P3AK

What is P3AK

Platform Overview

P3AK — Private · Encrypted · AI · Kernel. An AI infrastructure platform built for any individual or organization that needs persistent AI memory without cloud lock-in. Three products: an encrypted vault (Rust, AES-256-GCM), an AI data room (TypeScript/Next.js), and an agent orchestration kernel (Linux/Docker). Everything runs on your hardware. Your data never leaves your machine unless you say so. Spoken: PEAK. The 3 encodes E (encrypted), PE (private equity vertical), and three products simultaneously. Works for a person managing their own life, a startup managing their data room, or a Fortune 500 managing compliance. Same encryption. Same kernel. Same control.

Infrastructure

P3AK Vault

Rust

▪AES-256-GCM encryption at rest

▪Argon2id key derivation (RFC 9106)

▪38 formats ingested (Tier 1–3)

▪98% Top-1 hybrid search accuracy

▪509 tests — Rust + Python SDK

▪WAL audit log, hash-linked entries

▪Temporal KG — auto-extracted entities + relationships

▪Self-evolving — linking, strengthening, wake-up context

▪REST API · MCP server (12 tools) · Python SDK

Application

P3AK Room

TypeScript · Next.js 14

▪5 sections per data room

▪Gap analysis with weighted scoring

▪isomorphic-git per company

▪.mdr format — Markdown Data Room

▪Drizzle ORM + PostgreSQL

▪Clerk auth · Anthropic AI pipeline

▪Room → vault push bridge (REST)

Orchestration

P3AK Harness

TypeScript · Pi

▪CREST protocol — 5 phases

▪Focus → Obstacle → Routines

▪→ Gradient → Evolve

▪State Bus (JSONL)

▪Domain agents — CAIO, Counselor…

▪Vault memory via Pi extension

▪Slash commands · skills auto-discovered

BayouClaw — Linux Agent Runtime

What Impressed You

Alpine Docker, per-agent Linux users, Unix domain sockets, seccomp syscall filtering, and a policy engine enforcing the Iron Rule: no agent acts without HITL sign-off. Seven agents. Nine test suites. Fourteen board meetings run in production.

⚙️

One runtime. One engine. One format. BayouClaw IS our runtime — the Linux-native, agents-as-users, seccomp-isolated container model you see below. It runs personal DA workloads (one agent + vault) and regulated-industry workloads (seven+ agents with HITL Iron Rule) from the same codebase. Agent count scales with the use case. Claude Code / PAI is not our runtime — it's Miessler's. We expose our vault to PAI users via an MCP bridge (see Section 10), so they can get encrypted memory without switching runtimes. The bridge is a migration path, not a parallel runtime. Same .vault file everywhere.

Agents

Test Suites

Board Meetings

Isolated Users

Agent Roster

Agent	Linux User	Role	Transport	Seccomp
amber	`p3ak-amber`	Kernel — routes all requests, voice interface	Unix sock	Restricted
ledger	`p3ak-ledger`	Financial analysis, AR/AP	Unix sock	Strict
counselor	`p3ak-counselor`	Legal review, contract analysis	Unix sock	Strict
signal	`p3ak-signal`	Email, calendar, communications	Unix sock	Restricted
scout	`p3ak-scout`	Web research, external data	Unix sock	Strict
architect	`p3ak-architect`	Codebase analysis, technical decisions	Unix sock	Strict
board	`p3ak-board`	Multi-agent synthesis, board meeting engine	Unix sock	Restricted

Request Routing Architecture

01 · ENTRY

HTTP :3000

localhost-only

02 · KERNEL

Amber (kernel)

routing + context

03 · GATE

Policy Engine

auth · rate limit · Iron Rule

04 · TRANSPORT

/run/bayouclaw/*.sock

Unix domain socket

05 · AGENT

Domain Agent

ledger · signal · counselor…

06 · MEMORY

Vault Query

long-term memory

🔌

No HTTP between agents. All inter-agent comms use Unix domain sockets at /run/bayouclaw/*.sock. No network stack exposed. No open ports between processes. Not interceptable from outside the container — this is the architectural advantage over Claude Code's file-based mailbox approach.

Dockerfile Security Model

Dockerfilebayouclaw/Dockerfile

# Alpine Linux — minimal attack surface (~5MB base) FROM alpine:3.19 # Per-agent Linux users — kernel enforces isolation, not code RUN adduser --disabled-password --no-create-home p3ak-amber && \ adduser --disabled-password --no-create-home p3ak-ledger && \ adduser --disabled-password --no-create-home p3ak-signal && \ adduser --disabled-password --no-create-home hitl-daemon # Staging: agents write, cannot list or read outbox RUN chown root:bayouclaw-agents /var/spool/p3ak/staging/email && \ chmod 730 /var/spool/p3ak/staging/email # 730 = root rwx | group wx (write, no list) | others nothing # Outbox: ONLY hitl-daemon can write RUN chown hitl-daemon:hitl-daemon /var/spool/p3ak/outbox/email && \ chmod 700 /var/spool/p3ak/outbox/email # 700 = hitl-daemon only. Agents cannot ls, cat, or modify. # IPC only — no external socket exposure RUN mkdir -p /run/bayouclaw && chmod 750 /run/bayouclaw COPY config/seccomp/ /opt/bayouclaw/seccomp/ ENV GATEWAY_HOST=127.0.0.1 # Gateway: localhost only

⚠️

Gap: Seccomp profiles are defined but coverage analysis hasn't run against each agent's actual syscall pattern. A pen test would identify over-permissive profiles — a hardening priority.

HITL — Human in the Loop

OS-Level Control

The agent cannot bypass this. The kernel enforces it. Every external action goes through a staging directory. Agents have WRITE to staging, ZERO access to outbox. The hitl-daemon is the only process that can move files forward. This is file permissions — not an if-statement.

