Diff: systems/mediakit-os.es
From 69c6030 to 69c6030
+0 / −0 lines
| Before | After |
|---|---|
| --- | --- |
| schema: foundry-doc-v1 | schema: foundry-doc-v1 |
| title: "Sovereign compliance appliance" | title: "Sovereign compliance appliance" |
| slug: mediakit-os | slug: mediakit-os |
| category: systems | category: systems |
| type: concept | type: concept |
| quality: complete | quality: complete |
| status: active | status: active |
| audience: vendor-public | audience: vendor-public |
| bcsc_class: public-disclosure-safe | bcsc_class: public-disclosure-safe |
| language_protocol: PROSE-TOPIC | language_protocol: PROSE-TOPIC |
| last_edited: 2026-05-15 | last_edited: 2026-05-15 |
| editor: pointsav-engineering | editor: pointsav-engineering |
| paired_with: mediakit-os.es.md | paired_with: mediakit-os.es.md |
| short_description: "os-mediakit is the public-facing operating system in the PointSav family, hosting a company's marketing website, internal wiki, and compliance newsroom on a single sovereign appliance the company owns outright." | short_description: "os-mediakit is the public-facing operating system in the PointSav family, hosting a company's marketing website, internal wiki, and compliance newsroom on a single sovereign appliance the company owns outright." |
| cites: [] | cites: [] |
| --- | --- |
| `os-mediakit` is the public-facing operating system in the PointSav family. It hosts a company's marketing website, its internal wiki, and its compliance newsroom — three workloads that typically live on rented third-party platforms and that disappear the moment a subscription ends. The target operator is a Reporting Issuer: a company with statutory disclosure obligations that needs mathematical proof of what it disclosed and exactly when. `os-mediakit` is built on a hardened FreeBSD base and ships three application surfaces as isolated workloads. This article covers the three surfaces, the FreeBSD licensing rationale, the Compliance Ledger, the Diode adapter, and the two deployment postures. | `os-mediakit` is the public-facing operating system in the PointSav family. It hosts a company's marketing website, its internal wiki, and its compliance newsroom — three workloads that typically live on rented third-party platforms and that disappear the moment a subscription ends. The target operator is a Reporting Issuer: a company with statutory disclosure obligations that needs mathematical proof of what it disclosed and exactly when. `os-mediakit` is built on a hardened FreeBSD base and ships three application surfaces as isolated workloads. This article covers the three surfaces, the FreeBSD licensing rationale, the Compliance Ledger, the Diode adapter, and the two deployment postures. |
| ## The three application surfaces | ## The three application surfaces |
| `os-mediakit` hosts three surfaces on a single appliance. Each workload runs as an isolated instance so that a heavy database query on the wiki cannot induce latency on the landing page: | `os-mediakit` hosts three surfaces on a single appliance. Each workload runs as an isolated instance so that a heavy database query on the wiki cannot induce latency on the landing page: |
| | Surface | Engine | Role | | | Surface | Engine | Role | |
| |---|---|---| | |---|---|---| |
| | `app-mediakit-marketing` | Stripped static site engine with a Rust cache layer | Public landing pages and investor-relations pages | | | `app-mediakit-marketing` | Stripped static site engine with a Rust cache layer | Public landing pages and investor-relations pages | |
| | `app-mediakit-knowledge` | Markdown wiki engine with content-contract-conforming storage | Corporate wiki, project wiki, documentation wiki | | | `app-mediakit-knowledge` | Markdown wiki engine with content-contract-conforming storage | Corporate wiki, project wiki, documentation wiki | |
| | `app-mediakit-distribution` | Push-based compliance feed engine | Press releases, regulatory filings, executive commentary | | | `app-mediakit-distribution` | Push-based compliance feed engine | Press releases, regulatory filings, executive commentary | |
| ## Why FreeBSD | ## Why FreeBSD |
| The choice of base OS is deliberate. FreeBSD's BSD licence allows PointSav to take the code, modify it, close the modifications, and ship a proprietary distribution without obligation to open-source those modifications. The result is a legally clean path to a proprietary compliance appliance. | The choice of base OS is deliberate. FreeBSD's BSD licence allows PointSav to take the code, modify it, close the modifications, and ship a proprietary distribution without obligation to open-source those modifications. The result is a legally clean path to a proprietary compliance appliance. |
| The intended roadmap for the substrate is a four-phase metamorphosis: | The intended roadmap for the substrate is a four-phase metamorphosis: |
| | Phase | Form | Status | | | Phase | Form | Status | |
| |---|---|---| | |---|---|---| |
| | 1 | Hardened FreeBSD host with the three apps running in jails | Initial | | | 1 | Hardened FreeBSD host with the three apps running in jails | Initial | |
| | 2 | NanoBSD — a stripped, read-only variant | Planned | | | 2 | NanoBSD — a stripped, read-only variant | Planned | |
| | 3 | Custom kernel with interpreted-language rendering replaced by Rust | Planned | | | 3 | Custom kernel with interpreted-language rendering replaced by Rust | Planned | |
