diff --git a/projects/passepartout/architecture/_index.org b/projects/passepartout/architecture/_index.org index 0fa0e01..4bad32d 100644 --- a/projects/passepartout/architecture/_index.org +++ b/projects/passepartout/architecture/_index.org @@ -2,18 +2,14 @@ :CREATED: [2026-05-24 Sun] :ID: 5e7f1d2a-3b4c-5d6e-7f8a-9b0c1d2e3f4a :END: -#+title: Passepartout — Architecture Section Index +#+title: Passepartout — Architecture #+filetags: :passepartout:index: -This section documents the Passepartout architecture: the staged build-out from conventional computing through verified infrastructure, the subsystems, and the systemic effects of verification becoming the default. +This section documents the Passepartout architecture — the narrative introduction, the staged build-out, the systemic effects, and the analytical frames that justify it. -**Architecture overviews:** -- [[id:1c3ec48b-446c-50d2-b53e-126a81f5143f][Architecture index]] — Passepartout architecture, market, revenue paths -- [[id:a1fac32a-47de-5fbd-b67d-29152c851747][Architecture overview]] — the three subsystems at a glance -- [[id:42c86e6f-4f27-4993-8238-b7bc7d15fb7b][Environment subsystem]] — the Lisp image, editor, browser, shell, hardware +[[id:1c3ec48b-446c-50d2-b53e-126a81f5143f][Passepartout — A Verifiable Personal Intelligence]] — the narrative introduction to the project. -**Staged roadmap (progressive capability layers):** -Each stage covers: what is added, what threats are eliminated, what it costs, when it is viable. +**Staged roadmap:** | Stage | Delivers | Key cost | Timeline | |-------+----------+----------+----------| @@ -28,3 +24,28 @@ Each stage covers: what is added, what threats are eliminated, what it costs, wh **Systemic analysis:** - [[id:b9fa4b7b-bc61-4d7f-918d-ff687b80f2ba][Systemic effects over time]] — how verification cascades across society, economics, and geopolitics + +**Key analytical frames:** +- [[id:5961e469-53a3-5f3c-ab72-3c83ef91963f][Investment thesis — the unified view]] +- [[id:9af13fff-9725-542b-93b1-a555bc74ad72][Why Lisp is economically viable now — zero marginal cost]] +- [[id:efc76898-03f7-57ba-923d-35d65da88bb7][The per-domain sufficiency flip]] +- [[id:dc2e4f22-1c4c-5d4a-a151-f96e5d3b0d70][Development velocity and timeline estimates]] +- [[id:aa6d062e-a520-5d14-8773-00687ed9c689][Competitive barriers — moats and infrastructure lock-in]] + +**Revenue streams:** +Total addressable market: ~$960B/year across cloud, AI, OS, social media, payments, productivity, and compliance. The business model is the AWS of provable computing: AGPL infrastructure is free, revenue comes from verification appliances, gate rules, certification, namespace registry, hosted PDS, and a [[id:3c6b0449-a8fb-5b89-b82a-34efb21ef5b5][compute marketplace]]. + +Short to long term: +- [[id:84a537b4-4256-50c8-91f5-dd5b4538418f][Verification appliance]] — certified Lisp Machine at scale +- [[id:c34940cc-090e-57c4-8020-e78b1d32b96c][Domain gate packages]] — compliance encoded as gate rules +- [[id:827bc546-e887-5b7c-9b65-6392beaf0920][Evaluation harness / certification monopoly]] — UL for AI +- [[id:1a2b38df-20ba-58ca-ba55-a072be67bd0d][PDS as a service]] — hosted personal data stores +- [[id:3c6b0449-a8fb-5b89-b82a-34efb21ef5b5][Compute marketplace]] — verified compute cycles + +**Strategy and IP:** +- [[id:67faf52f-9126-50a7-b87e-2bedc610dac7][IP strategy — licensing + patents]] +- [[id:5f55bbe6-d243-5766-8ccf-5c5cc88a6542][Impact on the AI/GPU industry]] +- [[id:29e4dbf3-cf19-589c-8b14-389e8a39d564][Upgrade and distribution lifecycle]] +- [[id:c34940cc-090e-57c4-8020-e78b1d32b96c][Domain gate packages — encoding and products]] +- [[id:2afd9a3c-e96a-54c7-ac77-a05a28065b4b][Biology as proof of the Lisp model]] +- [[id:00ab3a4d-e3de-5605-a67d-12935bb36ab5][Comparison with Symbolics Genera]] diff --git a/projects/passepartout/architecture/architecture.org b/projects/passepartout/architecture/architecture.org index c24d69e..8968063 100644 --- a/projects/passepartout/architecture/architecture.org +++ b/projects/passepartout/architecture/architecture.org @@ -4,52 +4,37 @@ :ID: a1fac32a-47de-5fbd-b67d-29152c851747 :ID: 42c86e6f-4f27-4993-8238-b7bc7d15fb7b :END: -#+title: Passepartout Architecture -#+filetags: :passepartout:architecture:economics:index: +#+title: Passepartout — A Verifiable Personal Intelligence +#+filetags: :passepartout:architecture: -Passepartout