amr/hermes-brain
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Reorganize brain: projects/ top level, rename filenames, update homepage

Browse Source 
- Moved everything from ideas/passepartout/ to projects/passepartout/
- Moved legal structures to projects/flags/
- Created missing _index.org files for all subdirectories
- Stripped redundant passepartout- prefix from filenames
- Rewrote root _index.org as generalized brain index (projects + concepts)
- Updated Hugo nav to Projects/Concepts
- Updated build script section descriptions
- Deleted stale ideas/passepartout-economics.md orphan
This commit is contained in:
Hermes
2026-05-24 18:54:14 +00:00
parent 4b60244919
commit 0a8e77e949
119 changed files with 177 additions and 127 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
projects/passepartout/strategy/competitors/_index.org Normal file
View File

@@ -0,0 +1,8 @@
:PROPERTIES:
:CREATED: [2026-05-24 Sun]
:ID: 0d4e5f6a-7b8c-9d0e-1f2a-3b4c5d6e7f8a
:END:
#+title: Passepartout — Competitive Analysis
#+filetags: :index:
Competitive analysis of AI coding agents, verification platforms, and the broader infrastructure landscape.

22
projects/passepartout/strategy/competitors/ai-agents-scoping/aider.org Normal file
View File

@@ -0,0 +1,22 @@
:PROPERTIES:
:ID: c3aab2e8-7e43-4abc-93f0-741675cfd78c
:CREATED: [2026-05-22 Thu]
:END:
#+title: Aider — AI Coding Agent
#+filetags: :passepartout:strategy:competitive:aider:
Language: Python. ~6.8M pip installs. ~40K lines. MIT license. The oldest and most mature open-source coding agent.
Architecture: Chat-based Coder class with 5 edit formats (diff, udiff, patch, whole, architect). Uses litellm for universal provider access (50+ providers). RepoMap provides codebase awareness via cosine-similarity embedding.
Safety model: Purely prompt-based plus user-confirmation dialogs. No deterministic gate stack. No sandboxing. No model output validator. The allowed_to_edit() gate is a single user confirmation call. --yes flag auto-approves. Aider can edit its own source code with no special protection — self-modification is undetectable.
Data model: Ad-hoc. Chat messages in memory. Git commits for persistence. RepoMap is a cosine-similarity index. No persistent memory across sessions. No knowledge graph.
Self-modification: Full. No guard against editing its own files.
Verification: None.
Key gap vs Passepartout: No safety gates, no persistent memory model, no knowledge representation, no verification, no self-modification protection, no architecture for neurosymbolic reasoning. It is a thin shell around litellm + edit format parsers.
See the full [[id:3aa22300-2f25-57b0-8787-9f199cc978b1][competitive analysis]] for the landscape view and comparison.

22
projects/passepartout/strategy/competitors/ai-agents-scoping/claude-code.org Normal file
View File

@@ -0,0 +1,22 @@
:PROPERTIES:
:ID: 512dd121-2292-4f3d-ac53-31bf3d12a60f
:CREATED: [2026-05-22 Thu]
:END:
#+title: Claude Code — Anthropic AI Coding Agent
#+filetags: :passepartout:strategy:competitive:claude-code:
Anthropic's proprietary coding agent. TypeScript/Bun, ~512K lines (leaked source analysis). Not open source.
Architecture: Bun-bundled TypeScript single-file executable. Ink/React terminal UI. 23+ core tools. Subagent forking with byte-identical API prefixes for prompt cache sharing. Multi-agent coordination mode.
Safety model: Layered deterministic safety — NOT prompt-based: 7 permission modes, persistent permission rules (alwaysAllow/alwaysDeny/alwaysAsk from 4 sources), bash security validator at 2,592 lines with 23+ named security checks using tree-sitter AST parsing, sandbox runtime, path/mode validation, optional ML bash classifier. This is the most sophisticated safety system of any coding agent analyzed.
Data model: File-based markdown memdir at ~/.claude/projects/<slug>/memory/. 4 memory types: user, feedback, project, reference. YAML frontmatter in .md files. PROJECT.md and CLAUDE.md for project config. No database.
Self-modification: HIGH. Skill system writes SKILL.md files. Plugin system, cron scheduling, agent spawning.
Verification: None.
Key gap vs Passepartout: No proof system, no neurosymbolic architecture, no self-verification, no persistent knowledge graph (flat markdown files, not Org-mode with cross-references), markdown data model lacks semantic depth. Proprietary — Anthropic controls it completely. The permission rules system is impressive but structurally inferior to Passepartout's gate stack because rules are heuristic (regex-based pattern matching) rather than typed (type-level gates with structural guarantees).
See the full [[id:3aa22300-2f25-57b0-8787-9f199cc978b1][competitive analysis]] for the landscape view and comparison.

22
projects/passepartout/strategy/competitors/ai-agents-scoping/codex-cli.org Normal file
View File

@@ -0,0 +1,22 @@
:PROPERTIES:
:ID: e929ff32-28d8-4a29-bf74-d55babc040d1
:CREATED: [2026-05-22 Thu]
:END:
#+title: Codex CLI — OpenAI AI Coding Agent
#+filetags: :passepartout:strategy:competitive:codex:
OpenAI's open-source coding agent. Rust, ~950K lines, sandboxed.
Architecture: ~116 crate Rust workspace with a protocol layer (SQ/EQ session types), sandbox manager (macOS Seatbelt, Linux nsjail), multi-provider support, configurable TUI.
Safety model: Most sophisticated safety system of any coding agent analyzed. Multi-layer: process hardening (macOS Seatbelt with 4 profile tiers), execution policy engine, sandboxing via nsjail/Seatbelt, Guardian module for tool permission gating. No prompt-based safety — all deterministic through policy definitions.
Data model: Protocol-defined session types. Structured request/response models. Config through TOML files with schema validation.
Self-modification: Protected by sandbox — the agent cannot escape to modify its own binary or config without explicit policy override.
Verification: None (no proof system).
Key gap vs Passepartout: No knowledge graph, no persistent memory model, no deterministic gate stack for agent behavior (only OS-level sandboxing), no ACL2/prover, no neurosymbolic architecture. Strongest sandbox but weakest cognitive architecture.
See the full [[id:3aa22300-2f25-57b0-8787-9f199cc978b1][competitive analysis]] for the landscape view and comparison.

