Diff: systems/os-workplace
From 3f1e0da to 3f1e0da
+0 / −0 lines
| Before | After |
|---|---|
| --- | --- |
| schema: foundry-doc-v1 | schema: foundry-doc-v1 |
| title: "Sovereign desktop" | title: "Sovereign desktop" |
| slug: os-workplace | slug: os-workplace |
| category: systems | category: systems |
| type: concept | type: concept |
| quality: complete | quality: complete |
| status: active | status: active |
| audience: vendor-public | audience: vendor-public |
| bcsc_class: public-disclosure-safe | bcsc_class: public-disclosure-safe |
| language_protocol: PROSE-TOPIC | language_protocol: PROSE-TOPIC |
| last_edited: 2026-05-15 | last_edited: 2026-05-15 |
| editor: pointsav-engineering | editor: pointsav-engineering |
| paired_with: os-workplace.es.md | paired_with: os-workplace.es.md |
| short_description: "os-workplace is the free desktop operating system in the PointSav family — a native-Rust sovereign desktop that pairs with a Totebox archive, runs on deliberate reference hardware, and serves as the adoption gateway to the commercial PointSav product line." | short_description: "os-workplace is the free desktop operating system in the PointSav family — a native-Rust sovereign desktop that pairs with a Totebox archive, runs on deliberate reference hardware, and serves as the adoption gateway to the commercial PointSav product line." |
| cites: [] | cites: [] |
| references: | references: |
| - id: 1 | - id: 1 |
| text: "ISO 19005-1:2005 — Document management — Electronic document file format for long-term preservation — Part 1: Use of PDF 1.4 (PDF/A-1)." | text: "ISO 19005-1:2005 — Document management — Electronic document file format for long-term preservation — Part 1: Use of PDF 1.4 (PDF/A-1)." |
| url: "https://www.iso.org/standard/38920.html" | url: "https://www.iso.org/standard/38920.html" |
| - id: 2 | - id: 2 |
| text: "W3C. 'WebRTC 1.0: Real-Time Communication Between Browsers.' W3C Recommendation, 2021." | text: "W3C. 'WebRTC 1.0: Real-Time Communication Between Browsers.' W3C Recommendation, 2021." |
| url: "https://www.w3.org/TR/webrtc/" | url: "https://www.w3.org/TR/webrtc/" |
| --- | --- |
| `os-workplace` is the free desktop operating system in the PointSav family. It provides a clean, secure, native-Rust desktop environment that pairs naturally with a [[totebox-archive|Totebox archive]] and brings the F-key discipline and [[machine-based-auth|security model]] of the platform to a community user installing it for the first time. The strategy is deliberate: `os-workplace` is the adoption gateway. A new user installs it because it is free and fast; once their daily work happens inside the PointSav ecosystem, the commercial [[os-orchestration|`os-orchestration`]] aggregator becomes a logical next step. This article covers the reference hardware, the application suite, the pairing model, and the strategic rationale for a free desktop. | `os-workplace` is the free desktop operating system in the PointSav family. It provides a clean, secure, native-Rust desktop environment that pairs naturally with a [[totebox-archive|Totebox archive]] and brings the F-key discipline and [[machine-based-auth|security model]] of the platform to a community user installing it for the first time. The strategy is deliberate: `os-workplace` is the adoption gateway. A new user installs it because it is free and fast; once their daily work happens inside the PointSav ecosystem, the commercial [[os-orchestration|`os-orchestration`]] aggregator becomes a logical next step. This article covers the reference hardware, the application suite, the pairing model, and the strategic rationale for a free desktop. |
| ## Reference hardware | ## Reference hardware |
| `os-workplace` targets a small, deliberate set of devices. Hardware fragmentation is the enemy of stability; the official reference profiles are chosen for first-class driver support under a hardened FreeBSD or seL4 base: | `os-workplace` targets a small, deliberate set of devices. Hardware fragmentation is the enemy of stability; the official reference profiles are chosen for first-class driver support under a hardened FreeBSD or seL4 base: |
| | Tier | Device | | | Tier | Device | |
| |---|---| | |---|---| |
| | Flagship | Dell XPS 13 / 14 (Developer Edition) | | | Flagship | Dell XPS 13 / 14 (Developer Edition) | |
| | Fleet | HP ProBook 400 series (445/450) | | | Fleet | HP ProBook 400 series (445/450) | |
| The kernel evolution mirrors the rest of the family: Phase 1 runs on a hardened FreeBSD desktop profile; Phase 2 (planned) migrates to a native [[sel4-microkernel-substrate|seL4]] microkernel build. | The kernel evolution mirrors the rest of the family: Phase 1 runs on a hardened FreeBSD desktop profile; Phase 2 (planned) migrates to a native [[sel4-microkernel-substrate|seL4]] microkernel build. |
| ## The application suite | ## The application suite |
| All applications are native Rust binaries. The choice is principled: an SMB customer in 2030 values local-first performance and offline reliability over browser-based subscription tooling. Each app is small, single-purpose, and starts in under 100 milliseconds. | All applications are native Rust binaries. The choice is principled: an SMB customer in 2030 values local-first performance and offline reliability over browser-based subscription tooling. Each app is small, single-purpose, and starts in under 100 milliseconds. |
| | App | Source approach | | | App | Source approach | |
