Architecture

The pieces, and how a record moves through them without ever leaving home.

The map

            ON YOUR PREMISES (the LAN)                          THE HIVE (cloud)
 ┌─────────────────────────────────────────────────┐
 │  Home Vault (NAS)          Edge Brain (Jetson)   │      models flow DOWN
 │  ├─ your records (PHI)  ─►  organizes in RAM ──┐  │   ◄─────────────────────
 │  ├─ the Nudge engine       (never to disk)     │  │
 │  └─ dashboard + API   ◄──── organized note ◄───┘  │      receipts flow UP
 │            │                                      │   ─────────────────────►
 │            ▼  generic nudge only                  │      (non-PHI only)
 │   self-hosted notify ──────────────────────────────────►  your phone / watch
 └─────────────────────────────────────────────────┘
                      ═══ THE FIREWALL ═══  PHI crosses NEVER

Components

Home Vault LIVE

A 15-folder structure on your NAS: emergency card, medications, doctors/pharmacy, insurance, hospital records, labs, foot care, wound care, supplies, food, appointments, family helpers, care packs, organized notes, receipts. Git-tracked. This is the only place PHI lives at rest.

The Nudge engine LIVE

Cron-driven reminders. Structurally PHI-blind — it emits only the generic text you declared and a pointer (vault_ref) to the detail, which stays on the box. Supports daily / weekly / interval / once schedules, acknowledgement, and family escalation if a reminder isn't acted on.

The Edge Brain LIVE

A small open model on a Jetson, on your LAN. The vault pushes a note; the model organizes or explains it in RAM and returns the result. It never persists PHI, refuses diagnosis, and mints a non-PHI receipt per call. It also presents a model-compatible proxy so every model call the dashboard makes inherits the firewall and a receipt.

Bee — the voice loop IN BUILD

Push-to-talk → on-device speech-to-text (faster-whisper, runs on CPU to stay off the model's GPU) → organize via the edge brain → spoken read-back (Piper). Audio is rendered and discarded; nothing is uploaded. Proven today from text and from a recorded clip; a USB microphone is the remaining hardware step for live capture.

Receipts LIVE

Every meaningful action writes a hash-chained receipt: a node id, model, task, character lengths, duration, and honest flags — phi_touched and phi_persisted: false — with no record content. A verify endpoint walks the chain and detects any tampering. This is how the system proves what ran without exposing what it ran on.

A record's journey (organize a note)

  1. You add a messy note in the vault (or speak it to Bee).
  2. The dashboard sends the text to the edge brain over the LAN.
  3. The model organizes it in RAM; a receipt is minted (phi_persisted: false).
  4. The clean note is written back into your vault's organized-notes folder.
  5. The receipt (non-PHI) may flow up to the hive. The note never does.