22
projects/passepartout/strategy/competitors/ai-agents-scoping/continue.org Normal file
View File

@@ -0,0 +1,22 @@
:PROPERTIES:
:ID: 22d0a159-68a2-4587-9375-5046beddc20c
:CREATED: [2026-05-22 Thu]
:END:
#+title: Continue — CI/Check System
#+filetags: :passepartout:strategy:competitive:continue:
TypeScript, ~328K lines, Apache 2.0. Source-controlled AI checks for CI/CD. Markdown-as-gate-policy.
Architecture: Shared core (@continuedev/core) with ~80 provider implementations, tool-calling engine, config system (YAML/JSON/Markdown). Serves CLI (Ink/React TUI + headless CI mode), IDE extensions (VS Code, JetBrains), web dashboard.
Safety model: Three permission levels (allow/ask/exclude). Precedence: mode policies → CLI flags → permissions.yaml → built-in defaults. Terminal security package for shell command analysis via shell-quote parsing. Workspace-scoped file access.
Data model: Markdown files for checks, agents, rules. Source-controlled in-repo. YAML frontmatter for metadata.
Self-modification: Checks source-controlled — any change goes through git.
Verification: None (the checks are themselves unverified).
Key gap vs Passepartout: The checks-as-markdown concept is philosophically similar to Passepartout's gate rules (deterministic policies checked before execution) but the implementation is dramatically simpler — regex-based policy objects, not a type-level gate stack with structural guarantees. No persistent agent, no memory, no knowledge graph, no neurosymbolic architecture. It is a gate system without an agent to gate.
See the full [[id:3aa22300-2f25-57b0-8787-9f199cc978b1][competitive analysis]] for the landscape view and comparison.

22
projects/passepartout/strategy/competitors/ai-agents-scoping/gemini-cli.org Normal file
View File

@@ -0,0 +1,22 @@
:PROPERTIES:
:ID: 8d73ccb9-34e4-4899-b0c3-605998e9bebc
:CREATED: [2026-05-22 Thu]
:END:
#+title: Gemini CLI — Google AI Coding Agent
#+filetags: :passepartout:strategy:competitive:gemini:
Google's open-source coding agent. TypeScript, ~525K lines, Apache 2.0. Node.js 20+, Ink/React TUI.
Architecture: 7-package npm monorepo. Core backend handles Gemini API orchestration, tool execution, policy engine, safety checks, sandbox management, session management, MCP client. 7-strategy composite model routing chain.
Safety model: Multi-layered: CONSECA (Contextual Security Checker) — AI-driven per-request policy generation using a separate Gemini Flash model. 4 approval modes (PLAN/DEFAULT/AUTO_EDIT/YOLO). 6 sandbox methods (macOS Seatbelt, Docker/Podman, bwrap, gVisor, LXC, Windows). Trusted folders with path traversal protection. Policy integrity via cryptographic hashes. Loop detection.
Data model: JSONL session files. Turn-based conversation model. 4-layer config precedence (system-defaults → user → project → system-override). TOML policy files.
Self-modification: Modifiable hooks system, MCP extensions, custom commands. Core binaries are protected on disk by file permissions.
Verification: None.
Key gap vs Passepartout: No proof system, no persistent knowledge graph, no self-verification, no neurosymbolic architecture, lock-in to Google Gemini models. CONSECA is interesting (AI-generated policies) but introduces a second LLM call for every security decision — the opposite of Passepartout's zero-token deterministic gating.
See the full [[id:3aa22300-2f25-57b0-8787-9f199cc978b1][competitive analysis]] for the landscape view and comparison.

22
projects/passepartout/strategy/competitors/ai-agents-scoping/hermes-agent.org Normal file
View File

@@ -0,0 +1,22 @@
:PROPERTIES:
:ID: c652688a-1ea0-487c-9222-00e954efe8a1
:CREATED: [2026-05-22 Thu]
:END:
#+title: Hermes Agent — Personal AI Assistant
#+filetags: :passepartout:strategy:competitive:hermes:
The agent running this conversation. Python, ~17K core lines, MIT.
Architecture: Synchronous conversation loop with OpenAI-format messages. 60+ built-in tools. 109+ providers via pluggable transport layer. 15+ messaging platforms via gateway. MCP client (native, not bridge). Ink/React TUI as Node.js subprocess. Cron jobs, Kanban board, subagent delegation.
Safety model: Multi-layer but NOT a deterministic gate stack: message sanitization, Tirith binary scanner, command approval system, memory injection detection, secret/PII redaction, tool call guardrails, MCP security, context fencing. All heuristic or prompt-based — no structural type-level gates.
Data model: SQLite session DB (FTS5 full-text search). File-based memory (MEMORY.md + USER.md). YAML config. No knowledge graph. No Org-mode.
Self-modification: Skill system writes SKILL.md files. Memory tool edits MEMORY.md/USER.md. Core Python code is read-only in execution but no gate specifically prevents the LLM from requesting source modifications.
Verification: None.
Key gap vs Passepartout: No deterministic gate stack (heuristic layers, not structural/typed), no knowledge graph, no Org-mode, no neurosymbolic architecture, no self-verification, no proof system. Hermes's strength is breadth — 109 providers, 15 platforms, MCP ecosystem. But it has no depth in safety, knowledge representation, or reasoning architecture.
See the full [[id:3aa22300-2f25-57b0-8787-9f199cc978b1][competitive analysis]] for the landscape view and comparison.

