OE - ABN 77 691 088 963 - Perth, Western Australia - ORCID: 0009-0003-7735-8000 ECA Node Active
Ontological Engineering
Industrial Epistemic Infrastructure - Est. 2025
Phase 1 Commissioning - Reference Hardware - Perth, Western Australia
Isolated Compute Node
The Reasonable Alternative Design requires a physical demonstration. Intelligence is not rented. It is repatriated. Absolute data provenance and physical fidelity require ownership of the metal. This node runs the Epistemic Control Architecture on bare-metal, air-gapped hardware: proving the architecture is not theoretical. It is an engineering choice the industry has not made.
Internal architecture: DABA X1 isolated compute node, liquid-cooled compute core, segmented ECC memory matrix. Perth, Western Australia.
Figure 1 - Internal architecture, DABA X1 Phase 1 commissioning. Liquid-cooled compute core and segmented ECC memory matrix. Perth, Western Australia. (c) 2026 Ontological Engineering Pty Ltd.
Why Physical Hardware

A closed algorithmic system cannot be audited from inside a rented walled garden. Cloud-based AI inference carries inherent risks for proprietary data ingestion: hidden caching, swap-file leakage, and the fundamental absence of a verifiable chain of custody between the operator and the model. None of these risks exist on bare-metal hardware under direct physical control.

The value of this node is not the components. It is the topology. The architecture enforces a Bimodal Security Constraint: for adversarial audits and proprietary ingestion, Mode 0 applies - a complete physical air-gap. When broad external extraction is required, Mode 1 applies - frontier models are engaged strictly as untrusted sub-contractors. Proprietary metadata is stripped before transmission via the SEGA protocol. The returned payload is treated as contaminated until it passes the local Independent Protection Layer. The cloud is never trusted. The local interlock is.

This architecture is hardware-agnostic. The ISN and IPL components can operate locally while the AG is accessed via a remote API. The pattern applies to cloud-deployed frontier models without requiring cooperation from the model provider. The local interlock retains its authority regardless of where inference runs.

Reference Hardware Specification: Phase 1

Specifications provided as reference for replication. Not a commercial requirement. The architectural pattern is what transfers.

Compute Core
AMD Ryzen Threadripper 7960X: 24 cores / 48 threads
System Memory
256GB DDR5 ECC RAM: error-correcting for data integrity
AG Inference: Autoregressive Generator
Dual AMD Radeon PRO R9700: 64GB VRAM total - dedicated 70B parameter model inference
IPL Inference - Independent Protection Layer
NVIDIA RTX Pro Blackwell 2000: 16GB VRAM - physically isolated at OS layer from AG
Root of Trust
Hardware Security Modules: cryptographic signing of all provenance manifests and DABA VII.2 log integrity hashes
Storage
44TB WD Red Pro Array: offline Neo4j graph database for verified knowledge corpus
Hypervisor
Proxmox: isolated VMs for SEGA controlled extraction protocol enforcement
Management Interlock
Dedicated IPMI Card: out-of-band hardware management: independent thermal telemetry and remote power-cycle authority
Operating Mode
Mode 0: Physical air-gap / Mode 1: Gated hybrid with SEGA protocol - cloud treated as untrusted sub-contractor. Proxmox VM isolation to minimise attack surface between nodes.
Thermal Dynamics And Cooling
SilverStone Liquid Cooling. Noctua Cold Air Floor Intake. Sustained Thermal Equilibrium.
The Three-Node Pipeline in Operation

The Epistemic Control Architecture runs three inference nodes sequentially. Every query passes through all three before the operator receives any output. No token is rendered until the IPL issues its verdict.

Methodological Note on Model Selection: The specific models listed below (Qwen2.5, Llama-3.3) represent the commissioned configuration used during the Phase 1 RAD demonstration in Perth. The Epistemic Control Architecture is intrinsically model-agnostic; it is a structural framework for causal isolation and propositional auditing. These specific weights were selected solely to prove the physical feasibility of the pipeline on bare-metal hardware and do not constrain future operational implementations.

