Seven everyday tools that give you back your data, your contexts, and your trust — one fixed annoyance at a time. All built on the same free, open foundation, which is yours to keep.
The web treats you as inventory. Cookies follow you home. Email is mostly companies that learned your address. Passwords have become a sticky-note. AI tools quietly learn things about you that you never agreed to share. Each of these is a small extraction. They add up.
We made seven tools that fix specific annoyances:
All seven are built on the same free, open foundation called Agnesi. Agnesi holds the things about you that matter — what you like, what mode you're in, who you trust — and lives only on your own devices. The foundation is free and open-source. You can leave at any time and take everything with you.
That's the whole thing. The rest of this document explains the philosophy, the tools, and the numbers.
It's a Tuesday morning. You open your laptop. Forty-three of your forty-seven unread emails are from companies that learned your address sometime in the last decade. A recipe site asks you to accept cookies; the "reject" button takes two clicks and the "accept" button takes one. A pair of shoes you looked at on Sunday is following you around the news site you're reading. Your password manager wants to upgrade you to a family plan. Your kid's school portal wants you to install yet another app. You get coffee with a friend, at your favorite cafe and neither of you are certain that your phones aren't listening. ChatGPT has a new memory feature and you're not sure what to make of it.
You are not paranoid. You are not behind. You are watching, in real time, the cumulative cost of a deal you never agreed to: every app, every site, every account is a small extraction of data about your personal life and behavior, and they all add up. You're not the customer of any of these services. You're the inventory.
OpenFoundries is built to end that deal. Seven everyday tools, each fixing one concrete thing — cookies, passwords, email, writing, AI memory, server access, your social feeds — and underneath all of them, a single free foundation called Agnesi that quietly hands you back the keys to your digital life.
Not "privacy advocates." Not "sysadmins." Regular people, in regular jobs, in countries where the cost of the current deal has become impossible to ignore. People who notice the cost and would take a better one if it existed:
None of these people are infrastructure professionals. They span continents, languages, regulatory regimes, and generations. What they share is a quiet exhaustion with how the current internet treats them, and a willingness — even an eagerness — to use something different if it actually exists.
It's free, because you should own your own data, and that should always have been true.
And critically — you don't have to leave anything behind to use these tools. They work with the existing internet. Crumbox sits beside your browser. Burnell works with your existing Gmail. Telkes plugs into any site's login form. Sequentem holds your AI memory locally while you carry on using ChatGPT or Claude. You don't quit Google. You don't quit Substack. You don't quit anything. The tools do the bridging, locally, between you and the services you already use. Section 5 addresses this directly.
Sara installs Crumbox because the cookie banner whack-a-mole has worn her down. It works on day one. Crumbox is built on Agnesi — a small, free, open-source layer that holds the things about her (what mode she's in, who she trusts, what she's comfortable sharing) that any privacy-respecting tool needs to know. The Agnesi layer comes with Crumbox, but it's hers, not Crumbox's. It runs only on her devices.
A month later, she installs Telkes because her password situation is finally untenable. Same foundation underneath — Agnesi was already there. So Telkes immediately understands when she's in work mode versus weekend mode, without her configuring anything. Then Burnell. Then Feste. Each tool fixes its own problem, and because they all stand on the same honest ground, they get more useful together the more of them she installs.
She didn't opt into a "platform." She didn't sign up for anything. She solved a string of annoyances, and the result was that, somewhere along the way, the foundation under her digital life became something she actually controls. She can leave at any time and take everything with her. That's the whole thing. Useful tools, built honestly on a foundation that's hers.
Most adults over thirty-five remember when communities worked differently. You knew the family at the corner store. The same dentist saw you and your kids. Your reputation was the sum of how you actually behaved with the people around you. You could be one person at work, another at temple, another at the bar with your college friends, and nobody got confused about that. That was the social architecture humans evolved with, and it worked imperfectly but durably for thousands of years.
What the internet did is take all that scaffolding away and replace it with engagement metrics. The OpenFoundries thesis is that you can have global reach, AI-enabled tools, and modern convenience without giving up the things the walkable neighborhood actually got right.
