Diff: governance/moonshot-initiatives.es
From 1911223 to 1911223
+0 / −0 lines
| Before | After |
|---|---|
| --- | --- |
| schema: foundry-doc-v1 | schema: foundry-doc-v1 |
| title: "Moonshot initiatives" | title: "Moonshot initiatives" |
| slug: moonshot-initiatives | slug: moonshot-initiatives |
| category: governance | category: governance |
| type: topic | type: topic |
| quality: complete | quality: complete |
| short_description: "Moonshot initiatives are active engineering programs that build native replacements for quarantined third-party dependencies, with the goal of eliminating vendor lock-in and reducing the platform's external attack surface over time." | short_description: "Moonshot initiatives are active engineering programs that build native replacements for quarantined third-party dependencies, with the goal of eliminating vendor lock-in and reducing the platform's external attack surface over time." |
| status: active | status: active |
| bcsc_class: public-disclosure-safe | bcsc_class: public-disclosure-safe |
| last_edited: 2026-05-19 | last_edited: 2026-05-19 |
| editor: pointsav-engineering | editor: pointsav-engineering |
| cites: [] | cites: [] |
| paired_with: moonshot-initiatives.es.md | paired_with: moonshot-initiatives.es.md |
| --- | --- |
| > Moonshot initiatives are long-running engineering programs that replace quarantined third-party dependencies with internally built, formally verifiable equivalents — reducing vendor lock-in and shrinking the platform's external attack surface. | > Moonshot initiatives are long-running engineering programs that replace quarantined third-party dependencies with internally built, formally verifiable equivalents — reducing vendor lock-in and shrinking the platform's external attack surface. |
| The platform actively tracks third-party engineering debt in | The platform actively tracks third-party engineering debt in |
| a structured ledger. Foreign architectural components are contained | a structured ledger. Foreign architectural components are contained |
| in isolated directories, called quarantined component silos, until | in isolated directories, called quarantined component silos, until |
| a **moonshot initiative** delivers a native replacement. The | a **moonshot initiative** delivers a native replacement. The |
| [[sovereign-replacement-initiative|Sovereign Replacement Initiative]] | [[sovereign-replacement-initiative|Sovereign Replacement Initiative]] |
| is the governance program that coordinates these efforts. Each | is the governance program that coordinates these efforts. Each |
| moonshot initiative is a distinct engineering effort targeting one | moonshot initiative is a distinct engineering effort targeting one |
| dependency class; completion is defined as structural parity with | dependency class; completion is defined as structural parity with |
| the component it replaces, at which point the native implementation | the component it replaces, at which point the native implementation |
| physically supersedes the quarantined directory. | physically supersedes the quarantined directory. |
| ## Technical debt tracking | ## Technical debt tracking |
| The ledger records every identified foreign dependency alongside its | The ledger records every identified foreign dependency alongside its |
| isolation status and the associated moonshot initiative, if one has | isolation status and the associated moonshot initiative, if one has |
| been opened. Entries remain active until replacement is confirmed. | been opened. Entries remain active until replacement is confirmed. |
| This gives auditors and contributors a live picture of the | This gives auditors and contributors a live picture of the |
| platform's outstanding external exposure. | platform's outstanding external exposure. |
| ## Quarantine protocol | ## Quarantine protocol |
| Until a legacy component can be replaced, it is physically isolated | Until a legacy component can be replaced, it is physically isolated |
| into a quarantined component silo (for example, `vendor-azure-auth` | into a quarantined component silo (for example, `vendor-azure-auth` |
| or `vendor-microsoft-graph`). These directories act as structural | or `vendor-microsoft-graph`). These directories act as structural |
| boundaries. The foreign code may not execute outside a tightly | boundaries. The foreign code may not execute outside a tightly |
| controlled capability sandbox. Isolation prevents a dependency from | controlled capability sandbox. Isolation prevents a dependency from |
| spreading coupling into adjacent platform layers. | spreading coupling into adjacent platform layers. |
| ## Replacement pipeline | ## Replacement pipeline |
| For every quarantined dependency, the engineering team opens a | For every quarantined dependency, the engineering team opens a |
| corresponding moonshot directory (for example, `moonshot-database` | corresponding moonshot directory (for example, `moonshot-database` |
| or `moonshot-kernel`). Work in these directories targets native, | or `moonshot-kernel`). Work in these directories targets native, |
