A unified view of identity, AI governance, network control, encrypted communications, and infrastructure health across the Fisher Sovereign ecosystem.
Five product families form a coherent sovereignty stack. Each family addresses a distinct control boundary. Together they eliminate every major dependency on external trust.
Multi-model orchestration with policy enforcement, task routing, data sensitivity classification, and hash-chain audit trails. Local Ollama inference on RTX 4070, cloud Claude as opt-in fallback.
WebAuthn passkey authentication, device trust enrollment, TOTP step-up verification, X3DH key exchange, and approval token lifecycle management. No passwords, no cloud identity providers.
Network device discovery, 13-factor trust scoring, camera monitoring, traffic analysis, D3 topology visualization, and real-time alerting. All data stays on the local network.
End-to-end encrypted P2P messaging with Signal-grade cryptography. X3DH key exchange, Double Ratchet forward secrecy, WebAuthn local vault. Zero-knowledge relay server.
37,500+ lines of governance specification across 30 documents defining: 5-tier approval system, 8 session authority states, intent-based routing, protected path enforcement, and formal approval artifacts.
Reusable platform services shared across all product families: identity and key management, policy engine, encrypted storage, trust scoring, audit trail, and backup/snapshot infrastructure.
Governed AI orchestration across local and cloud models. Every AI action is classified, policy-checked, and audit-logged before execution.
Project resolution, zone permissions, command safety classification, session continuity. Python CLI with 8 zone types and fuzzy matching.
Zero-trust security enclave for local inference. Policy-gated file access, hash-chain audit trail, workspace bridge isolation. No outbound network.
Hybrid local+cloud AI workstation. Multi-provider abstraction (Ollama, Claude, OpenAI-compat), streaming chat, conversation persistence.
Autonomous background worker with 6 specialized agents: scanner, planner, executor, tester, reviewer, monitor. SafetyGuard enforces path sandboxing and rate limits.
37,500+ line specification across 30 documents defining tier system, approval policy, session states, routing rules, agent boundaries, and operational standards.
Intelligence dashboard analyzing 80+ Claude Code sessions. Three.js 3D terrain visualization, D3 heatmaps, hour-of-day work pattern analysis.
Passwordless authentication, device trust management, and cryptographic identity anchoring. No cloud identity providers. No password databases. Hardware-backed keys only.
Single-operator development control plane with VPS-hosted broker, browser console UI, and local Windows agent. All traffic encrypted with mTLS. Writes require explicit approval tokens.
Single-use, time-limited (10-minute TTL), bound to device_id + session_id + payload_hash. Protected path patterns prevent .env, *.key, and credentials.json writes.
X3DH key exchange for session establishment. PGP identity anchoring for long-term identity. Safety numbers for contact verification. HKDF key derivation. Local vault with WebAuthn unlock.
Local-first home infrastructure monitoring. Device discovery, trust scoring, camera feeds, network topology, and real-time alerting. Every byte stays on your network.
ARP scan + ping sweep + nmap integration. Continuous monitoring with automatic trust classification based on 13 behavioral and network factors.
D3 force-directed graph showing all devices, connections, and trust zones. Real-time updates via WebSocket event bus. Interactive zoom and filtering.
Multi-layout camera monitoring supporting RTSP, HLS, and HTTP snapshot protocols. Adjustable grid layout with per-camera settings.
Real-time network traffic analysis via Python/Scapy. Protocol breakdown, bandwidth tracking, anomaly detection with configurable alerting thresholds.
Unified cross-system event stream. Device joins, disconnects, trust changes, alert triggers, and manual actions. Filterable and searchable.
Configurable alert rules with snooze, acknowledge, and escalation. Integrates with device trust scoring and network anomaly detection.
Signal-grade end-to-end encrypted messaging built from first principles. No message storage on any server. Forward secrecy on every message. Biometric-only authentication.
X3DH key exchange establishes shared secrets between previously unknown parties. Double Ratchet provides forward secrecy and break-in recovery. HKDF derives per-message keys. libsodium handles all primitives.
Express relay server routes encrypted blobs between peers. No message content is ever decrypted server-side. WebRTC for direct P2P when both parties are online, relay fallback when not.
Next.js PWA with offline capability. WebAuthn-protected local vault stores private keys. Safety numbers for contact verification. No account creation required on any server.
A production-grade governance framework that defines how AI agents, infrastructure systems, and human operators interact within explicit authority boundaries. Not theory. Enforced policy.
| Tier | Classification | Scope | Approval Required |
|---|---|---|---|
| 0 | Observational | Read, analyze, plan, inspect, report. Default safe posture. | None |
| 1 | Additive | Create new files, directories, branches, configs, documentation. | None (non-destructive) |
| 2 | Controlled Modify | Edit existing files, refactor code, update configs, modify state. | Plan-review-proceed cycle |
| 3 | Destructive | Delete files, force push, hard reset, drop data, irreversible changes. | Formal artifact + exact phrase + op-id + 10min TTL |
| 4 | Governance | Modify governance files, policy changes, authority redefinitions. | All Tier 3 gates + governance-diff validation |
All data processing and inference default to local hardware. Cloud services are opt-in, isolated, and require explicit justification. No implicit cloud dependencies.
Every external dependency is scored on: cloud reliance, vendor lock-in, outage exposure, telemetry risk, portability, and single points of trust failure.
Every state transition, permission grant, and AI decision is logged in append-only NDJSON format with SHA-256 chain integrity. Tamper detection on every read.
Each AI agent operates within explicit authority scopes. Cross-agent relay is logged. Agents cannot execute suggestions from other agents without operator confirmation.