Six properties held simultaneously:
Algorithmic amplification destroyed shared context. Context collapse fused all your audiences into one. Trust got measured in follower counts and advertising dollars. Communities lost the ability to enforce their own norms because moderation moved to platforms whose business required engagement, not truth. Multiple contextual identities became "inauthenticity." Meaning was diluted to whatever could be optimized against impressions.
The mistake people make about the neighborhood model is that they assume it scales down — that rebuilding it means losing global access to information. That's wrong. The neighborhood model rebuilt with modern cryptography and federation isn't isolating. It's trust chains that extend outward.
You aren't limited to direct connections. You reach experts through verified people in your extended network. A paper recommended by a trusted researcher reaches you via a chain of verifiable expertise — serendipitous discovery filtered by human judgment, not algorithmic manipulation.
The promise of the modern web was access to all of human knowledge. The reality is that the access exists but the filtering doesn't — algorithms optimize engagement, the best content sinks, and users learn to trust whatever is loudest. The neighborhood model fixes the filtering layer, not the access layer.
This stack isn't a bet on consumer idealism. It's a bet on three converging forces that have already arrived:
Digital natives are aware of algorithmic manipulation. They use finstas, private servers, encrypted chat, and ephemeral accounts. They want communities of interest without performance pressure.
GDPR, DMA, the EU AI Act and their successors don't just penalize bad behavior — they assume an architecture where users can see, port, correct, delete, and withhold. Extraction is illegal-by-architecture.
Privacy-first tools are now structurally compliant. The retrofit cost of converting an extraction product into a compliant one is often higher than building a sovereign product from scratch.
Each of these tools stands alone. You can install Crumbox without ever installing Agnesi. Burnell will classify your mail just fine on its own. Telkes is a real password manager whether or not anything else is in place. None of them is a gate that forces you into the others.
But all of them are built on the same foundation — Agnesi — which ships alongside them, free and open-source, because we couldn't make these tools honestly any other way. A password manager that knows what mode you're in has to get that knowledge from somewhere. A browser extension that treats your bank differently from a tracker has to know which is which. An email triage tool that respects your work/personal boundary has to know where the boundary is. We could have built each tool with its own private profile of you, sold to advertisers on the side. Instead, the profile of you lives in Agnesi, on your devices, under your control. The tools ask Agnesi. Agnesi answers only with what's appropriate.
Agnesi is described first because it's the foundation. The rest are ordered roughly by who they're for: the most universally-relatable tools first, the more specialized ones (writers, AI users, server admins) at the back.
A free identity foundation that quietly remembers your preferences, your contexts, and who you trust — so the rest of your digital life can stop asking you the same questions and stop leaking your answers.
Every app you use already collects bits and pieces of who you are. Spotify knows your music. Google knows your queries. Your bank knows your spending. Each one builds a little profile, monetizes it, and sells some version of it to advertisers or AI training pipelines. None of them ever ask you what you wanted them to know.
Agnesi flips that. It's a small piece of software that lives on your own devices and holds the truthful version of you — what you like, what mode you're in (work / family / public), who you trust, and what you're willing to share with whom. Other apps ask Agnesi, not you. Agnesi answers with only what's appropriate, and only when you've said so.
It runs only on your devices. There's no Agnesi server. There's no Agnesi corporation harvesting your data. The code is open-source under GPL-3.0, audited by anyone who cares to look. You can leave at any time and take everything with you.
What you actually like and don't. Music, news, food, places, conversation styles. Stored locally. Never for sale. Never used to "personalize" advertising.
You're a different person at work than at home, with your kids than with your college friends. Agnesi knows which one you're being right now, and only shares what matches.
Who you actually trust, in what areas. Your sister for restaurant recs. Your accountant for tax stuff. Your former editor for book recommendations. Real people, in real domains.
How you actually use your devices — what you read, save, ignore. Learned locally, kept locally. Other apps see only the conclusions, never the raw data.
For most people, almost nothing. You install it. You spend ten minutes telling it the basics — "I have a work context and a personal context"; "I trust my sister about restaurants"; "I don't want my browsing followed across sites." From then on, every other OpenFoundries tool you install just works the way you'd want, without you having to fill out settings pages.
The deeper magic is that other tools — including third-party AI agents — can ask Agnesi for permission instead of asking you. An AI assistant that wants to book you a flight can ask Agnesi "is this person comfortable with X airline, in this context?" and get back a yes or no without ever seeing your travel history. Your data didn't move. The answer did.