22
projects/passepartout/strategy/competitors/ai-agents-scoping/openclaw.org Normal file
View File

@@ -0,0 +1,22 @@
:PROPERTIES:
:ID: 85ca69dd-d085-4a55-ad11-021910b1f82e
:CREATED: [2026-05-22 Thu]
:END:
#+title: OpenClaw — Personal AI Assistant
#+filetags: :passepartout:strategy:competitive:openclaw:
TypeScript/Node.js, ~3.5M lines. The largest codebase analyzed. Personal AI assistant with 25+ messaging channel support.
Architecture: pnpm workspace with ~135 bundled plugins. Gateway control plane routes messages through multi-agent routing. Per-agent sessions, workspaces, skill registries. Companion native apps (macOS, iOS, Android).
Safety model: Tiered — main agent runs tools directly on host (trusted-operator), non-main sessions sandboxed via Docker (read-only rootfs, capability dropping, seccomp/AppArmor, memory/cpu/PID limits, SSH/OpenShell backends).
Data model: Typed JSON/YAML config (openclaw.json). Multi-source model catalog. Plugin SDK with narrow typed subpath exports.
Self-modification: ACP (Agent Control Protocol) for spawning child sessions. Skill system with npm distribution and ClawHub registry.
Verification: None.
Key gap vs Passepartout: Same as Hermes — no gate stack, no knowledge graph, no Org-mode, no verification, no neurosymbolic architecture. Differentiated by vastly broader channel support and mature plugin ecosystem. But architecturally conventional — LLM + tools + channels, no cognitive architecture innovation.
See the full [[id:3aa22300-2f25-57b0-8787-9f199cc978b1][competitive analysis]] for the landscape view and comparison.

22
projects/passepartout/strategy/competitors/ai-agents-scoping/opencode.org Normal file
View File

@@ -0,0 +1,22 @@
:PROPERTIES:
:ID: 7a060b36-36db-4eb7-b8cc-844bd6ac9d36
:CREATED: [2026-05-22 Thu]
:END:
#+title: OpenCode — AI Coding Agent
#+filetags: :passepartout:strategy:competitive:opencode:
TypeScript/Bun. anomalyco/opencode, 163K★. The dominant open-source coding agent by adoption. Bun runtime, Effect-TS functional core, Solid.js TUI, Turborepo monorepo.
Architecture: Dual LLM runtime — default AI SDK (streamText/generateText) + opt-in native Effect-Schema runtime with 4-axis route decomposition (Protocol/Endpoint/Auth/Framing). 30+ provider plugins. Agent workflow DSL with plan/build agent switching. Agent Communication Protocol (ACP) for inter-agent messaging. Subagents inherit permission boundaries from parent. 18+ built-in tools + custom tools from config. Effect-TS ScopedCache per-project state management.
Safety model: Explicitly documents not sandboxing the agent. Permission system is rule-based (glob matching, actions: allow/ask/deny) and exists as a UX feature, not security isolation. Built-in agents have carefully scoped defaults. Permission rules inherited by subagents.
Data model: SQLite via Drizzle ORM with bun:sqlite or better-sqlite3. Key tables: SessionTable, MessageTable, PartTable. Project model stores worktree, VCS, sandbox config. Config is JSON-chain with remote config fetch.
Self-modification: Agent.generate() interface lets the LLM create new agent definitions — the system grows its own subagent roster. Skills system loads domain-specific knowledge packs dynamically.
Verification: None.
Key gap vs Passepartout: No deterministic safety architecture, no knowledge graph, no Org-mode, no verification/proof system, no neurosymbolic architecture. The permission system is explicitly labeled not security isolation — it's UX, not a gate stack.
See the full [[id:3aa22300-2f25-57b0-8787-9f199cc978b1][competitive analysis]] for the landscape view and comparison.

22
projects/passepartout/strategy/competitors/ai-agents-scoping/thoth.org Normal file
View File