| |---|---| | |---|---| |
| | `app-workplace-pdfs` | Fork of `pdf-rs`; ISO PDF/A fidelity only [^1] | | | `app-workplace-pdfs` | Fork of `pdf-rs`; ISO PDF/A fidelity only [^1] | |
| | `app-workplace-wordprocessor` | Typst engine for document layout | | | `app-workplace-wordprocessor` | Typst engine for document layout | |
| | `app-workplace-spreadsheet` | IronCalc — deterministic-maths Rust engine | | | `app-workplace-spreadsheet` | IronCalc — deterministic-maths Rust engine | |
| | `app-workplace-email` | Fork of Himalaya; TUI-first, local-first | | | `app-workplace-email` | Fork of Himalaya; TUI-first, local-first | |
| | `app-workplace-browser` | Fork of Servo; telemetry removed | | | `app-workplace-browser` | Fork of Servo; telemetry removed | |
| | `app-workplace-communications` | WebRTC-based peer-to-peer Rust client [^2] | | | `app-workplace-communications` | WebRTC-based peer-to-peer Rust client [^2] | |
| | `app-workplace-chat` | Real-time secure messaging | | | `app-workplace-chat` | Real-time secure messaging | |
| | `app-workplace-file-manager` | Fork of Broot; fuzzy-search, action-triggered | | | `app-workplace-file-manager` | Fork of Broot; fuzzy-search, action-triggered | |
| | `app-workplace-wiki` | Offline-first documentation viewer | | | `app-workplace-wiki` | Offline-first documentation viewer | |
| | `app-workplace-gis` (planned) | Fork of Whitebox-tools; pure-Rust geospatial | | | `app-workplace-gis` (planned) | Fork of Whitebox-tools; pure-Rust geospatial | |
| | `app-workplace-bim` (planned) | ifc-rs and truck B-rep kernel | | | `app-workplace-bim` (planned) | ifc-rs and truck B-rep kernel | |
| ## Pairing with the Totebox | ## Pairing with the Totebox |
| `os-workplace` is the user's local environment. Data lives in the user's [[totebox-os|os-totebox]]. A pairing handshake between the workstation and the archive establishes hardware-bound trust through `service-pairing`. There are no usernames or passwords — the pairing is the permission. | `os-workplace` is the user's local environment. Data lives in the user's [[totebox-os|os-totebox]]. A pairing handshake between the workstation and the archive establishes hardware-bound trust through `service-pairing`. There are no usernames or passwords — the pairing is the permission. |
| A user can carry `os-workplace` on a USB drive, boot it on a borrowed machine, and have the same secure environment without leaving traces on the host. Closing the session wipes the secure memory. The Totebox remains untouched in the cloud. | A user can carry `os-workplace` on a USB drive, boot it on a borrowed machine, and have the same secure environment without leaving traces on the host. Closing the session wipes the secure memory. The Totebox remains untouched in the cloud. |
| ## Why a free desktop is strategic | ## Why a free desktop is strategic |
| Three reasons make `os-workplace` a structural commitment rather than a marketing gesture: | Three reasons make `os-workplace` a structural commitment rather than a marketing gesture: |
| 1. **Adoption funnel.** A free, fast desktop introduces the operator to the F-key discipline of [[console-os|`os-console`]] and the security model of the [[diode-standard|Diode]]. The commercial products feel familiar from day one. | 1. **Adoption funnel.** A free, fast desktop introduces the operator to the F-key discipline of [[console-os|`os-console`]] and the security model of the [[diode-standard|Diode]]. The commercial products feel familiar from day one. |
| 2. **Reference implementation.** Every line of code written for `os-workplace` is reviewable in the public monorepo. Customers can audit the [[compounding-substrate|substrate]] before they buy commercial aggregation against it. | 2. **Reference implementation.** Every line of code written for `os-workplace` is reviewable in the public monorepo. Customers can audit the [[compounding-substrate|substrate]] before they buy commercial aggregation against it. |
| 3. **Ecosystem gravity.** A growing community of `os-workplace` users creates an independent constituency of contributors, packagers, and translators that no commercial-only product can replicate. The [[contributor-model|contributor model]] describes the roles and rights for community participation. | 3. **Ecosystem gravity.** A growing community of `os-workplace` users creates an independent constituency of contributors, packagers, and translators that no commercial-only product can replicate. The [[contributor-model|contributor model]] describes the roles and rights for community participation. |
| ## See also | ## See also |
| - [[os-family-overview]] — the eight-OS family and where os-workplace fits | - [[os-family-overview]] — the eight-OS family and where os-workplace fits |
| - [[totebox-os]] — the data partner; the archive os-workplace pairs with | - [[totebox-os]] — the data partner; the archive os-workplace pairs with |
| - [[console-os]] — the alternative TUI-first surface for operators who want keyboard-only control | - [[console-os]] — the alternative TUI-first surface for operators who want keyboard-only control |
| - [[machine-based-auth]] — the pairing model that replaces usernames and passwords | - [[machine-based-auth]] — the pairing model that replaces usernames and passwords |
| - [[hardware-reference]] — full CPU and hardware requirements for the PointSav family | - [[hardware-reference]] — full CPU and hardware requirements for the PointSav family |