OpenFoundries
openfoundries.com · Cadastral Commons · Confidential

White Paper & Business Plan

Document v2.1 · June 2026 · consumer rewrite + international, status refresh

Your data. Your context. Your trust. Built as infrastructure.

Seven everyday tools that give you back your data, your contexts, and your trust — one fixed annoyance at a time. All built on the same free, open foundation, which is yours to keep.

FounderSean Oak — Pack of Fools Productions LLC, D/B/A OpenFoundries
SubstrateAgnesi (GPL-3.0)
FoundationCadastral Commons
Domainopenfoundries.com
Version2.1 (consumer rewrite + international; status refresh) · June 2026

A 90-second read

The web treats you as inventory. Cookies follow you home. Email is mostly companies that learned your address. Passwords have become a sticky-note. AI tools quietly learn things about you that you never agreed to share. Each of these is a small extraction. They add up.

We made seven tools that fix specific annoyances:

All seven are built on the same free, open foundation called Agnesi. Agnesi holds the things about you that matter — what you like, what mode you're in, who you trust — and lives only on your own devices. The foundation is free and open-source. You can leave at any time and take everything with you.

That's the whole thing. The rest of this document explains the philosophy, the tools, and the numbers.


01 · Overview — What this is, and why it matters to you

It's a Tuesday morning. You open your laptop. Forty-three of your forty-seven unread emails are from companies that learned your address sometime in the last decade. A recipe site asks you to accept cookies; the "reject" button takes two clicks and the "accept" button takes one. A pair of shoes you looked at on Sunday is following you around the news site you're reading. Your password manager wants to upgrade you to a family plan. Your kid's school portal wants you to install yet another app. ChatGPT has a new memory feature and you're not sure what to make of it.

You are not paranoid. You are not behind. You are watching, in real time, the cumulative cost of a deal you never agreed to: every app, every site, every account is a small extraction, and they all add up. You're not the customer of any of these services. You're the inventory.

OpenFoundries is built to end that deal. Seven everyday tools, each fixing one concrete thing — cookies, passwords, email, writing, AI memory, server access, your social feeds — and underneath all of them, a single free foundation called Agnesi that hands you back the keys to your digital life.

Who this is for

Not "privacy advocates." Not "sysadmins." Regular people, in regular jobs, in countries where the cost of the current deal has become impossible to ignore:

None of these people are infrastructure professionals. They span continents, languages, regulatory regimes, and generations. What they share is a quiet exhaustion with how the current internet treats them, and a willingness — even an eagerness — to use something different if it actually exists.

The plan: useful tools that share an honest foundation

Selling people "an identity operating system" is impossible. Nobody wakes up wanting one. So the plan isn't to sell Agnesi directly. The plan is to build a portfolio of small, useful, immediately-pleasing consumer tools — each one fixing a specific annoyance — and to build all of them on the same free, open-source foundation. That foundation is Agnesi. It's free for the same reason a road is free: it's the surface everything else needs to be useful, and turning it into a toll-booth would defeat the point.

And critically — you don't have to leave anything behind to use these tools. They work with the existing internet. Crumbox sits beside your browser. Burnell works with your existing Gmail. Telkes plugs into any site's login form. Sequentem holds your AI memory locally while you carry on using ChatGPT or Claude. You don't quit Google. You don't quit Substack. You don't quit anything. The tools do the bridging, locally, between you and the services you already use. Section 5 addresses this directly.

The shared foundation, in plain language.

Sara installs Crumbox because the cookie banner whack-a-mole has worn her down. It works on day one. Crumbox is built on Agnesi — a small, free, open-source layer that holds the things about her (what mode she's in, who she trusts, what she's comfortable sharing) that any privacy-respecting tool needs to know. The Agnesi layer comes with Crumbox, but it's hers, not Crumbox's. It runs only on her devices.

A month later, she installs Telkes because her password situation is finally untenable. Same foundation underneath — Agnesi was already there. So Telkes immediately understands when she's in work mode versus weekend mode, without her configuring anything. Then Burnell. Then Feste. Each tool fixes its own problem, and because they all stand on the same honest ground, they get more useful together the more of them she installs.

She didn't opt into a "platform." She didn't sign up for anything. She solved a string of annoyances, and the result was that, somewhere along the way, the foundation under her digital life became something she actually controls. She can leave at any time and take everything with her. That's the whole thing. Useful tools, built honestly on a foundation that's hers.