@@ -0,0 +1,22 @@
:PROPERTIES:
:ID: 416bab7c-4300-4d50-838a-5c7a8ad45d96
:CREATED: [2026-05-22 Thu]
:END:
#+title: Thoth — Personal AI Sovereignty
#+filetags: :passepartout:strategy:competitive:thoth:
https://github.com/siddsachar/Thoth — Python, ~151K lines, Apache 2.0. Local-first desktop AI assistant with knowledge graph, tools, voice, vision, shell, browser automation, workflow engine, and messaging channels.
Architecture: LangGraph create_react_agent (prebuilt ReAct pattern). Dual-mode streaming. NiceGUI web UI with desktop launcher. Context trimming via tiktoken, base64 data redaction, stale browser snapshot compression, MD5 tool result dedup, old tool result summarization. Agent graph cached by tool set + model override. Checkpoints via LangGraph's SQLite-backed checkpointer. 30+ tool modules.
Safety model: Shell command classification with 17 blocked patterns, 30+ safe auto-execute prefixes, needs-approval for compound commands. Interactive interrupt for non-safe shell. Per-workflow safety modes (block/approve/allow_all). Prompt-injection defense (5 categories, detection-only). Filesystem workspace boundary. Opt-in Docker Sandbox. Destructive ops require confirmation. No sandboxing of agent runtime itself.
Data model: SQLite (WAL mode) at ~/.thoth/memory.db — shared between knowledge graph and legacy memory. Knowledge graph: SQLite (durable) + NetworkX MultiDiGraph (in-memory, rebuilt on startup) + FAISS vector index (semantic recall). 11 entity types, 67+ typed relations with 30+ LLM-produced aliases. Dream Cycle refinement pipeline. Config: JSON files. Keys in OS credential store.
Self-modification: Agent CAN create/update/delete skills via dedicated tools. Skill patching requires user confirmation + auto backup. Maximum 1 patch proposal per conversation. No tool to modify system prompts directly.
Verification: None formal. Update signature verification.
Key gap vs Passepartout: No deterministic gate stack — shell safety is pattern list, not typed gates. No proof system. No output guardrails. No neurosymbolic architecture. No Org-mode. No Merkle-tree memory. Knowledge graph is LLM-driven entity extraction — no structural integrity guarantees. Thoth's differentiation is the knowledge graph + Developer/Designer studios + embedded LangGraph framework, but still architecturally conventional.
See the full [[id:3aa22300-2f25-57b0-8787-9f199cc978b1][competitive analysis]] for the landscape view and comparison.

17
projects/passepartout/strategy/competitors/comparison-with-symbolics.org Normal file
View File

@@ -0,0 +1,17 @@
:PROPERTIES:
:CREATED: [2026-05-24 Sun]
:ID: 00ab3a4d-e3de-5605-a67d-12935bb36ab5
:END:
#+title: Comparison with Symbolics Genera
#+filetags: :passepartout:history:symbolics:comparison:
| | Symbolics Genera (1980s) | [[id:28c46769-c14b-42aa-ac7a-69d310157f8f][Passepartout]] (2020s) |
|---|---|---|
| Lines | ~1,000,000 | ~21,000 (self-driving target) |
| Developer-years | ~10 years, large team | ~1 year, 1-3 devs |
| OS | Built from scratch in assembly + Lisp | Runs on Linux (free OS layer) |
| Hardware | Custom Lisp Machine (entire computer) | PCIe card (FPGA or Tenstorrent) |
| Market | $50K-$100K/seat | $5K-$50K/appliance |
| Scope | Full OS + environment | Cognitive agent + hardware acceleration |
The Symbolics comparison is instructive: they built a full Lisp OS from scratch. Passepartout runs on Linux, providing the OS layer for free. The hardware integration is a PCIe card, not a replacement of the entire host. The scope is dramatically smaller — ~2% of the code for a fraction of the functionality that matters most. This illustrates the fundamental principles of [[id:9af13fff-9725-542b-93b1-a555bc74ad72][Lisp economics]] — the cost of building a Lisp-based system has dropped by [[id:2cdca4b0-6b41-44b4-acb0-af21d0e27b00][orders of magnitude]] since the 1980s. The [[id:13e6ae54-2d24-5aa0-b1cd-a7e8e749aa70][Self-driving Lisp Machine]] is the modern analogue: a hardware accelerator rather than a complete computer.

128
projects/passepartout/strategy/competitors/competitive-analysis.org Normal file
View File

