D-Bus Phase 3/4: upgrade sessiond, services, add StatusNotifierWatcher, consolidate configs

- redbear-sessiond: add Manager.Inhibit (pipe FD), CanPowerOff/CanReboot/ CanSuspend/CanHibernate/CanHybridSleep/CanSleep (return na), PowerOff/ Reboot/Suspend stubs, GetSessionByPID, ListUsers, ListSeats, ListInhibitors, ActivateSession/LockSession/UnlockSession/TerminateSession - redbear-sessiond: add Session SetIdleHint, SetLockedHint, SetType, Terminate methods; wire PauseDevice/ResumeDevice/Lock/Unlock signal emission via SignalEmitter injection; add dynamic device enumeration scanning /scheme/drm/card* and /dev/input/event* at startup - redbear-sessiond: replace infinite pending() with stoppable shutdown via tokio watch channel + control socket shutdown command - redbear-upower: add Changed signal emission with 30s periodic polling and power state snapshot comparison - redbear-notifications: add ActionInvoked signal, expand capabilities to body + body-markup + actions - redbear-polkit, redbear-udisks: replace pending() with stoppable shutdown via signal handling + watch channel - Add redbear-statusnotifierwatcher: new session bus service implementing org.freedesktop.StatusNotifierWatcher for KDE system tray - Add D-Bus activation file for StatusNotifierWatcher - KWin session.cpp: try LogindSession before NoopSession fallback - Consolidate config profiles: remove obsolete redbear-desktop, redbear-kde, redbear-live-*, redbear-minimal-*, redbear-wayland configs; simplify to three supported targets (redbear-full, redbear-mini, redbear-grub) - Update DBUS-INTEGRATION-PLAN.md and DESKTOP-STACK-CURRENT-STATUS.md with Phase 3/4 fragility assessment, KWin readiness matrix, and completeness gap analysis
2026-04-25 12:01:25 +01:00
parent 0bd58c912f
commit dc69317ddf
55 changed files with 1535 additions and 1932 deletions
@@ -56,7 +56,7 @@ This work must be treated as bare-metal boot-critical substrate, not as optional
  Emits RB_THC_QUICKI2C, RB_UCSI_* markers. Consumes `/scheme/ucsi/summary`.
 - **`amlserde`** — AML serialization/deserialization, including `AmlSerdeValue::Buffer`
  (needed for `_CRS`), `RegionSpace::GenericSerialBus` for I2C/SMBus opregions.
- **Init services** — `redbear-live-mini.toml` wires `i2cd`, `i2c-hidd`, `i2c-dw-acpi`,
+- **Init services** — `redbear-mini.toml` wires `i2cd`, `i2c-hidd`, `i2c-dw-acpi`,
  `i2c-gpio-expanderd`, `intel-gpiod`, `ucsid` with non-blocking startup ordering.

 ### What is missing (active gaps)
@@ -78,7 +78,7 @@ Checks: [unit] section, [service] section, cmd field, non-empty data
 Note: Manual validation script covering `redbear-*.toml` configs. Not wired into the build system — run manually after config changes. Does not cover inherited mainline configs (minimal.toml, desktop.toml).

 ### 3C: Getty Supervisor ✅
-Init supports `respawn = true` in service TOML files. When a respawnable service's process exits, init automatically re-spawns it. All getty services across `redbear-minimal`, `redbear-desktop`, `redbear-greeter-services`, `redbear-live-mini`, `wayland`, and `redbear-kde` configs now have `respawn = true` set.
+Init supports `respawn = true` in service TOML files. When a respawnable service's process exits, init automatically re-spawns it. All getty services across `redbear-mini`, `redbear-full`, `redbear-greeter-services`, `redbear-grub`, and `wayland` configs now have `respawn = true` set.

 Implementation:
 - `service.rs`: Added `respawn: bool` field to `Service` (default false). `spawn()` returns `Option<u32>` (child PID) for respawnable oneshot_async services.
@@ -121,8 +121,8 @@ Status: Chain exists in rootfs only. On modern hardware without PS/2 ports, USB

 ### Hardware Validation Requirements
 Bare-metal testing requires physical hardware. Current validation is:
- **QEMU boot**: Verified for redbear-minimal and redbear-full (no panics, no parse errors, switchroot succeeds)
- **Live ISO build**: redbear-live-mini and redbear-live build successfully
+- **QEMU boot**: Verified for redbear-mini and redbear-full (no panics, no parse errors, switchroot succeeds)
+- **Live ISO build**: redbear-mini and redbear-grub build successfully
 - **Interactive login**: Framebuffer login renders correctly (serial not available in headless QEMU)

 ## Phase 5: Validation Matrix ✅
@@ -132,8 +132,7 @@ Bare-metal testing requires physical hardware. Current validation is:
 |--------|-------|-----------|-----------------|-------|
 | redbear-mini | ✅ harddrive.img (2 GB) | ✅ Login prompt | — | Framebuffer console login |
 | redbear-full | ✅ harddrive.img (4 GB) | ✅ Login prompt | — | Desktop packages included |
-| redbear-live-mini | ✅ ISO (384 MB) | — | ✅ Login prompt | ISO for bare-metal boot |
-| redbear-live-full | ✅ ISO (3.0 GB) | — | — | ISO for bare-metal boot |
+| redbear-grub | ✅ harddrive.img | — | — | Text-only with GRUB chainload |