/var/spool/p3ak/ ├── staging/ ← agents WRITE here (chmod 730 — no list, no read) │ ├── email/ ← {to, subject, body, agent, timestamp, level_required} │ ├── calendar/ │ ├── files/ │ ├── money/ ← Level 5 required │ └── system/ ← Level 3–5 required │ ├── outbox/ ← hitl-daemon ONLY (chmod 700). Agents: zero access. ├── sent/ ← audit trail after relay └── rejected/ ← human said no — kept for review

6 Approval Levels

L0 · AUTO

Autonomous

Executes immediately. Logged, not reviewed.

vault reads, search, file reads, list ops

L1 · VOICE

Voice Approval

Amber asks. Richard says "yes." Fastest approval.

send email, create calendar event, share doc

L2 · TAP

Tap Approval

Push to phone. Tap APPROVE or DENY. No voice needed.

file shares, uploads, email delete, git push

L3 · PIN

PIN Approval

4-6 digit PIN on phone. Adds knowledge factor.

delete files, sensitive docs, deployments

L4 · BIOMETRIC

Biometric

Face ID / Touch ID. Proves the human is present.

financial actions, legal signing, vault rekey

L5 · MFA

Multi-Factor

Biometric + PIN. No crawfish window. Confirm twice.

money transfers, vault destruction, prod deploy

HITL Policy (abbreviated)

YAML/opt/bayouclaw/config/hitl-policy.yaml

# Read ops — always L0, no gate read: vault_search: { level: 0 } email_read: { level: 0 } web_search: { level: 0 } # External send — voice approval minimum send: email_send: { level: 1, crawfish: 600, notify: [voice, push] } drive_share: { level: 2, crawfish: 300, notify: [voice, push] } # Destructive — PIN minimum destroy: file_delete: { level: 3, crawfish: 300, notify: [voice, push] } vault_delete:{ level: 4, crawfish: 0, notify: [voice, push, sms] } deploy: { level: 3, crawfish: 0, notify: [voice, push] } # Financial — L5 always, no undo, confirm twice financial: payment_send:{ level: 5, crawfish: 0, notify: [voice,push,sms], confirm_twice: true } # Key ops — L5, no undo system: vault_rekey: { level: 5, crawfish: 0, notify: [voice,push,sms] } factory_reset:{ level: 5, crawfish: 86400, confirm_twice: true }

Approval Flow

Agent draftsaction JSON

→

staging/chmod 730

→

hitl-daemoninotifywait

→

Notify humanvoice/push/sms

→

APPROVEbiometric/PIN/tap

→

outbox/chmod 700

→

Relaymsmtp/API

🦞

CRAWFISH Protocol: After approval, a configurable window lets you undo. "Amber, pull that back." Email: 10 min. Calendar: 5 min. File delete: 5 min. Financial: 0 (confirm twice instead). Named for the Louisiana tradition — you can always pull it back.

Encryption & Key Management

Passcode Cycling

Your question about passcode cycling landed on a real gap. The encryption stack is solid. The rotation pipeline is manual. That's Sprint 1 of hardening.

L1AES-256-GCMSymmetric encryption at rest. 256-bit key. Authenticated — tamper detection built in.

L2Argon2id KDFMemory-hard key derivation. GPU-resistant. RFC 9106 params. Passphrase never stored.

L3Per-vault passphraseEach .vault file has its own passphrase. One breach doesn't compromise others.

L4WAL audit logWrite-Ahead Log with hash-linked entries. Every operation recorded. Tampering is detectable.

⚠Manual rotation (current gap)vault_rekey exists in CLI. Not automated. No scheduled rotation. Not HITL-gated yet.

→Proposed: Auto-rotation via HITL L5Scheduled rekey (30/90d policy) triggers HITL Level 5. Biometric + PIN to authorize. Old key archived in WAL.

Current State

EncryptionAES-256-GCM

KDFArgon2id (RFC 9106)

Key storageDerived, never persisted

Audit trailHash-linked WAL

Manual rekeyp3ak-vault rekey

Auto rotationNot implemented

Target State

Rotation scheduleConfigurable (30/90d)

Rotation approvalHITL Level 5 (MFA)

Key escrowSplit-key (future)

HSM integrationPlanned (YubiKey)

Post-rekey checkCanary validation

Drift detectionWAL hash comparison

BASHvault-rekey-scheduled.sh (concept)

#!/bin/sh — runs as cron. Stages rekey for HITL L5 approval. DAYS_SINCE=$(( ($(date +%s) - $(p3ak-vault audit --last-rekey)) / 86400 )) if [ "$DAYS_SINCE" -gt 90 ]; then # Stage the rekey — does NOT execute. hitl-daemon picks up via inotifywait. cat > /var/spool/p3ak/staging/system/vault-rekey.json <<EOF { "type": "vault_rekey", "days_since": $DAYS_SINCE, "level_required": 5, "notify": ["voice", "push", "sms"] } EOF fi

Known Attack Surface & Hardening Plan

Honest Assessment

Every gap we know about, stated plainly. This is what a security specialist needs to see before touching the stack. No gap here is a design flaw — they're implementation debt from building fast. Each one has a fix path, a risk level, and a sprint target.

🔴

This section exists because we believe hiding gaps is worse than having them. A platform that claims zero attack surface is lying. A platform that inventories its gaps and publishes hardening timelines is doing security correctly.

CRITNo automated key rotationp3ak-vault rekey exists but is manual-only. No scheduled rotation, no policy enforcement. A compromised passphrase stays valid indefinitely until a human intervenes.

→ FIXCron-triggered rekey via HITL L5Configurable rotation policy (30/90d). Staged to /var/spool/p3ak/staging/system/. Requires biometric + PIN. Old key archived in WAL with expiry timestamp. Sprint 1.

CRITNo fuzz testing on binary vault formatThe .vault binary format (header, segment table, encrypted blocks) has never been fuzzed. A malformed vault file could trigger panics, buffer misreads, or undefined behavior in the Rust parser. Ingest path accepts 38 file formats — each a potential vector.

→ FIXcargo-fuzz + AFL on vault parsercargo fuzz targets for: vault header parsing, segment table deserialization, encrypted block decryption with corrupted ciphertext, WAL replay. CI-integrated. Each ingest format converter gets its own fuzz target. Sprint 2.

HIGHAPI keys were in git historyAnthropic API key, LiveKit credentials, and Deepgram key were committed to git in early development. Now purged via git filter-repo and rotated. But anyone who cloned before the purge has the old keys in their local reflog.

FIXEDAll keys rotated. gitleaks pre-commit live.Keys rotated same day. gitleaks pre-commit hook installed + verified across all 4 repos (238 commits scanned, 0 leaks). .gitleaks.toml + .pre-commit-config.yaml committed. Shipped April 10, 2026.

HIGHVoice server had no authAmber voice agent (LiveKit + Deepgram STT + Cartesia TTS) on port 4210 had no authentication on initial deployment. Anyone on the local network could connect and issue voice commands routed through domain agents with vault access.

→ FIXTailscale-only + token authBind to Tailscale IP only (100.x.x.x). LiveKit room token required for session join — generated per-device with expiry. No LAN exposure. HITL L1+ gates all external actions regardless. Sprint 1.

FIXEDVaults now encrypted by defaultp3ak-vault create requires --passphrase or exits with error. Unencrypted mode requires explicit --no-encrypt flag. Shipped April 10, 2026.