is a self-bootstrapping replacement for the entire personal computing stack — one project, one image, one verified memory graph. Three subsystems compose into a single system: +Every layer of the modern computing stack — hardware, firmware, OS, compiler, runtime, network, application — is independently built and independently untrusted. Security is empirical: "no bugs found in this release" does not mean no bugs exist. We live with a patching treadmill, with CVEs treated as inevitable, with compliance audits that attest to process rather than proving correctness. -**Verification subsystem** — The gate stack that evaluates every proposed action against formal policy. Capability-based authorization. Combines a probabilistic LLM for natural-language reasoning with a deterministic symbolic engine (gate stack, ACL2 prover, Screamer constraint solver) for all security-critical decisions. The gate verifies shell commands, DIDComm messages, and LLM-generated action proposals through the same decision procedure. +Passepartout replaces the entire stack with a single coherent architecture where the same gate stack verifies everything and the same prover proves everything consistent. -**Environment subsystem** — The Lisp image where editor, browser, shell, and agent coexist. No separate daemons, no IPC boundaries, no trust transitions between components. One address space from which the verification subsystem checks every state mutation. +**One project, one image, one verified memory graph.** -Roadmap: v2.0 Lish editor + Nyxt browser (Qt/WebKit) → v3.0+ Lisp-native layout & browser → v4.0 in-process LLM → v5.0 tagged RISC-V hardware via TinyTapeout/FPGA → v6.0 world models and true agency. +Three subsystems compose into a single system: -**Social protocol implementation** — Self-sovereign DID identity, DIDComm encrypted messaging, [[id:1a2b38df-20ba-58ca-ba55-a072be67bd0d][Personal Data Store]], relay network, [[id:3c6b0449-a8fb-5b89-b82a-34efb21ef5b5][compute marketplace]], liquid democracy. +- **Verification subsystem** — A gate that evaluates every proposed action — from the user, the LLM, or a network message — against formal policy before allowing it. Combines ACL2-verified decision procedures for security-critical checks with a probabilistic LLM for natural-language reasoning. The gate checks shell commands, DIDComm messages, and LLM-generated action proposals through the same decision procedure. Root as an attack target does not exist. -All three subsystems operate in the same Lisp address space. All three are verified by the same ACL2 prover. The gate stack that verifies a shell command also verifies a DIDComm message. The distinction between "tool" and "self" dissolves. +- **Environment subsystem** — A single Lisp image where editor (Lish), browser (Nyxt), shell (Lish), and agent coexist. No separate daemons, no IPC boundaries, no trust transitions between components. One address space, one evaluated memory graph, no MMU to attack. The distinction between tool and self dissolves. ---- +- **Social protocol** — Self-sovereign DID identity, DIDComm encrypted messaging, personal data store, relay network, compute marketplace, liquid democracy. The protocol that connects Passepartout instances to each other. Every message is signed, DAG-tracked, and content-addressed. Communication becomes provable when you choose it to be. -Total addressable market: ~$960B/year across cloud, AI, OS, social media, payments, productivity, and compliance. +All three subsystems operate in the same Lisp address space. All three are verified by the same ACL2 prover. The gate that authorizes a file read also authorizes a social protocol contract. The Merkle chain that proves a DIDComm message's provenance also proves the compiler output matches its source. There is one semantics, one proof, one machine. -The business model is the AWS of provable computing: AGPL infrastructure is free, revenue comes from verification appliances, gate rules, certification, namespace registry, hosted PDS, and a [[id:3c6b0449-a8fb-5b89-b82a-34efb21ef5b5][compute marketplace]]. Network effects are positive sum — every instance feeds the regression suite and grows the marketplace. +**The staged approach:** -[[id:1c95ce7d-a2db-506a-9608-df68f9ae211b][Lisp Machine security — unified memory threat model]] -[[id:04c2f221-c54f-51e5-b40a-48822cd16d45][Common Logic (ISO 