 ### Compilation Verification
 - `cargo check --workspace` in base source: **0 errors**
@@ -161,20 +160,20 @@ Bare-metal testing requires physical hardware. Current validation is:
 ### Validation Commands
 ```bash
 # Build
-CI=1 make all CONFIG_NAME=redbear-minimal ARCH=x86_64
+CI=1 make all CONFIG_NAME=redbear-mini ARCH=x86_64
 CI=1 make all CONFIG_NAME=redbear-full ARCH=x86_64
-CI=1 make live CONFIG_NAME=redbear-live-mini ARCH=x86_64
-CI=1 make live CONFIG_NAME=redbear-live-full ARCH=x86_64
+CI=1 make live CONFIG_NAME=redbear-mini ARCH=x86_64
+CI=1 make live CONFIG_NAME=redbear-full ARCH=x86_64

 # QEMU test
-make qemu CONFIG_NAME=redbear-minimal
+make qemu CONFIG_NAME=redbear-mini

 # Service file validation
 ./local/scripts/validate-service-files.sh config/

 # Clean rebuild + verify
-CI=1 make cr.base CONFIG_NAME=redbear-minimal ARCH=x86_64
-CI=1 make all CONFIG_NAME=redbear-minimal ARCH=x86_64
+CI=1 make cr.base CONFIG_NAME=redbear-mini ARCH=x86_64
+CI=1 make all CONFIG_NAME=redbear-mini ARCH=x86_64
 ```

 ## Key Technical Findings
@@ -268,16 +267,15 @@ Services with `type = "oneshot_async"` are fire-and-forget by default. Init spaw

 ### Config Include Chain
 ```
-redbear-live-full.toml → redbear-live.toml
-redbear-live.toml → redbear-full.toml
 redbear-full.toml → desktop.toml, redbear-legacy-base.toml, redbear-legacy-desktop.toml,
-                     redbear-device-services.toml, redbear-netctl.toml, redbear-greeter-services.toml
+                      redbear-device-services.toml, redbear-netctl.toml, redbear-greeter-services.toml
 desktop.toml → desktop-minimal.toml, server.toml
 desktop-minimal.toml → minimal.toml
 server.toml → minimal.toml
 minimal.toml → base.toml

-redbear-live-mini.toml → minimal.toml, redbear-legacy-base.toml, redbear-netctl.toml
+redbear-grub.toml → redbear-full.toml, redbear-grub-policy.toml
+
 redbear-mini → redbear-minimal.toml → minimal.toml, redbear-legacy-base.toml,
                redbear-device-services.toml, redbear-netctl.toml
 ```
@@ -358,9 +356,8 @@ redbear-mini → redbear-minimal.toml → minimal.toml, redbear-legacy-base.toml
 | Target | Purpose | Output |
 |--------|---------|--------|
 | `redbear-mini` | Minimal non-desktop (QEMU + bare metal) | `build/x86_64/harddrive.img` |
-| `redbear-live-mini` | Minimal live ISO (bare metal only) | `build/x86_64/redbear-live-mini.iso` |
+| `redbear-grub` | Text-only with GRUB boot manager (bare metal) | `build/x86_64/harddrive.img` |
 | `redbear-full` | Desktop/graphics (QEMU + bare metal) | `build/x86_64/harddrive.img` |
-| `redbear-live-full` / `redbear-live` | Desktop/graphics live ISO (bare metal only) | `build/x86_64/redbear-live-full.iso` |

 ### Build commands

@@ -369,13 +366,13 @@ redbear-mini → redbear-minimal.toml → minimal.toml, redbear-legacy-base.toml
 CI=1 make all CONFIG_NAME=redbear-mini ARCH=x86_64

 # Minimal live ISO (bare-metal boot)
-CI=1 make live CONFIG_NAME=redbear-live-mini ARCH=x86_64
+CI=1 make live CONFIG_NAME=redbear-mini ARCH=x86_64

