Earthseed / The Stack

Complete technical reference for the Sovereign Edge Computing Ecosystem.

Every layer — from the hardware on my desk to the runtime that ties it together. For anyone who finished The Case and wants the specifics.

LIVE
Earthseed
Home Node

What it is

The home server — a Raspberry Pi 5 running 24/7. It's the source of truth for the entire ecosystem: it runs local AI inference, stores the encrypted vault, serves the public website, and coordinates all other nodes over an encrypted private network.

Hardware

  • BoardRaspberry Pi 5 8GB
  • OSRaspberry Pi OS (Debian 12 Bookworm)
  • StorageNVMe SSD via PCIe HAT
  • NetworkEthernet + Tailscale mesh (100.122.161.42)
  • Public addresssece.dev → Cloudflare → Tailscale Funnel → Earthseed

Services

  • Lazana OSPort 5177 — React/Vite shell
  • Vault APIPort 3003 — AES-256-GCM + Argon2id
  • AIDAPort 3005 — Runtime coordinator
  • Terminal ProxyPort 3006 — node-pty WebSocket
  • OllamaPort 11434 — Local LLM inference
  • Open WebUIPort 3000 — Docker
  • nginxPort 443 (private) + 8080 (public, Funnel only)

Security model

Port 443 is Tailscale peers only — requires vault token cookie auth through nginx. Port 8080 is the public site, isolated to 127.0.0.1 with no vault auth, no bridge to the private services. Tailscale Funnel only exposes 8080. Even if the public site were compromised, the terminal and vault are unreachable from it.

LIVE
Lazana OS
Interface Layer

What it is

The operating environment built on top of Linux. Not a web app — it runs as an Electron shell using the Aqualith design system. When a node boots, it boots into Lazana. The Linux kernel, X11 session, and process manager stay invisible below.

Architecture

  • ShellElectron + React (Vite, npm workspaces)
  • Design systemAqualith — custom component library
  • RoutingInternalRouter daemon (standalone, port 3080)
  • DisplayX11 / Xorg (Wayland eval in Sprint 15)
  • Process mgmtServiceManager (Electron IPC) + PM2 (Pi)

Apps

PAD Shell (primary workspace), Vault UI (AES-256-GCM encrypted notes and files), Terminal (live Pi shell via WebSocket), Admin (system controls, brightness, status). All apps route through InternalRouter — no hardcoded IPs or ports in React code.

AIDA

Lazana ships with a custom-built agent called AIDA. She's part of the OS — not a third-party product, not a cloud API. She runs on the hardware, maintains awareness across the stack, and routes inference to local models. No data leaves the network.

LIVE
Cyberdeck
Edge Node

What it is

A CM4-based pocket computer running a full Lazana OS installation locally. Not a thin client — it has its own vault, its own AIDA instance, and its own edge LLM. It peers with Earthseed over Tailscale and syncs through AIDA behaviors, not a central server.

Hardware

  • BoardRaspberry Pi CM4
  • OSRaspberry Pi OS (Debian 12 Bookworm)
  • NetworkTailscale (100.102.117.6)
  • Edge LLMgemma-3-1b-it Q4_K_M via llama.cpp (port 11435)
  • DisplayX11 + Electron (GPU acceleration disabled — CM4 limitation)

Architecture note

GPU acceleration is permanently disabled on the CM4 due to a hardware limitation with Electron's Chromium renderer. The InternalRouter runs as a standalone daemon rather than inside Electron, so it survives shell restarts. WebContentsView replaces the deprecated BrowserView API as of Sprint 14.

COMING
???
The Missing Piece

Not ready yet

There's one more layer. The part that makes all of this replicable — not just for me. It's built into the name of this project. When it's ready to share, it'll be here.