Security & Sovereignty
Six-layer defense-in-depth modeled on biological meninges. Air-gap mode. Zero-trust mesh. Merkle-verified memory integrity. Your data never leaves your hardware.
Defense-in-Depth
Inspired by the three biological meninges that protect the brain. We doubled them.
Perimeter gate. Air-gap toggle. All outbound traffic blocked in sovereign mode.
Policy routing. Provider mode enforcement. Request classification and rate limiting.
Inference contact layer. Local-first execution. Model inputs never serialized to external APIs.
Human-in-the-loop for high-stakes actions. Configurable thresholds per domain and risk level.
Token rotation. Gitleaks CI scanning. Vault integration. Zero secrets in source or logs.
Automated penetration validation against Spoofing, Tampering, Repudiation, Info Disclosure, DoS, Elevation.
Air-Gap Sovereignty
| Mode | Behavior | Network | Use Case |
|---|---|---|---|
| local | All inference on-device | Zero outbound | Sovereign edge, classified environments |
| mixed | Local-first with explicit cloud fallback | Selective outbound | Enterprise hybrid deployment |
| cloud | Opt-in to external providers | Standard HTTPS | Development, non-sensitive workloads |
| air-gap | SPORE_GERMINATING=1 — fully disconnected | No interface | SCIF, submarine, forward operating base |
Every FHRR bind appends a BLAKE3 Merkle leaf. Every recall computes a coherence score. Cross-room leakage is a testable threat — expect zero. Memory integrity is cryptographic, not assumed.
Every mesh envelope is HMAC-SHA256 authenticated. E8-routed peers validate holographic Merkle state. No implicit trust — every packet proves its origin and integrity.