Agnesi is the destination. Every other tool in this lineup gets dramatically better with Agnesi underneath, because each one stops having to ask you the same questions over and over and stops needing to hold your data itself. Burnell stops asking which email matters. Telkes stops asking which password to unlock. Feste stops asking which collaborators belong on which project. Clachan stops asking who should see a post. Agnesi already knows — because you told it, once, in a place no one else can read.
A browser extension that handles tracking cookies the way they deserve: feeds them garbage, lets sites work normally, leaves trackers with no real data about you.
Sara, Helen, Maya, Marcus, Devansh, Alex — anyone, anywhere, who's ever clicked through a cookie banner without reading it, then noticed the same pair of shoes following them around the internet for three weeks. This is the most universally-installable tool in the lineup. It fixes something everyone finds annoying.
The current options for tracking cookies are bad. Accept them all and you've consented to being followed everywhere. Block them and half the internet stops working — the comment section breaks, the cart empties, the recipe site demands you accept before showing you the recipe. Existing tools (uBlock, Privacy Badger) just block, which is why they have small audiences: they break too many things.
Crumbox takes the third option. It sends the cookies the sites demand, but populates them with poisoned values — stable enough that sites work normally, false enough that trackers learn nothing real about you. Your bank's cookies pass through untouched. Ad-tech trackers get lies. News sites get something in the middle. Each domain treated according to its actual purpose.
On its own, Crumbox uses a sensible default policy. With Agnesi underneath, it gets smarter automatically: it knows when you're on your work laptop versus your personal one, treats banking domains differently when you're actually banking, and respects the boundaries you've already drawn between contexts. You don't have to configure any of this — Agnesi already knows.
A password manager that pays attention to which mode you're in. Your work logins stay locked when you're not at work. Your bank doesn't auto-fill on a strange WiFi network. Your kid's iPad can't get to anything sensitive.
Everyone. Genuinely. Sara, who juggles 50+ work logins. Helen, whose Chrome saved-passwords list is approaching 200. Marcus, with client passwords mixed in with personal ones, one phishing email away from a disaster. Maya, whose GDPR-aware EU clients refuse to share credentials over Slack. Devansh, whose ten-person team shares logins on a sticky note. Alex, who already uses Bitwarden but is open to something better. Telkes is the second tool we expect a new user to install, after Crumbox, because passwords are universally a mess.
Every password manager is essentially the same: a vault that unlocks with a master password and shows you everything. Telkes is the first that asks a second question: "in what context are you trying to use this credential right now?"
Your work AWS keys aren't even visible when you're in personal mode. Your bank login requires a fingerprint check even when the vault is open. Your kid's Disney+ login on the iPad is the only thing the iPad sees. The vault stops being a single box of secrets and starts being a small, attentive assistant that's actually paying attention to what you're doing.
Telkes is the clearest illustration of how this works. Telkes is contextual credentials, and Agnesi is what supplies the context. Telkes works fine without Agnesi (it's a real password manager), but with Agnesi installed it suddenly knows when you're at home versus at work versus on a flight versus using a friend's computer, and behaves accordingly — without you ever filling out a settings page about it.
Named for Mária Telkes, the Hungarian-American solar engineer whose contributions to the postwar solar house project were systematically credited to her colleagues. A pattern this whole portfolio borrows its naming from.
A smarter email client that learns what you actually care about — and runs the AI for that learning on your machine, not in Google's data center.
Anyone whose inbox has more newsletters in it than people. Sara, drowning in vendor email at work. Marcus, juggling four clients across two email accounts. Helen, who switched to Substack writing and now wonders who's reading her drafts. Maya, whose Dutch clients are nervous about Gmail under the EU-US data flow uncertainty. Devansh, whose business email is technically still on Gmail and probably shouldn't be given his clients' data residency requirements. Anyone who's tried Hey, SaneBox, Superhuman and bounced off the cost, the lock-in, or the cloud trust gap.
Your email is the second-most-revealing dataset about you, after your search history. Who emails you, how often, what they prioritize — these signals are valuable. Gmail and Outlook extract them and use them to train their own algorithms. You get filtering you didn't choose; they get the data. Burnell inverts this. You keep the signal. You keep the filtering rules. The AI that classifies your mail runs on your own machine.
