,\n`alias`, `unalias`, `which`, and `profile` operate inside the console only, and\nthe VFS exposes `/env/profile`, `/env/variables`, `/env/aliases`, and\n`/env/security` for read-only inspection. Phase1-style metadata surfaces are\navailable through `phase`, `whereami`, `nest`, `learn`, `plugins`, `wasm`,\n`kaiju`, `base1`, `doctor`, `selftest`, and `quality`, with virtual paths under\n`/phase`, `/learn`, `/nests`, `/kaiju`, and `/dev`.\n\n`xframe-split 2`, `xframe-split 3`, and `xframe-split 4` open a session-local\nxframe deck inside one `make noxframe-launch` console. Two frames render\nleft/right, three render top-left/top-right/bottom, and four render a quadrant\nlayout. `xframe-next` cycles frames and is bound to Shift+Tab and F6 in\ninteractive readline terminals. Desktop-level Alt+Shift+Tab is not used because\nwindow managers usually intercept it before the terminal can deliver it to\nNOXFRAME. `xframe-drop 1` removes the last slot (right, bottom, or bottom-right\ndepending on the current layout), and `xframe-drop all` returns to the original\nsingle NOXFRAME frame.\n\n`wuci-kaiju` maps Kali Linux metapackage/menu purposes into a checked-in\nmetadata catalog at `docs/noxframe/wuci_kaiju_manifest.json`. It selects one\nrepresentative tool per purpose, with small companion sets for offline evidence\ntypes such as disk and memory forensics. Inspect it with `tools/wuci-kaiju\nverify`, `tools/wuci-kaiju list`, or the NOXFRAME `kaiju` command. It can copy\nan operator-supplied Kali ISO into `build/noxframe/kaiju/iso/`, create a raw VM\ndisk, and boot it through an explicit non-graphical QEMU bridge:\n\n```sh\ntools/wuci-kaiju iso install /path/to/kali-linux.iso\ntools/wuci-kaiju disk create --size-mib 32768\ntools/wuci-noxframe --console --allow-kaiju-boot\n```\n\nInside NOXFRAME, use `kaiju boot` for installer mode and `kaiju boot\n--boot-disk --allow-network` for the installed Kali disk. Installed\ndisk mode reads the kernel/initrd pair from the raw disk and passes a serial\nconsole command line so the terminal path bypasses GRUB when possible. Use\n`kaiju boot --dry-run`, `kaiju boot --boot-disk --dry-run`, or `cat\n/kaiju/boot-plan` to inspect the exact QEMU argv. The default boot plan uses\n`-net none`; network is not enabled unless explicitly requested. `--share-repo`\nis optional and only works on QEMU builds with `virtio-9p-pci`, so the portable\ninner-NOXFRAME demo path uses `--allow-network` plus `git clone`. WUCI-KAIJU\ndoes not expose Kali tools as NOXFRAME commands, scan networks, open radios,\nstart vulnerable lab targets, or claim runtime containment.\n\n`learn` stores notes only in the current console session. Plugin/WASI commands\nare catalogs and policy views, not module execution. `version --compare`\nreports the Phase1 idea map and confirms that NOXFRAME imports no Phase1 code.\nNested substrate prompts show their substratisphere depth, rotate through\nlattice color themes, and support `exit` for one level or `exit all` for every\nnested NOXFRAME level.\n\n`Wuci-OS` is the `x86_64-musl` image lane for future NOXFRAME-native systems.\nIt starts from an operator-supplied musl live ISO, records digest evidence,\nverifies the expected live layout, and emits a serial-friendly QEMU boot plan.\nBase attribution stays in source evidence and license metadata; the operator\nsurface is Wuci-OS.\n\n```sh\ntools/wuci-os source install ./base-live-x86_64-musl-YYYYMMDD.iso --force\ntools/wuci-os source verify\ntools/wuci-os plan\ntools/wuci-os iso-plan\ntools/wuci-os demo-commands\ntools/wuci-os source-kit\ntools/wuci-os overlay --force\ntools/wuci-os keygen --force\ntools/wuci-os seal-overlay --force --ticker always\ntools/wuci-os final-iso --force --remaster-rootfs --install-suite-packages\ntools/wuci-os boot --qemu-bin /usr/libexec/qemu-kvm --allow-network --share-repo\n```\n\nBefore installing from the ISO, read\n[docs/WUCI_OS_OFFLINE_INSTALL.md](docs/WUCI_OS_OFFLINE_INSTALL.md). The same\ninstructions are embedded in the ISO at `/wuci-os/OFFLINE-INSTALL.txt` and in\nthe live system at `/usr/share/wuci-os/OFFLINE-INSTALL.txt`. The live installer\ncommand is uppercase `INSTALL`; it self-escalates through sudo when needed, and\n`wuci-install` is only a compatibility alias for that automated Wuci installer.