Pathfinder
System Architecture & Data Flow
v1.0.0-alpha Β· March 2026
Stays local β€” never leaves machine
Optional cloud (conversation only)
AES-256 encrypted
Data flow
Blocked by architecture (Scout and below)
Input Channels
🌐
Web UI
Browser at localhost:1420. All traffic stays on machine.
Local only
πŸ“±
Telegram
Polling mode. No public IP. Sender whitelist. PIN per persona.
Encrypted transit
πŸ“‘
Signal
Planned β€” Phase 3+
Coming soon
Output Channels
πŸ“€
Blotato
Social publish β€” Instagram, Twitter, LinkedIn. Phase 5.
Outbound only
πŸ“…
n8n / Calendar
Google Calendar, Gmail via OAuth. Tool calls only.
Outbound only
πŸ¦… Pathfinder β€” Tauri Β· Rust Β· React
localhost:1420 Β· Your machine Β· Your hardware
lib.rs Β· commands/
gateway/ Β· tools/
src/ (React)
⚑ Mind β€” Orchestration
Intent Router
Detects tokens (memory:, find:, journal:) vs natural language. Routes to correct handler.
Persona Engine
Loads active persona. Applies system prompt, tone, tier enforcement, vault access grants.
Tool Factory
Web search (DDG/Serper), calculator, n8n webhooks. Tools inject results into LLM context.
Security Tier Check
Settler β†’ no LLM. Pioneer+ β†’ local only. Enforced architecturally, not by config.
πŸ’Ύ Memory β€” Local Storage
data/
soul/
pathfinder.vault ← AES-256
pathfinder.db
personas/
p1.json Β· p2.json…
memory/
SOUL.md ← shared
vectors.json
ego-p1/
episodic/
reference/
conversations/
per-persona chat history
Settler β€” BM25 keyword search
Scout+ β€” Vector semantic search
πŸ” Soul Vault β€” Encrypted
AES-256-GCM Encryption
PBKDF2 310k iterations. Key cached in RAM for session only. Never written to disk.
Vault Contents
API keys Β· Credit cards Β· Documents Β· Passwords Β· Wallet stub (Immuta)
Sensitivity Tiers
CRITICAL β€” never leaves Β· SENSITIVE β€” confirm required Β· PERSONAL β€” Scout+
.soul Export
Encrypted zip of all data/. Portable. Import on any Pathfinder instance. No server involved.
πŸ€– LLM Proxy β€” Inference Layer
Only conversation context reaches providers. Vault, memory files, and documents never leave Pathfinder.
Local providers
Ollama β€” Llama 3 Β· DeepSeek Β· Qwen3
BitNet β€” 1-bit quantized CPU
Cloud providers
Gemini Β· Claude Β· GPT Β· Grok
Pioneer β€” local + cloud allowed
Scout β€” local only Β· cloud blocked by architecture
β†’ Data Flow Paths
Settler
message
πŸ“± Phone
Telegram
input
Intent
Router
brain
memory:
token
parse token
data/
memory/
stored local
✦ stored
confirmation
response
Pioneer
question
🌐 Web UI
question
input
Memory
Search
local search
LLM
Proxy
+ context
Gemini /
Claude
inference only
Response
to user
answer
Scout
blocked
πŸ“± Phone
question
input
Tier
Check
enforce
Cloud
blocked βœ•
architecture
Ollama
local
local only
Response
private
answer
Vault
delivery
πŸ“± "send
passport"
request
PIN
auth
verify
soul
.vault
decrypt
πŸ“Ž File
to phone
delivered
πŸ” Vault: AES-256 Β· never leaves machine
πŸ’Ύ Memory: local files + vectors.json
πŸ‘€ Personas: scoped Β· isolated Β· tiered
πŸ€– LLM: conversation context only
✦ Sovereignty by design. β€” architecture, not policy
Pathfinder
Part of the OpenNextFrontier Β· Free & Open Source Β· v1.0.0-alpha