FIXED54 stale CLI integration tests — now all greenCLI integration suite was 3/54 passing. Fixed the cascading failure where test helper called create without the newly-required --passphrase / --no-encrypt. Regex-replaced 13 call sites. Suite is now 54/54 green. Harness jumped 458p/54f → 509p/3f. Shipped April 20, 2026.

FIXEDPAI bolt-on round-trip proofNew pai-migrate + pai-export subcommands. Three integration tests lock the trust contract: byte-identical round-trip, idempotent re-migration, destination-safety refusal. Ship date April 19, 2026. See Section 10 for the strategy.

MEDNo formal code coverage metric509 tests pass across 6 suites (Rust + Python SDK + PyO3). But we don't publish a cargo-tarpaulin or llvm-cov report, so we don't know what % of lines/branches are actually exercised. Best-guess: ~70-80% line, unknown branch. A reviewer has to trust the count, not measure it.

→ FIXcargo-tarpaulin in CI + badgeAdd cargo tarpaulin --out Html --out Json to CI. Publish HTML report + per-crate % badge on the brief. Target: >85% line, >75% branch for vault-core, with explicit uncovered-path justification for anything lower. Sprint 2.

MEDNo formal penetration test yetWe designed for security (per-agent Linux users, seccomp, kernel-enforced HITL) but no external pen tester has attacked it. Theoretical attack paths (socket splicing, TOCTOU on WAL hash chain, malformed vault fuzzing) are unaddressed empirically. The War Room (Section 09) calls out what we'd expect a pen tester to find.

→ FIXPen test pre-Cloud-launchEngage a firm (Trail of Bits, NCC Group, or similar) for a 2-week scoped engagement on BayouClaw runtime + vault format. Fuzz harness results precede engagement. Findings remediation gates the Cloud launch. Sprint: pre-Cloud.

MEDPAI bolt-on runs under a runtime we don't controlWhen a PAI user installs our pack, our encrypted vault becomes readable by Miessler's Claude Code process — subject to Claude Code's security posture, not BayouClaw's. If a Claude Code extension is compromised, it has vault access via the MCP server we installed. The pack is a bridge, not a runtime — full security posture requires migrating to BayouClaw.

→ FIXDocumented migration path to BayouClawPack README already calls this out and documents the one-line migrate step (p3ak-vault pai-export → launch BayouClaw against the same .vault file). Accepted tradeoff: better security posture OR better PAI-audience distribution. Mitigation: we own the MCP server surface and can rotate keys / revoke access through vault consent tokens. Document in an SECURITY.md on the pack repo. Sprint 2.

MEDNo WAF on HTTP gatewayp3ak-vault serve binds 127.0.0.1:8080 — localhost only. But no Web Application Firewall, no input sanitization layer above what Rust's type system provides. A malicious local process could send crafted HTTP payloads.

→ FIXReverse proxy + rate limitingCaddy or nginx reverse proxy with request size limits, header validation, and rate limiting. Vault serve binds Unix socket instead of TCP when running inside BayouClaw. Input validation hardened at route handlers. Sprint 2.

MEDNo rate limiting on HTTP gatewayThe REST API has no per-client rate limiting. A runaway agent or local process can hammer the vault with unbounded requests, causing resource exhaustion or denial of service to other consumers.

→ FIXToken bucket per Unix UIDRate limiter keyed on connecting Unix UID (via SO_PEERCRED on Unix socket) or API token. Default: 100 req/s search, 50 req/s write. Configurable in config.toml. Burst buffer: 2x sustained. Sprint 2.

MEDNo TLS on internal socketsBayouClaw inter-agent communication uses Unix domain sockets — no TLS. Socket permissions (chown + chmod 700) provide access control, but traffic is plaintext. A root-level compromise reads all IPC.

→ FIXAccept risk (Unix sockets) + optional mTLSUnix sockets are not network-exposed — TLS adds overhead without meaningful protection against root compromise (root can ptrace anyway). Kernel-level SO_PEERCRED verifies peer UID. For multi-host deployments: mTLS over Tailscale WireGuard. Current single-host model: accepted risk. Document threat model.

MEDDocker runs as root for initBayouClaw container starts as root to create per-agent users, set file permissions, and bind privileged sockets. After init, agents run as unprivileged users — but the init process itself is root. A vulnerability in the startup script could escalate.

→ FIXrootless Podman + pre-built user imageBake per-agent users into the Docker image at build time (no runtime adduser). Use rootless Podman or Docker --userns=auto. Init script drops to unprivileged user immediately after socket bind via gosu. seccomp profile already blocks setuid/mount/ptrace for agent processes. Sprint 3.

LOWNo WAF (Web Application Firewall)The Room (Next.js) runs behind Vercel in production and localhost in dev. No dedicated WAF layer. Vercel provides DDoS protection but not application-level filtering. Low risk while localhost-only; revisit before P3AK Cloud launch.

→ FIXCloudflare or AWS WAF at cloud launchWAF deployment coincides with P3AK Cloud (hosted offering). Pre-cloud: all services localhost-only or Tailscale-only. OWASP ModSecurity CRS as baseline ruleset. Sprint: Cloud launch.

Risk Summary

Critical2 — key rotation, fuzz testing

High1 — voice auth (remaining)

Medium7 — WAF, rate limit, TLS, Docker root init, coverage metric, pen test, PAI pack surface

Low1 — Room WAF (pre-cloud)

Fixed ✓4 — git secrets · default encrypt · 54 stale CLI tests · PAI round-trip proof

Hardening Timeline

Apr 10Default-encrypt shipped · gitleaks pre-commit live

Apr 19PAI pack — migrate/export byte-identical round-trip (3 tests green)

Apr 2054 stale CLI tests fixed — harness at 509p/3f

Sprint 1Key rotation · voice auth · coverage metric in CI

Sprint 2Fuzz testing · reverse proxy · rate limiting · pack SECURITY.md

Sprint 3Rootless containers · pre-built user images

Cloud launchWAF · mTLS for multi-host · formal pen test

🔑

The architectural advantage holds. Every gap listed here is a hardening task on a fundamentally sound architecture: per-agent Linux users, seccomp sandboxing, encrypted-at-rest vaults, kernel-enforced HITL gates. Compare this to a cloud-hosted AI platform where your data traverses shared infrastructure you don't control and can't audit. These are fixable gaps in an air-gapped system — not structural flaws in a shared-tenancy model.

Performance

Real Numbers

These come from dev-environment profiling — not a formal load test. Vault ops are sub-second. Voice latency is network-bound (Deepgram + Cartesia). Agent routing is LLM-bound, not compute-bound. Formal JMeter benchmarks are the gap — reviewer feedback invited here.