 # Desktop/graphics target (QEMU testing)
 CI=1 make all CONFIG_NAME=redbear-full ARCH=x86_64

 # Desktop/graphics live ISO (bare-metal boot)
-CI=1 make live CONFIG_NAME=redbear-live-full ARCH=x86_64
+CI=1 make live CONFIG_NAME=redbear-full ARCH=x86_64
 ```

 ### QEMU boot (harddrive.img)
@@ -399,12 +396,12 @@ graphical console, not serial.

 1. **Build the ISO:**
   ```bash
-   CI=1 make live CONFIG_NAME=redbear-live-mini ARCH=x86_64
+   CI=1 make live CONFIG_NAME=redbear-mini ARCH=x86_64
   ```

 2. **Write ISO to USB drive:**
   ```bash
-   sudo dd if=build/x86_64/redbear-live-mini.iso of=/dev/sdX bs=4M status=progress && sync
+   sudo dd if=build/x86_64/redbear-live.iso of=/dev/sdX bs=4M status=progress && sync
   ```
   Replace `/dev/sdX` with your USB device. Use `lsblk` to identify it.

@@ -39,8 +39,8 @@ hardware GPU validation → KWin session bring-up → KDE Plasma session bring-u
 Out of scope: USB, Wi-Fi, Bluetooth (covered by their own subsystem plans).

 Tracked-default truth: this document is the canonical desktop-path plan, and the tracked desktop-
-capable surface is `redbear-full` / `redbear-live-full`. Older names such as `redbear-wayland` and
-`redbear-kde` should be read as historical or staging labels, not supported compile targets.
+capable surface is `redbear-full`. Older names such as `redbear-wayland` and `redbear-kde`
+should be read as historical or staging labels, not supported compile targets.

 ---

@@ -102,7 +102,7 @@ Rules:
 | kf6-kcmutils | builds | Widget-only build (QML stripped) | |
 | `redbear-wayland` profile | historical / staging | Bounded Wayland validation profile | Not a supported compile target |
 | `redbear-full` profile | builds, boots | Broader desktop plumbing profile | Session/network/runtime integration slice |
-| `redbear-kde` profile | historical / staging | Older KDE session-surface profile | Not a supported compile target; use `redbear-full` / `redbear-live-full` for the tracked desktop-capable surface |
+| `redbear-kde` profile | historical / staging | Older KDE session-surface profile | Not a supported compile target; use `redbear-full` for the tracked desktop-capable surface |
 | bounded compositor validation path | experimental | Reaches xkbcommon init + EGL platform selection in QEMU | No complete session |
 | qt6-wayland-smoke | builds, partial | Creates QWindow with colored background, runs 3 seconds | |
 | QEMU graphics | usable (bounded) | Renderer is llvmpipe | Not hardware acceleration |
@@ -132,7 +132,7 @@ The repo has crossed major build-side gates:
 3. **Wayland/graphics packages** — libwayland, wayland-protocols, Mesa EGL+GBM+GLES2, libdrm, libdrm_amdgpu
 4. **Qt6 + D-Bus** — qtbase (7 libs + 12 plugins), qtdeclarative (11 libs), qtsvg, qtwayland, D-Bus 1.16.2
 5. **KF6 + KDE-facing** — All 32 KF6 frameworks, kdecoration, plasma-wayland-protocols, kf6-kwayland, kf6-kcmutils
-6. **Tracked profiles** — redbear-mini, redbear-live-mini, redbear-full, redbear-live-full
+6. **Tracked profiles** — redbear-mini, redbear-full, redbear-grub
 7. **Phase 1 test coverage** — 300+ unit tests across evdevd (65), udev-shim (15), firmware-loader (24), redox-drm (68), redbear-hwutils (19), and bluetooth/wifi daemons

 ### What is runtime-proven (limited scope)
@@ -622,7 +622,7 @@ continuity, not as future work.
 | All 32 KF6 frameworks | ✅ Builds complete | Prior to this plan |
 | Input stack (libevdev, libinput, evdevd, udev-shim) | ✅ Builds complete | Prior to this plan |
 | Mesa EGL/GBM/GLES2 + libdrm amdgpu | ✅ Builds complete | Prior to this plan |
-| Desktop profiles (`redbear-mini`, `redbear-live-mini`, `redbear-full`, `redbear-live-full`) | ✅ Builds complete | Prior to this plan |
+| Desktop profiles (`redbear-mini`, `redbear-full`, `redbear-grub`) | ✅ Builds complete | Prior to this plan |
 | `local/docs/DBUS-INTEGRATION-PLAN.md` | D-Bus architecture, service dependency map, and phased implementation |
 | PRIME/DMA-BUF scheme ioctls | ✅ Implemented | Prior to this plan |
 | KWin recipe with 5 re-enabled features | ✅ Partial build | Prior to this plan |
@@ -1084,3 +1084,102 @@ convenience layer. The remaining gap is the difference between **shipping minima
 implementations** and **shipping full desktop-complete service contracts** for login1,
 Notifications, UPower, UDisks2, and PolicyKit. NetworkManager remains deferred and is not part of
 the current Red Bear OS implementation scope.
+
+---
+
+## Phase 3/4 D-Bus Improvement Plan (2026-04-25 Assessment)
+
+**Assessment scope:** All Red Bear D-Bus service implementations (`redbear-sessiond`, `redbear-notifications`, `redbear-upower`, `redbear-udisks`, `redbear-polkit`), plus the dbus-daemon itself, conducted via 4 parallel evaluation agents (Oracle + 2 explore + librarian).
+
+**Key finding:** Phase 2 (`kwin_wayland --virtual`) should work without D-Bus changes. KWin falls back to NoopSession when logind is unavailable, and the Noop backend bypasses login1 entirely.
+