What's in the box

Foundation (free)Agnesi · Tàth
Consumer everydayCrumbox · Burnell · Telkes
CreativeFeste
For your social lifeClachan
For your AI toolsSequentem
If you run serversBealach (client) · Setebos (server, OSS)

Why now


02 · The Walkable Neighborhood Model

Most adults over thirty-five remember when communities worked differently. You knew the family at the corner store. The same dentist saw you and your kids. Your reputation was the sum of how you actually behaved with the people around you. You could be one person at work, another at temple, another at the bar with your college friends, and nobody got confused about that. That was the social architecture humans evolved with, and it worked imperfectly but durably for thousands of years.

What the internet did is take all that scaffolding away and replace it with engagement metrics. The OpenFoundries thesis is that you can have global reach, AI-enabled tools, and modern convenience without giving up the things the walkable neighborhood actually got right.

Why neighborhoods worked

Six properties held simultaneously:

What the internet broke

Algorithmic amplification destroyed shared context. Context collapse fused all your audiences into one. Trust got measured in follower counts and advertising dollars. Communities lost the ability to enforce their own norms because moderation moved to platforms whose business required engagement, not truth. Multiple contextual identities became "inauthenticity." Meaning was diluted to whatever could be optimized against impressions.

The mistake people make about the neighborhood model is that they assume it scales down — that rebuilding it means losing global access to information. That's wrong. The neighborhood model rebuilt with modern cryptography and federation isn't isolating. It's trust chains that extend outward.

You aren't limited to direct connections. You reach experts through verified people in your extended network. A paper recommended by a trusted researcher reaches you via a chain of verifiable expertise — serendipitous discovery filtered by human judgment, not algorithmic manipulation.

The synthesis: trust plus global access

The promise of the modern web was access to all of human knowledge. The reality is that the access exists but the filtering doesn't — algorithms optimize engagement, the best content sinks, and users learn to trust whatever is loudest. The neighborhood model fixes the filtering layer, not the access layer.

The structural inevitability

This stack isn't a bet on consumer idealism. It's a bet on three converging forces that have already arrived:

ForceWhat it means
User demandDigital natives are aware of algorithmic manipulation. They use finstas, private servers, encrypted chat, and ephemeral accounts. They want communities of interest without performance pressure.
Regulatory requirementsGDPR, DMA, the EU AI Act and their successors don't just penalize bad behavior — they assume an architecture where users can see, port, correct, delete, and withhold. Extraction is illegal-by-architecture.
Economic advantagePrivacy-first tools are now structurally compliant. The retrofit cost of converting an extraction product into a compliant one is often higher than building a sovereign product from scratch.

What "sovereignty" means in practice

  1. Data lives locally by default. Cloud is opt-in, end-to-end encrypted, and never the source of truth.
  2. Identity is user-issued. No central registrar. Zero-knowledge-backed claims, rotation under your control.
  3. Disclosure is contextual. You — not the requesting party — determine what is revealed, to whom, and for how long.
  4. Audit is structural. Every access is logged, hash-chained, and inspectable by you.
  5. Exit is preserved. Open formats, open protocols, open licensing on the substrate. You can leave at any time and take everything.

03 · The Tools — What Each One Does

Each of these tools stands alone. You can install Crumbox without ever installing Agnesi. Burnell will classify your mail just fine on its own. Telkes is a real password manager whether or not anything else is in place. None of them is a gate that forces you into the others.

But all of them are built on the same foundation — Agnesi — which ships alongside them, free and open-source, because we couldn't make these tools honestly any other way. A password manager that knows what mode you're in has to get that knowledge from somewhere. A browser extension that treats your bank differently from a tracker has to know which is which. An email triage tool that respects your work/personal boundary has to know where the boundary is. We could have built each tool with its own private profile of you, sold to advertisers on the side. Instead, the profile of you lives in Agnesi, on your devices, under your control. The tools ask Agnesi. Agnesi answers only with what's appropriate.

Agnesi is described first because it's the foundation. The rest are ordered roughly by who they're for: the most universally-relatable tools first, the more specialized ones (writers, AI users, server admins) at the back.

Agnesi — "The keys to who you are."

The foundation · Free · GPL-3.0

A free identity foundation that quietly remembers your preferences, your contexts, and who you trust — so the rest of your digital life can stop asking you the same questions and stop leaking your answers.

What it does, in plain language. Every app you use already collects bits and pieces of who you are. Spotify knows your music. Google knows your queries. Your bank knows your spending. Each one builds a little profile, monetizes it, and sells some version of it to advertisers or AI training pipelines. None of them ever ask you what you wanted them to know.