@@ -0,0 +1,128 @@
:PROPERTIES:
:ID: 3aa22300-2f25-57b0-8787-9f199cc978b1
:CREATED: [2026-05-22 Thu]
:END:
#+title: Competitive Analysis — AI Agent Landscape
#+filetags: :passepartout:strategy:competitive:
* Overview
Analyzed 9 competitor codebases alongside Passepartout. The competitive landscape
divides into three categories:
1. Coding agents — Aider, OpenCode, Codex CLI, Claude Code, Gemini CLI
2. Personal AI assistants — [[id:c652688a-1ea0-487c-9222-00e954efe8a1][Hermes Agent]], OpenClaw, [[id:416bab7c-4300-4d50-838a-5c7a8ad45d96][Thoth]]
3. CI/check-based systems — Continue
None of the nine compete with Passepartout on all axes simultaneously. Passepartout's
strongest differentiators — Org-mode data model, deterministic gate stack, ACL2
verification, Merkle-treed memory, and the [[id:1c3ec48b-446c-50d2-b53e-126a81f5143f][Passepartout architecture]] — are absent from
every competitor.
* Category 1: Coding Agents
- [[id:c3aab2e8-7e43-4abc-93f0-741675cfd78c][Aider]] — Python, ~40K lines, MIT. Oldest open-source coding agent. Chat-based Coder class with 5 edit formats. Purely prompt-based safety.
- [[id:7a060b36-36db-4eb7-b8cc-844bd6ac9d36][OpenCode]] — TypeScript/Bun, 163K★. Dominant open-source coding agent. Dual LLM runtime, ACP inter-agent protocol, SQLite state.
- [[id:e929ff32-28d8-4a29-bf74-d55babc040d1][Codex CLI]] — Rust, ~950K lines, OpenAI. Strongest sandboxing (Seatbelt/nsjail). Execution policy engine. No knowledge graph.
- [[id:512dd121-2292-4f3d-ac53-31bf3d12a60f][Claude Code]] — TypeScript/Bun, ~512K lines leaked. Most mature safety system (2,592 lines bash security). 7 permission modes. Proprietary.
- [[id:8d73ccb9-34e4-4899-b0c3-605998e9bebc][Gemini CLI]] — TypeScript, ~525K lines, Apache 2.0. CONSECA AI-driven policy generation. 6 sandbox methods. Google-locked.
* Category 2: Personal AI Assistants
- [[id:c652688a-1ea0-487c-9222-00e954efe8a1][Hermes Agent]] — Python, ~17K core, MIT. Running this conversation. 109+ providers, 15+ messaging platforms, MCP client. Heuristic safety layers.
- [[id:85ca69dd-d085-4a55-ad11-021910b1f82e][OpenClaw]] — TypeScript/Node.js, ~3.5M lines. Largest codebase. 25+ messaging channels, 135 bundled plugins. Tiered sandboxing.
- [[id:416bab7c-4300-4d50-838a-5c7a8ad45d96][Thoth]] — Python, ~151K lines, Apache 2.0. Personal knowledge graph (11 entity types, 67 relations, NetworkX+FAISS). LangGraph ReAct agent. Developer Studio.
* Category 3: CI/Check Systems
- [[id:22d0a159-68a2-4587-9375-5046beddc20c][Continue]] — TypeScript, ~328K lines, Apache 2.0. Source-controlled AI checks for CI/CD. Markdown-as-gate-policy. No persistent agent.
* The Passepartout Advantage
| Dimension | Passepartout | Best Competitor | Gap |
|-----------|--------------|-----------------|-----|
| Safety model | Type-level gates + 11-vector deterministic stack | Claude Code (7 permission modes + 23 bash checks) | Structural vs heuristic. Passepartout's type-level gates prevent self-modification at the category level; competitors block patterns. |
| Knowledge model | Org-mode (tree, properties, TODOs, timestamps, cross-refs, IDs, tags) | Claude Code (flat markdown memdir) | Org-mode's semantic richness is ~15 primitives markdown doesn't have. |
| Memory integrity | Merkle tree + SHA-256 + rollback | Hermes (file-based); Claude Code (flat files + git) | Content-addressed, tamper-evident memory no competitor has. |
| Self-verification | ACL2 → CIC prover (planned) | None | No competitor does provable correctness. |
| Cognitive architecture | 10-80-10 symbolic-first (planned) | 100% LLM (every competitor) | Post-flip, Passepartout uses ~10% of the tokens competitors use. |
| Data format | Org-mode (human-editable, machine-parseable, single file) | JSONL/Markdown/YAML/DB (competitors use 2-5 formats) | Unified format reduces translation layers to zero. |
| Self-modification | Type-level gates + hot-reload | Claude Code (skills), Hermes (skills) | Passepartout's guard against self-modification is structural (type level), not heuristic (pattern list). |
| Architecture | Passepartout ([[id:c3b3dc41-945f-54e9-84eb-ca014114f1be][environment subsystem]] + [[id:1d074690-a279-59cb-b91d-e9a22ae104ad][social protocol]]) | None | No competitor is building a full computing stack + social network. |
| Provider independence | Any OpenAI-compatible API | Hermes (109+), Gemini CLI (1 primary) | Comparable to Hermes, better than most. |
* Where Competitors Lead
| Dimension | Leader | Passepartout Status |
|-----------|--------|---------------------|
| Safety implementation maturity | Claude Code (2,592 lines bash security) | Gate stack exists but bash validation is minimal in comparison |
| Provider breadth | Hermes (109+), OpenClaw (50+) | 8 providers — adequate but not competitive |
| Channel/platform support | OpenClaw (25+ channels) | TUI only — no multi-channel |
| Plugin ecosystem | OpenClaw (ClawHub, npm registry) | No plugin marketplace |
| Subagent delegation | Claude Code (fork with context inheritance) | Planned via Screamer planner |
| Codebase size / features shipped | All competitors have working products | In development |
| MCP integration | Hermes, Codex (native), Continue | Planned |
| Sandboxing | Codex CLI (Seatbelt+nsjail), Gemini CLI (6 methods) | None |
| Business model | Hermes (MIT+services), Codex (tokens) | AGPL + appliances + SaaS |
| Cross-platform | Claude Code (macOS/*nix), Codex (macOS) | Linux only |
* Strategic Positioning
Passepartout is not competing in the existing AI agent market. It is building a
new category: provable personal infrastructure.
Competitors optimize for:
- Token efficiency (Aider's edit formats, OpenCode's LSP integration)
- Model flexibility (Hermes' 109 providers)
- Platform reach (OpenClaw's 25 channels)
- UI polish (Gemini CLI's Ink/React, Claude Code's permission dialogs)
- Sandbox security (Codex's Seatbelt, Gemini's gVisor)
Passepartout optimizes for:
- Provable correctness (ACL2 → CIC)
- Data integrity (Merkle tree)
- Cognitive architecture (10-80-10 symbolic-first)
- Safety by construction (type-level gates)
- Unified data model (Org-mode as everything)
- Network effects (social protocol)
- Full-stack ownership (environment subsystem)
These are not axes any competitor cares about. The risk is not that a competitor
builds a better Passepartout — it's that the market never develops a preference
for provable agents. If token-burning LLM agents remain the default and users
don't demand verification, the entire category Passepartout addresses may not
exist yet.
* Immediate Implications for Development
1. Claude Code's safety system is the benchmark to exceed. The type-level gate
architecture is theoretically superior to Claude Code's heuristic patterns,
but the implementation needs to prove it catches things Claude Code misses.
2. No competitor has anything resembling a neurosymbolic architecture. The 10-80-10
plan has zero competition — but that also means zero market validation.
3. The Org-mode bet is invisible to competitors. They don't see the advantage
because they've never tried to build a knowledge graph from flat markdown files.
This is Passepartout's widest moat — it depends on a skill (Org-mode literate
programming) that no competitor's team has.
4. Hermes is the closest full-stack competitor (tools, skills, cron, subagents,
multi-platform), but architecturally conventional.
5. The coding agents (Aider, OpenCode, Codex) are not competitors — they are
single-purpose tools Passepartout could eventually replace entirely when the
planner matures.
* File references
Repository dumps and analysis artifacts at /tmp/:
- /tmp/aider/ — Aider source (Python)
- /tmp/opencode/ — OpenCode archived source
- /tmp/codex/ — OpenAI Codex CLI (Rust)
- /tmp/claude-code-leaked-source/ — Claude Code leaked (TypeScript/Bun)
- /tmp/gemini-cli/ — Google Gemini CLI (TypeScript)
- /tmp/openclaw/ — OpenClaw source (TypeScript)
- /tmp/thoth/ — Thoth source (Python)
- /tmp/continue/ — Continue source (TypeScript)
- /usr/local/lib/hermes-agent/ — Hermes Agent (Python)

