Architecture

The Three-Layer Stack is the infrastructure decomposition pattern used across PointSav deployments, separating raw computing capability, isolated platform execution, and secure operator access into three distinct layers.

The Totebox Archive's unit of stored data, combining an immutable binary payload, machine-readable metadata skeleton, and live taxonomic graph connection encoding provenance and context.

The four universal interface conventions — spatial tree, properties panel, 3D viewport, and view navigator — that all BIM authoring tools implement, providing shared vocabulary for consistent cross-tool coordination surfaces.

The platform is designed around distributed cryptographic consistency and sovereign bootability, with the capability to collapse a federated archive into a self-contained bootable image transferable across environments.

A map of the PointSav platform's major architectural surfaces: compute substrate, software distribution, GIS intelligence, and the editorial pipeline.

A building's authoritative digital record structured as plain-text and standardized-binary files in a git-versioned directory, qualifying as an ISO 19650-conforming Common Data Environment that travels with the property deed.

BIM Objects anchor to the IFC 4.3 entity hierarchy, Uniclass 2015 classification, and bSDD URIs, organizing into eight primitive categories that encode spatial, elemental, material, assembly, system, performance, and climate-zone specifications.

BIM Objects embed three simultaneous constraint layers — Specification (permanent element identity), Regulation (jurisdiction-specific requirements), and Climate Zone (performance requirements) — as static reference data with a composition rule that applies the more restrictive value.

BIM Objects are composable built-environment specification units that encode element type, regulatory requirements by jurisdiction, and climate zone performance requirements, pre-constraining the design space so non-compliant configurations cannot be placed.

A design-system platform for the built environment organized into eight BIM Object primitive categories and ten universal AEC interface components, providing shared specification vocabulary for independent authoring surfaces to coordinate without introducing new learning surfaces.

An architectural model that encodes regulatory requirements directly into element specifications as geometric and numeric constraints rather than applying them post-design, making non-compliant configurations structurally impossible by construction.

A structured approach for ranking hardware co-location candidates across jurisdictional, network, infrastructure, and cost dimensions, constrained first by regulatory requirements before other optimization occurs.

Definitions of the T1 Regional, T2 District, and T3 Local co-location cluster tiers, including anchor composition rules, the two-pass DBSCAN algorithm, and the Change B geometric span gate.

Cryptographic payload attestation is the mechanism by which PointSav edge nodes dynamically prove the integrity of their published text content to any viewer, using client-side SHA-256 hashing so that any auditor can independently verify a disclosure has not been altered in transit.

The payment and license architecture behind software.pointsav.com — a custodian-free flow from on-chain USDC transfer to Ed25519-signed download token, with no customer accounts and no payment intermediary.

Cryptographic ledgers are the immutable-state storage pattern used in the PointSav platform, enforcing mathematical immutability so that any alteration to a recorded fact breaks a verifiable cryptographic hash chain rather than requiring trust in administrative access controls.

Customer hostability is the architectural commitment that every PointSav artefact can run on the customer's own hardware, against the customer's own keys, with the customer's own audit ledger — making self-hosted deployment the canonical pattern, not a tier.

The platform collects only anonymized, IP-masked geospatial telemetry with no personally identifiable information retained, appending mandatory regulatory disclosure to public-facing interfaces.

Decode-time constraints are structural rules applied to a language model's output at each token-emission step, making banned vocabulary or structurally invalid responses mathematically impossible to produce rather than catching them after the fact.

Development regions are geographic and jurisdictional zones that segment the platform's market data, regulatory context, and deployment topology. Each region defines a jurisdictional envelope, geographic boundary, and market data scope that governs co-location evaluation and compliance rule application.

Payment for marketplace transactions is planned to flow directly from buyer to the customer-tenant; PointSav's share is a transaction fee at settlement, not a recurring subscription.

The Doorman is the sole AI request boundary through which every inference call routes — enforcing sanitise-and-rehydrate discipline once, logging every call to an immutable audit ledger, and capturing the training signal that compounds the platform over time.

PointSav's two-tier commercial structure: a free Community tier that serves as an adoption funnel, and a paid SMB Customer tier targeting regulated small-to-medium businesses that hyperscale billing models cannot serve economically.

Elastic Compute #1 runs a nightly two-phase pipeline that rebuilds the deployment DataGraph and produces LoRA adapter weights for the workspace language model. Phase 1 uses a 32B inference model for entity extraction; Phase 2 trains a 7B parameter-efficient adapter from engineering and apprenticeship corpora.

The Building Design System is constructed on five architectural constraints — flat-file storage, open standards, Rust and Tauri, offline-first operation, and Apache 2.0 licensing — enabling vendor-obsolescence-survivable building information models. Asset-anchored ownership, offline capability, IoT integration, and convergence of BIM with lease and financial ledgers follow from the architecture itself.

A faithful public summary of the PointSav constitutional charter — six pillars, fifty-two structural claims, eight cross-industry inventions, a three-tier compute model, three-ring service architecture, and the economic model that sustains it.

The Genesis Protocol is the fleet-bootstrapping sequence run by every os-infrastructure node at first boot, allowing nodes to reach a secure claimable state without any prior configuration or control plane dependency.

What the PointSav GIS co-location dataset offers a BIM composition pipeline: cluster manifold fields, civic context layers, and stability guarantees.

The Identity Ledger provides a JSONL-based append-only record of canonical person identities using deterministic UUIDv5 derivation from email addresses and WORM discipline. It serves as the unified source for all communication endpoints and temporal role snapshots, enabling deterministic entity resolution without probabilistic inference.