It works with any IMAP account — Gmail, Fastmail, ProtonMail, iCloud, your work email, your domain — because you shouldn't have to switch providers to leave the extraction model. Ships as a polished, branded Thunderbird distribution. Familiar interface, totally different posture.
With Agnesi underneath, Burnell learns which contexts your accounts belong to and routes accordingly. Work mail in personal time is summarized, not interrupting. Personal mail in work mode is preserved but quiet. Sender trust scores feed back into your Agnesi trust graph, so when Clachan eventually decides who should see your social posts, it already knows who you actually talk to versus who's just talking at you.
A complete writing environment that replaces the four-tool stack (Scrivener + Sudowrite + Plottr + Obsidian) every serious writer pieces together — and keeps your manuscript on your own machine, where it belongs.
Helen, writing her first novel evenings and weekends. Marcus, who's working on a fantasy series while paying the bills designing for clients. Alex, scribbling fiction in Google Docs and quietly aware they shouldn't be. The Madrid-based screenwriter pitching to Netflix. The London journalist working on a sensitive piece who can't risk OpenAI training on their drafts. The TV writers' room that wants to leave Final Draft. The ghostwriter under NDA. The screenwriter trying to figure out if AI helps or hurts.
Anyone, in short, who writes and has felt the strange new pressure of the AI era: this is a tool, and also a threat to my work appearing in someone's training data.
Feste is a digital audio workstation for writing. Every concept in the writer's workflow has a clean DAW analogue — and where the analogue exists but the workflow doesn't, Feste builds it. Tracks become plotlines and POV arcs. Plugin presets become prompt patches. Comping becomes line-by-line take selection across AI proposals. Automation lanes become drawable tension and pacing curves. Sidechain inputs become per-scene context pins.
You install it on your machine. You write entirely offline if you want. You sync to the cloud only when you want. Your prose never has to leave your computer. Pick the AI provider you trust — Claude, GPT, Gemini, or one that runs on your own machine (Ollama, LM Studio). The choice is yours, every time.
For a working writer, Feste alone is a major upgrade. With Agnesi underneath, the upgrade compounds: collaborators on the family-history project see different things than the ones on the spec script; AI providers see only what you've authorized for that project; the writers' room you joined for season 2 doesn't see the personal essay drafts living in the same app. Same software. Cleaner boundaries. None of it required you to set up a permissions matrix.
A social network where you post to specific people, not to The Algorithm — and where bad actors can't reach you because the only way in is through someone you actually know.
Anyone who's hovered over the "post" button on Instagram and wondered who's going to see this. Sara, who'd love to share kid photos but not with her former boss. Helen, who'd love a real book-club community without the Facebook surveillance. Marcus, who's tired of LinkedIn but still wants to share design work with his EU design network. Maya, who wants to share rough sketches with three trusted designers without it leaking into her LinkedIn feed. Alex, who runs four Instagrams because audience-collapse is unbearable. Every adult with a complicated set of relationships and one button labeled "share."
Federated social (Mastodon, Bluesky) solved decentralization but didn't solve trust. Crypto social (Lens, Farcaster) decentralized the wrong layer. Clachan is the missing piece: the people who see your stuff are people you have actually said you trust, and bad actors are structurally locked out because the only way into your feed is through someone you know.
Scottish Gaelic for small hamlet. You create or join named communities — kids' school parents, college friends, the dinner-party group, the cycling crew. You post to a community, not "to your followers." Content is routed through your Agnesi trust graph. Feeds are chronological. There is no algorithm.
Clachan only works if Agnesi has tens of thousands of users with real trust graphs already drawn. Building a trust-graph-routed social network without an installed base of trust graphs is a cold-start problem with no good answer. So Clachan is the natural end-state of the architecture, not its starting point. Earliest realistic build window: 2027, after Agnesi has settled into mainstream installs through the other tools.
The interim plan: RSS bridging. Existing newsletters and feeds get seeded into communities. Real high-trust groups (book clubs, cycling crews, research circles, neighborhood listservs) bring their relationships with them. The classic empty-network problem is what we're designing around from day one.
