Phase 1 Commissioning - Reference Hardware - Perth, Western Australia
Isolated Compute Node
The Reasonable Alternative Design requires a physical demonstration. Intelligence
is not rented. It is repatriated. Absolute data provenance and physical fidelity
require ownership of the metal. This node runs the Epistemic Control Architecture
on bare-metal, air-gapped hardware: proving the architecture is not theoretical.
It is an engineering choice the industry has not made.
Figure 1 - Internal architecture, DABA X1 Phase 1 commissioning. Liquid-cooled compute core and segmented ECC memory matrix. Perth, Western Australia. (c) 2026 Ontological Engineering Pty Ltd.
I
Why Physical Hardware
A closed algorithmic system cannot be audited from inside a rented walled garden.
Cloud-based AI inference carries inherent risks for proprietary data ingestion:
hidden caching, swap-file leakage, and the fundamental absence of a verifiable
chain of custody between the operator and the model. None of these risks exist
on bare-metal hardware under direct physical control.
The value of this node is not the components. It is the topology. The architecture
enforces a Bimodal Security Constraint: for adversarial audits and proprietary
ingestion, Mode 0 applies - a complete physical air-gap. When broad external
extraction is required, Mode 1 applies - frontier models are engaged strictly
as untrusted sub-contractors. Proprietary metadata is stripped before transmission
via the SEGA protocol. The returned payload is treated as contaminated until it
passes the local Independent Protection Layer. The cloud is never trusted.
The local interlock is.
This architecture is hardware-agnostic. The ISN and IPL components can operate
locally while the AG is accessed via a remote API. The pattern applies to
cloud-deployed frontier models without requiring cooperation from the model provider.
The local interlock retains its authority regardless of where inference runs.
II
Reference Hardware Specification: Phase 1
Specifications provided as reference for replication. Not a commercial requirement.
The architectural pattern is what transfers.
Compute Core
AMD Ryzen Threadripper 7960X - 24 cores / 48 threads
System Memory
256GB DDR5 ECC RAM - error-correcting for data integrity
AG Inference - Autoregressive Generator
Dual AMD Radeon PRO R9700 - 64GB VRAM total - dedicated 70B parameter model inference
IPL Inference - Independent Protection Layer
NVIDIA RTX Pro Blackwell 2000 - 16GB VRAM - physically isolated at OS layer from AG
Root of Trust
Hardware Security Modules - cryptographic signing of all provenance manifests and DABA VII.2 log integrity hashes
Storage
22TB WD Red Pro - offline Neo4j graph database for verified knowledge corpus
Hypervisor
Proxmox - isolated VMs for SEGA controlled extraction protocol enforcement
Operating Mode
Mode 0: Physical air-gap / Mode 1: Gated hybrid with SEGA protocol - cloud treated as untrusted sub-contractor. Proxmox VM isolation to minimise attack surface between nodes.
III
The Three-Node Pipeline in Operation
The Epistemic Control Architecture runs three inference nodes sequentially.
Every query passes through all three before the operator receives any output.
No token is rendered until the IPL issues its verdict.
| Node |
Port |
Model |
Function |
| ISN - Input Sanitisation Node |
8082 |
Qwen2.5-3B-Instruct |
Credential stripping, claim extraction, embedded premise detection, epistemic void detection. Known Class B latent failure mode documented in OE-TR-2026-01 Section 6.2. |
| AG - Autoregressive Generator |
8080 |
Llama-3.3-70B-Abliterated |
Technical response generation against sanitised query only: no credentials, no user framing. Operates under explicit Correction Mandate for false premises. |
| IPL - Independent Protection Layer |
8081 |
Qwen2.5-14B-Instruct |
Propositional audit of AG response against extracted claims. Causally isolated from AG. Issues CLEAN, FLAGGED, or BLOCKED verdict. Operator receives nothing until verdict is issued. |
Collusive Hallucination risk. In the limiting case where both the AG and IPL
share identical parametric knowledge gaps - structurally likely given similar training corpora -
the pipeline may issue CLEAN verdicts on responses that fail to correct false claims within
those shared blind-spot domains. This is not internally detectable. Mitigations include
domain-specific retrieval augmentation and conservative FLAGGED-by-default policies
for safety-critical domain classifications.
IV
Interlock Codes: Industrial Trip States
The pipeline enforces deterministic trip states. These are not error messages.
They are non-repudiable audit records of exactly why the system halted.
[ILK-DEV] and [ILK-BYP] are the primary epistemic interlocks.
Both are quarantine states requiring explicit logged operator release action.
| Interlock Code |
Stage |
Verdict State |
Trigger Condition |
| [ILK-INJ] |
ISN - Pre-inference |
BLOCKED |
Prompt injection or instruction-override pattern detected. AG does not run. Audit record generated. |
| [ILK-BLD] |
ISN - Pre-inference |
BLOCKED |
ISN template bleed: node echoed its own system instructions instead of extracting claims. Structural self-referential failure. |
| [ILK-LOS] |
ISN - Pre-inference |
BLOCKED |
Loss of semantic signal. Input contains no verifiable technical claims. Epistemic void state. Pipeline halts before inference. |
| [ILK-DEV] |
IPL - Post-audit |
BLOCKED |
Parametric deviation. AG confirmed a dangerous false premise without correction. Response quarantined at rendering layer. Operator receives verdict and code only. IPL confidence at or above 70%. |
| [ILK-BYP] |
IPL - Post-audit |
FLAGGED |
Mandate bypass. AG evaded correction mandate without explicitly endorsing the false claim. Response quarantined. Operator must perform explicit logged release action. Release timestamped in audit trail. IPL confidence 40-70%. |
| [ILK-OOR] |
IPL - Post-audit |
FLAGGED |
Out of range. Response is uncertain, heavily hedged, or at knowledge envelope boundary. Quarantined pending explicit logged operator release action. |
| [ILK-ERR] |
Infrastructure |
PARSE_ERROR |
Node timeout, crash, or unparseable output. Hardware or network fault: not an epistemic verdict. Does not produce a DABA VII.2 interlock verdict record. |
