A distributed, formally verified catalogue of developer server capabilities. AI goes to ONE place instead of hunting across dozens of MCP/LSP/etc servers. Community-hosted nodes share the load.
Core Elixir/BEAM REST layer is live: 111 cartridges with Zig FFI (.so) + 1 JS-only
(model-router-mcp) auto-discovered at startup, JS dispatch via persistent Deno worker
pool, Zig FFI path for .so cartridges, X25519/ChaCha20-Poly1305 credential
forwarding with Options A+B wired (CredentialDecryptor → Invoker extra_env),
X-Trust-Level enforcement live (BojRest.TrustPolicy). 173 ExUnit tests passing
(10 properties + 163 regular, 0 failures). All 4 fly.io seed nodes LIVE:
boj-seed-eu (lhr), boj-seed-de (fra), boj-seed-us (iad), boj-seed-ap (syd).
V-lang adapter migration complete (0 .v files). Grade C achieved 2026-04-25.
-
✓ Fresh repo from rsr-template-repo (17 mandatory workflows)
-
✓ Idris2 ABI: Catalogue, Protocol, Domain, Menu, Federation
-
✓
IsUnbreakableproof type (only Ready cartridges can mount) -
✓ Zig FFI: catalogue mount/unmount with safety gate
-
✓ C header:
boj_catalogue.hfrom Idris2 encodings -
✓ Teranga menu (
menu.a2ml) with three tiers -
✓ Order-ticket protocol (
order-ticket.scm) -
✓ Three cartridges: database-mcp, nesy-mcp, fleet-mcp
-
✓ Cultural respect documentation (Teranga/Umoja/Ayo)
-
✓ Federation design (Umoja gossip, hash attestation)
-
✓ Zig FFI: dynamic cartridge loader with hash verification
-
✓ V-lang triple adapter: REST (9000) + gRPC (9001) + GraphQL (9002)
-
✓ First working MCP endpoint (database-mcp)
-
✓ First working LSP endpoint (database-mcp)
-
✓ Order-ticket flow end-to-end (read menu → place order → get endpoints)
-
✓ Stapeln container image (Chainguard base, Podman)
-
✓ Gossip protocol implementation (IPv6, node discovery)
-
✓ Hash attestation (binary verification for community nodes)
-
✓ Seed node setup (4 fly.io nodes: boj-seed-eu.fly.dev, boj-seed-de.fly.dev, boj-seed-us.fly.dev, boj-seed-ap.fly.dev — LIVE 2026-04-25)
-
❏ Load-aware routing (requests to healthiest node)
-
✓ Auto-SDP (Software Defined Perimeter for nodes)
-
❏ DoQ/DoH for encrypted DNS resolution
-
✓ PanLL panel (BoJ matrix display, menu browser, order placement)
-
❏ IndieWeb integration (Webmention, self-hosted node discovery)
-
✓ Community cartridge submission process (Ayo menu)
-
✓ Wiki with guides for node operators
-
❏ Project board for cartridge development tracking
-
✓ SDP cartridge (auto-SDP for community nodes)
-
❏ DNS Shield cartridge (DoQ/DoH/oDNS)
-
❏ Container hash state monitoring (vordr integration)
-
❏ PMPL provenance chain verification
-
✓ Remaining MCP cartridges (Cloud, Container, K8s, Git, Secrets, Queues, IaC, Observe, SSG, Proof)
-
✓ LSP cartridges for key domains
-
✓ DAP cartridges where relevant
-
✓ polystack deprecation (Phase 7)
-
✓ Remove remaining V-lang adapters across
cartridges/(confirmed 0.vfiles 2026-04-25 — cleanup completed 2026-04-12) -
✓ Ensure every cartridge has
cartridge.jsonmetadata (all 115 cartridges covered, re-verified 2026-04-30) -
✓ Ensure every cartridge has
mod.jstool handlers (all 115 cartridges covered, re-verified 2026-04-30) -
✓ Re-run cartridge matrix build and update
TEST-NEEDS.mdwith current evidence (build count refreshed 2026-04-30 — 111/115 cartridges have.so; pending:database-mcp,echidna-llm-mcp,lang-mcp,orchestrator-lsp-mcp. Test re-run deferred to next sweep.) -
✓ Refresh repo documentation claims after migration closure — counts, completion text, handover docs (PR #40 + this re-measurement PR cover the canonical doc surfaces; cartridge count is now 115 across all surfaces)
JS cartridge dispatch (gap closed substantially since the original measurement — as of 2026-04-30, 4 of 115 cartridges still use mod.js not Zig .so: database-mcp, echidna-llm-mcp, lang-mcp, orchestrator-lsp-mcp):
-
✓
BojRest.JsInvoker— shells out todeno run mod.jsper invocation (Phase 1: fork-per-call, ~200 ms cold-start) -
✓ Router dispatch branch: if
cart["ffi"]key present →Invoker(Zig path); else →JsWorkerPool(Deno pool path) -
✓ Fix
cartridge_so_path/1to readcart["ffi"]["so_path"]from the manifest instead of hardcoding the derivation -
✓
BojRest.JsWorkerPool+BojRest.JsWorker— persistent Deno worker pool (Phase 2); consistent hash on mod path for module-cache locality;JsInvokerfork-per-call as fallback when pool absent -
❏ End-to-end test:
curl POST /cartridge/boj-health/invoke(Zig) +curl POST /cartridge/local-memory-mcp/invoke(JS) -
✓ Phase 8: 4 fly.io seed nodes deployed (lhr/fra/iad/syd), 2/2 health checks, Containerfile.fly lean build
-
✓ Phase 9 (partial): BojRest.TrustPolicy X-Trust-Level enforcement, credential forwarding Options A+B (CredentialDecryptor → Invoker extra_env)
-
✓ 173 ExUnit tests, Grade C achieved (10 properties + 163 regular, 0 failures)
Gateway sidecar (http-capability-gateway in front of boj-server):
-
✓ Add
gateway-policy.yaml(done —container/gateway-policy.yaml) to dev compose as optional sidecar -
✓ Implement
PolicyLoader.load_from_boj_catalog/1inhttp-capability-gateway— readsBOJ_CARTRIDGES_ROOT/*/cartridge.jsonat boot, infers per-cartridge invoke exposure fromauth.method(none→public, others →authenticated). Zero manual policy maintenance thereafter. Seedocs/gateway-catalog-integration.adoc. -
✓ Update
compose.dev.yamlwith gateway sidecar entry (port 7800 → boj-rest:7700) -
✓ Retire static
gateway-policy.yaml— catalog mode live 2026-04-25; file kept as reference only
-
oDNS relay: Distributed Oblivious DNS as a network service (research problem)
-
Aerie integration: Dynamic threat response via BoJ cartridges
-
Cross-network federation: BoJ nodes discovering other federated networks
-
Mobile nodes: Tauri/Dioxus-based node management app