A small wallet that holds the things your AI tools have learned about you — so you can take that knowledge with you when you switch providers, and so no single AI company gets to own your context.
Sara, who uses ChatGPT for work but also asked it personal questions she now regrets. Marcus, who tried Claude for design work and then realized he'd been pasting client briefs into the chat. Helen, who's started using AI for editing and is uneasy about what it now "knows." Maya, whose AI-tool questions are now part of someone else's training data and possibly subject to whichever jurisdiction stores it. Alex, who lives in AI tools and switches providers casually but loses everything every time. Anyone who's started seeing the "memory" feature in ChatGPT, Claude, Copilot, or Gemini and quietly wondered: who actually owns that?
Right now, every AI tool you use builds its own little profile of you. ChatGPT has its memory. Claude has its preferences. Each company holds the knowledge of who you are inside their walls — and the second you switch to a competitor, it's gone, because they don't share. You can't take "the AI version of yourself" with you.
Sequentem flips the model. The AI memory lives in your wallet, on your machine. AI providers request access to it. You hold the master copy. When you switch from ChatGPT to Claude, your context comes with you. When a new AI provider arrives that you want to try, your existing AI history is portable. The AI vendor becomes a renter of your memory, not its owner.
Sequentem is structurally an Agnesi-dependent product — it uses Agnesi to decide who's allowed to read what. For users, that means installing Sequentem is also a path to installing Agnesi. For AI tool vendors, it means there's finally a privacy-respecting standard they can build against without having to roll their own infrastructure.
For anyone who has to log into a server, transfer files, or run a VPN: a single, polished tool that does it all safely, without the credential mess most of these tools leave behind.
This one's the most technical tool in the lineup, and we don't pretend otherwise. But the consumer isn't an enterprise sysadmin — it's:
If you've ever typed ssh user@server, this is for you. If
you haven't, you can skip this tool entirely.
Logging into remote servers is dangerous mostly because the tools we use for it weren't designed with safety in mind. Your SSH keys get scattered across folders. Your terminal app has full access to all your secrets. There's no audit trail of what you did. If your laptop is compromised, your servers go with it.
Bealach (Scottish Gaelic for mountain pass) treats every server login as a deliberate crossing — explicit, witnessed, reversible. Your SSH keys live in a small, separate vault that the rest of your machine can't touch. New connections show a clear "are you sure?" gate with a fingerprint check. Every session, every key use, every file transfer is logged.
Bealach without Agnesi is a much better SSH client. Bealach with Agnesi understands which mode you're in: your production keys are simply unavailable on a Friday night, your personal homelab key is hidden during the workday. You don't toggle anything. Agnesi already knows what you're doing.
This pairing — Bealach + Telkes, both anchored by Agnesi — is also the natural enterprise upsell for OpenFoundries down the line. But that's a downstream story. The product, today, is for the consumer who happens to log into a server.
A free, open-source bridge that lets AI agents and other apps talk to the OpenFoundries stack — through Agnesi, always with permission.
You won't think about Tàth, but every AI tool you use will. It's the plumbing that lets a chat agent ask Telkes for a credential, or ask Sequentem for your travel preferences, or ask Burnell who you actually trust — through one consistent gateway, with Agnesi gating every request.
For consumers, Tàth's existence means that the AI assistants and agentic tools arriving over the next few years can plug into your sovereign stack instead of the extraction-based cloud. For developers, it means there's a single, free, open standard to build against. For OpenFoundries, it means the portfolio is MCP-native by default in a world where AI agents are the new clients of everything.
Scottish Gaelic for "to weld together." That's the job.
If you install one of these tools, you've solved one problem. Crumbox kills the cookie banner whack-a-mole. Telkes ends the password sticky-note. Burnell makes your inbox livable again. Feste lets you write without sending your manuscript to an AI training pipeline. Each tool is, on its own, worth the install.
If you install three or four, something more interesting happens. The Agnesi foundation that each one quietly nudges you toward starts coordinating them: your password manager knows when you're at work and stops showing personal credentials; your email knows which trust circles to defer to; your writing app knows which collaborators belong on which project; your browser knows when to be paranoid and when to relax. You didn't sit down one weekend and "configure your digital life." You just kept solving small annoyances, and the foundation grew underneath.