Agnesi flips that. It's a small piece of software that lives on your own devices and holds the truthful version of you — what you like, what mode you're in (work / family / public), who you trust, and what you're willing to share with whom. Other apps ask Agnesi, not you. Agnesi answers with only what's appropriate, and only when you've said so.

It runs only on your devices. There's no Agnesi server. There's no Agnesi corporation harvesting your data. The code is open-source under GPL-3.0, audited by anyone who cares to look. You can leave at any time and take everything with you.

What it knows about you (and why that's safe):

Why it exists. Agnesi is the foundation. Every other tool in this lineup gets dramatically better with Agnesi underneath, because each one stops having to ask you the same questions over and over and stops needing to hold your data itself.


Crumbox — "Don't block. Lie."

Stop being followed online · Free + paid tier

A browser extension that handles tracking cookies the way they deserve: feeds them garbage, lets sites work normally, leaves trackers with no real data about you.

Who this is for. Sara, Helen, Maya, Marcus, Devansh, Alex — anyone, anywhere, who's ever clicked through a cookie banner without reading it, then noticed the same pair of shoes following them around the internet for three weeks. The most universally-installable tool in the lineup.

What it does. Accept all cookies and you've consented to being followed everywhere. Block them and half the internet stops working. Crumbox takes the third option: send the cookies the sites demand, but populate them with poisoned values. Stable enough that sites work normally. False enough that trackers learn nothing real about you.

Features:

How it works with Agnesi. On its own, Crumbox uses a sensible default policy. With Agnesi underneath, it knows when you're on your work laptop versus your personal one, treats banking domains differently when you're actually banking, and respects the boundaries you've already drawn between contexts.


Telkes — "Credentials that know what you're doing."

Password manager, smarter · Paid

A password manager that pays attention to which mode you're in. Your work logins stay locked when you're not at work. Your bank doesn't auto-fill on a strange WiFi network. Your kid's iPad can't get to anything sensitive.

Who this is for. Everyone. Genuinely. Sara, who juggles 50+ work logins. Helen, whose Chrome saved-passwords list is approaching 200. Marcus, with client passwords mixed in with personal ones, one phishing email away from a disaster. Maya, whose GDPR-aware EU clients refuse to share credentials over Slack. Devansh, whose ten-person team shares logins on a sticky note. Alex, who already uses Bitwarden but is open to better.

What it does. Telkes is the first password manager that asks a second question beyond "what's your master password?": "in what context are you trying to use this credential right now?" Your work AWS keys aren't even visible when you're in personal mode. Your bank login requires a fingerprint check even when the vault is open.

Features:

How it works with Agnesi. Telkes is the clearest illustration of how this works. Telkes is contextual credentials, and Agnesi is what supplies the context. Telkes works fine without Agnesi, but with Agnesi installed it knows when you're at home versus at work versus on a flight versus using a friend's computer.

Named for Mária Telkes, the Hungarian-American solar engineer whose contributions to the postwar solar house project were systematically credited to her colleagues. A pattern this whole portfolio borrows from.


Burnell — "Email reclaimed from extraction."

Take your inbox back · Paid

A smarter email client that learns what you actually care about — and runs the AI for that learning on your machine, not in Google's data center.

Who this is for. Anyone whose inbox has more newsletters in it than people. Sara, drowning in vendor email at work. Marcus, juggling four clients across two email accounts. Helen, who switched to Substack writing and now wonders who's reading her drafts. Maya, whose Dutch clients are nervous about Gmail under the EU-US data flow uncertainty. Devansh, whose business email is technically still on Gmail and probably shouldn't be given his clients' data residency requirements.

What it does. Your email is the second-most-revealing dataset about you, after your search history. Gmail and Outlook extract those signals to train their algorithms. You get filtering you didn't choose; they get the data. Burnell inverts this. You keep the signal. The AI that classifies your mail runs on your machine. Works with any IMAP account — Gmail, Fastmail, ProtonMail, iCloud, your work email, your domain.

Ships as a polished, branded Thunderbird distribution. Familiar interface, totally different posture.

Features:

How it works with Agnesi. Burnell learns which contexts your accounts belong to and routes accordingly. Work mail in personal time is summarized, not interrupting. Sender trust scores feed back into your Agnesi trust graph.


Feste — "DAW for writing. Local-first."

For everyone who writes · Free local + paid cloud

A complete writing environment that replaces the four-tool stack (Scrivener + Sudowrite + Plottr + Obsidian) every serious writer pieces together — and keeps your manuscript on your own machine, where it belongs.

