Sovereign Suite (Software) | Sovereign Stack

The Universal Mesh Platform

ss-node-os (The Foundation)

Universal Sovereign AI Mesh: The foundational, hardened Debian operating system designed for digital sovereignty. It eliminates OS-specific network friction and features a unique Local Control Plane for unified management.

This OS treats every node—from a local NUC to an ephemeral Confidential VM—as a first-class citizen in a Zero-Trust mesh.

* Note: ss-node-os is the exclusive focus of the Release 0 Alpha. Access is limited to select infrastructure and platform engineers.

Sovereign Stack Single Node Architecture

Layer 1: Core Infrastructure Services

ss-idm (Identity)

Tech: Kanidm

The Kanidm-powered Zero-Trust SSO authority. Provides unified identity management and RBAC across the entire mesh, replacing Active Directory or Okta dependencies.

ss-nfsd (Storage)

Tech: ZFS + NFS

The highly-tuned distributed storage mesh. Ensures N+2 resilience and automatic data replication across all nodes in the cluster.

ss-dns (Network)

Tech: Dnsmasq

Localized DNS and DHCP routing. Ensures internal cluster traffic remains air-gapped from external networks while managing microservice routing.

Layer 2: Virtualisation Fabric

ss-vcrate (Docker)

Tech: Docker Engine

The secure container runtime engine. Optimized for running the lightweight, ephemeral microservices that power the application layer.

ss-vkennel (LXD)

Tech: LXD / Incus

System container and virtual machine manager. Provides fully isolated OS environments for workloads requiring deep root access without compromising the host.

ss-vpaddock (K3s)

Tech: K3s Kubernetes

The lightweight Kubernetes orchestrator. Manages complex deployments and self-healing for higher-tier enterprise applications.

Layer 3: The Sovereign Suite

ss-appforce (The Unifying Layer)

Tech: Orchestration Sidecars

The critical integration bridge that wraps identity, storage, and networking into a single, homogenized deployment model. It provides the standardized fabric upon which all end-user applications execute securely.

🧠 ss-ai (The Brain)

The Core Intelligence. Replaces Copilot / ChatGPT / Claude with a local LLM inference that lives on your hardware. Keep your prompts, context, and proprietary data completely private. Zero leakage. Zero training on your data.

By acting as the central intelligence hub, a privacy-first RAG engine securely augments the capabilities of all other applications in the orbit without external indexing.

🛡️ ss-mail (The Shield)

Replaces Exchange / Gmail with a hardened perimeter for your communications. We block metadata harvesting, strip tracking pixels, and prevent surveillance scanning before it touches your inbox.

🕸️ ss-collab (The Hub)

Replaces SharePoint / Office 365 with encrypted "Customer-Held Keys" file storage and real-time document collaboration. Create, edit, and share without feeding public clouds.

🎨 ss-canvas (The Workshop)

Replaces Miro / Mural with a secure visual R&D environment. Protect your sensitive strategy sessions and whiteboard planning. Your assets are stored as encrypted objects.

⚙️ ss-work (The Engine)

Replaces Jira / Linear with a Fast Flow R&D platform designed for high-velocity teams to build products securely. Features self-hosted automation requiring zero external APIs.

📦 Containerised Apps

Bring your own workloads. The ss-appforce fabric provides standardized deployment for any OCI-compliant container, inheriting Zero-Trust automatically.

🚀 Future ss-products

The Sovereign Suite is continuously expanding. Future modules drop seamlessly into the existing cluster without infrastructure overhauls.

Explore The Stack

↪ The Iron: View Bare-Metal Hardware Tiers
↪ The Proof: Calculate your 25-Year Financial Reality (TCO)