+**Key finding:** Phase 3 has one hard gate: `TakeDevice` FD passing. This cannot be bypassed.
+
+### Assessment Summary
+
+Fragility ratings across services:
+
+| Service | Rating | Primary concern |
+|---------|--------|-----------------|
+| `redbear-sessiond` | 5/5 | login1 is the critical path for DRM compositor |
+| `redbear-polkit` | 5/5 security | Always-permit is not a production security model |
+| `dbus-daemon` | 2/5 | 24-line patch is stable but not validated under real session bus load |
+| `redbear-notifications` | 2-3/5 | Logs to stderr only; no ActionInvoked signal |
+| `redbear-upower` | 2-3/5 | Provisional ACPI surface; no Changed signal; polling not implemented |
+| `redbear-udisks` | 2-3/5 | Read-only; no mount/unmount operations |
+
+**Phase 2 assessment:** D-Bus is NOT on the critical path for `kwin_wayland --virtual`. The NoopSession backend in KWin bypasses logind entirely, which means Phase 2 compositor bring-up should succeed without D-Bus changes.
+
+**Phase 3 hard gate:** `TakeDevice` FD passing + `PauseDevice`/`ResumeDevice` signal emission. This is required for KWin to own real DRM and input devices through the freedesktop session protocol. No bypass exists.
+
+**Phase 4 broader surface:** `kglobalaccel` binary, `kded6` binary, `StatusNotifierWatcher`, `Inhibit` methods, session identity derivation.
+
+### Phase 3 Gate (DRM Compositor) — Required D-Bus Changes
+
+Four fixes are required before KWin can use real hardware devices through login1:
+
+| # | Fix | Current state | Required change |
+|---|-----|---------------|-----------------|
+| 1 | `Manager.Inhibit` + `CanPowerOff`/`CanSuspend`/`CanHibernate` stubs | Missing | Return `"na"` string from each method; required by KDE's session management layer |
+| 2 | `PauseDevice`/`ResumeDevice` signal emission | Declared but not emitted | Emit `uus` (major, minor, type) for PauseDevice and `uuh` (major, minor, fd) for ResumeDevice in `session.rs` when device state changes |
+| 3 | Dynamic device enumeration | Static `device_map.rs` with hardcoded major/minor | Query udev-shim at runtime for major/minor -> scheme path mapping; remove hardcoded lookup table |
+| 4 | Missing Session methods | `SetIdleHint`, `SetLockedHint`, `SetType`, `Terminate` not implemented | Implement these or return errors; KDE session managers call these to track session state |
+
+### Phase 4 Gate (KDE Plasma Session) — Required D-Bus Changes
+
+| # | Improvement | Current state | Required change |
+|---|-------------|---------------|-----------------|
+| 1 | `StatusNotifierWatcher` implementation | New service needed | Register `org.freedesktop.StatusNotifierWatcher` on session bus; track registered items, emit `ItemRegistered`/`ItemUnregistered` signals |
+| 2 | `kglobalaccel` binary build | KDE app recipe builds library, daemon binary is a separate recipe step | Add `kglobalaccel` binary to `local/recipes/kde/kf6-kglobalaccel/` or create separate recipe |
+| 3 | `kded6` binary build | KDE app recipe builds library, daemon binary is a separate recipe step | Add `kded6` binary to `local/recipes/kde/kf6-kded6/` or create separate recipe |
+| 4 | Session identity derivation | Hardcoded to `c1`, `root`, `uid=0` | Query real session environment variables (`XDG_SESSION_ID`, `XDG_SEAT`) and derive identity from the actual login session |
+| 5 | `UPower Changed` signal emission + polling | No signals, no polling | Emit `Changed` signal when power state changes; implement property polling for `OnBattery`, `Percentage`, `TimeToEmpty` |
+| 6 | `Notifications ActionInvoked` signal + capabilities | Not implemented | Emit `ActionInvoked(uint32, string)` when user clicks notification action; expand `GetCapabilities` to include `body`, `actions`, `icon-static` |
+| 7 | Stoppable daemons | Services use `pending()` with no shutdown channel | Replace `pending()` in all services with proper shutdown signal channels; enable service restart and clean shutdown |
+
+### KWin Method-by-Method Readiness Matrix
+
+| KWin D-Bus call | Current impl | Phase 2 needed | Phase 3 needed |
+|-----------------|--------------|---------------|----------------|
+| `GetSession("auto")` | via NoopSession | No (bypasses logind) | Yes |
+| `TakeControl(false)` | Via login1 | No | Yes |
+| `TakeDevice(226, 0)` (DRM) | Via DeviceMap | No | Yes (critical) |
+| `TakeDevice(13, 64+)` (input) | Via DeviceMap | No | Yes (critical) |
+| `PauseDevice` signal | Declared, not emitted | No | Yes (critical) |
+| `ResumeDevice` signal | Declared, not emitted | No | Yes (critical) |
+| `Seat.SwitchTo` | Via login1 | No | Yes |
+| `Manager.Inhibit` | Missing | No | Yes |
+| `CanPowerOff`/`CanSuspend`/`CanHibernate` | Missing | No | Yes |
+| `PrepareForShutdown` | Via ACPI | No | Yes |
+| `PrepareForSleep` | Declared, not emitted | No | Yes |
+
+### Completeness by Service
+
+| Service | Methods real | Total expected | Completeness |
+|---------|-------------|---------------|--------------|
+| `login1.Manager` | 3 | ~30+ | ~10% |
+| `login1.Session` | 7 | ~15+ | ~47% |
