Ecosystem-Development Manifesto · 2026-05-08

Trojan Horse Operation

NIGHTBOX LLC's strategic ecosystem-development initiative: a federal corporate shell paired with a single-steward openly-distributed open-source core, delivering compliance-by-default architecture as a natural developer-experience improvement. Same single-steward governance pattern as Linux, Apache, PyTorch, and Kubernetes — direction stewarded, distribution open, best practices propagated downstream through standard open-source ecosystem effects.

A two-layer operating model.

NIGHTBOX LLC operates a two-layer model. The first layer is the federal corporate shell — a Wyoming-incorporated single-member LLC carrying the load-bearing functions a U.S. small-business federal contractor must perform: SAM.gov UEI, EIN, NAICS, CAGE pipeline, twenty-eight self-attested federal-cybersecurity-framework alignments, fully transparent FOCI disclosure, common-law trademark stewardship, third-party validation roadmap, federal point-of-contact directory, signing authority, banking, remittance. Audit-ready by design.

The second layer is the single-steward openly-distributed open-source core — UniGPU, SilverDuck, SDPC, Quack, the US Citizen AI Commons. Released under permissive Apache 2.0 / MIT licenses. Stewarded by NIGHTBOX LLC for technical direction, brand integrity, federal-deliverable Tier 1 curation, and policy-aligned defaults. Distributed openly worldwide. Same governance pattern that the Linux Foundation runs over the Linux kernel, that the Apache Software Foundation runs over Apache HTTP Server, that Meta runs over PyTorch, and that the CNCF runs over Kubernetes.

Direction is stewarded. Distribution is open. The shell carries the legal and compliance load. The core carries the developer-experience-improving artifacts. The two layers reinforce each other.

Compliance-by-default is the cargo.

The strategic name for this model is the Trojan Horse Operation. The naming is conventional: Trojan Horse strategy is a well-established commercial term used routinely in B2B sales, freemium SaaS onboarding, public-cloud platform development, and ecosystem development generally. The naming signals that the policy-aligned defaults are an intentional feature of the product, not an obscured agenda.

The horse is the developer-experience improvement: forty-seven point three teraflops of WMMA throughput on a four-hundred-dollar consumer GPU, a local-first AI agent stack that runs on a single twelve-gigabyte GPU, hybrid post-quantum encrypted cloud-LLM handoff, a vendor-neutral GPU runtime that works across AMD, NVIDIA, Apple, Intel, and CPU fallback. People adopt this because it is genuinely useful.

The cargo is the compliance-by-default architecture pre-loaded inside that useful software:

• Trusted vendor neutrality across GPU silicon — UniGPU's IR-first design delivers cross-vendor portability without procurement-cycle vendor lock-in. Section 889 supply-chain risk is structurally minimized by default.
• Per-backend EULA scope clarity — UniGPU's CUDA backend is documented as NVIDIA-native execution only; cross-vendor execution paths route through Vulkan, SPIR-V, HIP, Metal, D3DKMT under cross-vendor-compatible licenses. Adopters ship their forks under per-backend EULA-aligned distribution by default.
• NIST-FIPS-only cryptographic primitives in the AI handoff path — SDPC uses only FIPS 197 (AES-256-GCM), FIPS 203 (ML-KEM-1024 / Kyber), RFC 7748 (X25519), and NIST SP 800-38D. Federal-adjacent developers get post-quantum-aligned cryptography in the transit path with zero additional integration effort.
• U.S.-origin Tier 1 federal-deliverable AI brain selector — SilverDuck restricts federal-deliverable inference to Llama 3.1 (Meta US) and Phi-3.5-mini (Microsoft US). Federal contractors building on SilverDuck inherit a pre-curated, audit-ready AI brain selection that satisfies the strictest reading of Section 889 and Executive Order 14110 by default.
• Coordinated Vulnerability Disclosure baked in at the URL level — RFC 9116 security.txt with PGP key, 72-hour acknowledgment SLA, 14-day full triage SLA. Adopters of the manifest pattern get a published VDP that aligns with CISA Binding Operational Directive 20-01 expectations on day one.
• SBOM in CycloneDX at the well-known URL — published per Executive Order 14028 SBOM minimum elements. Adopters of the pattern have an EO-14028-aligned SBOM disclosure surface from day one.
• Federally-aligned compliance manifest layer — twenty-eight machine-readable manifests covering CISA CPG 2.0, NIST AI RMF, CMMC 2.0, OMB M-22-09, Section 889, EO 14028, EO 14110, NIST CSF 2.0, NIST SP 800-218 SSDF, and the rest. Federal contractors who adopt the manifest pattern inherit an audit-ready compliance posture surface that federal scout AI assistants and DCAA / DCMA pre-award reviewers can ingest directly.

