Services
PointSav's three-ring architecture assigns every service to a layer with defined authority and dependencies. Ring 1 services handle per-tenant boundary ingest — each accepts raw data from one external source and writes it to a durable ledger. Ring 2 services provide deterministic knowledge and processing: they read from Ring 1 and produce structured records, knowledge graphs, and search indexes. Ring 3 is a single service, service-slm, which reads from Ring 2 and never writes to it.
The platform functions fully across Rings 1 and 2 without AI compute. Removing Ring 3 shrinks the attack surface, satisfies network-isolation requirements, and answers the compliance question of whether AI has touched the authoritative record. The answer is architectural: Rings 1 and 2 have no import, no dependency, and no runtime call that reaches Ring 3.
Ring 1 — Boundary ingest
Per-tenant boundary services. Each runs as a separate process per tenant and exposes a Model Context Protocol server interface.
- service-fs-architecture — The filesystem service: append-only WORM ledger, per-tenant storage root, the foundation every other Ring 1 service writes to.
- service-email — Email ingest: SMTP and IMAP, sanitised payloads, append-only Maildir on local block storage.
- service-people — Identity ledger: person records, role assignments, and the Anchor-Claim-Socket data model that never overwrites state.
Ring 2 — Knowledge and processing
Deterministic processing services. Each reads from Ring 1 and produces structured records — no AI variance enters the authoritative record.
- service-extraction — The central Ring 2 traffic controller: strips proprietary formatting, constructs Entity Bundles, assigns transaction IDs, routes to deterministic services or to service-slm.
- service-content — The Gravity Engine: reads raw payloads from a Totebox, runs them against an institutional taxonomy, generates the structured documents an organisation publishes.
- service-search — Full-text search on Tantivy: per-tenant sharding, microsecond retrieval, no active database process required.
- service-egress — Physical release valve: structured records leave the platform only through this service.
- archetypes-and-chart-of-accounts — The institutional taxonomy: eleven archetypes and a Chart of Accounts that classify personnel and documents by structural position and functional role.
Ring 3 — AI gateway
One service spans Ring 3. It reads from Ring 2 and produces proposals a human reviews; it never writes to the knowledge graph or the ledger.
- service-slm — The Doorman: AI routing across local, burst, and external compute tiers; audit ledger on every call; every API key held at this boundary.
- service-slm-yoyo-operational — Operational state of service-slm and the Yo-Yo GPU burst VM: Tier A/B configuration, apprenticeship brief queue, idle-shutdown cost ceiling.
- service-slm-totebox-sysadmin — How service-slm becomes the operational assistant for Totebox deployments: ten operational task families, four-stage pipeline from corpus capture to per-tenant LoRA adapters.
Specialist and domain services
Services built for specific platform capabilities.
- service-business-clustering — Turns raw retail data into commercial clusters: parent-child spatial schema, one commercial entity per site.
- service-places-filtering — Filters civic and institutional infrastructure to retain only regional-grade facilities for GIS tier rankings.
- pointsav-gis-engine — High-performance location intelligence in Rust: offline-first, flat-file, no centralised database instances.
- service-wallet-settlement — Wallet and direct payment settlement infrastructure.
- message-courier — Headless web-automation engine bridging internal identity ledgers with external web portals.
- fs-anchor-emitter — Signed WORM ledger checkpoints at hourly cadence, anchored to Sigstore Rekor on a monthly schedule for external auditability.
- service-fs-security-compliance — service-fs compliance posture for SEC 17a-4(f), eIDAS, and SOC 2 by structural guarantee.
- service-fs-data-lake — Flat-file data lake for the GIS pipeline: raw geospatial points from open sources, no ETL step.
- template-ledger — Distributes approved email templates to the operator's mail environment; eliminates version drift between template design and execution.
See also
- Systems — the operating systems that services run within
- Architecture — the three-ring model and the invariants that govern ring interaction
- Infrastructure — fleet deployment and the physical layer services run on
All 25 articles in this area, A–Z
- services/archetypes-and-chart-of-accounts
- The Three-Stage Editorial Pipeline2026-06-10
- FS anchor emitter2026-05-25
fs-anchor-emitter generates signed checkpoints of the immutable Write-Once-Read-Many ledger at hourly cadence and prepares them for external anchoring to the Sigstore Rekor transparency log on a monthly schedule — the mechanism that makes the platform's ledger state cryptographically auditable from outside the platform.