+| `login1.Seat` | 1 | 5 | ~20% |
+| `Notifications` | 4 | ~5 | ~80% |
+| `UPower` | 3 | ~5 | ~60% |
+| `UDisks2` | 4 | ~8+ | ~50% |
+| `PolicyKit1` | 3 | ~6+ | ~50% |
+
+### Missing KDE D-Bus Services
+
+| Service | Used by | Status | Impact |
+|---------|---------|--------|--------|
+| `org.kde.kglobalaccel` | All KDE apps (global shortcuts) | Binary missing | HIGH |
+| `org.kde.kded6` | KDE daemon (status notifier, etc.) | Binary missing | HIGH |
+| `org.freedesktop.StatusNotifierWatcher` | System tray | New service needed | MEDIUM |
+| `org.kde.ksmserver` | Session management | Not implemented | MEDIUM |
+| `org.freedesktop.ScreenSaver` | Screen locking | Not implemented | MEDIUM |
+
+### Implementation Priority Order
+
+1. `redbear-sessiond` Phase 3 methods (enables DRM compositor session)
+2. Dynamic device enumeration (enables non-static hardware discovery)
+3. Stoppable daemons (enables testing and restart)
+4. `StatusNotifierWatcher` (enables system tray)
+5. `UPower` polling + signals (enables battery applet)
+6. Session identity improvements (enables non-root sessions)
@@ -31,10 +31,11 @@ greeter/auth/session-launch stack on the `redbear-full` desktop path.

 ## Active Target Surface and Evidence Boundary

- The supported compile targets are `redbear-mini`, `redbear-live-mini`, `redbear-full`, and `redbear-live-full`.
- Desktop/graphics are available only on `redbear-full` and `redbear-live-full`.
- Older names such as `redbear-kde`, `redbear-wayland`, and `redbear-minimal*` still appear in
-  historical or staging material, but they are not the supported compile-target surface.
+- The supported compile targets are `redbear-mini`, `redbear-full`, and `redbear-grub`.
+- Desktop/graphics are available only on `redbear-full`.
+- Older names such as `redbear-kde`, `redbear-wayland`, `redbear-minimal*`, `redbear-live-mini`,
+  and `redbear-live-full` still appear in historical or staging material, but they are not the
+  supported compile-target surface.
 - The greeter/login path is currently an **experimental build/integration surface** on `redbear-full`;
  it is not yet a runtime-validated end-to-end desktop-login claim.

@@ -51,8 +52,8 @@ greeter/auth/session-launch stack on the `redbear-full` desktop path.
 | Mesa EGL+GBM+GLES2 | **builds** | Software path via LLVMpipe proven in QEMU; hardware path not proven |
 | libdrm amdgpu | **builds** | Package-level success only |
 | Input stack | **builds, enumerates** | evdevd (65 tests), libevdev, libinput, seatd present; evdevd registers scheme at boot; end-to-end compositor input path unproven |
-| D-Bus | **builds, usable (bounded)** | System bus wired in `redbear-full`; session bus incomplete (redbear-sessiond login1 broker only) |
-| redbear-sessiond | **builds, scaffold** | org.freedesktop.login1 D-Bus session broker — Rust daemon (zbus 5), wired on the `redbear-full` desktop path; now includes runtime control updates used by the greeter/auth session handoff |
+| D-Bus | **builds, bounded (in improvement)** | System bus wired in `redbear-full`; session bus incomplete; Phase 3/4 improvement plan active; completeness: login1.Manager ~10%, login1.Session ~47%, login1.Seat ~20%, Notifications ~80%, UPower ~60%, UDisks2 ~50%, PolicyKit1 ~50%; `StatusNotifierWatcher` is the new service being added in Phase 4 |
+| redbear-sessiond | **builds, scaffold (Phase 3/4 improvement active)** | org.freedesktop.login1 D-Bus session broker — Rust daemon (zbus 5), wired on the `redbear-full` desktop path; Phase 3 hard gate is TakeDevice FD passing plus PauseDevice/ResumeDevice signal emission; Priority 1 in Phase 3/4 improvement plan |
 | redbear-authd | **builds** | Privileged local-user auth daemon; `/etc/passwd`/`/etc/shadow`/`/etc/group` parsing, SHA-256/SHA-512 crypt verification, bounded lockout, target-side recipe build proven |
 | redbear-session-launch | **builds** | User-session bootstrap tool; runtime-dir/env setup, uid/gid handoff, dbus-run-session → `redbear-kde-session`, target-side recipe build proven |
 | redbear-greeterd | **builds, experimental** | Root-owned greeter orchestrator; UI/auth socket protocol, bounded restart policy, return-to-greeter daemon logic, crate tests pass; end-to-end runtime proof still pending |
@@ -73,9 +74,8 @@ greeter/auth/session-launch stack on the `redbear-full` desktop path.
 | validation compositor runtime | **experimental** | Reaches early init in QEMU; no complete session |
 | validation profile | **builds, boots** | Bounded Wayland runtime profile |
 | `redbear-full` profile | **builds, boots** | Active desktop/graphics compile surface; now owns the experimental greeter/auth/session-launch integration path |
-| `redbear-live-full` profile | **builds** | Live image following the active desktop/graphics target |
+| `redbear-grub` profile | **builds** | Text-only with GRUB chainload for bare-metal multi-boot |
 | `redbear-mini` profile | **builds** | Minimal non-desktop compile target |