Operation	Median	P99	Bottleneck	Status
Vault ingest (markdown)	18ms	45ms	Tantivy indexing	FAST
BM25 search	12ms	28ms	Index scan	FAST
Hybrid search (BM25 + ZVec + PageIndex)	31ms	62ms	Three-way merge	FAST
Vault create	8ms	20ms	Argon2id KDF	FAST
Vault ingest (PDF, Tier 2)	~400ms	~1.2s	PDF extraction	OK
Voice STT (Deepgram)	~500ms TTFB	~900ms	Network (cloud)	OK
Voice TTS (Cartesia)	~500ms TTFB	~800ms	Network (cloud)	OK
BayouClaw agent routing	<2s	<5s	LLM inference	LLM-BOUND
Board meeting (5 agents)	30–60s	~90s	Sequential LLM calls	EXPECTED
Room → vault push (full doc)	~180ms	~400ms	HTTP + ingest	FAST

📊

No formal benchmark suite. Dev profiling only — not load-tested, not under concurrency, not measured under degraded state. The Rust core should be significantly faster under isolated benchmarking. JMeter profile is the first hardening deliverable.

What Needs Measuring

Concurrent vault readersUntested

Large vault degradationUntested

Socket queue depthUntested

Room under 50 usersUntested

Board meeting parallelismUntested

Target SLAs (Proposed)

Vault search P95<100ms

Agent routing P99<3s

Voice TTFB P95<700ms

Room page load P95<1s

Uptime target99.5% (Docker only)

Amber — Voice AI with OS Access

LiveKit · Deepgram · Cartesia

Real-time voice agent with full OS access, connected to BayouClaw's agent network. LiveKit Cloud handles WebRTC. Deepgram for STT. Cartesia TTS (Caroline voice). Nine tools — dangerous ones staged for HITL approval before any execution. The Force Field eliminates AI fingerprint patterns from her speech.

vault_search

Hybrid BM25 + semantic search across encrypted vault

HITL L0 — auto

vault_write

Persist new records to encrypted vault

HITL L0 — logged

read_file

Read any file on the host system

HITL L0 — auto

run_command

Execute shell commands — full OS access

HITL L3 — PIN gate

send_email

Draft + stage email via Signal agent

HITL L1 — voice approval

web_search

Real-time web queries via Scout agent

HITL L0 — auto

route_to_agent

Dispatch to BayouClaw domain agent via socket

HITL L0 — routed

board_meeting

Convene multi-agent synthesis session

HITL L1 — voice confirm

hitl_approve

Notify human about staged action, await approval

Policy-driven L0→L5

🎙️

Force Field active. Every Amber response strips 200+ AI tells: no "Certainly!", no "Great question!", no uniform rhythm, no em-dash overload. She varies sentence length, has opinions, uses contractions. Sounds like a person hired for the job — not a language model performing helpfulness.

Test Suite

Coverage State

401 Rust unit tests across 17 modules, 54 CLI integration tests, 12 accuracy benchmarks, 3 stress tests, 44 PyO3 native binding tests, 35 Python SDK tests. New in April 2026: temporal knowledge graph (19 tests), evolution graph with linking + strengthening (14 tests), wake-up context generator (6 tests). Plus 9 BayouClaw shell suites and 51 session regression tests. No CI/CD pipeline yet. Tests run manually. That's the gap.

How We Test — Methodology for the QA-Minded

Vault unit tests (Rust, 401 tests across 17 modules): Each module has an inline #[cfg(test)] mod tests block. Tests cover: crypto roundtrip (encrypt → decrypt → verify), search accuracy (BM25, ZVec TF-IDF, hybrid), format conversion (38 file types → plaintext), WAL integrity (write-ahead log append + hash chain verification), classification confidence scoring, entity obligation matching, consent token HMAC-SHA256 signing + verification + revocation, memory rot detection (4 rot types), temporal knowledge graph (entity CRUD, temporal filtering, auto-extraction NER), evolution graph (document linking, strengthening, edge dedup), and wake-up context generation.

Module test breakdown:


  classify ............ 60 tests (8-store classification, confidence thresholds, signal weighting)

  rerank .............. 55 tests (BM25+ZVec+PageIndex fusion, edge cases, empty results)

  search .............. 41 tests (hybrid search accuracy, multi-vault, mode switching)

  convert ............. 28 tests (38 formats: PDF, DOCX, XLSX, CSV, HTML, .mdr, .lhr, audio)

  ingest .............. 23 tests (file → vault pipeline, upsert, dedup, batch)

  rot ................. 21 tests (4 rot types, decay curves, remediation triggers)

  zvec ................ 21 tests (TF-IDF vector math, cosine similarity, sparse ops)

  types ............... 21 tests (Doc struct, metadata, serialization roundtrip)

  binary_store ........ 20 tests (vault binary format read/write/corruption recovery)

  wal ................. 19 tests (append-only log, hash chain integrity, tamper detection)

  crypto .............. 18 tests (AES-256-GCM encrypt/decrypt, Argon2id KDF, key derivation)

  consent ............. 14 tests (HMAC-SHA256 tokens, scope: sector/doc/full, TTL, revocation)

  kg .................. 19 tests (temporal KG: entity CRUD, triples, time filter, NER extraction) NEW

  evolution ........... 14 tests (document linking, strengthening, edge dedup, serialization) NEW

  entity .............. 12 tests (CompanyMetadata schema, obligation catalog, completeness scoring)

  store ................ 9 tests (vault CRUD, section management, room isolation)

  wakeup ............... 6 tests (context generation, token budget, deleted doc exclusion) NEW

CLI integration tests (54 tests): Run the compiled p3ak-vault binary as a subprocess. Test every CLI command end-to-end: create, ingest, search, read, write, classify, delete, export, sync, watch, canary-add, canary-check, serve. Each test creates a temp vault, runs the command, validates stdout JSON, checks exit codes, verifies vault state after mutation.

Accuracy benchmarks (12 tests): Seed a vault with known documents, run 12 queries with known expected top-1 results. Measure Top-1, Top-3, and MRR (Mean Reciprocal Rank). Current: 98% Top-1 accuracy on the standard benchmark set. Tests fail if accuracy drops below 95%.

BayouClaw shell suites (9 suites, ~55 checks): Run inside Docker container. Cover: end-to-end pipeline (HTTP → Amber → agent → vault → response), agent intelligence (response quality scoring via rubric), security audit (auth bypass, injection, privilege escalation, seccomp enforcement, socket permissions), policy engine (rate limiting, Iron Rule blocking, token guard), self-test (Amber evaluates her own output quality). The security suite has 34 individual checks across 6 attack categories.