Who this is for. Helen, writing her first novel evenings and weekends. Marcus, working on a fantasy series while paying the bills designing for clients. Alex, scribbling fiction in Google Docs and quietly aware they shouldn't be. The Madrid-based screenwriter pitching to Netflix. The London journalist working on a sensitive piece who can't risk OpenAI training on their drafts. The TV writers' room that wants to leave Final Draft. The ghostwriter under NDA.

Anyone, in short, who writes and has felt the new pressure of the AI era: this is a tool, and also a threat to my work appearing in someone's training data.

What it does. Feste is a digital audio workstation for writing. Tracks become plotlines. Plugin presets become prompt patches. Comping becomes line-by-line take selection across AI proposals. Automation lanes become drawable tension and pacing curves. Sidechain inputs become per-scene context pins.

You install it on your machine. You write entirely offline if you want. You sync to the cloud only when you want. Your prose never has to leave your computer.

Features:

How it works with Agnesi. Collaborators on the family-history project see different things than the ones on the spec script; AI providers see only what you've authorized for that project; the writers' room you joined for season 2 doesn't see the personal essay drafts living in the same app.


Clachan — "Social rebuilt on trust."

Social, rebuilt · Concept · 2027+

A social network where you post to specific people, not to The Algorithm — and where bad actors can't reach you because the only way in is through someone you actually know.

Who this is for. Anyone who's hovered over the "post" button on Instagram and wondered who's going to see this. Sara, who'd love to share kid photos but not with her former boss. Helen, who'd love a real book-club community without the Facebook surveillance. Marcus, tired of LinkedIn but still wanting to share design work with his EU design network. Maya, who wants to share rough sketches with three trusted designers without it leaking into her LinkedIn feed. Alex, who runs four Instagrams because audience-collapse is unbearable.

What it does. Federated social (Mastodon, Bluesky) solved decentralization but didn't solve trust. Crypto social (Lens, Farcaster) decentralized the wrong layer. Clachan is the missing piece: the people who see your stuff are people you have actually said you trust.

Scottish Gaelic for small hamlet. You create or join named communities. You post to a community, not "to your followers." Routed through your Agnesi trust graph. Chronological feed. No algorithm.

How it works:

Why later, not sooner. Clachan only works if Agnesi has tens of thousands of users with real trust graphs drawn. So Clachan is the natural end-state of the architecture, not its starting point. Earliest realistic build window: 2027.


Sequentem — "Your AI memory. Your wallet."

For everyone who uses AI now · Paid

A small wallet that holds the things your AI tools have learned about you — so you can take that knowledge with you when you switch providers, and so no single AI company gets to own your context.

Who this is for. Sara, who uses ChatGPT for work but also asked it personal questions she now regrets. Marcus, who tried Claude for design work and realized he'd been pasting client briefs into the chat. Helen, who's started using AI for editing and is uneasy about what it now "knows." Maya, whose AI-tool questions are now part of someone else's training data and possibly subject to whichever jurisdiction stores it. Alex, who lives in AI tools and switches providers casually but loses everything every time.

What it does. Right now, every AI tool you use builds its own little profile of you. Switch to a competitor and it's gone. Sequentem flips the model: the AI memory lives in your wallet, on your machine. AI providers request access. You hold the master copy.

Features:

How it works with Agnesi. Sequentem uses Agnesi to decide who's allowed to read what. Installing Sequentem comes with the Agnesi foundation already in place.


Bealach — "The threshold you cross deliberately."

If you log into servers · Paid

For anyone who has to log into a server, transfer files, run a VPN, or open a remote desktop: a single, polished tool that does it all safely.

Who this is for. The most technical tool in the lineup. The consumer isn't an enterprise sysadmin — it's:

If you've ever typed ssh user@server, this is for you. If you haven't, you can skip this tool entirely.

What it does. Bealach (Scottish Gaelic for mountain pass) treats every server login as a deliberate crossing — explicit, witnessed, reversible. Your SSH keys live in a small, separate vault that the rest of your machine can't touch. Every session, every key use, every file transfer is logged.

Features:

How it works with Agnesi. Bealach understands which mode you're in: production keys are unavailable on a Friday night, personal homelab key is hidden during the workday.


Setebos — "Your Linux desktop, anywhere."

Open infrastructure · Free · GPL-3.0 · Cadastral Commons

A headless remote-desktop server for Linux: it runs a full Wayland desktop session on a machine with no monitor attached and streams it to you over standard RDP. Connect with Bealach — or any RDP client, including Microsoft's Windows App — and your home server, VPS, or lab box becomes a desktop you can reach from anywhere.