-| `redbear-live-mini` profile | **builds** | Minimal live image target |
 | `redbear-hwutils` | **builds** | lspci/lsusb tools; 19 unit tests (PCI location parsing, USB device description, argument handling) |

 ## Profile View
@@ -87,11 +87,11 @@ greeter/auth/session-launch stack on the `redbear-full` desktop path.
 - **Use for:** Desktop integration testing, greeter/login bring-up, and bounded desktop/network plumbing validation
 - **Do not overclaim:** This profile proves bounded QEMU desktop/network plumbing only. It does not by itself close the Wi-Fi implementation plan's later real-hardware Phase W5 reporting/recovery gate.

-### `redbear-live-full`
+### `redbear-grub`

- **Role:** Live/demo/recovery image layered on the active desktop target
- **Current truth:** Follows `redbear-full`; desktop/graphics-capable live image, but the greeter/login surface remains experimental until end-to-end proof exists
- **Use for:** Demo, install, and bounded live-media validation on the current desktop surface
+- **Role:** Text-only target with GRUB boot manager for bare-metal multi-boot
+- **Current truth:** Follows `redbear-mini`; text-only with GRUB chainload ESP layout, no desktop/graphics
+- **Use for:** Bare-metal multi-boot, recovery with GRUB menu, and install workflows requiring GRUB

 ### `redbear-mini`

@@ -99,12 +99,6 @@ greeter/auth/session-launch stack on the `redbear-full` desktop path.
 - **Current truth:** No desktop/graphics path; recovery and non-desktop integration surface only. TUI recovery is bound to VT activation through `29_activate_console.service` followed by `30_console.service`/`31_debug_console.service`.
 - **Use for:** Minimal runtime bring-up, subsystem validation, and non-desktop packaging checks

-### `redbear-live-mini`
-
- **Role:** Minimal live image target
- **Current truth:** No desktop/graphics path; live/recovery-oriented minimal image surface
- **Use for:** Minimal live boot and recovery workflows
-
 ## Current Blockers

 ### 1. Runtime trust trails build success (Phase 1 gate)
@@ -197,7 +191,7 @@ QtNetwork is intentionally disabled because relibc networking is too narrow. Thi

 The Red Bear desktop stack has crossed major build-side gates and one important bounded runtime gate:
 - All Qt6 core modules, all 32 KF6 frameworks, Mesa EGL/GBM/GLES2, and D-Bus build
- Four supported compile targets exist, with desktop/graphics on `redbear-full` and `redbear-live-full`
+- Four supported compile targets exist, with desktop/graphics on `redbear-full`
 - the Red Bear-native greeter/login path now has a bounded passing QEMU proof (`GREETER_HELLO=ok`, `GREETER_INVALID=ok`, `GREETER_VALID=ok`)
 - relibc compatibility is materially stronger than before
 - Phase 1 test coverage is comprehensive: 300+ unit tests across all Phase 1 daemons (evdevd 65, udev-shim 15, firmware-loader 24, redox-drm 68, redbear-hwutils 19, bluetooth/wifi 209)
@@ -75,9 +75,9 @@ recovery model.

 This plan assumes the Red Bear desktop direction converges on **one KDE-on-Wayland path**.

-Current implementation answer: the first tracked owner is `redbear-full` (and therefore
-`redbear-live-full` for live media). Older names such as `redbear-kde` may still appear in
-historical or staging material, but they are not the supported compile-target surface for this plan.
+Current implementation answer: the first tracked owner is `redbear-full`. Older names such
+as `redbear-kde` may still appear in historical or staging material, but they are not the
+supported compile-target surface for this plan.

 ---

@@ -866,8 +866,7 @@ The greeter **recipe**, not the config fragment, should own staged runtime artif
 4. Is `dbus-run-session` reliable enough on Red Bear, or should the current `dbus-launch` path remain the first shipped session-bus strategy?
 5. At what point should the project consider SDDM-class integration again, if ever?

-Current answer to (1): **`redbear-full` first**, with `redbear-live-full` inheriting that path for
-live media.
+Current answer to (1): **`redbear-full` first**.

 Current answer to (2): **traditional `/etc/shadow` SHA-512-crypt / SHA-256-crypt first** (`$6$` / `$5$`),
 with narrower support preferred over premature multi-format sprawl.
@@ -3,8 +3,8 @@
 **Date:** 2026-04-17
 **Status:** Fully implemented (build-tested, not yet runtime boot-tested). ESP formatted as FAT32
 per UEFI spec. Both Phase 1 (post-build script) and Phase 2 (installer-native) are wired.
-**Remaining:** Runtime UEFI boot validation in QEMU (`make all CONFIG_NAME=redbear-full-grub && make qemu`).
-**Prerequisite:** The `grub` package is included in `redbear-full-grub.toml` for clean-tree builds.
+**Remaining:** Runtime UEFI boot validation in QEMU (`make all CONFIG_NAME=redbear-grub && make qemu`).
+**Prerequisite:** The `grub` package is included in `redbear-grub.toml` for clean-tree builds.
 **Approach:** Option A — GRUB as boot manager, chainloading Redox bootloader

 ## Overview
@@ -257,7 +257,7 @@ ESP layout automatically.
 ### Config Usage

