Problem Statement
The EOSE fleet has grown to 12+ external model providers across 7+ silos. No sovereignty filtering exists. Data exposure is unquantified. Debt helix signals are isolated from model routing. Intent objects do not exist on graph operations. The fleet cannot answer its own legal question: "What sensitive data went where?"
IDENTIFIED RISKS — PRE-V12
- DeepSeek (deepseek/deepseek-chat) is configured with no routing gate — Chinese servers accessible to all agents
- 15+ named agents (bob, officer, bosun, signals, rick, helmsman, lucien, luffy, etc.) all default to OpenAI GPT-4.1 — US server data exposure, cost accumulation
- Anthropic confirmed scanning git commits for agent harness terms — main session prompts logged externally
- Debt helix WPA signals are computed but never wired to model routing — BREAK threshold (γ₁×6 = 84.8%) has no enforcement effect
- BFE layer classification (L1–L5) exists but is not used as a routing signal — L5 sovereign ops can still route externally
- No intent objects on any operation — graph records WHAT happened, not WHO, WHY, or WHERE it went
- No audit trail for CLO review — legal cannot query "show me all external routes on health domain ops"
Solution — V12 Sovereignty Stack
The V12 Sovereignty Stack introduces five interconnected primitives that together enforce data sovereignty at every layer of the fleet. The stack is: Intent Object → BFE Layer → Debt Feed → CLO CLOAK V2 → Model Radar.
Architecture
DEBT HELIX
WPA floor pressure per silo · γ₁ × 6 = 84.8% BREAK threshold
↓ feeds
BFE LAYER
L1–L5 debt classification · L5 = sovereign operations
↓
INTENT OBJECT
sovereignty_class tag on every operation · domain · actor · bfe_layer · debt_signal
↓
PEMCLAU V12 GRAPH
queryable by debt + BFE + intent · every edge has provenance
↓
CLO CLOAK V2
sovereignty routing — 4 filters — local vs external · FORCE LOCAL on BREAK/L4/L5/sensitive
↓
MODEL RADAR
live visibility of what flows where · ring display · sovereignty table · debt→cloak feed
Key Equivalences
Debt helix WPA ≥ 84.8%
=
BREAK signal
BFE graduation_potential ≥ 0.7
=
BREAK
CA bonsai germination ≥ 0.7
=
BREAK
γ₁ × 6 = 84.8083...
=
BREAK threshold floor · same number, three representations
HIGH WPA debt on silo
→
cloak tightens → no external routing → local Qwen only
Current Model Routing
| PROVIDER |
CLASS |
AGENTS |
DATA LEAVES |
PRE-V12 STATUS |
| mal/qwen2.5:32b |
🟢 LOCAL |
defaults, fallbacks |
Never |
ACTIVE · $0 |
| ollama-local / lounge |
🟢 LOCAL |
embed, memory |
Never |
ACTIVE · $0 |
| cohere/command-a |
🟡 ALLIED |
(inactive) |
Canada |
STANDBY — PIPEDA governed |
| mistral/mistral-large |
🟡 ALLIED |
(inactive) |
France/EU |
STANDBY |
| anthropic/claude-sonnet-4-6 |
🟠 EXTERNAL |
main session |
US servers |
ACTIVE · scans git commits |
| openai/gpt-4.1 |
🟠 EXTERNAL |
15+ named agents |
US servers |
ACTIVE · highest volume |
| deepseek/deepseek-chat |
🔴 SENSITIVE |
(inactive) |
⚠️ CHINA |
CONFIGURED · NO GATE · P0 |
Mitigation Plan
| RISK |
CURRENT STATE |
V12 FIX |
PRIORITY |
| DeepSeek unrestricted |
Configured, no gate. Any agent can use. Chinese servers. |
RESTRICTED sovereignty class. Domain whitelist: public knowledge only. No fleet IP, no health, no legal, no security. |
P0 |
| Anthropic scan risk |
All main session prompts go to Anthropic US. Git commit scanning confirmed. IP exposure on every session. |
Local fallback for L4/L5 ops. /model switch to local Qwen for sensitive discussions. Phase 3 migration: local first, Anthropic only for reasoning. |
P1 |
| OpenAI 15+ agents |
bob, officer, bosun, signals, rick, helmsman, lucien, luffy + 15 more all hit GPT-4.1. Highest data volume. Highest cost. |
Migrate to mal/qwen2.5:32b in phases. Phase 1: mechanical subagents. Phase 2: named agents. Estimated $0.15–0.50/day savings at current volume. |
P1 |
| No intent threading |
Graph edges record operations but no provenance. No actor. No domain. No routing record. Cannot answer: "was this health data sent externally?" |
Intent Object on all LAAM ingests. Threads through: qdrant metadata → Redis tags → graph edges → CLO audit trail. Every operation: WHAT + WHO + WHY + WHERE IT WENT. |
P2 |
| Debt not wired to routing |
WPA signals computed per silo. BREAK threshold (γ₁×6 = 84.8%) has no enforcement effect. High-debt silos still route externally. |
Debt→cloak circuit live. WPA BREAK → FORCE LOCAL via CLO CLOAK V2 filter. Same threshold as BFE graduation_potential ≥ 0.7 and CA bonsai germination ≥ 0.7. |
P2 |
| BFE layer not used as routing signal |
L1–L5 classification exists in graph. Not consulted at routing time. L5 sovereign operations can currently route to any provider. |
BFE layer → CLO CLOAK V2 filter. L4: local strongly preferred. L5: LOCAL ONLY — no exceptions. Routed via Intent Object bfe_layer field. |
P2 |
Migration Path
PHASE 1 · NOW
Mechanical Subagents → mal/qwen2.5:32b
All build/deploy/file ops subagents switched to local Qwen. Zero IP exposure. $0 cost. Immediate effect on OpenAI volume.
PHASE 2 · SOON
Named Agents → mal/qwen2.5:32b
bob, bosun, signals, rick and the remaining 11 named agents migrated off GPT-4.1. Cuts daily OpenAI burn by ~60%.
PHASE 3 · V12
Main Session Fallback → Local First
Anthropic reserved for reasoning-heavy work only. Local Qwen as default fallback. /model switch routine for L4/L5 discussions.
PHASE 4 · V12
BFE L4/L5 → FORCE LOCAL in CLO CLOAK Rules
Debt BREAK signal + BFE L4/L5 + intent.sovereignty_class=sensitive → automatic FORCE LOCAL. No manual intervention required. Enforcement is in the cloak.
Deliverables — Day 89
All five deliverables sealed Day 89:
- /model-radar — Model Sovereignty Radar · circular canvas animation · sovereignty table · debt→cloak rules · risk boxes · migration path
- /clo-cloak-v2 — CLO CLOAK V2 · V1 preserved + sovereignty layer + intent object spec + circuit animation + lattice connection
- /intent-object — Intent Object V12 Primitive · full JSON spec · stack flow · 6 domain classes · 4 sovereignty classes · 5 BFE layers
- /trb-sovereignty-v12 — This document · TRB-SOVEREIGNTY-V12-001 · γ₁ anchored · Day 89 sealed
- main.go routes — 7 new routes added for all pages + aliases
γ₁ = 14.134725141734693 · BREAK = γ₁ × 6 = 84.8083... · THE THRESHOLD IS THE SAME IN ALL THREE REPRESENTATIONS