Regression tests (51 tests, 7 categories): Automated bash script that tests live infrastructure: service health (HTTP endpoints), vault search across 6 vaults, tool definitions in TypeScript, HITL policy enforcement, security posture (git history, env files, port exposure, container user), voice pipeline (STT/TTS/Force Field), and file existence. Results exported as JSON for the ops dashboard.

What's missing (the gap): No CI/CD pipeline. No automated runs on push. No concurrency testing. No load testing. No degraded-state testing. No mutation testing. No fuzz testing on vault binary format. These are the production hardening deliverables. A complete security testing framework spec is now ready (spec/security-testing-framework-v1.md) covering all of these gaps with exact commands, tools, and pass/fail criteria.

509

Total (all suites)

BayouClaw Suites

Regression Tests

88%

Last Score 45/51

P3AK Vault (Rust)509 tests

Unit (vault-core, 17 modules)

401

CLI integration

Accuracy 98% Top-1

PyO3 native

Python SDK

BayouClaw (Shell)9 suites

E2E pipeline

✓

Agent intelligence

✓

Security audit

88%

Policy engine

✓

HITL staging

Partial

Regression (Last Session)51 tests

Passed

Failed (fixed)

Skipped

Both failures: security category. Seccomp over-permission + outbox write-access misconfiguration. Both patched same session.

Coverage GapsNeeds work

CI/CD pipeline

None

Load / stress

None

Pen test (BayouClaw)

None

Spec traceability

None

TestNectar: spec → test case traceability closes the audit-readiness gap in one sprint.

🧪

TestNectar integration path: The HITL policy YAML, seccomp profiles, and vault format spec are machine-parseable requirements. Map them into TestNectar. Spec → coverage traceability is a one-sprint integration. Audit-ready test evidence on every push — exactly what enterprise customers ask for.

Production Hardening

Where Reviewers Fit

P3AK's architecture is correct. The gaps are production readiness, not design. Default-encrypt and gitleaks are now shipped. Remaining: No CI/CD. No formal pen test. No automated key rotation. No load benchmarks. A complete security testing framework spec is ready at spec/security-testing-framework-v1.md — 11 sections, every test command documented, ready to execute day one.

Production Hardening

BayouClaw security surface

Pen test BayouClaw — exploit socket layer, policy engine, HITL bypass surface

Audit seccomp profiles — map actual syscall usage, tighten every profile

Red-team HITL staging — attempt outbox write from agent Linux user

Validate permission model holds across Docker restarts and rebuilds

Threat model the Iron Rule — document what CAN be bypassed and what cannot

Automated CI/CD

GitHub Actions pipeline

All 509 tests on every PR (cargo test -p p3ak-vault-core --lib + accuracy + stress)

All 9 BayouClaw shell suites in Docker on every push

Security regression suite — seccomp, HITL, outbox isolation

Badge reporting: test count, coverage %, last pen-test date

Staging promotion gate: all green → deploy to staging

Performance Benchmarks

JMeter profiles

Vault ops under concurrency: 1, 10, 50, 100 concurrent readers

Vault degradation curve: 1K, 10K, 100K documents ingested

BayouClaw socket queue: agent routing latency under load

Room API: page load + doc save under 10/50 concurrent users

Voice pipeline: TTFB distribution over 500 samples

Secret Rotation Pipeline

Automated key cycling

Design + implement scheduled vault-rekey via HITL L5

Policy config: 30/90-day rotation schedule per vault

Old key archival strategy (WAL + separate escrow)

YubiKey / HSM integration path (design doc)

Post-rekey canary check to validate vault integrity

TestNectar Integration

Spec → test traceability

Map HITL policy YAML as requirements into TestNectar

Map seccomp profiles as security requirements

Map vault encryption spec as compliance requirements

Generate audit-ready coverage matrix on every CI run

Export evidence package for enterprise security reviews

Kubernetes Readiness

Multi-node prep (Phase 2)

Stateless/stateful split: vault files need PV, agents don't

Per-agent K8s pod with seccomp SecurityContext

Service mesh evaluation: Linkerd vs Cilium for socket policy

Multi-vault sharding strategy (one vault per tenant)

Helm chart draft for BayouClaw deployment

🤝

The pitch is direct: P3AK has a security architecture that's correct in design and incomplete in verification. You have 20 years of QA, DevOps, and security engineering — Air Force-grade. That combination closes the gap between "architecturally sound" and "production-ready." That's the engagement.

P3AK × PAI Collaboration

Engine + Interface

Daniel Miessler's PAI (Personal AI Infrastructure) is the fastest-growing open-source Personal AI project — 7K+ GitHub stars, 110K newsletter subscribers, a paid platform at human3.ai at $495–$2,495/yr, and a live Digital Assistant he calls "Kai" with ElevenLabs voice + Pulse dashboard. His thesis, published April 15, 2026: everyone converges on a single named DA with persistent memory + full life context. Timeline: by 2028.

We agree. P3AK has been building the same architecture from the opposite direction — infrastructure-first instead of interface-first. His stack stores memory as plaintext under ~/.claude/MEMORY/. Ours stores it encrypted in a portable .vault. The collaboration: his interface, our engine, connected by an MCP bridge. Both MIT. Both want to give this away.

To be precise: PAI runs on Claude Code — that's Miessler's runtime. P3AK's own runtime is BayouClaw (Section 02). The bridge doesn't ask his users to switch runtimes; it gives them encrypted memory inside the runtime they already have. Users who later need more than Claude Code can safely provide — regulated data, multi-agent HITL, auditable execution — can migrate their same .vault file to BayouClaw with zero data loss.

What PAI owns (stays his)

Interface + brand + audience

Kai — the named Digital Assistant with personality + voice

ElevenLabs voice server, 12 quantified personality traits 0–100

Pulse — web dashboard oriented around life categories

Skills / Hooks / Agents lifecycle built on Claude Code

Fabric (252 patterns, 300 contributors) — already absorbed into PAI

Packs distribution model (INSTALL.md + VERIFY.md)

110K newsletter + 1,500 paid community + Human 3.0 paid tier

What P3AK brings (runtime + engine + format)

One runtime, one engine, one format

BayouClaw runtime — Linux-native, agents-as-users, seccomp-isolated (Section 02)

Encrypted portable .vault (AES-256-GCM + Argon2id)

Hybrid search: BM25 + ZVec + PageIndex, 98% Top-1 accuracy

.mdr multi-layer documents with access tiers (public/internal/legal/board)