 ```toml
-# config/redbear-full-grub.toml
+# config/redbear-grub.toml
 include = ["redbear-full.toml"]

 [general]
@@ -271,7 +271,7 @@ Or via CLI (note: INSTALLER_OPTS replaces defaults, so --cookbook=. must be incl
 make all CONFIG_NAME=redbear-full INSTALLER_OPTS="--cookbook=. --bootloader grub"
 ```

-**Note:** The config file approach (`redbear-full-grub.toml`) is preferred over the CLI flag
+**Note:** The config file approach (`redbear-grub.toml`) is preferred over the CLI flag
 because INSTALLER_OPTS completely replaces the default value (`--cookbook=.`) rather than
 appending to it. Omitting `--cookbook=.` breaks local package resolution for GRUB.

@@ -356,7 +356,7 @@ make qemu
 make r.grub

 # Build image with GRUB config (installer fetches GRUB automatically)
-make all CONFIG_NAME=redbear-full-grub
+make all CONFIG_NAME=redbear-grub

 # Or via CLI flag
 make all CONFIG_NAME=redbear-full INSTALLER_OPTS="--bootloader grub --cookbook=."
@@ -376,7 +376,7 @@ make qemu
 CI=1 ./target/release/repo cook grub

 # Verify host-side installer accepts --bootloader flag
-build/fstools/bin/redox_installer --bootloader=grub --config=config/redbear-full-grub.toml --list-packages
+build/fstools/bin/redox_installer --bootloader=grub --config=config/redbear-grub.toml --list-packages

 # Verify fat_tool.py operations
 python3 local/scripts/fat_tool.py --help
@@ -681,7 +681,7 @@ helper hardening comes before broad driver cleanup, and runtime-proof/observabil

 **Verification**

- build passes: `CI=1 make r.base CONFIG_NAME=redbear-live-mini ARCH=x86_64`
+- build passes: `CI=1 make r.base CONFIG_NAME=redbear-mini ARCH=x86_64`
 - downstream consumers compile without errors

 ### Wave 4 — Convert highest-risk consumers
@@ -740,7 +740,7 @@ sites converted on the PCIe ECAM/DTB/MCFG startup path). Only Mutex `.lock().unw

 **Verification**

- `CI=1 make cr.base CONFIG_NAME=redbear-live-mini ARCH=x86_64` — zero errors, build successful
+- `CI=1 make cr.base CONFIG_NAME=redbear-mini ARCH=x86_64` — zero errors, build successful
 - per-driver grep verified zero remaining panic-grade calls (only Mutex `.lock().unwrap()` kept)

 ### Wave 5 — Improve observability and proof
@@ -27,9 +27,8 @@ USB plan uses:
 | Profile | Intent | Key Fragments | Current support language |
 |---|---|---|---|
 | `redbear-mini` | Console + storage + wired-network baseline | `minimal.toml`, `redbear-legacy-base.toml`, `redbear-device-services.toml`, `redbear-netctl.toml` | builds / primary validation baseline / DHCP boot profile enabled / input-runtime substrate wired / USB: daemons built via base and targeted for bounded mini-profile validation |
-| `redbear-live-mini` | Live/recovery form of the mini baseline | `redbear-live-minimal.toml`, `redbear-minimal.toml` | builds / live media variant of the mini profile for real bare metal / desktop graphics intentionally absent |
+| `redbear-grub` | Text-only with GRUB boot manager | `redbear-mini.toml`, `redbear-grub-policy.toml` | builds / live media variant with GRUB chainload for real bare metal / desktop graphics intentionally absent |
 | `redbear-full` | Desktop/network/session plumbing target | `desktop.toml`, `redbear-legacy-base.toml`, `redbear-legacy-desktop.toml`, `redbear-device-services.toml`, `redbear-netctl.toml`, `redbear-greeter-services.toml` | builds / boots in QEMU / active desktop-capable compile target / support claims remain evidence-qualified |
-| `redbear-live-full` | Live/recovery form of the full desktop target | `redbear-live-full.toml`, `redbear-full.toml` | builds / live desktop-capable image for real bare metal / inherits the full target surface |

 ## Profile Notes

@@ -46,9 +45,10 @@ USB plan uses:
  are bounded validation slices layered on top of the tracked compile targets, not additional
  compile targets.

-### `redbear-live-mini`
+### `redbear-grub`

- Carries the same bounded non-graphics intent as `redbear-mini`, but in live/recovery image form.
+- Text-only console/recovery target with GRUB boot manager for multi-boot bare-metal workflows.
+- Inherits the same non-graphics intent as `redbear-mini`, but with GRUB chainload ESP layout.
 - Should not grow desktop/session assumptions.

 ### `redbear-full`
@@ -56,22 +56,17 @@ USB plan uses:
 - Desktop-capable tracked target for the current Red Bear session/network/runtime plumbing surface.
 - Carries the broader D-Bus, greeter, seat, and desktop-oriented service surface.

-### `redbear-live-full`
-
- Live/demo/recovery form of the full desktop-capable target.
- Inherits the same desktop-target assumptions as `redbear-full`, but for live media workflows.
-
 ### Historical notes

- Older names such as `redbear-minimal`, `redbear-desktop`, `redbear-wayland`, `redbear-kde`, and
-  `redbear-live` remain in older docs and some implementation details, but they are not the current
-  supported compile-target surface.