Who this is for. The same people Bealach is for — Devansh with a Hetzner box, Marcus with a VPS per client, Alex spinning up a first cloud instance — plus anyone running a Linux homelab who wants a real desktop on it without bolting on a monitor. Setebos is the server, Bealach is the client; together they're a sovereign replacement for TeamViewer or AnyDesk that never phones home to a third party.

What it does. Built on Smithay (a Rust Wayland compositor toolkit) and a Rust RDP server, Setebos hosts a desktop session per connection — GNOME, KDE, Sway, Hyprland and more — with real Linux PAM login, encrypted transport, clipboard and audio forwarding, X11-app compatibility, and per-session privilege isolation. A capture mode can instead relay an already-running desktop rather than spawning a fresh one.

Why it's free and open. Setebos is stewarded by Cadastral Commons under GPL-3.0 — the same open posture as Agnesi. It works fully standalone (no Agnesi required); trust-gating through Agnesi is an optional layer, never a lock-in. Remote access to your own machines shouldn't be a subscription you can be cut off from.

Named for one of Uranus's moons — the portfolio's IAU-catalogued-moon exception to its erased-scientists naming rule.


Tàth — "Welds the portfolio together."

Infrastructure (you won't install this directly) · Free · OSS

A free, open-source bridge that lets AI agents and other apps talk to the OpenFoundries stack — through Agnesi, always with permission.

You won't think about Tàth, but every AI tool you use will. It's the plumbing that lets a chat agent ask Telkes for a credential, ask Sequentem for your travel preferences, ask Burnell who you actually trust — through one consistent gateway, with Agnesi gating every request.

For consumers, Tàth's existence means the AI assistants arriving over the next few years can plug into your sovereign stack instead of the extraction-based cloud. Scottish Gaelic for "to weld together."


04 · The Synthesis — How Small Wins Compound Into Freedom

If you install one of these tools, you've solved one problem. Crumbox kills the cookie banner whack-a-mole. Telkes ends the password sticky-note. Burnell makes your inbox livable again. Feste lets you write without sending your manuscript to an AI training pipeline. Each tool is, on its own, worth the install.

If you install three or four, something more interesting happens. The Agnesi foundation that each one brings along starts coordinating them: your password manager knows when you're at work and stops showing personal credentials; your email knows which trust circles to defer to; your writing app knows which collaborators belong on which project; your browser knows when to be paranoid and when to relax. You didn't sit down one weekend and "configure your digital life." You just kept solving small annoyances, and the foundation grew underneath because every tool you bought already had it.

That's the entire thesis of OpenFoundries. Don't sell sovereignty. Sell fixed annoyances, built on an honest foundation. Sovereignty is the cumulative result.

Why this compounds

What happens when AI joins the stack

You're already using AI more than you used it a year ago. So is everyone in our persona list. The discomfort about how much "the AI" knows about you is real and is becoming mainstream. Sequentem and Tàth are how the OpenFoundries stack handles that:

What an AI agent needsWhat the OF stack provides
Memory of you across sessionsSequentem — your wallet, you choose what's released
Credentials to do something on your behalfTelkes — tier-gated, audited, revocable
Access to your infrastructureBealach — short-lived sessions, fingerprinted, logged
To read your emailBurnell — locally, never to an extraction cloud
To act on the web for youCrumbox — per-domain policy by context
Permission to do any of the aboveAgnesi — the only thing that can say yes

Today's AI agents do these things by being given the keys to the kingdom. The OpenFoundries stack does them by being asked, every time, through a doorway that you control.

The Brass and Verdigris promise

The portfolio has two halves. OpenFoundries — brass, warm, the commercial maker — builds and sells the consumer tools. Cadastral Commons — verdigris, the patina that develops on brass over time — stewards the foundation. Agnesi the protocol lives at Cadastral Commons, free, open-source under GPL-3.0, governed openly — alongside other open infrastructure the Commons stewards, including Tàth and Setebos. Agnesi the product, and everything built on it, lives at OpenFoundries.

This isn't a marketing structure. It's a structural commitment that the substrate cannot become an extraction point even if OpenFoundries wanted it to. Anyone can audit the code. Anyone can fork it. Anyone can take their Agnesi data and walk away. That promise is what makes the rest of the thesis honest.