\n\nThe boot payload carries both the Wuci-OS overlay and a deterministic source-kit\ntar that uses fixed archive metadata and extracts the current Wuci-Ji checkout\ninto `/opt/wuci-os/source/wuci-ji` inside the guest. `wuci-update` can update\nsystem packages and fast-forward or clone a live Wuci-Ji checkout from the repo\nwhen the embedded source is a deterministic snapshot. The overlay defaults to\nterminal-first XFCE4, kitty with Ghostty/xfce4-terminal/xterm fallbacks,\nratpoison, emacs, vim, Wi-Fi/network firmware tooling, PipeWire/ALSA/Pulse\naudio, Mesa/video helpers, Bluetooth/printing/scanning/portal helpers, an\nSDR/radio software lane for GNU Radio, Gqrx, RTL-SDR, HackRF, Airspy, SoapySDR,\nand USB SDR helpers, an original generated Wuci-OS boot chime, and the Wuci\nsplash in ISOLINUX/GRUB menus. It also includes Wuci-OS wallpaper setup, a plan-only\nCodex/Copilot/Grok Build setup guide, guided `wuci-guide` / `wuci-auto`\noperation, and a live/demo `wj` login whose prompt identity is `WJ\u003e_`.\nThe security profile is SELinux-first, targeted/enforcing,\nLUKS-required for installed high-assurance systems, and includes\nKicksecure-inspired hardening ideas. Daylight/WJSEAL evidence is required for\ngenerated components. `tools/wuci-os final-iso --force --remaster-rootfs`\nrewrites the boot menu, embeds the splash, applies the Wuci rootfs identity, and\nrecords final ISO evidence under `build/wuci-os/final/`. Add\n`--install-suite-packages` when host `xbps-install` or root chroot access is\navailable so the Wi-Fi/audio/video/developer suite is baked into\n`LiveOS/squashfs.img`.\nPackage operations use\n`sudo wj install \u003cpackages...\u003e` on top of the current package repository. See\n[docs/WUCI_OS.md](docs/WUCI_OS.md). Wuci-OS v0 is image evidence, overlay\nsealing, source payload, and boot-planning work; it does not claim runtime\nsandboxing, host containment, quantum safety, or independent OS authority.\n\nWrap the NOXFRAME substrate and its inner dimensions into a local WJSEAL v2\nartifact bound to Daylight public anchors:\n\n```sh\nmkdir -p build/noxframe\nbuild/wuci-ji keygen \u003e build/noxframe/daylight-wrap.key\ntools/wuci-noxframe daylight-wrap --daylight-wrap-keyfile build/noxframe/daylight-wrap.key\n```\n\n`daylight-wrap` refuses symlinked or hardlinked keyfiles, rejects drifted\nsubstrate state, reads the keyfile through a no-follow safe path, invokes the\nexisting assembly `seal-file-keyfile-v2` path with `shell=False` using a\ntemporary key copy, and writes `build/noxframe/daylight-wrap/manifest.json` plus\na sealed `noxframe-inner-dimensions.wj` artifact. The manifest records\nSHA-256/SHA-384/SHA-512 digest vectors for the sealed artifact, the wrapped\nNOXFRAME cells, virtual dimensions, substrate state/seal, and Daylight anchors.\nThis is local artifact sealing and public evidence binding; it is not a\nruntime-containment, production-authority, independent-audit, or\nwhole-system post-quantum safety claim.\n\nThe `codex` command is the explicit opt-in bridge: `codex status` and\n`codex handoff` are metadata-only. Start the console with:\n\n```sh\ntools/wuci-noxframe --console --allow-codex\n```\n\nThen use `codex start`, `codex exec \u003cprompt\u003e`, or `codex resume` with Codex\npinned to this checkout. That bridge uses Codex's own host/API configuration\nand is not a NOXFRAME no-network or runtime-containment claim.\n\nBy default, it uses its local 7-day clock. It boots in quick mode between\nweekly checks, then runs the full proof matrix when the clock is due. The full\nmatrix covers Wuci-Ji, Wuci-Prism, Daylight, Nightlight, Gate, HARDEN, CAGE,\nQCAGE, install verification, release-bundle verification, and high-attestation\nlanes. It writes a readable launch report and SHA-256/SHA-384/SHA-512 self-seal\nto [docs/noxframe/](docs/noxframe/), with substrate state and seal files under\n`build/noxframe/`. `wuci-black-ice` remains a compatibility alias for the\nworking-title boot lander.\n\n## Daylight\n\nDaylight lives in [daylight-equation/](daylight-equation/). It keeps Wuci-Ji's\nactive WJSEAL surface in place while adding typed protocol-state and\nclaim-boundary evidence around it.