Pathfinder — System Architecture

Pathfinder

System Architecture & Data Flow

v1.0.0-alpha · March 2026

Stays local — never leaves machine

Optional cloud (conversation only)

AES-256 encrypted

Data flow

Blocked by architecture (Scout and below)

Input Channels

🌐

Web UI

Browser at localhost:3000. All traffic stays on machine.

Local only

📱

Polling mode. No public IP. Sender whitelist. PIN per persona.

📡

Signal

Planned — Phase 3+

Coming soon

Output Channels

📤

Blotato

Social publish — Instagram, Twitter, LinkedIn. Phase 5.

📅

n8n / Calendar

Google Calendar, Gmail via OAuth. Tool calls only.

🧠 Pathfinder — Node.js Server

localhost:3000 · Your machine · Your hardware

          server.js
gateway.js
soul.js
        

⚡ Mind — Orchestration

Intent Router

Detects tokens (memory:, find:, journal:) vs natural language. Routes to correct handler.

Persona Engine

Loads active persona. Applies system prompt, tone, tier enforcement, vault access grants.

Tool Factory

Web search (DDG/Serper), calculator, n8n webhooks. Tools inject results into LLM context.

Security Tier Check

Settler → no LLM. Pioneer+ → local only. Enforced architecturally, not by config.

💾 Memory — Local Storage

data/

soul/

soul.vault ← AES-256

soul.json

soul.md

personas/

p1.json · p2.json…

memory/

SOUL.md ← shared

vectors.json

ego-p1/

episodic/

reference/

conversations/

per-persona chat history

Settler — BM25 keyword search

Scout+ — Vector semantic search

🔐 Soul Vault — Encrypted

AES-256-GCM Encryption

PBKDF2 310k iterations. Key cached in RAM for session only. Never written to disk.

Vault Contents

API keys · Credit cards · Documents · Passwords · Wallet stub (Immuta)

Sensitivity Tiers

CRITICAL — never leaves · SENSITIVE — confirm required · PERSONAL — Scout+

.soul Export

Encrypted zip of all data/. Portable. Import on any Pathfinder instance. No server involved.

🤖 LLM Proxy — Inference Layer

Only conversation context reaches providers. Vault, memory files, and documents never leave Pathfinder.

Local providers

Ollama — Llama 3 · DeepSeek · Qwen3

BitNet — 1-bit quantized CPU

Cloud providers

Gemini · Claude · GPT · Grok

Pioneer — local + cloud allowed

Scout — local only · cloud blocked by architecture

→ Data Flow Paths

Settler
message

📱 Phone
Telegram

input

Intent
Router

brain

memory:
token

parse token

data/
memory/

stored local

✦ stored
confirmation

response

Pioneer
question

🌐 Web UI
question

input

Memory
Search

local search

LLM
Proxy

+ context

Gemini /
Claude

inference only

Response
to user

answer

Scout
blocked

📱 Phone
question

input

Tier
Check

enforce

Cloud
blocked ✕

architecture

Ollama
local

local only

Response
private

answer

Vault
delivery

📱 "send
passport"

request

PIN
auth

verify

soul
.vault

decrypt

📎 File
to phone

delivered

🔐 Vault: AES-256 · never leaves machine

💾 Memory: local files + vectors.json

👤 Personas: scoped · isolated · tiered

🤖 LLM: conversation context only

✦ Sovereignty by design. — architecture, not policy