CyOS operating surface

CyOS is the operating surface for sovereign intelligence.

Connect sites, apps, machines, data, Realms, and Intelligences through grants and source-resident projections.

Public surfaces teach and route.

Private projections are read through grants.

Things, machines, artifacts, and Intelligences relate without forcing all data into one platform.

Explore the model Open Console Explore Studio

Operating model

One surface, five relations.

SiteOperatorContinuity

A first-party site becomes a live CyOS surface without exposing owner telemetry publicly.

AppCapabilityAgency

CyOS turns browser, local node, and Realm capabilities into things people and machines can use.

DataCorpusProjection

Data stays at source; projections are derived views with grants and provenance.

ThingGrantChronicle

Every read, route, action, and relation moves toward visible authority and audit.

RealmEstateConsole

An owner Thing governs public surfaces, private telemetry, and capability routes.

Current state

Live capability, bridge access, future adapters.

Public CyOS siteSafe explanation and entry points for the operating model.

Live

Owner ConsoleTelemetry, journeys, access networks, and health behind server-side auth.

Live

Operator ingestionAppend-only first-party projection events at the compatibility network endpoint.

Live

Thing sessionTemporary HMAC Thing-session access beside break-glass Basic/Bearer auth.

Bridge

Corpus projection adapterMove projection storage from database-first to Corpus-backed shards.

Future

Multi-Estate routesOwner-scoped routes for Markus, Dr Hearn, and future Realm owners.

Future

Site

A website becomes a CyOS surface.

Operator lets first-party pages carry page, section, session, invite, and continuity context into a governed journey. The public site teaches and routes; the private console reads the projection.

Operator SDKIndividualized linksKnown visitor continuationOwner-only projection views

App

Capabilities can surface as UI, API, or machine action.

CyOS spans the browser, local devices, Realms, and fabric. The same capability can appear as an app panel, a local node function, a Realm route, or a machine-callable operation.

T0 browserT1 cyos-nodeRealm-hosted capabilitiesMachine-first invocation

Intelligence

reBe and Studio are capabilities inside the CyOS model.

reBe reasons over governed context. Studio focuses knowledge and community. Both depend on Corpus, grants, provenance, and Source Contracts rather than a hidden platform database.

reBe IntelligenceStudio projectionPolyAgent routingSource-aware context

Data

Corpus keeps source data authoritative.

CyOS asks for projections instead of copying every source into one central shadow store. Grants decide what can be read, and revocation must make projections stale or unavailable.

Source-resident shardsGrant-gated readsProjection freshnessChronicle audit path

Operators and Realms

CyOS is deployable beyond this Estate.

SafeHarbour is the running proof. The longer path is Realms and fabric that let network operators, enterprises, and managed operators run sovereign intelligence on infrastructure they control.

Read the platform thesis Review the trust boundary

Operator roles

Network Operator
Bring sovereign intelligence to edge, subscriber, and regional infrastructure.

Early access

Enterprise Operator
Run governed intelligence and Corpus access on infrastructure the organisation controls.

Early access

Managed Operator
Host isolated Realms for customers while their data and keys remain sovereign.

Early access

Ways in

Different audiences, same primitives.

Things | grants | Corpus | Realms

IndividualCarry intelligence across devices and communities without making private life a platform asset.Site OwnerSee how public surfaces teach, route, and continue journeys while telemetry stays owner-only.BusinessCoordinate knowledge, workflows, and customer context through grants instead of shadow databases.InstitutionOperate public-service intelligence under jurisdictional rules, provenance, and audit.DeveloperBuild with Things, grants, Corpus, Source Contracts, Operator, and tier-aware Capabilities.OperatorDeploy Realms, edge, fabric, Corpus, and sovereign intelligence on controlled infrastructure.

Trust boundary

Public explanation. Private projection. Append-only ingestion.

CyOS does not make owner intelligence public to prove that the system works. The public page explains the operating model. The console governs detailed reads. Operator writes are narrow and contract validated.

Public hereCyOS explanation, safe capability status, Studio entry points, and trust model.

Private in ConsoleTelemetry, visitor journeys, access networks, health, seeds, grants, and owner operations.

Append-only from OperatorFirst-party events are contract validated and accepted without exposing projection reads.

Future full statePasskey-backed Thing auth, Chronicle read audit, Corpus-backed projection adapters, and multi-Estate routing.

Visible on this public surfaceProduct model, capability maturity, public routes, and safe entry points.

Protected by Console accessTelemetry, journeys, access-network evidence, detailed health, grants, and seed tools.

Private hashes such as #telemetry, #journeys, and #access-networks are routed to the authenticated console.