Three inflection points to watch

  1. Agnesi reaches 50,000 users through the consumer tools. The trust graph becomes dense enough to seed Clachan organically. The moat becomes structural rather than theoretical.
  2. One of the tools breaks out. Most likely Crumbox or Telkes (universal pain) or Feste (creator wave). Whichever does, it pulls 100,000+ Agnesi installs behind it.
  3. A privacy-mandated vertical adopts. Healthcare, legal, journalism, or therapy naming an OpenFoundries tool — particularly Burnell or Feste — as the compliant default locks in a beachhead the extraction incumbents structurally cannot serve.

Any one of these is a sustainable business. The structure says all three are reachable from where the portfolio stands today.


05 · The Adoption Question — How does this work without the internet rebuilding itself?

The most important objection to the OpenFoundries thesis is one this document has, until now, danced around. A reasonable reader asks:

Even if I install Agnesi, what good is it? Google doesn't speak Agnesi. Substack doesn't speak Agnesi. My bank doesn't speak Agnesi. I'd just end up maintaining Agnesi and my Google account, and my Apple ID, and my Substack login. That's more work, not less.

The objection is real. It has a real answer — five of them, actually, and any one of them would be enough on its own for the thesis to hold. Together they're the reason we believe the rest of the internet doesn't need to rebuild itself for OpenFoundries to work.

1. The tools enforce Agnesi locally, between you and the existing internet

You don't need Google to support Agnesi. Burnell connects to your Gmail through standard IMAP and does its triage on your machine — Gmail just sees a normal mail client connecting in. Crumbox sits between your browser and every site you visit, poisoning the cookies before they leave your computer. Telkes autofills credentials into any login form, anywhere, the same way 1Password and Bitwarden already do. Sequentem holds your AI's memory of you locally while you carry on using ChatGPT or Claude. The tools do the bridging work. The rest of the internet doesn't have to know Agnesi exists for Agnesi to be doing its job for you.

2. You don't replace your existing accounts. You augment them

This isn't a "quit Google" plan. You keep your Gmail. You keep Substack. You keep Netflix. Agnesi sits beside those services, holding the things about you that matter (preferences, contexts, who you trust), and the OpenFoundries tools apply those preferences as you go about your business inside the existing internet. The switching cost isn't "rebuild your digital life from scratch." It's "install one small tool and notice it feels better."

This is the same model as Signal (you still have a phone number for emergencies), Bitwarden (you still have all your existing logins), or an ad blocker (you still browse the same web). Each one adds a layer that makes your existing setup work the way you'd want — without making you leave.

3. MCP is the wedge into the AI ecosystem

Model Context Protocol — the standard Anthropic and others are pushing for how AI agents access tools and data — is on track to become the default way AI assistants do anything on your behalf. Every agentic workflow, every "let the AI book this for me" feature, every "memory" plugin in ChatGPT and Claude and Gemini being built right now will, within 2–3 years, run on MCP.

Tàth exposes Agnesi as an MCP server. As MCP adoption grows, Agnesi becomes a strong candidate for the default user-permission layer that AI agents reach for when they want to act on a user's behalf. This isn't a moonshot — the AI industry is explicitly converging on MCP as the open standard. Agnesi is positioned to be the open-source identity-and-consent layer those agents call. We don't need to convince Anthropic or OpenAI of anything; we just need to be ready when their agents need somewhere to ask "is this person OK with this?"

4. Regulation is forcing services to adopt programmatic consent layers anyway

GDPR, the EU AI Act (in force since 2024), the Digital Markets Act, India's DPDPA, the UK's Online Safety Act updates, CCPA, and the patchwork of US state-level laws all assume an architecture where users can see, port, correct, delete, and grant consent programmatically. Right now, services try to meet that bar with broken Data Subject Access Request forms, cookie banners nobody reads, and enterprise consent management platforms that cost six figures a year per platform.

As enforcement tightens (GDPR enforcement spend roughly doubled in 2024), services will need a real programmatic layer to plug into. Agnesi — open-source, free, audited, user-controlled, and already in users' hands — is the lowest-friction option. The portfolio doesn't need to convince Meta to adopt Agnesi. It needs to be ready when Meta's legal team is told they need a consent layer that actually works, and the open-source one their users already have installed costs less than the proprietary alternatives.

5. The federation flywheel kicks in around 100,000 users

Once Agnesi has a meaningful installed base — somewhere between fifty and a hundred thousand users — three things happen in sequence:

What this all means, plainly

The switching cost is as low as we can possibly make it. You don't quit anything. You don't change providers. You install one small tool that fixes one annoyance. It works on day one. It brings a foundation along with it, free. Over time, the foundation does more — as you install more OpenFoundries tools, as the AI ecosystem standardizes on MCP, as regulation forces incumbents to adopt the same kind of user-consent layer we've already built and given away.