\n\n| Entry point | Purpose |\n| --- | --- |\n| [daylight-equation/README.md](daylight-equation/README.md) | Directory map and working rules. |\n| [daylight-equation/SCORECARD.md](daylight-equation/SCORECARD.md) | Repo-owned research scorecard and hard gates. |\n| [daylight-equation/analysis/daylight-v06-peer-review-scoring-model-10000.md](daylight-equation/analysis/daylight-v06-peer-review-scoring-model-10000.md) | 10,000-point review model. |\n| [daylight-equation/analysis/daylight-v06-written-code-protocol-state.md](daylight-equation/analysis/daylight-v06-written-code-protocol-state.md) | Written-code Daylight v0.6 protocol-state boundary. |\n| [daylight-equation/research/daylight-v06-cap-removal-plan.md](daylight-equation/research/daylight-v06-cap-removal-plan.md) | Fail-closed plan for clearing the current 8250/10000 hard caps. |\n| [daylight-equation/research/daylight-v06-m4-z3-proof.md](daylight-equation/research/daylight-v06-m4-z3-proof.md) | Mechanized predicate proof. |\n| [daylight-equation/evidence/README.md](daylight-equation/evidence/README.md) | Machine-readable evidence bundles. |\n| [daylight-equation/fixtures/README.md](daylight-equation/fixtures/README.md) | Fixture boundaries. |\n| [daylight-equation/rust/daylight-model/README.md](daylight-equation/rust/daylight-model/README.md) | Std-only Rust model crate. |\n| [daylight-equation/rust/daylight-crypto/README.md](daylight-equation/rust/daylight-crypto/README.md) | Pinned Rust crypto and WUCI-DAYLIGHT bridge lane. |\n\nThe WUCI-DAYLIGHT bridge classifies WJSEAL v1/v2/v3 envelope bytes, records the\ncurrent 8250/10000 Daylight research boundary, keeps zero-claim fields at zero,\nand requires WUCI-GATE for plaintext release.\n\nAfter generating the disposable Gate demo artifact:\n\n```sh\nmake gate-demo\nmake wuci-daylight-bridge-test\ncd daylight-equation/rust/daylight-crypto\ncargo run --offline -- wuci-daylight-envelope-boundary --file ../../../build/wuci-gate-demo/sealed.wj\n```\n\nThe bridge does not decrypt, accept keys, verify AEAD tags, replace Gate, add\nproduction authority, prove runtime containment, or prove whole-system\npost-quantum safety.\n\n## Safety Boundaries\n\nThis repository is defensive and proof-oriented. Do not use it to add exploit\ngeneration, vulnerability reproduction, offensive scanning, jailbreak\nharnesses, malware logic, or network attack logic.\n\nCurrent hard boundaries:\n\n- Fixture FROST material is test evidence only, not production authority.\n- CAGE verifies artifact legitimacy; it does not enforce OS containment.\n- QCAGE labels quantum risk; it does not make classical signatures quantum-safe.\n- INSTALL requires a local copied root key and signed manifests; it is not a\n  remote install pipeline.\n- Daylight scoring and protocol-state evidence are research review artifacts,\n  not external certification.\n\nThe exact boundary text is maintained in\n[docs/SECURITY_BOUNDARY.md](docs/SECURITY_BOUNDARY.md).\n\n## Repository Map\n\n```text\nsrc/                    Assembly source for the Wuci-Ji artifact machine.\ninclude/                Assembly include files.\ntools/                  Python, Zig, and Rust proof tools.\ntests/                  Deterministic regression and proof tests.\nauthority/              Fixture authority roots used by proof lanes.\ninstall/                Local signed-install root material and installer files.\ndocs/                   Threat model, build targets, policies, and models.\ndaylight-equation/      Daylight math, analysis, evidence, fixtures, and Rust code.\nDLv0.5/                 Preserved earlier Daylight reference material.\n```\n\nContinuation and contributor documents:\n\n- [docs/MACHINE_PASSOFF.md](docs/MACHINE_PASSOFF.md)\n- [docs/CONTRIBUTOR_BOOTSTRAP.md](docs/CONTRIBUTOR_BOOTSTRAP.md)\n- [docs/CI_SCOPE.md](docs/CI_SCOPE.md)\n- [docs/RELEASE_PROCESS.md](docs/RELEASE_PROCESS.md)\n- [docs/FUZZING.md](docs/FUZZING.md)\n\n## License\n\nApache-2.0. See [LICENSE](LICENSE) and [NOTICE](NOTICE).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fchasebryan%2F-wuci-ji","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fchasebryan%2F-wuci-ji","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fchasebryan%2F-wuci-ji/lists"}