- Message courier service2026-05-08
The message courier service is a headless web-automation engine that bridges internal identity ledgers with external web portals using runtime-injected adapters, keeping proprietary operational logic out of the open-source monorepo.
- PointSav GIS engine2026-05-08
The PointSav GIS Engine is a customer-owned location intelligence platform built in Rust for offline-first, flat-file operation — a structural departure from geographic information systems that rely on centralised database instances and continuous network connectivity.
- Private Binary Download Endpoint for Paying Customers2026-06-13
The binary release server behind software.pointsav.com verifies Ed25519 license tokens and streams compiled binaries. Stateless by design — it holds no payment records, no customer data, and no signing keys.
- Business clustering service2026-05-25
service-business turns raw retail data points into actionable commercial clusters by applying a parent-child spatial schema — so when multiple distinct operators share a single physical site, the GIS engine receives one commercial entity per site rather than several overlapping points.
- services/service-content
- Egress service2026-05-07
The data sovereignty service that physically transfers cloud-stored payloads to local cold storage, executing flow-through protocols that eliminate vendor-side data retention and cloud storage dependency.
- services/service-email
- Deterministic parser2026-05-08
service-extraction is the Ring 2 central traffic controller that strips proprietary formatting from raw payloads, constructs structured Entity Bundles, assigns transaction IDs, and routes data to deterministic services or to service-slm for AI-assisted extraction.
- FS architecture and the WORM backbone2026-05-08
A per-tenant Write-Once-Read-Many immutable ledger serving as the tamper-evident backbone for all platform records, implemented as a four-layer decoupled stack with dual Linux and seL4 microkernel runtime envelopes.
- FS data lake2026-05-08
service-fs is the foundational storage layer for the platform's GIS pipeline — a flat-file data lake that stores raw geospatial points ingested from open sources in separate retail and civic landing zones, available immediately to every downstream service without an ETL step.
- FS security and compliance posture2026-05-08
service-fs is engineered for structural Write-Once-Read-Many storage that satisfies SEC Rule 17a-4(f), eIDAS, and SOC 2 — record modification is not denied at the policy layer; it is denied by the storage engine itself, and external Sigstore Rekor anchoring provides proof-of-state independent of the platform's own systems.
- service-input2026-05-25
service-input is the Ring 1 document ingest service that accepts files at the per-tenant boundary, routes them through format-specific parsers, and writes normalized output to the WORM ledger via service-fs.
- services/service-people
- Places filtering service2026-05-08
service-places filters raw civic and institutional infrastructure data to retain only regional-grade facilities — hospitals, universities, and major transport hubs — so GIS tier rankings reflect institutional-level concentration rather than local-service density.
- services/service-search
- services/service-slm
- service-slm graph store migration2026-05-25
service-slm migrated its graph store from LadybugDB to SQLite for fleet nodes and integrates a nightly DataGraph rebuild that processes the operator data corpus through the Doorman into the property graph used for inference context injection.
- SLM as Totebox sysadmin and support centre2026-05-25
How service-slm becomes the operational assistant and support centre for Totebox Archive and Totebox Orchestration deployments — the training strategy, the ten operational task families, and the four-stage pipeline from corpus capture to per-tenant LoRA adapters.
- SLM and Yo-Yo operational state2026-05-25
How service-SLM's three-tier inference router and the Yo-Yo GPU burst VM operate, including the Doorman boundary, Tier A/B configuration, apprenticeship brief queue, and idle-shutdown cost ceiling.
- services/service-wallet-settlement
- Template ledger2026-05-08
The Template Ledger is the distribution mechanism within service-email-template that synchronises a single authoritative copy of every approved template to the operator's mail environment — eliminating version drift between template design and operator execution and removing every drafting step from routine corporate correspondence.
- Yo-Yo Daily Enrichment Cycle2026-06-11