.lhr Living Health Record — JSON frontmatter + FHIR mapping

HMAC-SHA256 consent tokens for audited third-party data release

Temporal Knowledge Graph + Evolution Graph + Wake-Up briefing

34-format ingest pipeline (PDF, DOCX, PPTX, Excel, audio, images)

The Bridge — P3AK-Vault for PAI

A clean drop-in pack that gives PAI's Kai direct access to a local P3AK vault via MCP. Nothing in PAI changes. The pack is a bridge — encrypted memory for PAI users without forcing a runtime switch — not a parallel runtime. PAI user adds one line to settings.json, installs one pack, and Kai gains four new tools via MCP:

Tool	Purpose
vault_search	Hybrid BM25 + ZVec + PageIndex retrieval across all memory
vault_read	Fetch a specific document by ID
vault_write	Save insight / plan / goal / reflection / signal
vault_wake_up	~170 token session briefing: active goals, recent rot, current focus

Three hooks register automatically at PAI's standard lifecycle events: SessionStart (inject wake-up context), PostToolUse (auto-capture decisions/commitments/insights), SessionEnd (Evolution Graph + KG updates). All settings.json merges are idempotent — running the installer twice does not duplicate hooks.

🔒

Reversible by design, no lock-in. p3ak-vault pai-migrate moves ~/.claude/MEMORY/ into an encrypted vault. p3ak-vault pai-export decrypts it back out to plaintext. The round-trip is byte-identical — verified by an automated integration test that diffs source vs restored tree. Users who decide encryption isn't for them get all their data back, no degradation. This is the trust claim the pack makes to any PAI user.

Wave Layering — Ship regardless of response

Wave 1 — Bolt-On ✓ ENGINEERING COMPLETE

Ships either way

✓ 13-file pack scaffold following PAI conventions

✓ pai-migrate + pai-export CLI subcommands

✓ 3 integration tests passing (round-trip, idempotency, safety)

✓ Install dry-run verified — 12 properties hold

✓ Private standalone repo: siliconbayou/p3ak-vault-for-pai

◌ 3-minute demo screencast (final remaining)

Wave 2 — Format convergence

Needs Miessler buy-in

.mdr as a PAI document export format

.lhr as optional health-record format for PAI users

TELOS → .mdr / .lhr bidirectional bridge

Joint regulated-workload Fabric pattern library

Wave 3 — Unified launch

Active partnership

Co-signed announcement blog post + demo video

Shared newsletter cross-post to 110K subscribers

B2B/regulated products keep separate P3AK branding

Joint governance: MIT + MIT = no license friction

What is NOT merged (stays P3AK-branded)

Our B2B and regulated stack has its own commercial path and stays separate from the Miessler collaboration. These properties remain under Silicon Bayou LLC with their own go-to-market:

p3ak-room

Multi-tenant data rooms with git versioning per company, 5 customizable sections, .mdr export. B2B SaaS.

BayouClaw

Linux-native agent runtime. Regulated workloads. Seccomp-isolated. Detailed in Section 02. Different runtime from PAI on purpose.

LIBERO

SEC/ESG regulatory compliance vertical. Ben Liberto collaboration. Enterprise SaaS.

Entity Intelligence

Company-as-living-organism — obligation catalog, completeness scoring, CREST lifecycle. M6 shipped.

uCTRL Partnership

Clinical HIPAA pathway with Matt + Darren (ex-Siri). SOMA + consent tokens. Regulated SaaS.

Silicon Bayou LLC

Corporate parent. First customer of Entity Intelligence. Not in the personal-vault merge.

Status — April 19, 2026

Outreach

LinkedIn first-touch sent

Message sent 2026-04-19 from NOLA

Builder-to-builder tone, phone included

Awaiting response — 5 business day hold before any follow-up

Second-touch message drafted, artifact-first framing

Engineering

Wave 1 done

7 commits across p3ak + p3ak-vault repos

3 new integration tests green

Install dry-run: 12 properties verified

Pack ships standalone if Miessler declines — no work wasted

🎯

Why it works for both sides. He's explicit: "I want to give this to everybody." Same intent as ours. He has audience + brand + voice. We have encrypted infrastructure + regulated-domain moat. Neither could build the other's half in under 18 months. Collaboration ships something neither of us could alone. If he declines, the pack ships as a community artifact and P3AK's B2B/regulated stack keeps running on its own commercial path. Zero downside. Full upside.

📋

Full strategy in the private p3ak repo. See docs/strategy/miessler-collaboration-2026-04-19.md for the complete framing, pai-vault-pack-plan.md for the technical design, miessler-outreach.md for the outreach cadence, and tech-review-local-test-guide.md for the tech-team hand-off test plan.

Getting Started

From Zero to Running

One hero path to prove the engine works on your machine in ten minutes. Three branch paths after that depending on what you want to do next — try the PAI bolt-on, run the full regulated stack, or just read the source. All repos are currently private on siliconbayou — you'll need org access before any of this works.

Prerequisites

Tool	Why	Install
Rust	Compile the `p3ak-vault` engine	`curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs \| sh`
jq	Parse JSON outputs in demos + installer	`brew install jq` · `apt install jq`
GitHub SSH	Clone the private `siliconbayou/*` repos	Add your key at `github.com/settings/keys`, ask Richard for org access
Docker	Only for full-stack path (BayouClaw runtime)	Docker Desktop (Mac/Windows) or `dockerd` (Linux)
Node + PG	Only for full-stack path (p3ak-room)	`brew install node postgresql@16`

The 10-Minute Smoke Test

🚀 Prove the engine works on your machine

~10 minutes · needs Rust + GitHub access · macOS / Linux

Clone the vault engine

git clone git@github.com:siliconbayou/p3ak-vault.git ~/Projects/p3ak-vault cd ~/Projects/p3ak-vault

Build the binary

cargo build --release

first build takes ~2 min (Rust cold compile). Subsequent builds are seconds.

Create a vault + ingest some docs

./target/release/p3ak-vault create /tmp/demo.vault --no-encrypt ./target/release/p3ak-vault ingest --path /tmp/demo.vault --dir ~/Documents --recursive

JSON stream: one line per file ingested, summary at the end

Run hybrid search

./target/release/p3ak-vault search --path /tmp/demo.vault --query "anything" --mode hybrid

Top results ranked by BM25 + ZVec + PageIndex combined score

Run the test suite (optional but confidence-building)

cargo test -p p3ak-vault-core --lib

401 passed · 0 failed · <10 seconds. That's the green signal that the engine is healthy.

✓

If all 5 steps completed without errors, the engine works on your machine. Pick a branch below to go deeper — or stop here if you just wanted to verify the core claim.

