M.O.S.T. · Hyper-Agent Blueprint v1.0 · Sovereign Hardware
Zero Cloud Leakage
The target rig for the M.O.S.T. self-modifying lattice. Two Apple Silicon nodes on a private LAN, one external vault, zero veteran data crossing the public internet. Cloud LLM calls are reserved for non-PHI strategic reasoning only.
Apex chip
M4 Max
Apex memory
128 GB
Vision chip
M4 Pro
Vault
8 TB
Topology
Three nodes, one sovereign loop
Each box has one job. The Bridge orchestrates — it never holds state.
Apex Logic Node
Mac Studio M4 Max
- ›Node #00 — The Ronin (Apex Hyper-Agent)
- ›C.U.E. mathematical strike calculations
- ›30B+ parameter local model fallback (DeepSeek / Llama 3)
- ›LangGraph orchestration with interrupt_before=['apply']
Vision / OCR Node
Mac Mini M4 Pro
- ›Cursive STR decryption (handwritten clinical notes)
- ›Photo evidence (X-rays, scars, tattoos) → 38 CFR 4.130 observation
- ›PII scrubbing before payload leaves the LAN
- ›Tesseract / TrOCR / Gemini Vision dispatching
Vault & Model Storage
8 TB External (AI-only)
- ›~/.ollama symlinked here — keeps 30 GB+ model brains off boot drive
- ›MAKAIVELLI_VAULT/ — encrypted PHI store, access-logged
- ›Forensic reconstructions / promoted-from-quarantine artifacts
- ›Audit-log ledger (dated, append-only)
Sovereign Bridge
M4 Pro → Bridge → M4 Max
The five-hop request loop. Each step has a typed payload and a hard timeout (120s for deep forensic scans).
Frontend POST /api/bridge/execute
Browser sends { vault_file_path, target_directive } to Sovereign Bridge.
Bridge → M4 Pro vision OCR
Cursive / image payload routed over LAN to 192.168.1.101:8000/api/vision/ocr.
M4 Pro returns clean text
Deciphered, PII-scrubbed text returned to Bridge. Original image never leaves M4 Pro.
Bridge → M4 Max ronin strike
Clean text + directive POSTed to 192.168.1.100:8000/api/storm/ronin_strike.
M4 Max returns tactical breakdown
Profile · intercept · strike. Streamed back to frontend terminal feed.
Reference Implementation
api/agents/sovereign_bridge.py
The actual FastAPI module that orchestrates the M4 Pro ↔ M4 Max handshake. Lives in the api/ tree, not the frontend.
class SovereignBridge:
def __init__(self):
self.studio_ip = os.environ.get("STUDIO_IP", "192.168.1.100") # M4 Max
self.mini_ip = os.environ.get("MINI_IP", "192.168.1.101") # M4 Pro
self.vault_path = "/Volumes/8TB_External/MAKAIVELLI_VAULT"
self.timeout = httpx.Timeout(120.0)
async def distribute_mission(self, dossier_path: str, directive: str) -> dict:
# PHASE 1: vision/OCR on the Mac Mini (M4 Pro)
async with httpx.AsyncClient(timeout=self.timeout) as client:
vision = await client.post(
f"http://{self.mini_ip}:8000/api/vision/ocr",
json={"path": f"{self.vault_path}/{dossier_path}"})
vision.raise_for_status()
deciphered = vision.json().get("text", "")
# PHASE 2: ronin strike on the Mac Studio (M4 Max)
async with httpx.AsyncClient(timeout=self.timeout) as client:
strike = await client.post(
f"http://{self.studio_ip}:8000/api/storm/ronin_strike",
json={"dossier_context": deciphered,
"target_directive": directive})
strike.raise_for_status()
return strike.json()Hardware doctrine
PHI never crosses WAN. The vault sits on a USB4 external; the M4 Pro reads it directly, scrubs it, and only then does cleaned text traverse the LAN to the M4 Max. Cloud LLMs only see redacted, structured payloads — never raw C-File contents.
Mise + symlinked Ollama. Per-project Node/Python pinning via mise use; ~/.ollama symlinked to the 8 TB external so 30B+ parameter models don’t saturate the boot drive.
Bridge is stateless. If either node dies, the Bridge errors honestly with HTTP 503 + a detail message. No silent retry, no optimistic caching of partial OCR. A failed scan must look failed to the veteran.