Understanding Why Plagues Works As It Does (Updated)

Plagues Protocol Rule

It has exactly one rule:

Nothing that runs with user privileges is ever allowed to touch anything important. Ever.

To enforce that rule, the Plagues Protocol draws an absolute, cryptographically-enforced boundary between two worlds on the same machine:

The untrusted side (your shell, apps, future plugins, anything running as the logged-on user)
The trusted side (a handful of tiny, manifest-protected service workers running as SYSTEM/root)

Communication between these two sides happens only over OS-level channels (named pipes on Windows, Unix domain sockets on Linux), giving zero-copy speed while remaining isolated from network or remote access — but only if OS permissions are enforced correctly.

Before any trusted worker even starts listening, it must prove it is byte-for-byte official: it loads a Kyber-signed manifest compiled into the binary, recomputes Blake3 hashes of its own executable and loaded DLLs, and refuses to run if anything fails.
The untrusted side never decides what is legitimate — only the signed manifest does.

The Plagues Protocol is deliberately boring: it has no discovery protocol, no authentication handshake beyond the OS channel, no TLS layer, no fallback paths. It simply says:

“If you can open this named pipe or socket, and the worker on the other end has already verified its own signature, the call is allowed.”

⚠️ Note: To be truly secure, access to the OS channel must be restricted to the untrusted runtime only. TCP loopback alone is insufficient to enforce this. (Yes, we do this by default)

Example Setup

Trusted Side (runs as SYSTEM/root)

XRUIOS.Windows.PublicAccountDataHandler.exe     ← standalone .NET worker
├── Worker.cs                                   ← does Blake3 + Kyber self-check on every call
└── Program.cs                                  ← Hosts MagicOnion over NamedPipe

XRUIOS.Linux.PublicAccountDataHandler           ← Linux twin
├── Worker.cs                                   ← same self-check, returns /home/user/XRUIOS
└── Program.cs                                  ← binds to unix:/var/run/xruios/publicacc.sock (ready)

Shared contracts (loaded everywhere)

XRUIOS.Interfaces/
├── IPublicAcc.cs                               ← ONE method crosses the Wall
└── PublicAccount.cs                            ← simple DTO: Name, LastCheck, OSFolder

Crypto & Security

Pariah_Cybersecurity/EasyPQC.cs                 ← Blake3 + Kyber, used for self-verification

Base

XRUIOS Arch Test            ←  Test CMD Program
XRUIOS.Core/AccountsProvider.cs 
    → Holds cross-platform logic (Non workers) and dispatches to platform-specific workers  
XRUIOS.Windows              ← Handles Windows Specific Code
XRUIOS.Windows              ← Handles Linux Specific Code