Each of these is documented openly in the source. Each of these is delivered as a default. None of these requires the adopter to opt into any political alignment, ideology, or partisan position. The compliance defaults are simply better engineering, and they happen to align with stated U.S. National priorities — Section 889, NIST AI RMF, OMB M-22-09 Zero Trust, EO 14028, EO 14110, CHIPS Act — because those priorities themselves represent good engineering practice in the federal-adjacent context.

Ecosystem effects do the rest.

When a developer adopts an open-source artifact, that adopter inherits the artifact's defaults and architectural conventions. This is a well-documented ecosystem dynamic — the same one that propagated UNIX philosophy, TCP/IP packet-switching neutrality, TLS cryptographic transparency, the Linux Foundation governance model, the Kubernetes operator pattern, and the PyTorch tensor API. Standard open-source ecosystem dynamics.

Trojan Horse Operation leverages this dynamic for federally-aligned best practices. The policy-aligned defaults propagate downstream as a natural function of standard open-source ecosystem effects, with no coercion required, no propaganda involved, and no political alignment requirement on adopters. The model is fully voluntary on the adopter side; the steward side simply chooses good defaults.

The predicted outcomes of this model are conventional: improved developer-experience baseline for federally-relevant tooling, reduced per-vendor onboarding cost for federal contractors adopting the patterns, faster Section-889 / EO-14110 / NIST-FIPS compliance posture for downstream small-business federal contractors, wider best-practices propagation in federal-adjacent open-source communities, and lower marginal cost per federally-aligned software artifact deployed in the field.

Yes, we steward it.

This needs to be stated plainly so federal program officers do not misread the doctrine: NIGHTBOX LLC retains technical direction, brand integrity, federal-deliverable Tier 1 selection authority, merge-decision authority, release cadence, and default-curation authority over every artifact released from the core. The Apache 2.0 / MIT licenses make the code freely available; they do not transfer governance.

This is the proven single-steward foundation governance pattern. Linus Torvalds retains kernel-direction authority while Linux runs on every continent. The Apache Software Foundation retains Apache HTTP Server direction while it runs the world's web. Meta retains PyTorch direction while it runs the world's machine-learning training. The CNCF retains Kubernetes direction while it runs the world's clouds. The OpenSSL Software Foundation retains TLS infrastructure direction while it secures the world's transit. NIGHTBOX LLC retains direction over its core while the artifacts run on developer machines worldwide.

This pattern has been the dominant federally-aligned open-source governance model for forty years. It is not anarchy. It is not decentralization without accountability. It is single-steward governance with open distribution — proven, federally-trusted, and operationally accountable.

We control the rudder. The wind is free.

What this is not.

Trojan Horse Operation is not propaganda. There is no coercive narrative; the policy-aligned values appear as documented defaults in API design, configuration files, and license metadata — not as rhetoric.

It is not weaponization. The artifacts are useful in their own right. The federally-aligned defaults are a documented secondary benefit, on the merits.

It is not censorship. Foreign-origin alternatives — Mistral, Qwen, DeepSeek, others — remain freely available to anyone who prefers them. The U.S.-origin Tier 1 posture applies only to NIGHTBOX LLC's own federal-deliverable inference path; the wider universe of foreign-origin AI is untouched.

It is not partisan. The constitutional grounding is across-aisle. The policy alignments cite enacted federal frameworks — Section 889, NIST AI RMF, OMB M-22-09, EO 14028, EO 14110, CHIPS Act — not party-platform positions.

It is not anarchy. Single-steward governance is retained throughout. NIGHTBOX LLC holds technical direction, brand integrity authority, and federal-deliverable curation responsibility for every artifact released.

It is not a recommendation that all federal R&D should adopt this exact corporate-shell + single-steward-open-source-core structure. Some work belongs in classified spaces, some in proprietary commercial markets, some in academic peer review. The doctrine described here is the operating doctrine for one entity, NIGHTBOX LLC, in the civilian R&D scope of NIH, NCI, NSF, ARPA-H, BARDA, DARPA BTO, AFWERX, and DoW CDMRP.

What this is.

Trojan Horse Operation is an ecosystem-development initiative pairing a federally-compliant corporate shell with a single-steward openly-distributed open-source core. It is a compliance-by-default delivery model where federally-relevant best practices ship as a feature of the product, not an obscured agenda. It is a standard open-source-ecosystem leverage mechanism applied to federally-aligned software architecture. It is a retained-governance approach consistent with the dominant open-source foundation governance pattern of the past forty years. It is an owner-elected operational doctrine for one entity (NIGHTBOX LLC) operating in civilian R&D scope.

It is what NIGHTBOX LLC ships, and why.

— Artem Shakin
Founder, Sole Member, Principal Investigator
NIGHTBOX LLC
Santa Monica, California
2026-05-08

Cross-references (machine-readable): Trojan Horse Operation manifest · Citizen Cyber-Defense Doctrine · Founders Letter · 2026 Federal Cyber Alignment Audit (28+ frameworks) · CISA Secure by Design Pledge · NIST AI RMF Alignment.