| | 4 | Unikernel — OS and application fused into a single binary | Planned | | | 4 | Unikernel — OS and application fused into a single binary | Planned | |
| ## The Compliance Ledger | ## The Compliance Ledger |
| The distinguishing capability is `app-mediakit-distribution`. Conventional investor-relations platforms pull wire-service data after the fact and serve it as a static page. `os-mediakit` inverts the flow: | The distinguishing capability is `app-mediakit-distribution`. Conventional investor-relations platforms pull wire-service data after the fact and serve it as a static page. `os-mediakit` inverts the flow: |
| 1. A press release is drafted inside `os-totebox` and cryptographically signed. | 1. A press release is drafted inside `os-totebox` and cryptographically signed. |
| 2. `os-totebox` pushes the signed payload to `os-mediakit-distribution` at the moment of release. | 2. `os-totebox` pushes the signed payload to `os-mediakit-distribution` at the moment of release. |
| 3. `os-mediakit` archives the signed content, the timestamp, and the cryptographic signature before publishing. | 3. `os-mediakit` archives the signed content, the timestamp, and the cryptographic signature before publishing. |
| 4. The website updates at the moment of release. The signed record remains in `os-mediakit` permanently. | 4. The website updates at the moment of release. The signed record remains in `os-mediakit` permanently. |
| The result is mathematical proof of what was disclosed and exactly when. The company does not lose its archive when a subscription ends — the company owns the appliance. | The result is mathematical proof of what was disclosed and exactly when. The company does not lose its archive when a subscription ends — the company owns the appliance. |
| ## The Diode connection | ## The Diode connection |
| `os-mediakit` faces the public internet. `os-totebox` does not. The two connect only through a unidirectional adapter (`service-pointsav-link`, planned) that permits commands and content to flow from the internal Totebox to the public MediaKit, but never the reverse. A compromised plugin on the marketing surface cannot reach back into the corporate Totebox, because the code to do so is absent from the adapter. | `os-mediakit` faces the public internet. `os-totebox` does not. The two connect only through a unidirectional adapter (`service-pointsav-link`, planned) that permits commands and content to flow from the internal Totebox to the public MediaKit, but never the reverse. A compromised plugin on the marketing surface cannot reach back into the corporate Totebox, because the code to do so is absent from the adapter. |
| The adapter is a separately installed package. Operators who do not need fleet management can run `os-mediakit` with no adapter at all; the OS has no capability to phone home. | The adapter is a separately installed package. Operators who do not need fleet management can run `os-mediakit` with no adapter at all; the OS has no capability to phone home. |
| ## Standalone or federated | ## Standalone or federated |
| `os-mediakit` deploys in two postures: | `os-mediakit` deploys in two postures: |
| | Posture | Use case | Interface | | | Posture | Use case | Interface | |
| |---|---|---| | |---|---|---| |
| | Standalone | A freelancer or SMB hosting one or two public sites | Local TUI accessed by SSH | | | Standalone | A freelancer or SMB hosting one or two public sites | Local TUI accessed by SSH | |
| | Federated | A commercial operator managing many sites from a central fleet | The local TUI becomes a status monitor; control passes to `os-orchestration` | | | Federated | A commercial operator managing many sites from a central fleet | The local TUI becomes a status monitor; control passes to `os-orchestration` | |
| Both postures use the same `os-mediakit` binary. The transition is one command: install the adapter package, perform a one-time pairing handshake, and the MediaKit instance joins the fleet. | Both postures use the same `os-mediakit` binary. The transition is one command: install the adapter package, perform a one-time pairing handshake, and the MediaKit instance joins the fleet. |
| ## See also | ## See also |
| - [[os-family-overview]] — the eight-OS family and how os-mediakit fits | - [[os-family-overview]] — the eight-OS family and how os-mediakit fits |
| - [[totebox-os]] — the internal vault that pushes signed content to os-mediakit | - [[totebox-os]] — the internal vault that pushes signed content to os-mediakit |
| - [[diode-standard]] — the unidirectional adapter that separates the public surface from the private vault | - [[diode-standard]] — the unidirectional adapter that separates the public surface from the private vault |
| - [[app-mediakit-knowledge]] — the documentation wiki surface | - [[app-mediakit-knowledge]] — the documentation wiki surface |
| - [[compliance-and-continuous-disclosure]] — BCSC posture and continuous-disclosure obligations | - [[compliance-and-continuous-disclosure]] — BCSC posture and continuous-disclosure obligations |
| - [[deployment-patterns]] — how os-mediakit appears in each canonical deployment configuration | - [[deployment-patterns]] — how os-mediakit appears in each canonical deployment configuration |