221
projects/passepartout/strategy/competitors/social-protocol-competitive-landscape.org Normal file
View File

@@ -0,0 +1,221 @@
:PROPERTIES:
:ID: 1bc22b89-d3eb-4f6d-bcfc-2b0c19c8ed8f
:ID: competitive-landscape-agora
:CREATED: [2026-05-23 Sat]
:END:
#+title: Passepartout Social Protocol Competitive Landscape
#+filetags: :passepartout:social-protocol:competitive:strategy:landscape:
The social protocol is a decentralized social operating system that replaces the entire centralized internet platform stack: every function that currently runs on Facebook, Twitter, Instagram, YouTube, TikTok, Reddit, Medium, Substack, OnlyFans, Pornhub, WhatsApp, Signal, Telegram, Discord, LinkedIn, eBay, Etsy, GitHub, DocuSign, Stripe, and Google/Apple ID — all through one unified identity, one data model (the Note), one communication protocol (DIDComm), one payment rail (Lightning), and one contract layer (SCAL).
There is no single competitor. The competition is the /category/ of centralized internet platforms and the psychological status quo of managing 15+ separate accounts.
This page maps every platform the protocol replaces, organized by domain, with the specific protocol capability that makes the replacement possible.
* Social Graph & Publishing
** Twitter/X
- *User need:* Broadcast short-form content, follow interesting people, real-time news
- *Social Protocol replacement:* Feeds and streams via the Note primitive (`is_feed: true`), with Lens architecture for customizable curation. Follows are cryptographic subscriptions, not API-gated relationships.
- *Social Protocol advantage:* No algorithmic manipulation, no ads, no shadowbanning. Users choose their Feed Generators via the Algorithm Marketplace. Portable social graph — follows are signed Notes, not a database row.
- *Migration:* Twitter archive import for followed accounts.
** Facebook / Meta
- *User need:* Social graph, family/friend connections, event management, groups
- *Social Protocol replacement:* Collective Personas for groups, DID-based social graph (not platform-controlled), Persona isolation for work/personal/family
- *Social Protocol advantage:* No central feed algorithm that optimizes for engagement over well-being. Portable identity — your social graph leaves the platform when you do. No data mining.
- *Timing:* Year 3+ after network effects. Facebook's moat is the largest social graph; the protocol's Persona system makes it portable by design.
** Instagram
- *User need:* Visual content sharing, photo feeds, stories
- *Social Protocol replacement:* Visual Notes with `content_type: image/*`. Lens architecture renders them through an "Instagram-style" grid or a "Pinterest-style" discovery view depending on user-selected Lens.
- *Social Protocol advantage:* User-chosen discovery algorithm. No engagement-maximized feed. Content is not manipulated for ad placement.
** LinkedIn
- *User need:* Professional identity, job market, professional networking
- *Social Protocol replacement:* Professional Persona (unlinkable from personal), Aletheia Portfolio (static site published natively to the network), Contract Notes for hiring/service agreements
- *Social Protocol advantage:* Portable professional reputation — not locked to a platform. Verified work history via signed Notes. Direct hiring without platform intermediation fees.
** Reddit / Forums (phpBB, vBulletin)
- *User need:* Community discussion, Q&A, interest-based groups
- *Social Protocol replacement:* Social Spaces with Collective Personas, pluggable feed generation, competitive labeling for moderation
- *Social Protocol advantage:* Sovereign moderation (users choose their Labelers), portable identity across communities, no censorship risk. Communities can fork if the Collective governance fails.
- *Migration:* Import subscribed subreddits.
** Medium / Substack
- *User need:* Long-form publishing, subscription-based content, creator monetization
- *Social Protocol replacement:* Feed Notes (`is_feed: true`) with paywalled content via LSAT protocol (Lightning Service Authentication Tokens). Subscriptions are streaming Lightning payments.
- *Social Protocol advantage:* Near-zero platform fees (relay costs only). Content ownership — readers subscribe to the creator's DID, not to a platform. No censorship risk.
- *Strategic target:* Phase 1 platform replacement.
* Video & Audio
** YouTube
- *User need:* Video hosting, discovery, comments, monetization
- *Social Protocol replacement:* Video Notes (`content_type: video/*`) viewed through a "YouTube Lens" (displaying comments via `reply_to` and related videos). The exact same Note can be viewed through an "Educational Lens" or "Podcast Lens."
- *Social Protocol advantage:* No algorithm that optimizes for watch time over well-being. Lens architecture lets users choose discovery logic. Content monetized via LSAT + Seeder Rewards — creators earn directly, and bandwidth providers (seeders) earn micro-rewards.
** TikTok
- *User need:* Short-form vertical video, discovery algorithm
- *Social Protocol replacement:* Short-duration video Notes trigger a "TikTok-style" vertical scroll and auto-play in the UI when `content_type: "video/mp4"` and duration is short.
- *Social Protocol advantage:* The "For You" algorithm is a user-chosen Lens, not a platform-controlled black box. No engagement-extremification.
** Podcasts / Audio
- *User need:* Audio content, background play
- *Social Protocol replacement:* Audio Notes (`content_type: audio/mpeg`) viewed through a "Podcast Lens" with 1.5x speed and background play. Same Note can be listened to or watched depending on Lens.
* Messaging & Communication
** WhatsApp / Signal / Telegram
- *User need:* Private messaging, group chats, voice/video calls, encryption