That's the entire thesis of OpenFoundries. Don't sell sovereignty. Sell fixed annoyances. Sovereignty is the cumulative result.
You're already using AI more than you used it a year ago. So is everyone in our persona list. The discomfort about how much "the AI" knows about you is real and is becoming mainstream. Sequentem and Tàth are how the OpenFoundries stack handles that:
| What an AI agent needs | What the OF stack provides |
|---|---|
| Memory of you across sessions | Sequentem — your wallet, you choose what's released |
| Credentials to do something on your behalf | Telkes — tier-gated, audited, revocable |
| Access to your infrastructure | Bealach — short-lived sessions, fingerprinted, logged |
| To read your email | Burnell — locally, never to an extraction cloud |
| To act on the web for you | Crumbox — per-domain policy by context |
| Permission to do any of the above | Agnesi — the only thing that can say yes |
Today's AI agents do these things by being given the keys to the kingdom. The OpenFoundries stack does them by being asked, every time, through a doorway that you control.
The portfolio has two halves. OpenFoundries — brass, warm, the commercial maker — builds and sells the consumer tools. Cadastral Commons — verdigris, the patina that develops on brass over time — stewards the foundation. Agnesi the protocol lives at Cadastral Commons, free, open-source under GPL-3.0, governed openly. Agnesi the product, and everything built on it, lives at OpenFoundries.
This isn't a marketing structure. It's a structural commitment that the substrate cannot become an extraction point even if OpenFoundries wanted it to. Anyone can audit the code. Anyone can fork it. Anyone can take their Agnesi data and walk away. That promise is what makes the rest of the thesis honest.
Any one of these is a sustainable business. The structure says all three are reachable from where the portfolio stands today.
The most important objection to the OpenFoundries thesis is one this document has, until now, danced around. A reasonable reader asks:
Even if I install Agnesi, what good is it? Google doesn't speak Agnesi. Substack doesn't speak Agnesi. My bank doesn't speak Agnesi. I'd just end up maintaining Agnesi and my Google account, and my Apple ID, and my Substack login. That's more work, not less.
The objection is real. It has a real answer — five of them, actually, and any one of them would be enough on its own for the thesis to hold. Together they're the reason we believe the rest of the internet doesn't need to rebuild itself for OpenFoundries to work.
You don't need Google to support Agnesi. Burnell connects to your Gmail through standard IMAP and does its triage on your machine — Gmail just sees a normal mail client connecting in. Crumbox sits between your browser and every site you visit, poisoning the cookies before they leave your computer. Telkes autofills credentials into any login form, anywhere, the same way 1Password and Bitwarden already do. Sequentem holds your AI's memory of you locally while you carry on using ChatGPT or Claude. The tools do the bridging work. The rest of the internet doesn't have to know Agnesi exists for Agnesi to be doing its job for you.
This isn't a "quit Google" plan. You keep your Gmail. You keep Substack. You keep Netflix. Agnesi sits beside those services, holding the things about you that matter (preferences, contexts, who you trust), and the OpenFoundries tools apply those preferences as you go about your business inside the existing internet. The switching cost isn't "rebuild your digital life from scratch." It's "install one small tool and notice it feels better."
This is the same model as Signal (you still have a phone number for emergencies), Bitwarden (you still have all your existing logins), or an ad blocker (you still browse the same web). Each one adds a layer that makes your existing setup work the way you'd want — without making you leave.
Model Context Protocol — the standard Anthropic and others are pushing for how AI agents access tools and data — is on track to become the default way AI assistants do anything on your behalf. Every agentic workflow, every "let the AI book this for me" feature, every "memory" plugin in ChatGPT and Claude and Gemini being built right now will, within 2–3 years, run on MCP.
Tàth exposes Agnesi as an MCP server. As MCP adoption grows, Agnesi becomes a strong candidate for the default user-permission layer that AI agents reach for when they want to act on a user's behalf. This isn't a moonshot — the AI industry is explicitly converging on MCP as the open standard. Agnesi is positioned to be the open-source identity-and-consent layer those agents call. We don't need to convince Anthropic or OpenAI of anything; we just need to be ready when their agents need somewhere to ask "is this person OK with this?"
