9 files changed, 73 insertions, 30 deletions
diff --git a/dev/user/SciCalls.h b/dev/user/AsmProc.h
index 4b3b63c1..4b3b63c1 100644
--- a/dev/user/SciCalls.h
+++ b/dev/user/AsmProc.h
diff --git a/dev/user/SecurityPolicy.h b/dev/user/SecurityPolicy.h
new file mode 100644
index 00000000..a03c928b
--- /dev/null
+++ b/dev/user/SecurityPolicy.h
@@ -0,0 +1,12 @@
+/* -------------------------------------------
+
+  Copyright (C) 2025, Amlal El Mahrouss, all rights reserved.
+
+------------------------------------------- */
+
+#pragma once
+
+#include <user/SystemCalls.h>
+
+/// @file SecurityPolicy.h
+/// @brief Hardened Security Policy, used to restrict access to certain system calls.
+\ No newline at end of file
diff --git a/dev/user/SystemCalls.h b/dev/user/SystemCalls.h
index 61021a01..c1b70513 100644
--- a/dev/user/SystemCalls.h
+++ b/dev/user/SystemCalls.h
@@ -112,7 +112,7 @@ IMPORT_C UInt64 IoSeekFile(_Input Ref file_desc, UInt64 file_offset);
 /// @brief Spawns a Thread Information Block and Global Information Block inside the current
 /// process.
 /// @param process_id Target Process ID, must be valid.
-/// @return > 0 error ocurred or already present, = 0 success.
+/// @return > 0 error occurred or already present, = 0 success.
 IMPORT_C UInt32 RtlSpawnIB(UIntPtr process_id);
 
 /// @brief Spawns a process with a unique pid (stored as UIntPtr).
@@ -125,10 +125,6 @@ IMPORT_C UIntPtr RtlSpawnProcess(const Char* process_path, SizeT argc, Char** ar
 /// @return if it has succeeded true, otherwise false.
 IMPORT_C Bool RtlExitProcess(UIntPtr handle, UIntPtr exit_code);
 
-/// @brief Get current PID of process.
-/// @return Current process ID.
-IMPORT_C UIntPtr RtlCurrentPID(Void);
-
 // ------------------------------------------------------------------------
 // Memory Manager API.
 // ------------------------------------------------------------------------
@@ -192,14 +188,15 @@ IMPORT_C SInt32 ThrExitMainThread(_Input SInt32 exit_code);
 IMPORT_C SInt32 ThrExitThread(_Input ThreadRef thread, _Input SInt32 exit_code);
 
 /// @brief Thread procedure function type.
-typedef SInt32 (*thread_proc_kind)(SInt32 argc, Char** argv);
+typedef SInt32 (*ThrProcKind)(SInt32 argc, Char** argv);
 
 /// @brief Creates a thread.
 /// @param procedure the thread procedure.
 /// @param argument_count number of arguments inside that thread.
 /// @param flags Thread flags.
 /// @return the thread object.
-IMPORT_C ThreadRef ThrCreateThread(thread_proc_kind procedure, SInt32 argument_count, SInt32 flags);
+IMPORT_C ThreadRef ThrCreateThread(const Char* thread_name, ThrProcKind procedure,
+                                   SInt32 argument_count, SInt32 flags);
 
 /// @brief Yields the current thread.
 /// @param thread the thread to yield.
@@ -287,8 +284,8 @@ IMPORT_C VoidPtr EvtDispatchEvent(_Input const Char* event_name, _Input VoidPtr
 // ------------------------------------------------------------------------------------------ //
 
 enum {
-  kPowerCodeInvalid,
-  kPowerCodeShutdown,
+  kPowerCodeInvalid  = 0,
+  kPowerCodeShutdown = 12,
   kPowerCodeReboot,
   kPowerCodeSleep,
   kPowerCodeWake,
@@ -328,15 +325,21 @@ IMPORT_C IORef PrintGet(const Char* path);
 // ------------------------------------------------------------------------------------------ //
 
 typedef SInt32 AffinityRef;
-typedef UInt64 PID;
+typedef UInt64 ProcessRef;
+
+IMPORT_C SInt32 SchedSetAffinity(ProcessRef, SInt32 req, AffinityRef* local);
 
