Preemption supervisor: real-time sovereignty enforcement

[jeremymanning]

Description

src/preemption/supervisor.rs has an event_rx field marked #[allow(dead_code)] — the supervisor struct exists but the real-time event processing pipeline is not wired. Per Principle III, preemption must happen within 10ms of a sovereignty trigger.

Requirements

• Wire event_rx to receive sovereignty events from trigger detection
• On event: send SIGSTOP to all sandbox processes within 10ms
• Attempt checkpoint within 500ms
• If checkpoint fails, SIGKILL within 500ms and reschedule from last committed checkpoint
• Handle GPU kernel windows (200ms target for CUDA kernels)
• Measure and log actual preemption latency for each event
• Support thermal, battery, and memory pressure triggers in addition to keyboard/mouse

Success Criteria

• SIGSTOP delivered within 10ms of keyboard/mouse activity (measured)
• Checkpoint attempted within 500ms
• Failed checkpoint → SIGKILL and reschedule
• GPU kernel window handling (200ms target)
• Preemption latency logged and measurable
• Integration test with real keyboard event simulation
• cargo test passes

Testing (Principle V)

• Run workload on real hardware, inject keyboard event, measure SIGSTOP latency
• Run GPU workload, inject event, measure kernel completion + SIGSTOP latency
• Rapid pause/resume cycling (10 events/second) → verify stability
• Thermal trigger simulation → verify preemption
• Battery disconnect → verify preemption

[jeremymanning]

Addressed in spec 004-full-implementation (PR #59). Implementation verified in code; 802 tests passing across Linux/macOS/Windows. See #57 master plan for full context.