Technical Specification — LINUS-AI v1.4.0

1. Architecture Overview

Universal mesh AI platform. Every node type, every protocol, zero-trust security, minimal configuration.

┌──────────────────────────────────────────────────────────────────────┐
│  LINUS-AI Node                                                       │
│                                                                      │
│  ┌─────────┐  ┌──────────┐  ┌─────────┐  ┌──────────┐  ┌────────┐  │
│  │linus_ai-│  │linus_ai- │  │linus_ai-│  │linus_ai- │  │linus_ai│  │
│  │  http   │  │   ai     │  │  net    │  │  vault   │  │guardian│  │
│  │(axum API│  │(inference│  │(mDNS+   │  │(encrypted│  │(2FA +  │  │
│  │ + SSE)  │  │ engine)  │  │ TCP)    │  │ SQLite)  │  │ TOTP)  │  │
│  └────┬────┘  └────┬─────┘  └────┬────┘  └────┬─────┘  └───┬────┘  │
│       └────────────┴─────────────┴─────────────┴────────────┘       │
│                            linus-ai-core                             │
│                  (EventBus · Config · Crypto · Types)                │
│                                                                      │
│  ┌──────────┐  ┌──────────┐  ┌──────────┐  ┌──────────────────────┐ │
│  │linus_ai- │  │linus_ai- │  │linus_ai- │  │   linus-ai-bin       │ │
│  │ thermal  │  │  task    │  │blockchain│  │ (main.rs entrypoint) │ │
│  └──────────┘  └──────────┘  └──────────┘  └──────────────────────┘ │
└──────────────────────────────────────────────────────────────────────┘
         │ HTTP :9480                           │ TCP :9479
         ▼                                      ▼
   Browser / API clients              Mesh peers (mDNS + Tailscale)

Core Design Principles

• Zero-config discovery — UDP multicast on port 9479, auto-role from hardware score
• Zero-trust security — every mesh message HMAC-SHA256 signed; vault data ChaCha20-AEAD encrypted
• Single integration point — one HTTP API (/infer, /jobs, /settings) for all connected software
• Role-aware routing — tasks automatically route to the best available hardware
• py2c scripting — any automation expressible in a type-annotated .py file, compiled to native

2. Node Taxonomy & Scoring

Hardware Scoring (automatic)

composite = RAM_score + GPU_score + Model_score − Thermal_penalty − Load_penalty

RAM:  ≥64 GB = 40  ·  ≥32 GB = 30  ·  ≥16 GB = 20  ·  ≥8 GB = 10  ·  <8 GB = 5
GPU:  CUDA = 35  ·  Metal = 30  ·  ROCm = 25  ·  Vulkan = 15  ·  CPU-only = 0

3. Role Hierarchy

master_hub  (score ≥ 80)
├── hub     (score ≥ 50)
│   ├── worker   (score ≥ 20)
│   │   └── edge (score < 20)
│   └── student  (learning mode, any score)
└── spoke   (remote/WAN node)

Role assignments are automatic on peer connect. Override via:

4. Module Reference

5. HTTP API Reference

All endpoints on http://localhost:9480 (port configurable via LINUS_AI_API_PORT).

Inference

Agent (ReAct loop)

Models

Mesh

Vault & Guardian

Status & Monitoring

Compliance & Security

RAG Document Access Control

Agent Profiles

6. Mesh & Overlay Protocol

LAN Discovery (mDNS)

Peers announce via UDP multicast to 224.0.0.251:5353. Announcement payload (JSON):

WAN Overlay Relay

For nodes that cannot reach each other directly (NAT, firewall):

Node A ──TCP──► Relay Server ──TCP──► Node B
                 :9777

Node → relay message types: register, heartbeat, peers, relay

Relay → node message types: registered, pong, peers, relay, relay_ack, error

7. Security Model

Mesh Authentication

Every message between mesh peers carries an HMAC-SHA256 signature:

Peers reject messages with: wrong signature · timestamp delta > 60 s · unknown node_id.

Vault Encryption

Each vault record is encrypted independently:

The vault passphrase is stored in the OS keychain (macOS Keychain · Windows DPAPI · Linux Secret Service). Falls back to a 0600-permission file if no keychain is available.

Guardian 2FA

Guardian wraps any sensitive operation in an auth gate:

8. Inference Pipeline

Request
  │
  ▼
ThermalGovernor ──EMERGENCY?──► HTTP 503
  │
  ▼ (NOMINAL / THROTTLE / HOT)
MeshRouter
  ├─ score peers (composite − load − thermal)
  ├─ HOT state? → prefer peers
  ├─ THROTTLE?  → reduce batch_size
  └─ local?     → InferenceEngine
                      │
                      ▼
              Backend selection
              llama-bundled (default) ← compile-time feature
              candle-only             ← compile-time feature
              subprocess fallback:
                llama-server → ollama → llama-cli → error
                      │
                      ▼
              SSE token stream → HTTP client
                      │
                      ▼
              TransparencyLedger (log event)

Agent ReAct Loop

user message
  │
  ▼
fan-out to ≤ 3 peers (Connected, load < 80%, models > 0, score ≥ 35)
  │                  │
  ▼ peer results     ▼ local ReAct
thought → action → observation → thought → ... → local_result
  │
  ▼
synthesis (hub combines all peer results + local result)
  │
  ▼
SSE token stream

Tools available in agent mode: search (3-tier: Google News RSS → DDG HTML → DDG Instant), infer_peer, vault_read, vault_write, thermal_status.