We can't make the cost zero. We won't pretend we can. But we don't need the rest of the internet to rebuild itself for any of this to work — we need it to keep doing exactly what it's doing now. The portfolio does the bridging work, locally, between you and the services you already use. The federation flywheel and regulatory pressure take care of the rest, on a timeline measured in years, not decades.


06 · Where We Stand — Per-Tool Status (June 2026)

ToolStageStatus
AgnesiPhase 4 ZKPFull SwiftUI surface + cross-process daemon shipped; ZkpPreferenceStore and the editable behavioural-inference layer ("what Agnesi thinks about you") landed; full security-audit review passed. Context-tier auto-derivation, weekly/quarterly learning loop, serverless P2P sync (ADR-001: boringtun + Kademlia DHT, QR/NFC pairing), encrypted wallet export/inheritance, anti-correlation audit defences, 7-rung verification ladders, and a cross-portfolio panic / lost-device kill switch all shipped. W3C Verifiable Credentials (issue / verify / ZKP selective disclosure) core landed — BBS+ unlinkable disclosure + OpenID4VP in progress.
CrumboxMVP epic closedPolicy engine, MV3 interceptor, BLAKE3 fake-value generator, IndexedDB audit log, popup UI, Playwright E2E all done. Security-hardening pass landed (215 tests); onboarding + in-app help shipped. Cross-browser store submission (Chrome, Edge, Firefox AMO, Safari) in progress.
TelkesWell past MVPFull password-manager surface shipped: 6 credential kinds, folders, Authenticator, import wizard, trust-gated P2P vault sync, and the browser extension (WXT MV3 + Rust native-messaging host — Chrome / Chromium / Firefox autofill). Open: team vaults (deferred), Shamir M-of-N + emergency access (backlog).
BurnellPivoted to Thunderbird Tier 2Original Rust-IMAP-from-scratch plan replaced with branded Thunderbird ESR distribution + Rust classifier daemon + Thunderbird MailExtension. Q3 2026 kickoff.
FesteNative app shipped; productizing~100+ tickets closed May 2026: TipTap editor + revision history, screenplay support, wiki-links + force graph, corkboard, MCP server, multi-tier LLM routing, Scrivener import. Pivoted from self-hostable to local-first installed app over feste-core Rust crate + SwiftUI on macOS. Cloud sync relay (Rust on Fly.io • R2) + zero-knowledge encryption now live; cloud security epic largely landed (TLS 1.3, Agnesi-gated sync endpoint, multi-tenancy), with encryption-at-rest and Agnesi-as-IdP in flight. Paid-Sync GA gated on zero-knowledge key recovery. Public launch Q2 2027.
ClachanConcept stageQ1 2027+. Hard dependency on Agnesi Phase 4 stable. Architectural decisions made; implementation deferred.
SequentemSprints 0–3 completeCLI + real-stack E2E (real Agnesi + Telkes + FileBlobStore, no mocks) + audit-readiness docs shipped. Browser extension in progress — captures memory from ChatGPT / Claude.ai / Gemini web UIs with live context injection. Distribution gated on Tàth.
Bealachv1 shipped; deep feature work ongoingNetwork Extension entitlement + system-extension migration landed. Since: cross-device P2P sync, multi-hop SSH / jump-host chaining, bidirectional ~/.ssh/config sync, native macOS notifications, and RDP/VNC remote desktop (pairs with Setebos). Cross-platform Linux/Windows planned — native-first (GTK4 / WinUI 3 over the shared Rust core), reversed from the earlier Tauri approach.
SetebosS3 — Performance & ReleaseHeadless Wayland compositor + RDP server (compositor / rdp / encode / server + capture). PAM auth, per-session uid drop, XWayland, clipboard, audio, RemoteFX/GFX, and capture-mode screencopy shipped; multi-desktop-environment session support in progress. OSS release prep (GPL-3.0, Cadastral Commons) underway.
TàthBacklogSprint 0 shipped (crate scaffolding, ToolRouter / Backend traits, rmcp adoption). Remaining sprints scoped: Agnesi + Bealach surface → Sequentem + Telkes surface → HTTP/SSE transport + OSS release. Likely graduates to Cadastral Commons.

07 · Revenue Projections — The Numbers, Briefly

OpenFoundries is a consumer-first business. Every dollar in the rollup below assumes that Sara, Marcus, Helen, Maya, Devansh, and Alex — and the millions of people like them, in Spain and Germany and the UK and the Netherlands and India and the US and everywhere in between — install at least one of the tools, like it, and bring Agnesi with it. Enterprise tiers exist (developer/security bundle through Bealach + Telkes, creative-team tiers through Feste, compliance bundle through Burnell) but they're downstream of consumer momentum, not parallel to it.