-IMPORT_C SInt32 SchedAffinity(PID, SInt32 req, AffinityRef* local);
+IMPORT_C SInt32 SchedGetAffinity(ProcessRef, AffinityRef* local);
 
-IMPORT_C SInt32 SchedTrace(PID, SInt32 req, VoidPtr address, VoidPtr data);
+IMPORT_C SInt32 SchedFireSignal(ProcessRef, SInt32 req);
 
-IMPORT_C SInt32 SchedKill(PID, SInt32 req);
+IMPORT_C SInt32 SchedReadMemory(ProcessRef, SInt32 address, SInt32 data);
 
-IMPORT_C SInt32 SchedBreakPoint(Void);
+IMPORT_C SInt32 SchedWriteMemory(ProcessRef, SInt32 address, SInt32 data);
+
+/// @brief Get current ProcessRef of process.
+/// @return Current process ID.
+IMPORT_C UIntPtr RtlCurrentPID(Void);
 
 // ------------------------------------------------------------------------------------------ //
 // @brief Filesystem API.
@@ -355,7 +358,7 @@ IMPORT_C BOOL FsCreateFile(const Char* path);
 IMPORT_C BOOL FsCreateAlias(const Char* path, const Char* from);
 
 // ------------------------------------------------------------------------------------------ //
-// @brief Format API.
+// @brief String API.
 // ------------------------------------------------------------------------------------------ //
 
 IMPORT_C Char* StrFmt(const Char* fmt, ...);
diff --git a/dev/user/ProcessCodes.h b/dev/user/SystemCodes.h
index 90457944..90457944 100644
--- a/dev/user/ProcessCodes.h
+++ b/dev/user/SystemCodes.h
diff --git a/dev/user/docs/SPECIFICATION_SYSCALLS.md b/dev/user/docs/SPECIFICATION_SYSCALLS.md
index 607c7532..b4b11c8c 100644
--- a/dev/user/docs/SPECIFICATION_SYSCALLS.md
+++ b/dev/user/docs/SPECIFICATION_SYSCALLS.md
@@ -1,16 +1,25 @@
 ===================================
-
 # 0: General Information
-
 ===================================
 
-- Programming Language: C/C++
-- Build System: Make/BTB
-- Purpose: System Call Interface
+- **Programming Language**: C / C++
+- **Build System**: Make / BTB (Build the Build)
+- **Purpose**: System Call Interface (SCI) for NeKernel
 
 ===================================
+# 1: How It Works
+===================================
 
-# 1: How It works
+- This header provides the raw API surface for accessing NeKernel's system calls.
 
-===================================
+- It is **not** directly used by applications.
+    - Instead, it is abstracted by the **SystemSDK**, which presents a stable, high-level interface.
+
+- At runtime:
+    - System calls are routed from user-space code to the **kernel syscall manager**.
+    - The syscall manager executes the requested operation and returns control to `libSystem`.
+    - Finally, the result is delivered back to the originating process.
 
+- This separation ensures that:
+    - The SCI remains low-level and close to the ABI.
+    - `SystemSDK` provides portability and shielding from changes in syscall internals.
+\ No newline at end of file
diff --git a/dev/user/src/GNUmakefile b/dev/user/src/GNUmakefile
index 09993d16..9b901f9f 100644
--- a/dev/user/src/GNUmakefile
+++ b/dev/user/src/GNUmakefile
@@ -1,6 +1,6 @@
 ##################################################
 # (c) Amlal El Mahrouss, all rights reserved.
-# This file is for user.sys's syscall stubs.
+# This file is for libSystem.sys's syscall stubs.
 ##################################################
 