GDPR, the EU AI Act (in force since 2024), the Digital Markets Act, India's DPDPA, the UK's Online Safety Act updates, CCPA, and the patchwork of US state-level laws all assume an architecture where users can see, port, correct, delete, and grant consent programmatically. Right now, services try to meet that bar with broken Data Subject Access Request forms, cookie banners nobody reads, and enterprise consent management platforms that cost six figures a year per platform.
As enforcement tightens (GDPR enforcement spend roughly doubled in 2024), services will need a real programmatic layer to plug into. Agnesi — open-source, free, audited, user-controlled, and already in users' hands — is the lowest-friction option. The portfolio doesn't need to convince Meta to adopt Agnesi. It needs to be ready when Meta's legal team is told they need a consent layer that actually works, and the open-source one their users already have installed costs less than the proprietary alternatives.
Once Agnesi has a meaningful installed base — somewhere between fifty and a hundred thousand users — three things happen in sequence:
The switching cost is as low as we can possibly make it. You don't quit anything. You don't change providers. You install one small tool that fixes one annoyance. It works on day one. It brings a foundation along with it, free. Over time, the foundation does more — as you install more OpenFoundries tools, as the AI ecosystem standardizes on MCP, as regulation forces incumbents to adopt the same kind of user-consent layer we've already built and given away.
We can't make the cost zero. We won't pretend we can. But we don't need the rest of the internet to rebuild itself for any of this to work — we need it to keep doing exactly what it's doing now. The portfolio does the bridging work, locally, between you and the services you already use. The federation flywheel and regulatory pressure take care of the rest, on a timeline measured in years, not decades.
| Tool | Stage | Status |
|---|---|---|
| 🆔 Agnesi | Phase 4 ZKP | Full SwiftUI surface shipped: multi-identity, contacts two-pane, 3-ring trust graph, disclosure handshake, audit-log scrub. Cross-process daemon complete. ZkpPreferenceStore landed. |
| 🏔️ Bealach | v1 + UI redesign shipped | Apple Network Extension entitlement landed (long-lead blocker cleared). System extension migration complete. Open structural work: Xcode multi-target rebuild, BealachHelper SMAppService, macOS 26 test machine. |
| 🔐 Telkes | Well past MVP | Full password-manager feature surface shipped: 6 credential kinds, folders, browser extension, Authenticator view, import wizard. P2P sync 4/6 sub-issues done. Deferred: team vaults. |
| ✉️ Burnell | Pivoted to Thunderbird Tier 2 | Original Rust-IMAP-from-scratch plan replaced with branded Thunderbird ESR distribution + Rust classifier daemon + Thunderbird MailExtension. Q3 2026 kickoff. An independent research harness has validated the classification approach against 240k+ emails — that work informed pipeline design but is not part of the OF portfolio. |
| 🪙 Crumbox | MVP epic closed | Policy engine, MV3 interceptor, BLAKE3 fake-value generator, IndexedDB audit log, popup UI, Playwright E2E all done. Awaiting Chrome Web Store submission. Next: tracking-pixel blocking. |
| ✍️ Feste | Core platform feature-complete; productizing |
~100+ tickets closed in May 2026: TipTap editor + revision
history, screenplay support, wiki-links + force graph, corkboard,
MCP server, multi-tier LLM routing, Scrivener import. Pivoted
2026-05-19 from self-hostable to local-first installed app over
feste-core Rust crate + SwiftUI on macOS. Public
launch target Q2 2027.
|
| 🧠 Sequentem | Sprints 0–3 complete | CLI + real-stack E2E (real Agnesi + real Telkes + real FileBlobStore, no mocks at any seam) + audit-readiness docs shipped. Pure Rust, no GUI yet. Distribution gated on Tàth. |
| 🔗 Tàth | Backlog | 4-sprint plan scoped: scaffolding → Agnesi + Bealach surface → Sequentem + Telkes surface → HTTP/SSE transport + OSS release. Sprint 0 kicks off once Agnesi Phase 4 stabilizes. |
| 🏡 Clachan | Concept stage | Q1 2027+. Hard dependency on Agnesi Phase 4 stable. Architectural decisions made (Reed-Solomon erasure coding k=3/n=4, BitTorrent DHT, ZKP gating); implementation deferred until the substrate can carry it. |
OpenFoundries is a consumer-first business. Every dollar in the rollup below assumes that Sara, Marcus, Helen, Maya, Devansh, and Alex — and the millions of people like them, in Spain and Germany and the UK and the Netherlands and India and the US and everywhere in between — install at least one of the tools, like it, and bring Agnesi with it. Enterprise tiers exist (developer/security bundle through Bealach + Telkes, creative-team tiers through Feste, compliance bundle through Burnell) but they're downstream of consumer momentum, not parallel to it.