| formally verified implementations in Rust. Once a moonshot component | formally verified implementations in Rust. Once a moonshot component |
| reaches structural parity with its quarantined counterpart, it | reaches structural parity with its quarantined counterpart, it |
| replaces the isolated directory. The ledger entry closes at that | replaces the isolated directory. The ledger entry closes at that |
| point. | point. |
| ## Active initiative areas | ## Active initiative areas |
| Each moonshot targets a distinct dependency class. The following classes have open initiatives in the engineering platform: | Each moonshot targets a distinct dependency class. The following classes have open initiatives in the engineering platform: |
| | Initiative | Target dependency | Rationale | | | Initiative | Target dependency | Rationale | |
| |---|---|---| | |---|---|---| |
| | `moonshot-database` | External database engine | Data layer sovereignty; replace foreign engine with a formally verified flat-file or embedded store | | | `moonshot-database` | External database engine | Data layer sovereignty; replace foreign engine with a formally verified flat-file or embedded store | |
| | `moonshot-gpu` | Cloud GPU inference services | Inference sovereignty; platform-local GPU capacity removes reliance on cloud inference APIs | | | `moonshot-gpu` | Cloud GPU inference services | Inference sovereignty; platform-local GPU capacity removes reliance on cloud inference APIs | |
| | `moonshot-hypervisor` | External hypervisor layer | Substrate sovereignty; a verified hypervisor closes the gap between the seL4 microkernel and commodity hardware | | | `moonshot-hypervisor` | External hypervisor layer | Substrate sovereignty; a verified hypervisor closes the gap between the seL4 microkernel and commodity hardware | |
| | `moonshot-index` | External search and index backends | Search sovereignty; a platform-native index eliminates dependency on third-party search infrastructure | | | `moonshot-index` | External search and index backends | Search sovereignty; a platform-native index eliminates dependency on third-party search infrastructure | |
| | `moonshot-kernel` | Commodity Linux kernel | Kernel sovereignty; the seL4 formally verified microkernel replaces the quarantined systemd/Linux dependency recorded in ADR-08 | | | `moonshot-kernel` | Commodity Linux kernel | Kernel sovereignty; the seL4 formally verified microkernel replaces the quarantined systemd/Linux dependency recorded in ADR-08 | |
| | `moonshot-network` | External network control plane | Network sovereignty; a native WireGuard-native mesh eliminates reliance on managed network services | | | `moonshot-network` | External network control plane | Network sovereignty; a native WireGuard-native mesh eliminates reliance on managed network services | |
| | `moonshot-protocol` | Proprietary communication protocols | Protocol sovereignty; replace proprietary wire protocols with open, formally specified equivalents | | | `moonshot-protocol` | Proprietary communication protocols | Protocol sovereignty; replace proprietary wire protocols with open, formally specified equivalents | |
| | `moonshot-sel4-vmm` | Commodity virtual machine monitor | Verification layer; a seL4-native VMM closes the verified boundary below all guest operating systems | | | `moonshot-sel4-vmm` | Commodity virtual machine monitor | Verification layer; a seL4-native VMM closes the verified boundary below all guest operating systems | |
| | `moonshot-toolkit` | External build and CI tooling | Build sovereignty; a Rust-native build orchestrator replaces reliance on external CI infrastructure | | | `moonshot-toolkit` | External build and CI tooling | Build sovereignty; a Rust-native build orchestrator replaces reliance on external CI infrastructure | |
| Completion status of each initiative is tracked in the [[sovereign-replacement-initiative|Sovereign Replacement Initiative]] ledger. | Completion status of each initiative is tracked in the [[sovereign-replacement-initiative|Sovereign Replacement Initiative]] ledger. |
| ## Vendor and customer roles | ## Vendor and customer roles |
| - The Vendor (PointSav Digital Systems) maintains the moonshot ledgers and engineers the native replacements. | - The Vendor (PointSav Digital Systems) maintains the moonshot ledgers and engineers the native replacements. |
| - The Customer (Woodfine Management Corp.) audits the pipeline to verify progress toward operational independence. | - The Customer (Woodfine Management Corp.) audits the pipeline to verify progress toward operational independence. |
| ## See also | ## See also |
| - [[sovereign-replacement-initiative|Sovereign Replacement Initiative]] | - [[sovereign-replacement-initiative|Sovereign Replacement Initiative]] |
| - [[ontological-governance|Ontological Governance]] | - [[ontological-governance|Ontological Governance]] |
| - [[verification-surveyor|Verification Surveyor]] | - [[verification-surveyor|Verification Surveyor]] |