The strategic and architectural frame for the platform's Location Intelligence substrate: a flat-file open-GIS approach that lets customers own their location data end-to-end, running offline, without ongoing per-seat or per-request vendor costs.

Building Information Modelling is mandated across most G7 economies for public procurement, with open standards — IFC 4.3, IDS 1.0, COBie — as the delivery requirement rather than proprietary formats. Offline-first, self-hosted BIM platforms are the only architecture type that natively satisfies sovereign data requirements imposed by ITAR, GDPR, HIPAA, and equivalent regulatory frameworks.

os-console hosts multiple independent TUI workspaces — cartridges — within a unified keyboard-navigation chassis. This article covers the Cartridge trait, capability negotiation, and the OSC 8 hyperlink protocol.

Contributor identity and permissions in Totebox Orchestration are expressed through cryptographic pairings — not roles stored in a database or checked at request time — and a contributor can reach a resource only if their os-console is paired with the orchestration node that manages it.

The POI data schema defines record structures for location data ingested from OpenStreetMap and Overture Maps Foundation, normalized into a unified JSONL format before cluster analysis. Wikidata QIDs serve as the primary chain identifier, and parent-child sub-location models handle co-branded ancillary services.

The planned vendor-tier specialist AI model for substrate-sovereign SMBs — Tier 3 of the Four-Tier SLM Substrate Ladder, built by continued pretraining of OLMo 3 32B on the platform's federated apprenticeship corpus.

PointSav Digital Systems is a technology vendor that builds sovereign, on-premise-capable operating systems for record-keeping and business administration. It sits within a three-organisation structure established by Woodfine Capital Projects Inc.

The PointSav Private Network (PPN) is the physical infrastructure plane of the PointSav stack — responsible for enrolling physical nodes into a cryptographically authenticated mesh, managing the compute resources those nodes provide, and hosting the virtual machines that run Totebox Archives and orchestration gateways.

The PPN Command Protocol is the 16-byte binary wire format used by os-network-admin to issue commands to os-infrastructure nodes across the WireGuard mesh, with no central broker and no session overhead.

The PPN Distributed VM Fabric is the planned extension of the per-node PPN hypervisor layer to a multi-node resource pool, intended to allow VMs to borrow compute from other mesh nodes and migrate across the fleet without per-move operator involvement.

The PPN hypervisor layer manages a per-node pool of CPU and RAM, dynamically allocating those resources across VMs using virtio_balloon for memory reclaim and cgroups v2 for CPU scheduling weights.

A Private Platform Network assembles machines a business already owns into a single encrypted compute pool. WireGuard network isolation is operating today; host-level isolation via seL4 is planned.

The PPN resource pool separates tenant workloads through namespace isolation, per-VM process isolation, and user-mode networking. Network-level subnet isolation is a planned milestone.

The PPN VM resource pool is a three-service stack that provisions, places, and accounts for virtual machines across a heterogeneous WireGuard mesh spanning cloud and physical nodes.

Fewer than 40 percent of facilities managers actively use the BIM models delivered at project handover, due to software cost, training requirements, and file format opacity. The Building Design System's FM-specific interface components provide read-only access to full-fidelity BIM data through searchable GUID lookups without requiring proprietary authoring tool licences.

How co-location cluster centroids are resolved to colloquial place names using TIGER 2023, GISCO LAU 2021, GADM GBR, and a 12-entry Canadian Nominatim override list.

service-pointsav-link is the hot-pluggable adapter that connects an os-* Subject node to a PointSav fleet, with a default state of not installed and a clean-severance failure mode.

The six-tier sovereignty matrix organises every directory in the PointSav monorepo by purpose, not by language or compile format — six fixed prefixes (app-, asset-, moonshot-, os-, service-, system-) that make the repository self-documenting and enforce dependency hygiene by convention.

The full Rust dependency graph and binary architecture for service-slm, the Doorman service that mediates every inference call in the PointSav platform.

A three-component system — release server, storefront, and payment watcher — that delivers compiled binaries against on-chain USDC payments, with no customer accounts and no subscription billing.

AI routing in the PointSav platform processes language model requests through a local sanitization step before any data reaches external models, ensuring that internal structured data never travels to third-party servers in identifiable form.

PointSav deliverables move through three architectural layers — SOFTWARE (vendor monorepo), SHOWCASE (customer deployment catalogue), and INSTANCES (private running deployments) — with a strict one-way flow from vendor to customer to operator that separates public demonstration from operational reality.

The durable composition pattern for the PointSav platform: three concentric rings with strict one-way dependencies, where the AI ring is structurally optional and the deterministic data pipeline operates fully without it.

PointSav's development environment is itself deployed as a Totebox Orchestration instance — the workspace that builds the platform runs on the same architecture the platform delivers to customers.

A Totebox Session is an AI-assisted contributor session opened within a single Totebox Archive — scoped to the archive's declared repositories, unable to write outside them, and the standard entry point for all development work in Totebox Orchestration.

The Verification Surveyor is the human-in-the-loop component of service-people that presents extracted identity fragments to an operator for manual verification before they are permanently committed to the verified ledger.

PointSav intends to distribute curated industry-specific seed packs as starter taxonomies, enabling tenants to contribute refinements back through a planned marketplace.

Zero-container inference is the planned deployment pattern for Tier B GPU compute using native Linux binaries under systemd on cloud virtual machines with no container runtime, achieving viable SMB economics through idle-shutdown timers that halt GPU billing when inference queues are empty.