Diff: systems/totebox-os
From 626563d to 626563d
+0 / −0 lines
| Before | After |
|---|---|
| --- | --- |
| schema: foundry-doc-v1 | schema: foundry-doc-v1 |
| title: "Totebox OS" | title: "Totebox OS" |
| slug: totebox-os | slug: totebox-os |
| category: systems | category: systems |
| type: topic | type: topic |
| quality: complete | quality: complete |
| short_description: "Totebox OS is the microkernel-based data-archive operating system used by PointSav to store institutional records as inert flat files with cryptographic integrity verification at the filesystem level." | short_description: "Totebox OS is the microkernel-based data-archive operating system used by PointSav to store institutional records as inert flat files with cryptographic integrity verification at the filesystem level." |
| status: active | status: active |
| bcsc_class: public-disclosure-safe | bcsc_class: public-disclosure-safe |
| last_edited: 2026-05-04 | last_edited: 2026-05-04 |
| editor: pointsav-engineering | editor: pointsav-engineering |
| cites: [] | cites: [] |
| paired_with: os-totebox.es.md | paired_with: os-totebox.es.md |
| --- | --- |
| **Totebox OS** is the core data-archive layer of the PointSav platform. It runs on an seL4 microkernel and enforces a strict separation between software execution engines and the corporate ledgers those engines read and write. Every institutional record lives as an inert flat file — Markdown, YAML, or CSV — that requires no proprietary runtime to open or interpret decades later. | **Totebox OS** is the core data-archive layer of the PointSav platform. It runs on an seL4 microkernel and enforces a strict separation between software execution engines and the corporate ledgers those engines read and write. Every institutional record lives as an inert flat file — Markdown, YAML, or CSV — that requires no proprietary runtime to open or interpret decades later. |
| The architecture is designed to build **Trustworthy Systems** by rejecting the conventional multi-tenant database model. In the Totebox model, the execution software and the data it processes occupy distinct directories, connected only through explicit, audited access paths. | The architecture is designed to build **Trustworthy Systems** by rejecting the conventional multi-tenant database model. In the Totebox model, the execution software and the data it processes occupy distinct directories, connected only through explicit, audited access paths. |
| ## Directory structure | ## Directory structure |
| A Totebox deployment follows a three-directory layout, as seen in the `cluster-totebox-jennifer` implementation: | A Totebox deployment follows a three-directory layout, as seen in the `cluster-totebox-jennifer` implementation: |
| ``` | ``` |
| cluster-totebox-corporate/ | cluster-totebox-corporate/ |
| ├── app-console-input/ # execution software | ├── app-console-input/ # execution software |
| ├── assets/ # physical vault — PDFs, images | ├── assets/ # physical vault — PDFs, images |
| └── ledger/ # state machine — YAML metadata, CSV ledgers | └── ledger/ # state machine — YAML metadata, CSV ledgers |
| ``` | ``` |
| The `ledger/` directory is the canonical record. The `assets/` directory holds binary artefacts. The `app-console-input/` directory contains the execution software that reads and writes to the other two. None of the three directories are permitted to commingle their contents. | The `ledger/` directory is the canonical record. The `assets/` directory holds binary artefacts. The `app-console-input/` directory contains the execution software that reads and writes to the other two. None of the three directories are permitted to commingle their contents. |
| ## Flat files over databases | ## Flat files over databases |
| A flat file is a static sequence of bytes on disk. A relational database is a running software engine with its own memory model, parser, and network surface. **Totebox OS** stores corporate knowledge as flat files because a `.yaml` ledger or `.csv` register is universally readable without proprietary tooling and remains structurally stable across hardware generations. | A flat file is a static sequence of bytes on disk. A relational database is a running software engine with its own memory model, parser, and network surface. **Totebox OS** stores corporate knowledge as flat files because a `.yaml` ledger or `.csv` register is universally readable without proprietary tooling and remains structurally stable across hardware generations. |
| The practical consequence is that data migration cost falls toward zero: the customer always holds the source in a form any text editor can open. | The practical consequence is that data migration cost falls toward zero: the customer always holds the source in a form any text editor can open. |
| ## Machine Authorization | ## Machine Authorization |
| The architecture rejects traditional role-based authorization in favor of **Machine Authorization** and **Device-based Permissions**. Every transaction on a PointSav appliance is cryptographically anchored to a WORM ledger, ensuring that only authorized hardware devices can modify the system state. | The architecture rejects traditional role-based authorization in favor of **Machine Authorization** and **Device-based Permissions**. Every transaction on a PointSav appliance is cryptographically anchored to a WORM ledger, ensuring that only authorized hardware devices can modify the system state. |
| ## Deployment model | ## Deployment model |
| A Totebox deployment operates as a **Freely Transferable** system. It is delivered as a **Bootable Disk Image** that can be deployed on Bare metal resources or public cloud resources without structural dependency on the hosting provider. | A Totebox deployment operates as a **Freely Transferable** system. It is delivered as a **Bootable Disk Image** that can be deployed on Bare metal resources or public cloud resources without structural dependency on the hosting provider. |
| The Vendor (PointSav Digital Systems) engineers the Rust-based execution engines that safely read and write to the Totebox directories. The Customer deploys the Totebox on their own hardware and holds the audit ledger directly. No vendor intermediary sits between the customer's records and the customer's filesystem. | The Vendor (PointSav Digital Systems) engineers the Rust-based execution engines that safely read and write to the Totebox directories. The Customer deploys the Totebox on their own hardware and holds the audit ledger directly. No vendor intermediary sits between the customer's records and the customer's filesystem. |
| ## See Also | ## See Also |
| - [[topic-totebox-archive]] | - [[topic-totebox-archive]] |
| - [[topic-totebox-orchestration]] | - [[topic-totebox-orchestration]] |
| - [[topic-console-os]] | - [[topic-console-os]] |
| - [[topic-infrastructure-os]] | - [[topic-infrastructure-os]] |