Feste's addition reshapes the portfolio. At mid-case it becomes the single largest line, widening the story from "privacy tooling" to "privacy and creativity tooling for everyone." The thesis still holds.

Mid-case rollup

YearBealachTelkesBurnellFesteSequentemCrumboxTotal
Y1$60k$20k$20k$80k$5k$10k$195k
Y2$200k$80k$80k$500k$25k$50k$935k
Y3$500k$200k$250k$1.5M$80k$120k$2.65M
Y4$900k$400k$500k$2.8M$200k$200k$5.0M
Y5$1.4M$600k$800k$4.0M$400k$350k$7.55M

Y5 mid is $7.55M ARR. The bull case is $12–15M and assumes one of the tools breaks out (Crumbox, Telkes, or Feste are the most likely candidates) and one privacy-mandate vertical adopts. The worst case is $1.8–2.5M and assumes Feste caps at the pre-pivot floor and the enterprise bundles never attach.

None of these numbers work without consumer adoption. Small wins compounding into the shared foundation is the precondition for everything else.

Scenario range, hiring schedule, what changed with Feste, and the honest call on the bull case: see Appendix A below.

The Sovereignty Bundle — a one-time seeding event

Ahead of the recurring curve above, OpenFoundries plans a one-time Sovereignty Bundle lifetime deal: Telkes, Bealach, and the free Agnesi substrate packaged together and shipped cross-platform — the macOS SwiftUI apps plus native Linux (GTK4) and Windows (WinUI 3) builds over the shared Rust cores (native-first, not a Tauri wrapper). Targeted for roughly October 2026 and sized at about $150–200k net. Its purpose isn't recurring revenue; it's a cash-and-cohort seeding mechanism — it funds the next stretch of solo runway and, more importantly, plants an Agnesi installed base large enough to start the trust-graph flywheel described in Section 5. This LTD revenue is deliberately excluded from the recurring rollup above.


Appendix A · Detailed Revenue Analysis (for deep-divers)

This appendix exists for readers who want to look at the assumptions behind the Section 7 rollup. Scenario range, the case for and against the mid number, the change Feste introduced, the hiring schedule, and the honest call on the bull case.

Scenario range

ScenarioY5 ARRWhat it assumes
Worst case$1.8–2.5MBealach stalls at individual tier; Telkes can't attach to enterprise; Burnell rebuild slips; Feste caps at $1.5M (the pre-pivot floor); Sequentem and Crumbox never find a paid wedge.
Mid case$7.55MThe rollup in Section 6. Feste delivers on the local-app pivot; the Bealach + Telkes developer bundle finds an enterprise anchor by Y2–Y3; at least one privacy-mandate vertical adopts.
Bull case$12–15MFeste catches the indie-author wave at scale; Bealach + Telkes lands an enterprise anchor; Tàth + Sequentem catches the agent-infrastructure wave; one privacy vertical (healthcare, legal, journalism, or therapy) standardizes on Burnell or Feste.

What changed with Feste

Hiring schedule

YearSolo ARRPhased ARRTeam EOYPayroll% of ARR
Y1$195k$195k1 (founder)$00%
Y2$935k$1.0M1 + contractor$40k4%
Y3$2.65M$3.2M3–4 FTE$340k11%
Y4$5.0M$6.5M5–6 FTE$820k13%
Y5$7.55M$10M7–9 FTE$1.4M14%

Payroll stays at 11–14% of ARR through Y5 — better than the privacy-only portfolio's 19–21% because Feste's volume scaling on Sync-tier subscriptions has lower marginal labor cost. Hires still trigger by ARR threshold, not calendar.

The honest call on the bull case

Y5 mid at $7.55M assumes Feste delivers on the local-app pivot, Bealach finds an enterprise anchor by Y2, and at least one privacy-mandate vertical adopts. None of those are unrealistic, but none are automatic.

The $60M+ conversation from earlier portfolio reviews remains a Y7–Y8 outcome contingent on Series A capital, full team build-out by Y4, and either the agent-infrastructure path or the privacy-mandate vertical path hitting hard. The architecture supports it. The bootstrapped solo path does not. Choosing between the two is a future decision, not a 2026 one.


OpenFoundries · Cadastral Commons · 2026 · Document v2.1 (consumer rewrite + international; June 2026 status refresh) · Pack of Fools Productions LLC