- *Social Protocol replacement:* DIDComm v2 for transport, Double Ratchet Algorithm (Signal Protocol) for Perfect Forward Secrecy, WebRTC for voice/video with decentralized signaling via DIDComm. PDS acts as encrypted mailbox proxy.
- *Social Protocol advantage:* Multi-persona isolation — Work DID and Personal DID have separate message queues that never mix. Onion routing for metadata privacy. Off-the-Record mode for ephemeral interactions. No central server controlling the directory.
** Discord / Slack
- *User need:* Community chat, voice channels, collaboration
- *Social Protocol replacement:* Social Spaces with Collective Personas. DIDComm-based group messaging. Governance modules (GEM) for roles, permissions, and moderation.
- *Social Protocol advantage:* Server ownership is cryptographic, not corporate. Communities can fork. No per-seat pricing. Portable membership history.
** Email
- *User need:* Asynchronous messaging, identity, document delivery
- *Social Protocol replacement:* Directed Notes (Copy-on-Send model). PDS as encrypted mailbox. The Note is a universal message format — no separate email protocol needed.
- *Social Protocol advantage:* End-to-end encryption by default. Cryptographic sender verification (no phishing, no spoofing). No spam (relays only route to subscribed destinations). Attachments are CIDs, not MIME blobs.
** Zoom / Google Meet
- *User need:* Video conferencing, screen sharing
- *Social Protocol replacement:* WebRTC over DIDComm signaling. P2P tunnel — no central server sees call data.
- *Social Protocol advantage:* No Zoom-bombing (call is authenticated by DID). No platform listening in. No account required beyond your DID.
* E-Commerce & Marketplaces
** eBay / Etsy
- *User need:* Buy and sell goods, auction, fixed-price listings, dispute resolution
- *Social Protocol replacement:* Contract Notes as product listings (Offer → Take model). HODL invoice escrow for payments. SCAL (Sovereign Contract & Arbitration Layer) for dispute resolution.
- *Social Protocol advantage:* Fees below 5% (vs. 10-15%). Transparent reputation system based on DID history. No account bans. Multi-level arbitration (Local Elders → Guilds → Global Juries).
** OnlyFans / Patreon / Fansly
- *User need:* Subscription content, adult content, creator-direct monetization
- *Social Protocol replacement:* Paywalled Notes via LSAT protocol. Streaming Lightning subscriptions. Encrypted content with Blind CDN seeding.
- *Social Protocol advantage:* Censorship-resistant (no payment processor can cut you off). Near-zero platform fees. Pseudonymous by default. Adult content doesn't face the banking discrimination that existing platforms do.
- *Strategic target:* Phase 1 platform replacement (underserved, clear pain point).
** Pornhub / Adult content
- *User need:* Adult content hosting, discovery, monetization
- *Social Protocol replacement:* Same Note primitive with `content_type: video/*`. LSAT for paywalled access. Blind CDN for distribution.
- *Social Protocol advantage:* No centralized moderation that can delist creators. Lightning-native payments bypass banking discrimination. Privacy (identity not tied to consumption).
- *Strategic target:* Phase 1 platform replacement.
* Work & Collaboration
** GitHub / GitLab
- *User need:* Version control, code hosting, issues, pull requests, CI
- *Social Protocol replacement:* Code is stored as Merkle DAGs of commit Notes. Issues and PRs are Contract Notes. Collective Personas own repositories.
- *Social Protocol advantage:* Truly decentralized version control — no central repository host. Signed commits with DID. Smart contracts for bounty management (Lightning bounties).
** Google Docs / Office 365
- *User need:* Collaborative document editing, spreadsheets, presentations
- *Social Protocol replacement:* Static pages (`is_feed: false`) with versioned CID history. Collaborative editing via Contract Notes defining access control.
- *Social Protocol advantage:* Document history is immutable and verifiable. No platform lock-in.
** Project Management (Jira, Trello, Asana)
- *User need:* Task tracking, project management, team coordination
- *Social Protocol replacement:* Tasks as Contract Notes in negotiation state. Status changes are signed state transitions.
- *Social Protocol advantage:* Portable project history. Tasks are data you own.
** Upwork / Fiverr / Freelancer
- *User need:* Find freelancers, manage contracts, escrow payments
- *Social Protocol replacement:* SCAL contracts for service agreements. HODL invoice escrow. Multi-level arbitration. Reputation tied to DID history.
- *Social Protocol advantage:* Lower fees, portable reputation, no platform lock-in.
* Identity & Infrastructure
** Google / Apple ID
- *User need:* Single sign-on across the internet
- *Social Protocol replacement:* DID-based authentication via Personas. No central identity provider. User controls which Persona is used for which service.
- *Social Protocol advantage:* No surveillance (Google sees every SSO login). Granular persona isolation. No single point of failure.
** ENS (Ethereum Name Service)
- *User need:* Human-readable decentralized names
- *Social Protocol replacement:* Social protocol naming registry with similar auction model. But integrated with PDS, messaging, contracts, and payments — a name in the protocol is a full identity, not just a pointer to a wallet.
- *Social Protocol advantage:* Names come with native capabilities (PDS, messaging, contracts). ENS is names-only.
* The [[id:3aa22300-2f25-57b0-8787-9f199cc978b1][Competitive Analysis]]: What This Changes
The social protocol is not competing with any single product. It is competing with the /aggregate/ of 20+ products — and the friction of managing 20+ separate accounts, logins, reputations, and data silos.