9. py2c User Scripts

py2c translates a Python-subset to C17, compiles with the platform toolchain, and links against nxrt.h (zero-dependency C17 runtime). The same .py file runs interpreted (python3 script.py) and compiles to any of 11 targets.

Language Subset

Supported:

• Type annotations on all function parameters and local variables (required for compiled path)
• int, float, bool, str, bytes, list[T], Optional[T]
• All arithmetic, bitwise, comparison, and boolean operators
• if / elif / else, while, for with range()
• @dataclass classes, match / case (Python 3.10+), f-strings, walrus operator :=
• import linus_ai — resolves to #include "nxrt.h"
• @linus_ai.native decorator — raw C passthrough (escape hatch)

Not supported (compile path): *args, **kwargs, closures capturing mutable outer variables, try/except, dynamic attribute access, third-party imports.

Example: LINUS-AI API Poller

10. Tensor Parallelism

Tensor parallelism (TP) splits individual weight matrices across N nodes. All nodes process the same token simultaneously — each holds 1/N of every layer's weights and computes a partial result; results are reduced (summed) across nodes after each transformer block.

Backends

RPC Mode Operation

Coordinator (rank 0)                    Workers (rank 1…N-1)
─────────────────────                   ─────────────────────
POST /tensor/plan  ──────────────────▶  POST /tensor/plan
                                        POST /tensor/rpc/start  → llama-rpc-server :50052
POST /tensor/infer
  └─ llama-server --rpc w1:50052,w2:50052
       └─ weight tensors split by RAM proportion
       └─ GPU layers offloaded to workers
       └─ token returned to client

Native AllReduce (Megatron-LM style)

For each transformer block:

  ┌── Q/K/V projection  (column-parallel) ──────────────────────┐
  │  Each rank computes:  partial = X @ W_col_slice              │
  │  No communication needed (outputs concatenated logically)    │
  └──────────────────────────────────────────────────────────────┘
              ↓
  ┌── Output projection  (row-parallel) + AllReduce ────────────┐
  │  Each rank computes:  partial = partial_in @ W_row_slice     │
  │  POST partial to /tensor/allreduce on coordinator            │
  │  Coordinator sums all world_size partials → full activation  │
  └──────────────────────────────────────────────────────────────┘
              ↓
  ┌── FFN layer  (column then row, same pattern) ───────────────┐
  └──────────────────────────────────────────────────────────────┘

TNSR Wire Format (native AllReduce frames)

Offset  Size    Field
──────  ──────  ─────────────────────────────────
0       4 B     magic  b"TNSR"
4       1 B     rank   (u8,  0 = coordinator)
5       1 B     world_size (u8)
6       16 B    request_id ([u8; 16], UUID v4)
22      4 B     element_count (u32 LE)
26      N×4 B   f32 elements (LE), N = element_count

API

Pipeline vs Tensor vs Hybrid

11. Compliance & Security

The compliance layer (linus_ai/compliance.py) enforces domain-specific governance before every inference request.

Profile Tiers

Preflight Check Flow

text + profile
  │
  ▼ PIIScanner
  │  ├─ CREDIT_CARD / CVV / SSN / PAN_LIKE → BLOCK
  │  └─ other types → warn + redact
  ▼ InjectionDetector
  │  ├─ RESTRICTED profile → BLOCK
  │  └─ REGULATED profile → WARN
  ▼ ConsentManager
  │  └─ REGULATED/RESTRICTED and no consent → BLOCK
  ▼ AuditLogger.log()
  │  ├─ write to primary dir (LINUS_AI_AUDIT_DIR or ~/.linus-ai/audit)
  │  └─ propagate to LINUS_AI_AUDIT_EXPORT_DIRS (colon-separated)
  ▼
ALLOW / BLOCK / WARN result

Audit Immutability

Completed monthly log files are sealed by AuditLogger.seal_completed_months():

1. chmod 0o400 — read-only at OS level
2. os.chflags(UF_IMMUTABLE) — macOS schg flag (requires root to unset)
3. chattr +i — Linux immutable attribute (requires root to unset)

HMAC-SHA256 chaining allows tamper detection without immutability at the OS level: verify_chain() returns False if any record was altered or deleted.

12. RAG Document Access Control

The RAG access layer (linus_ai/rag_access.py) provides fine-grained per-document access control for retrieval-augmented generation.

Classification Levels

Access Decision Algorithm (7 Steps)

1. Is principal the document owner?          → PERMIT
2. Is principal in doc's deny_users list?    → DENY
3. Is document PUBLIC?                       → PERMIT
4. principal.clearance < doc.min_clearance?  → DENY
5. TOP_SECRET and principal not in allow?    → DENY
6. ACL permits at any scope?                 → PERMIT
   (company → division → department → role → user)
7. Default                                   → DENY

All decisions are HMAC-chained in ~/.linus-ai/rag-audit-<YYYY-MM>.jsonl and propagated to any export dirs configured via LINUS_AI_AUDIT_EXPORT_DIRS.

13. Changelog