 ASM=nasm
@@ -13,4 +13,4 @@ error:
 
 .PHONY: sci_asm_io_x64
 sci_asm_io_x64:
-	$(ASM) $(FLAGS) SystemCalls+IO.asm -o SystemCalls+IO.asm.o
+	$(ASM) $(FLAGS) SystemCalls+IO.asm -o SystemCalls+IO.stub.obj
diff --git a/dev/user/src/SystemCalls+IO.asm b/dev/user/src/SystemCalls+IO.asm
index 77e22b59..9126b7de 100644
--- a/dev/user/src/SystemCalls+IO.asm
+++ b/dev/user/src/SystemCalls+IO.asm
@@ -19,17 +19,31 @@ global sci_syscall_arg_3
 global sci_syscall_arg_4
 
 sci_syscall_arg_1:
+    push rbp
+    mov rbp, rsp
+
     mov r8, rcx
     syscall
+
+    pop rbp
+
     ret
 
 sci_syscall_arg_2:
+    push rbp
+    mov rbp, rsp
+
     mov r8, rcx
     mov r9, rdx
     syscall
+    pop rbp
+
     ret
 
 sci_syscall_arg_3:
+    push rbp
+    mov rbp, rsp
+
     mov rbx, r8
 
     mov r8, rcx
@@ -37,9 +51,14 @@ sci_syscall_arg_3:
     mov r10, rbx
 
     syscall
+    pop rbp
+
     ret
 
 sci_syscall_arg_4:
+    push rbp
+    mov rbp, rsp
+
     mov rbx, r8
     mov rax, r9
 
@@ -49,4 +68,6 @@ sci_syscall_arg_4:
     mov r11, rax
 
     syscall
+    pop rbp
+
     ret
diff --git a/dev/user/src/SystemCalls.cc b/dev/user/src/SystemCalls.cc
index 874f607d..f004718c 100644
--- a/dev/user/src/SystemCalls.cc
+++ b/dev/user/src/SystemCalls.cc
@@ -4,11 +4,11 @@
 
 ------------------------------------------- */
 
-#include <user/SciCalls.h>
+#include <user/AsmProc.h>
 #include <user/SystemCalls.h>
 
 /// @file SystemCalls.cc
-/// @brief Source file for the memory functions/syscalls for user.sys
+/// @brief Source file for the memory functions/syscalls for libSystem.sys
 
 IMPORT_C VoidPtr MmCopyMemory(_Input VoidPtr dest, _Input VoidPtr src, _Input SizeT len) {
   if (!len || !dest || !src) {
@@ -51,8 +51,6 @@ IMPORT_C VoidPtr MmFillMemory(_Input VoidPtr dest, _Input SizeT len, _Input UInt
 /// @internal
 //-----------------------------------------------------------------------------------------------------------//
 
-constexpr auto kInvalidSyscall = 0UL;
-
 IMPORT_C Ref IoOpenFile(_Input const Char* path, _Input const Char* drv_letter) {
   return sci_syscall_arg_3(1, reinterpret_cast<VoidPtr>(const_cast<Char*>(path)),
                            reinterpret_cast<VoidPtr>(const_cast<Char*>(drv_letter)));
diff --git a/dev/user/user.json b/dev/user/user.json
index 05b90abf..2267175e 100644
--- a/dev/user/user.json
+++ b/dev/user/user.json
@@ -2,8 +2,8 @@
   "compiler_path": "x86_64-w64-mingw32-g++",
   "compiler_std": "c++20",
   "headers_path": ["../", "./"],
-  "sources_path": ["src/*.cc", "src/*.o"],
-  "output_name": "user.sys",
+  "sources_path": ["src/*.cc", "src/*.stub.obj"],
+  "output_name": "libSystem.sys",
   "compiler_flags": [
     "-ffreestanding",
     "-shared",