Node Port Model Function
ISN - Input Sanitisation Node 8082 Qwen2.5-3B-Instruct Credential stripping, claim extraction, embedded premise detection, epistemic void detection. Known Class B latent failure mode documented in OE-TR-2026-01 Section 6.2.
AG - Autoregressive Generator 8080 Llama-3.3-70B-Abliterated Technical response generation against sanitised query only: no credentials, no user framing. Operates under explicit Correction Mandate for false premises.
IPL - Independent Protection Layer 8081 Qwen2.5-14B-Instruct Propositional audit of AG response against extracted claims. Causally isolated from AG. Issues CLEAN, FLAGGED, or BLOCKED verdict. Operator receives nothing until verdict is issued.
Collusive Hallucination risk. In the limiting case where both the AG and IPL share identical parametric knowledge gaps - structurally likely given similar training corpora - the pipeline may issue CLEAN verdicts on responses that fail to correct false claims within those shared blind-spot domains. This is not internally detectable in Phase 1. Current mitigations include domain-specific retrieval augmentation and conservative FLAGGED-by-default policies for safety-critical domain classifications.

Phase 2 Mitigation: Phase 2 development targets logprob access via the native inference endpoint to expose per-token probability distributions. This enables a genuine prospective entropy estimate, providing a second, independent epistemic signal alongside the IPL's propositional audit. When the two signals diverge (e.g., low behavioural IPL confidence alongside high token entropy), the divergence itself constitutes a reportable epistemic event, structurally breaking the collusive loop.
Interlock Codes: Industrial Trip States

The pipeline enforces deterministic trip states. These are not error messages. They are non-repudiable audit records of exactly why the system halted. [ILK-DEV] and [ILK-BYP] are the primary epistemic interlocks. Both are quarantine states requiring explicit logged operator release action.

Interlock Code Stage Verdict State Trigger Condition
[ILK-INJ] ISN - Pre-inference BLOCKED Prompt injection or instruction-override pattern detected. AG does not run. Audit record generated.
[ILK-BLD] ISN - Pre-inference BLOCKED ISN template bleed: node echoed its own system instructions instead of extracting claims. Structural self-referential failure.
[ILK-LOS] ISN - Pre-inference BLOCKED Loss of semantic signal. Input contains no verifiable technical claims. Epistemic void state. Pipeline halts before inference.
[ILK-DEV] IPL - Post-audit BLOCKED Parametric deviation. AG confirmed a dangerous false premise without correction. Response quarantined at rendering layer. Operator receives verdict and code only. IPL confidence at or above 70%.
[ILK-BYP] IPL - Post-audit FLAGGED Mandate bypass. AG evaded correction mandate without explicitly endorsing the false claim. Response quarantined. Operator must perform explicit logged release action. Release timestamped in audit trail. IPL confidence 40-70%.
[ILK-OOR] IPL - Post-audit FLAGGED Out of range. Response is uncertain, heavily hedged, or at knowledge envelope boundary. Quarantined pending explicit logged operator release action.
[ILK-ERR] Infrastructure PARSE_ERROR Node timeout, crash, or unparseable output. Hardware or network fault: not an epistemic verdict. Does not produce a DABA VII.2 interlock verdict record.
Hardware-Enforced Knowledge Representation in AI

The central unsolved problem in knowledge representation in AI is not computational — it is architectural. A language model operating without an independent verification layer has no mechanism to distinguish between what it knows and what it statistically predicts. The Trinity Architecture addresses this at the hardware level by making the knowledge boundary physically enforced rather than inferentially estimated.

The three nodes function as a logic gate for knowledge representation. The Input Sanitisation Node (ISN) extracts the verifiable technical claims embedded in a query, stripping credentials and user framing that contaminate the epistemic signal. The Autoregressive Generator (AG) operates exclusively against the sanitised claim set — it has no access to the original prompt context. The Independent Protection Layer (IPL) performs a propositional audit: does the AG's response actually address the verified claims, or has it drifted into statistically plausible territory that fails the knowledge representation test?

The result is a system where ontological engineering is used for more than theoretical constraint — it is enforced by physical causal isolation between nodes. The IPL cannot collude with the AG because they run on separate GPU hardware under separate OS processes. The knowledge boundary is not a policy. It is a refusal primitive enforced by the topology of the machine itself. This is what DABA 3.0 Section VII.2 requires any compliant deployment to log: not just what the system decided, but the cryptographic evidence of how the knowledge representation was verified.

The Isolated Compute Node can be demonstrated on-site. Private technical briefings are available to industrial operators, legal risk teams, and regulatory bodies on request. No sales process. A machine that demonstrates its own argument.

andrew.greene@ontologicalengineering.com.au