What's Next — Three Branches

Branch A — PAI Bolt-On

~30 min · personal-AI path

For users running Daniel Miessler's PAI on Claude Code

Clone p3ak-vault-for-pai (private)

Run bash src/install.sh — merges into your ~/.claude/settings.json without clobbering existing config

Run p3ak-vault pai-migrate to move your MEMORY tree into encrypted vault

Ask Kai in a PAI session: "search my vault for X" — MCP hit proves end-to-end

Reversible via p3ak-vault pai-export — round-trip byte-identical

Branch B — Full Regulated Stack

~90 min · B2B path

For evaluating the complete P3AK ecosystem

Clone all 4 repos: p3ak, p3ak-vault, p3ak-room, bayouclaw

scripts/start-p3ak.sh launches Docker + BayouClaw + Room together

BayouClaw on localhost:3000 · Room on localhost:3100 · Vault on localhost:8080

See Section 02 for BayouClaw architecture · Section 08 for hardening TODOs

This is what a regulated customer (LIBERO, uCTRL) would deploy internally

Branch C — Code Review

self-directed · read + audit

For tech reviewers doing sign-off without running anything

Start with docs/strategy/tech-review-local-test-guide.md

6 sign-off criteria, mapped to specific files and grep commands

Covers crypto choices, round-trip contract, telemetry audit, license clarity

Hand findings back as GitHub issues labeled tech-review-2026-04-19

Richard reviews all issues before any external outreach escalates

If You Get Stuck

Rust won't compile

Check rustc --version is 1.78+. Older toolchains miss features used in p3ak-vault-core. Rerun rustup update stable.

Can't clone the repo

All repos are private. Your GitHub account needs read access to the siliconbayou org. Call Richard at 985-246-0040.

Ingest fails on a specific file

The 34-format pipeline has tiers. Tier 3 (Excel, ZIP, complex PPTX) needs pip install 'p3ak-vault[markitdown]'. Skip or install that tier.

PAI installer merges incorrectly

Back up ~/.claude/settings.json, check $HOME/.p3ak/hooks.log, run bash ~/.p3ak/uninstall.sh. All changes are reversible.

Docker / BayouClaw issues

Open /tmp/p3ak-startup.log — the start script logs every step. Common: Docker Desktop not fully started when script launches.

Still stuck

File an issue in the appropriate repo with the error output. Richard or the team responds within one business day.

🎯

Keep it simple. If you just want to see this work, do the 10-minute smoke test and stop. Don't over-explore on the first session. The fastest way to build confidence is one clean end-to-end run. Branches A/B/C are there when you're ready to go deeper.

Data Flow Demo

Watch The Ball Roll Through The Pipe

Click a button. Watch a payload roll through the encrypted pipeline — classify, derive key, encrypt, audit-log, store, index — with the security state flipping color at each step. Five input types all land in the same .vault. Every action runs the real p3ak-vault binary — not a simulation, not a mock. The ball you see is the data you sent.

🎯 Launch the flow demo localhost:3111 requires node server.js running first — see commands below

What you see when you hit a button

Stages 1–2 · CLEAR

Plaintext in memory

Raw bytes arrive · sample hex shown

Classifier picks a sector (FN / LG / SHIELD / OP / SOMA)

HITL Iron Rule checks the policy

Nothing encrypted yet — data is still in process RAM

Stage 3 · KEY READY

Argon2id key derivation

Passphrase → 256-bit key via Argon2id (t=3 · m=64 MiB · p=4)

Salt bytes shown · key fingerprint shown (first 8 bytes)

Key lives in RAM only — never on disk

Derivation is deliberately slow to thwart brute force

Stages 4–5 · ENCRYPTED

AES-256-GCM + WAL

Unique nonce per write (12 bytes)

Ciphertext sample + authentication tag shown

WAL entry created, hash-linked to previous entry

Any tampering breaks the hash chain on next open

Stages 6–8 · SEALED

Written + indexed + retrievable

Atomic append to .vault file (O_APPEND + fsync)

Four indexes updated: BM25, ZVec, PageIndex, KG

Vault size grows in real time — watch the summary ticker

Now retrievable via vault_search, auditable via WAL

The five input types

Button	Simulates	Expected classification
📄 Document	A full board meeting brief with decisions + action items + financials	`FN` Finance
💬 Message	A chat IM referencing Ridgeline dinner + HIPAA attorney push	`FN` Finance / `LG` Legal
✉️ Email	RFC 822 renewal proposal with price + term + effective date	`LG` Legal
🎤 Voice memo	Transcribed voice note about passport renewal before Japan trip	`SHIELD` Shield
🤖 Agent request	JSON payload: summarize_q1_financials with generated output	`FN` Finance

Running it locally (not deployed yet — needs a backend)

The visualizer runs against a live Node server that streams SSE events from the real p3ak-vault binary. It's not a static page, so we host it locally rather than on Cloudflare Pages. Three commands to run:

Start the demo serverterminal · ~10 seconds

cd ~/Projects/p3ak/demo npm install # first time only node server.js # listens on http://localhost:3111 # then open in a browser: open http://localhost:3111/flow.html

Requires the p3ak-vault binary — the server auto-detects it from ~/.cargo/bin, /opt/homebrew/bin, or target/release/. If it's missing, a red banner tells you how to build it.

🎥

Why this is better than a screen recording. A recording shows you the UI. This shows you the actual vault file growing byte-by-byte on your disk. The numbers in the summary strip read from /api/status which reads the real vault size off the filesystem. Click a second button and the doc count goes up, vault size grows, and the newly-added payload is immediately searchable. Cannot be faked.

🔗

When this ships publicly: add the brief-portal gate pattern to flow.html (same 3C0X-844G-AOTY code), deploy the Node server to a small Fly.io or Railway instance, and link to it from this section. Until then, local-only.

Roadmap

Where We Are · What's Next

Three tracks on the same infrastructure. Enterprise built first (production-ready today), Personal coming up the curve (spec-complete, pilot pending HIPAA attorney review), and Entity — the newest, treats a company as a living organism with obligations and lifecycle. Everything flows through the same .vault format, the same BayouClaw runtime, the same hybrid search engine. Canonical source: ROADMAP.md in the main repo.