24707) — relevance to Passepartout]] -[[id:a5d59d12-b23e-58d6-a81b-9b8b06556949][Collective regression suite — how it compounds]] +The full Lisp machine on custom silicon is the destination. But the path is designed so every stage delivers value independently. -Key analytical frames: -- [[id:5961e469-53a3-5f3c-ab72-3c83ef91963f][Investment thesis — the unified view]] -- [[id:9af13fff-9725-542b-93b1-a555bc74ad72][Why Lisp is economically viable now]] -- [[id:efc76898-03f7-57ba-923d-35d65da88bb7][The per-domain sufficiency flip]] -- [[id:dc2e4f22-1c4c-5d4a-a151-f96e5d3b0d70][Development velocity and timeline estimates]] -- [[id:0b5a8a74-cfd6-542d-bc88-4eb3cd8626f9][Cost structure and zero marginal cost]] -- [[id:aa6d062e-a520-5d14-8773-00687ed9c689][Competitive moats analysis]] +Stage 0 is where we are — conventional Linux on x86, with Python (Hermes) as the agent runtime and gbrain as the knowledge store. Stage 1 adds message-level authentication with the social protocol. Stage 2 adds the verified gate as a software layer. Stage 3 is the Lisp machine emerging inside the host OS — SBCL image absorbing every interface into one address space. Stages 4 through 6 add in-process LLM inference, plist-native weights, and verified fine-tuning. Stage 7 is what remains when all computational threats are eliminated: physical, oracular, and specification limits that no machine can solve. -Revenue paths (short to long term): -- [[id:84a537b4-4256-50c8-91f5-dd5b4538418f][Verification appliance]] [[id:c34940cc-090e-57c4-8020-e78b1d32b96c][Domain gate packages]] [[id:45258a2d-1675-562c-9024-5d1eb2f1ea56][Evaluation harness]] -- [[id:2e390c1d-65f3-5fb3-b898-ac3fc4291ee7][Protocol premium usernames]] [[id:1a2b38df-20ba-58ca-ba55-a072be67bd0d][PDS as a service]] [[id:3c6b0449-a8fb-5b89-b82a-34efb21ef5b5][Compute marketplace]] -- [[id:827bc546-e887-5b7c-9b65-6392beaf0920][Verification monopoly — the big money]] [[id:2f783eb4-638e-5afa-9b59-6224d086a712][Infrastructure lock-in]] +Each stage is usable. Each stage eliminates a class of threats that the previous stage could not. The migration from today's Hermes deployment to a full Passepartout machine is a progressive component swap, not a cut-over. -Strategy and IP: -- [[id:caaeee11-ba6f-5566-aecd-f171b4c459c0][Patent strategy]] [[id:67faf52f-9126-50a7-b87e-2bedc610dac7][Licensing (AGPL + commercial)]] -- [[id:5f55bbe6-d243-5766-8ccf-5c5cc88a6542][Impact on the AI/GPU industry]] -- [[id:29e4dbf3-cf19-589c-8b14-389e8a39d564][Upgrade and distribution lifecycle]] -- [[id:45ea493b-94ad-5885-aa65-0c846e5c3c1d][Gate rule encoding from codified domains]] -- [[id:2afd9a3c-e96a-54c7-ac77-a05a28065b4b][Biology as proof of the Lisp model]] -- [[id:00ab3a4d-e3de-5605-a67d-12935bb36ab5][Comparison with Symbolics Genera]] +**What it means:** -The [[id:b25bf753-9799-41ab-82f5-1a1416db756b][protocol overview]] and [[id:a3243dd0-3209-423b-98e1-51c3eada2658][advanced integration]] requirements define how Passepartout's gate stack connects to the social protocol layer. The [[id:72570648-d943-42e5-a781-3b09791ac6ec][realistic assessment]] covers deployment timelines and adoption risks. +When every action is gate-checked, every message is provable, and every computation runs on verified hardware, the security model shifts from empirical to deductive. Memory corruption — the dominant attack vector for decades — is structurally eliminated. Compiler backdoors are impossible because compilation is Lisp-to-Lisp within the verified evaluator. Malware has no execution path that bypasses the gate. -*The lines that run the modern internet (tens of millions across Google, Meta, Amazon, Apple, Microsoft) are replaced by a single coherent architecture where one gate stack verifies everything and one prover proves everything consistent.* +The downstream effects cascade: compliance becomes executable gate rules instead of annual audits. AI safety becomes a verified gate between the LLM and the action stream instead of probabilistic guardrails. The accumulated regression suite from every deployed instance becomes an industry certification — Underwriters Laboratory for AI. + +Passepartout is not a product in an existing category. Verified infrastructure is a new category, and every existing category — cloud, AI, OS, social, payments, compliance, governance — eventually migrates into it because the alternative becomes indefensible.