+- Older names such as `redbear-minimal`, `redbear-desktop`, `redbear-wayland`, `redbear-kde`,
+  `redbear-live`, `redbear-live-mini`, and `redbear-live-full` remain in older docs and some
+  implementation details, but they are not the current supported compile-target surface.

 ### `redbear-bluetooth-experimental`

 - Standalone tracked profile for the first in-tree Bluetooth slice instead of a blanket claim about
  all Red Bear images.
- Extends `redbear-minimal` so the baseline runtime tooling is already present, then adds only the
+- Extends `redbear-mini` so the baseline runtime tooling is already present, then adds only the
  bounded Bluetooth pieces on top.
 - Current path under active validation: QEMU/UEFI boot to login prompt plus guest-side `redbear-bluetooth-battery-check`, targeting repeated in-boot reruns, daemon-restart coverage, and one experimental battery-sensor Battery Level read-only workload.
 - Current support language is intentionally narrow: explicit-startup only, USB-attached transport,
@@ -82,7 +77,7 @@ USB plan uses:

 - Standalone tracked profile for the current bounded Intel Wi-Fi slice instead of implying that the
  wider desktop profiles already carry the full driver stack.
- Extends `redbear-minimal` so the baseline firmware/input/reporting/profile-manager surface stays
+- Extends `redbear-mini` so the baseline firmware/input/reporting/profile-manager surface stays
  inherited while the Intel Wi-Fi driver package and bounded validation role remain isolated here.
 - Includes the Intel driver package (`redbear-iwlwifi`) in addition to the shared firmware,
  control-plane, reporting, and profile-manager pieces.
@@ -109,6 +104,6 @@ USB plan uses:
 - USB error handling and correctness carry significant Red Bear patches over upstream; see
  `local/patches/base/redox.patch` and `local/docs/USB-IMPLEMENTATION-PLAN.md` for details.
 - The in-tree mini image is still assembled through legacy `redbear-minimal*` config files in some
-  places, but the supported compile-target names are `redbear-mini` and `redbear-live-mini`.
+  places, but the supported compile-target names are `redbear-mini` and `redbear-grub`.
 - `redbear-bluetooth-experimental` uses USB only as a transport for BLE dongles; it does not make a
  general USB-class-autospawn claim.
@@ -126,13 +126,12 @@ In-guest quick checks:

 ## Compile-target note

-Red Bear has exactly four compile targets:
+Red Bear has exactly three compile targets:

 - `redbear-mini`
- `redbear-live-mini`
 - `redbear-full`
- `redbear-live-full`
+- `redbear-grub`

-Older names such as `redbear-desktop`, `redbear-wayland`, `redbear-kde`, and `redbear-minimal` may
-still appear in historical notes or implementation details, but they are not the supported
-compile-target surface.
+Older names such as `redbear-desktop`, `redbear-wayland`, `redbear-kde`, `redbear-minimal`,
+`redbear-live-mini`, and `redbear-live-full` may still appear in historical notes or
+implementation details, but they are not the supported compile-target surface.
@@ -18,13 +18,11 @@ reproducible, reviewable, and upstream-friendly.

 Tracked Red Bear profiles are:

- `redbear-minimal`
- `redbear-bluetooth-experimental`
- `redbear-desktop`
+- `redbear-mini`
 - `redbear-full`
- `redbear-wayland`
- `redbear-kde`
- `redbear-live`
+- `redbear-grub`
+- `redbear-bluetooth-experimental`
+- `redbear-wifi-experimental`

 Every user-visible feature should name which profile(s) it belongs to.

@@ -62,7 +60,7 @@ why it is intentionally excluded.

 ## Profile Intent

-### `redbear-minimal`
+### `redbear-mini`

 Primary validation baseline: console, storage, package flow, and wired networking.

@@ -71,25 +69,18 @@ Primary validation baseline: console, storage, package flow, and wired networkin
 First bounded Bluetooth validation profile: explicit-startup, USB-attached, BLE-first, and
 experimental only.

-### `redbear-desktop`
-
-Supplementary integration support profile for shared Red Bear runtime services beneath the tracked KWin target.
-
 ### `redbear-full`

-Expanded integration slice that includes more runtime pieces and graphics-path bring-up beneath the tracked KWin target.
+Desktop-capable tracked target for the current Red Bear session/network/runtime plumbing surface,
+including graphics-path bring-up beneath the tracked KWin direction.

-### `redbear-wayland`
+### `redbear-grub`

-Dedicated Wayland runtime validation profile layered above the current Red Bear service baseline and subordinate to the tracked KWin direction.
+Text-only console/recovery target with GRUB boot manager for bare-metal multi-boot workflows.

-### `redbear-kde`
+### `redbear-wifi-experimental`

-Dedicated KDE/Plasma bring-up profile and tracked forward desktop target.
-
-### `redbear-live`
-
-Live and recovery variant layered on top of the tracked KWin desktop target.
+Bounded Intel Wi-Fi validation profile layered on the mini baseline.

 ## Change Checklist