Recent ships

Date	What shipped	Where to see it
Apr 20	Data Flow visualizer (5 input types × 8 security stages, real binary)	`/flow.html` · Section 12
Apr 20	54 stale CLI integration tests fixed · harness 458p/54f → 509p/3f	Section 4b · Adversarial Review
Apr 19	P3AK × PAI collaboration strategy + pack scaffold	Section 10 · private `p3ak-vault-for-pai` repo
Apr 19	P3AK Grandma MVP — macOS .app for non-technical users (v0 search-only)	`packages/grandma-app/dist/P3AK.app`
Apr 19	60-second demo screencast — asciinema cast + British female TTS	`demo-assets/screencast/demo.html`
Apr 19	Adversarial Review (War Room) — 3 personas × 19 hand-authored claims	Section 09 · `/war-room`
Apr 11	Self-evolving memory — temporal KG + Evolution Graph + Wake-Up	Section 02 · vault-core library
Apr 10	Default-encrypt on vault create · gitleaks pre-commit across all 4 repos	Section 4b · FIXED

Enterprise Track

Phase 0–5.5 · COMPLETE ✓

Foundation through Self-Evolving Memory

Phase 0 — vault-core library, CLI, AES-256-GCM, hybrid search, 401 unit tests

Phase 1 — 38-format ingest pipeline, .mdr document spec

Phase 2 — Python SDK, PyO3 bindings, MCP server, REST API

Phase 3 — p3ak-room Next.js app, p3ak-harness CREST skills

Phase 4 — Classification engine (8 stores), canonical naming, reasoning card

Phase 5 — Web presence (p3ak.ai, docs.p3ak.ai)

Phase 5.5 — Temporal KG, Evolution Graph, Wake-Up Context (the moat)

Phase 8 · IN PROGRESS 🔄

Room customization + Comm Hub

✓ M1 — Startup theme (Neo Brutalism) shipped

✓ Communication Hub spec · Silicon Bayou data room seeded

✓ Filing Router · Pi ecosystem · Memory Health Phase 1

📋 Corporate theme (Q3 2026) · Boutique theme (Q3) · Classic (Q4)

📋 Customizable section labels at signup

📋 Communication Hub Phase 2 — voice triage UI

Phase 9 · IN PROGRESS 🔄

Distribution + Personal Deployment

✓ Personal agent home (~/p3ak/) · Amber voice · comm stack

✓ Security testing framework · 8 competitors vetted

✓ Data Flow visualizer (Apr 20)

📋 One-command install script for MacBook + Claude Max

📋 taub.in email stack · MuninnDB · whisper-mac · Marp

📋 Agent cloning · p3ak.ai landing refresh · eBPF kernel prototype

Phase 10 · IN PROGRESS 🔄

P3AK × PAI collaboration

✓ Wave 1 engineering — pack scaffold · pai-migrate + pai-export

✓ Byte-identical round-trip proof (3 integration tests green)

✓ Private distribution repo mirrored via subtree

📋 Demo screencast · LinkedIn follow-up cadence

📋 Wave 2 — .mdr/.lhr as PAI export formats (needs Miessler)

📋 Wave 3 — joint launch announcement (needs Miessler)

Phase 6 · PLANNED 📋

P3AK Cloud — monetization

Multi-tenant vault hosting (keys still yours)

Team vaults with RBAC and per-room isolation

Audit trail dashboard · SSO · Webhook notifications

Pricing: Free (local) → Team ($X/mo) → Enterprise (custom)

Blocker: formal pen test + SOC 2 prep before public launch

Phase 7 · HORIZON 🔭

Entity Intelligence (new track)

✓ Entity vault profile · CompanyMetadata schema (21 obligations)

✓ Completeness scoring · entity completeness CLI

✓ CREST skills — crest-entity-review, crest-deadline-alert

✓ M6 — Silicon Bayou LLC as first live customer

📋 Integration with LIBERO (SEC/ESG vertical)

📋 Public product release — Q4 2026 or Q1 2027

Personal Track

Phase P0–P1 · COMPLETE ✓

Taxonomy + Personal Vault

Six sectors: SOMA · SHIELD · HEARTH · TIDE · COMPASS · STACK

spec/personal-taxonomy-v1.md — canonical

Personal classifier: 280 weighted signals, 27 unit tests

p3ak-vault create --profile personal

Sector-filtered search · personal canonical naming

docs.p3ak.ai/personal.html PRD live

✓ Grandma MVP (Apr 19) — macOS .app wrapping the engine

Phase P2 · IN PROGRESS 🔄

SOMA + LHR Protocol

✓ .lhr format · SomaMetadata struct · consent token system

✓ FHIR alignment analysis (spec/fhir-alignment-v1.md)

📋 HIPAA/COPPA legal structure — attorney review (longest lead)

📋 spec/lhr-protocol-v1.md finalized (Matt/Darren co-auth)

📋 SOMA schema expansion — genetic, preventive, imaging data

📋 Mental health data model — GenZ-specific, tiered access

📋 18+ pilot cohort design (avoids COPPA)

Phase P3 · PLANNED 📋

uCTRL Integration

uCTRL ↔ P3AK vault API integration

SOMA vault as storage backend for uCTRL's LHR

GenZ pilot: 50–100 users, mental health focus

Success metric: find full health history in < 30 seconds

Partnership: co-authorship of LHR protocol spec

Joint positioning: uCTRL (interface) + P3AK (infrastructure)

Phase P4–P5 · HORIZON 🔭

All sectors + Open Standard

SHIELD schema · HEARTH schema · TIDE schema · COMPASS · STACK

Cross-sector search ("everything about my house purchase")

Life-event-organized structure (birth · education · career · death)

LHR protocol v1.0 as open standard (published MIT)

Clinical partnership — Epic interoperability bridge

Standards body engagement (HL7 · ONC · IEEE)

Signal Intelligence Track

SI-1 · DONE ✓

Foundation (Mar 2, 2026)

SIGINT spec · 9-step decode process · 12 sources · Storm Radar

signal-ingest.py — 5 commands, live HN/arXiv/GH connectors

signal.html v3 — radar, filter, lean, credibility, Signal → Room

SI-2/3 · Q2 2026 🔄

Classification + Vault integration

Automated signal classification

Live connector expansion

Signal → vault automatic promotion pipeline

SI-4 · Q3 2026 📋

Production Repo

Dedicated repo in siliconbayou org

Public release with limited sources

The North Star

🎯

A world where every person — regardless of wealth, location, or technical sophistication — owns a complete, organized, encrypted, portable record of their life. Where no institution holds your data hostage. Where you can answer any question about your own history in under thirty seconds. The data room is not just for companies. It is for everyone.

Canonical sources

ROADMAP.mdCanonical — this page is a snapshot

CLAUDE.md decision logLast 10 architecture decisions

CAPABILITY-MAP.mdWhat ships where

spec/Every format + protocol spec

docs/strategy/Strategic memos (Miessler collab, tech review, outreach)

What changes fastest

DailyCLAUDE.md decision log, commits

WeeklyROADMAP.md phase status markers

MonthlySpecs, brief portal sections

QuarterlyThe Three Tracks structure · North Star