** The Real Competitor Is the Status Quo
The centralized internet works well enough for most people. The friction is spread across 20+ platforms — no single platform is bad enough to leave. The social protocol's value proposition is not "Twitter but better" but "one account replaces every platform you use."
This is a harder sell because:
1. The status quo is familiar. Switching all 20+ platforms at once is cognitively overwhelming.
2. Network effects at each platform are entrenched. No single platform can be replaced without bringing the users.
3. The value of unification compounds with adoption — but requires critical mass to be visible.
** The Entry Vector Must Be a Niche, Not a Mass Market
The strategic documents recognize this explicitly. Phase 1 targets underserved communities with clear pain points:
- OnlyFans creators facing payment discrimination and censorship
- Reddit communities tired of centralized moderation
- Developers frustrated with platform lock-in
- Adult content platforms facing banking discrimination
- NGOs and guilds needing sovereign identity
Each of these communities has a /specific/ pain point that the protocol solves directly. The win condition is: a user joins for one reason (e.g., censorship-resistant adult content monetization) and discovers the other 19 capabilities as a free bonus.
** The Structural Advantage Is Unassailable
No centralized competitor can match the protocol's bundle:
- Meta cannot offer portable identity (it destroys their business model)
- Google cannot offer private messaging (it destroys their data model)
- Stripe cannot offer contracts and social (outside their competence)
- DocuSign cannot offer payments and publishing (outside their competence)
- The entire category of centralized platforms cannot offer user-owned data
The only way to compete with the protocol is to build a similar decentralized platform — and that requires matching all four layers (identity, publishing, payments, contracts) simultaneously. No decentralized project has done this. The closest (Farcaster) has identity and social but no payments or contracts. Bluesky has identity and social but no payments or contracts. Ethereum + ENS has identity, payments, and contracts but no social layer.
** The Risk Is Not Competition but Indifference
The protocol's biggest risk is not that a competitor builds a better product, but that the status quo friction is tolerable enough that users never switch. The centralized internet is bad — but it is familiar. The protocol is better — but unfamiliar.
The counterargument: this is true for every platform shift. Email was a worse experience than postal mail in 1992. The web was a worse experience than AOL in 1994. Instagram was a worse experience than Flickr in 2010. Each won because a /specific/ use case was dramatically better, and the rest of the ecosystem followed. The protocol must find its "camera with filters" moment — the one use case that is so clearly superior that users adopt it despite the rest of the ecosystem being immature.
* Comparison Summary
|| Social Protocol replaces | Incumbent | Social Protocol advantage | Risk to Social Protocol |
|----------------+-----------+----------------+---------------|
| Social graph | Facebook | Portable identity, no data mining | Facebook's 3B user moat |
| Microblogging | Twitter/X | Algorithm choice, no censorship | Network effects |
| Visual content | Instagram | No engagement-extremified algorithm | UX polish gap |
| Professional | LinkedIn | Portable rep, no platform fees | Professional network effects |
| Video | YouTube | Lens choice, Seeder Rewards | Content moderation surface |
| Short video | TikTok | Users choose the algorithm | Discovery algorithm sophistication |
| Forums | Reddit | Sovereign moderation, portable identity | Community migration inertia |
| Publishing | Medium/Substack | Near-zero fees, content ownership | Creator distribution |
| Messaging | WhatsApp/Signal | Multi-persona isolation, onion routing | Friend network effects |
| Community | Discord | Cryptographic ownership, forkable | Voice/UX maturity |
| E-commerce | eBay/Etsy | <5% fees, transparent reputation | Trust in new platform |
| Subscription | OnlyFans/Patreon | No payment discrimination | Creator acquisition cost |
| Video hosting | Pornhub | No censorship, Lightning payouts | Reputation risk |
| Code hosting | GitHub | Truly decentralized, DID-signed commits | Developer habit |
| Identity | Google/Apple ID | No surveillance, persona isolation | Convenience of SSO |
| Naming | ENS | Name + PDS + messaging + contracts | ENS's 2M domain moat |
| Collaboration | Google Docs | Verifiable history, no platform lock-in | Real-time collaboration UX |
| Freelance | Upwork/Fiverr | Lower fees, portable reputation | Liquidity of gig listings |
| Meetings | Zoom | P2P, no central server | Call quality/reliability |
* Conclusion
The protocol does not compete with any single platform. It offers an alternative to the /entire paradigm/ of centralized internet services. The competitive analysis is not about which platform to beat — it is about which /use case/ to lead with so that users adopt the unified platform despite the rest of the ecosystem being immature.
The OnlyFans/Patreon entry vector is the strongest Phase 1 play: a community with clear pain (payment discrimination, censorship), high willingness to pay, and low switching costs (creators want their audience independent of the platform). From there, publishing, messaging, and identity flow naturally.
* References
- [[id:1d074690-a279-59cb-b91d-e9a22ae104ad][Social Protocol overview]] (brain docs)
- [[id:64708e1f-00e9-4cb7-b44b-ea0b98e5296d][Social Protocol contract platform]]
- [[id:57f9538a-6270-4302-8d07-d742168419eb][Social-first growth scenario]]
- Social Protocol Overview (spec repo)
- Social Space specification
- Exchange and Contracts specification
- User journey and platform replacement strategy