Feste's addition reshapes the portfolio. At mid-case it becomes the single largest line, widening the story from "privacy tooling" to "privacy and creativity tooling for everyone." The thesis still holds.
| Year | Bealach | Telkes | Burnell | Feste | Sequentem | Crumbox | Total |
|---|---|---|---|---|---|---|---|
| Y1 | $60k | $20k | $20k | $80k | $5k | $10k | $195k |
| Y2 | $200k | $80k | $80k | $500k | $25k | $50k | $935k |
| Y3 | $500k | $200k | $250k | $1.5M | $80k | $120k | $2.65M |
| Y4 | $900k | $400k | $500k | $2.8M | $200k | $200k | $5.0M |
| Y5 | $1.4M | $600k | $800k | $4.0M | $400k | $350k | $7.55M |
Y5 mid is $7.55M ARR. The bull case is $12–15M and assumes one of the tools breaks out (Crumbox, Telkes, or Feste are the most likely candidates) and one privacy-mandate vertical adopts (healthcare, legal, journalism, or therapy). The worst case is $1.8–2.5M and assumes Feste caps at the pre-pivot floor and the enterprise bundles never attach. None of these numbers work without consumer adoption. Small wins compounding into the shared foundation is the precondition for everything else.
Scenario range, hiring schedule, what changed with Feste, and the honest call on the bull case: see Appendix A.
This appendix exists for readers who want to look at the assumptions behind the Section 7 rollup. Scenario range, the case for and against the mid number, the change Feste introduced, the hiring schedule, and the honest call on the bull case.
| Scenario | Y5 ARR | What it assumes |
|---|---|---|
| Worst case | $1.8–2.5M | Bealach stalls at individual tier; Telkes can't attach to enterprise; Burnell rebuild slips; Feste caps at $1.5M (the pre-pivot floor); Sequentem and Crumbox never find a paid wedge. |
| Mid case | $7.55M | The rollup in Section 7. Feste delivers on the local-app pivot; the Bealach + Telkes developer bundle finds an enterprise anchor by Y2–Y3; at least one privacy-mandate vertical adopts. |
| Bull case | $12–15M | Feste catches the indie-author wave at scale; Bealach + Telkes lands an enterprise anchor; Tàth + Sequentem catches the agent-infrastructure wave; one privacy vertical (healthcare, legal, journalism, or therapy) standardizes on Burnell or Feste. |
| Year | Solo ARR | Phased ARR | Team EOY | Payroll | % of ARR |
|---|---|---|---|---|---|
| Y1 | $195k | $195k | 1 (founder) | $0 | 0% |
| Y2 | $935k | $1.0M | 1 + contractor | $40k | 4% |
| Y3 | $2.65M | $3.2M | 3–4 FTE | $340k | 11% |
| Y4 | $5.0M | $6.5M | 5–6 FTE | $820k | 13% |
| Y5 | $7.55M | $10M | 7–9 FTE | $1.4M | 14% |
Payroll stays at 11–14% of ARR through Y5 — better than the privacy-only portfolio's 19–21% because Feste's volume scaling on Sync-tier subscriptions has lower marginal labor cost. Hires still trigger by ARR threshold, not calendar.
Y5 mid at $7.55M assumes Feste delivers on the local-app pivot, Bealach finds an enterprise anchor by Y2, and at least one privacy-mandate vertical adopts. None of those are unrealistic, but none are automatic.
The $60M+ conversation from earlier portfolio reviews remains a Y7–Y8 outcome contingent on Series A capital, full team build-out by Y4, and either the agent-infrastructure path or the privacy-mandate vertical path hitting hard. The architecture supports it. The bootstrapped solo path does not. Choosing between the two is a future decision, not a 2026 one.