PRE-RELEASE · UNSIGNED · CMD+ZIP+POWERSHELL ONLY
no dates status tokens reflect repository state, not commitments

( 04 ) trajectory

No dates.
Only states.

Each stage carries a status token taken from what the repository can actually prove. A thing is "proven" when hardware evidence exists, "in build" when code exists without hardware proof, and "planned" when only decisions and documents exist.

Now

MVP0 - verified media baseline

proven on hardware

The guarded USB writer validated on a real disposable stick: exact disk-number + serial safety, refusal of wrong targets, and a raw post-write hash that matched the source ISO. This is the foundation everything else stands on.

MVP1 - Windows guided installer

cli proven / gui written

The installer on the download channel: preflight scan, staged handoff bundle, the exact-serial write gate with a durable approval artifact, and the three-tier boot handoff. The CLI write path is hardware-proven; the GUI write path is code with tests, awaiting its first evidence artifact on real hardware.

Next

MVP2 - assistant surfaces on Ubuntu

planned - not built

A desktop/tray app inside the installed system, local action logging as the seed of the audit trail, a dedicated AI browsing profile, and a voice prototype that is lab-only and opt-in with an always-visible indicator.

MVP3 - the OutOS image

direction chosen - build not started

The flagship base moves from the Ubuntu compatibility lane to a signed Fedora Atomic / bootc image: atomic updates, always-bootable rollback, NVIDIA and safe-graphics variants. The installer repoints to the new image through its target manifest - the safety layer does not get rewritten.

Later

MVP4 - the permission broker

vision - hard-gated

The headline: an AI that can actually operate the machine, behind a deny-by-default broker where every privileged action requires explicit human approval and leaves a durable artifact. An audit log that records what really changed - not what the AI meant. This stage cannot start until action logging (MVP2) and rollback (MVP3) are proven, and it cannot ship without a threat model and a tested user-data recovery procedure.

What no stage will do
  • Ship unbounded AI control - the approval gates are non-negotiable.
  • Automate internal-disk shrink, partitioning, or dual boot before its own dedicated, gated stage.
  • Build a from-scratch distro - OutOS borrows a maintained substrate and builds the control plane.
  • Promise dates. When OutOS itself ships, these pages will say so. Until then they say this.