refactor: moved org-agent to its own repository as a submodule

notes/closos_protection_mechanisms.org

@@ -0,0 +1,18 @@
+#+TITLE: CLOSOS: Language-Based Protection Mechanisms
+#+ID: closos-protection-mechanisms
+#+DATE: 2026-03-22
+#+FILETAGS: :architecture:lisp:os:closos:security:
+
+* Concept
+Security in a Lisp OS is enforced by the compiler and runtime environment rather than traditional hardware MMU (Memory Management Unit) boundaries.
+
+* Key Principles
+- **Controlled Access System:** The system is "closed" by the compiler. Only code produced by the trusted compiler—which excludes arbitrary pointer arithmetic and includes bounds checking—is allowed to execute in supervisor mode.
+- **Tagged Pointers:** Objects are manipulated via tagged pointers. Access rights (read/write/execute) can be embedded directly into the tag bits of the pointer itself.
+- **Capabilities:** Pointers function as capabilities. Possession of a pointer to an object implies the authority to interact with it according to the embedded access tags.
+
+* Source
+:PROPERTIES:
+:ID:       9c69a9ab-1c96-490e-9a8e-fbeafacba30e
+:END:
+- [[attachment:strandh-lispos.pdf][Robert Strandh, "CLOSOS: Specification of a Lisp operating system" (2013)]]