Pathfinder — White Paper · OpenNextFrontier

01 — Abstract

The Case for Sovereign Personal AI

Pathfinder is a native desktop application and personal AI agent built on a single architectural guarantee: by default, nothing leaves your machine. It is not a cloud service with a privacy policy. It is a locally-run system whose architecture is structurally incapable of transmitting your data without your explicit choice.

This white paper presents the technical architecture, design philosophy, capability set, and roadmap for Pathfinder — and makes the broader case for why personal AI must be sovereign by design, not sovereign by promise.

Pathfinder is open-source under AGPL v3. It runs on Windows, macOS, and Linux. It supports five LLM providers — local and cloud — switchable per persona. It includes an encrypted vault, a Telegram gateway, a cron scheduler, an agent loop with tool calling, a knowledge base, a credentials manager, and a skills pipeline. All of it runs on your hardware. All of it answers to you.

9

Blocks Complete

5

LLM Providers

∞

Data Ownership

0

Servers to Breach

02 — The Problem

What "Trust Us" Actually Means

Every major AI assistant in use today operates on the same implicit contract: hand over your data, your conversations, your habits, and your identity — and in return, receive intelligence. The provider promises to be responsible with what you share. They publish privacy policies. They hire ethics teams. They mean well.

But "trust us" is a policy. And policies change.

Policies are rewritten when business models shift. They are overridden by government requests. They are rendered meaningless by acquisitions, bankruptcies, and data breaches. A policy is a promise made by people who may not be there tomorrow, about data that already left your hands yesterday.

"The question worth asking is not 'do you trust this company?' It is 'should trust even be required?'"

— OpenNextFrontier Personal AI Manifesto

We are at an inflection point. AI is moving from novelty to infrastructure — from something you try to something you depend on. The decisions made in the next few years about how personal AI is architected will shape who owns the most intimate layer of human cognition for decades.

Your AI assistant learns your schedule, your relationships, your health concerns, your finances, your fears. That is an extraordinary amount of trust to place in a terms-of-service agreement.

Pathfinder offers an alternative: personal AI that is genuinely personal. Intelligence that serves its owner because it is built to — not because it promised to.

03 — The Founding Principle

Sovereignty by Design

Pathfinder is built on a single foundational principle: a system that is architecturally incapable of acting against its owner cannot betray them — regardless of who builds it, funds it, or acquires it.

This is not a privacy policy. It is the structure of the system itself.

I

The Vault is Permissionless

The architect of Pathfinder has never seen any user's memories and never will. There is no server to subpoena. There is no database to breach. There is no account to deactivate.

II

Sovereignty is the Baseline, Not a Feature

Sovereignty begins at Settler — the moment someone installs Pathfinder. Tiers add capability. They do not add sovereignty. A person who journals privately owns their data completely, just as much as someone running a full sovereign stack.

III

Intentional Connection, Not Forced Trust

When Pathfinder uses a cloud LLM, only the current conversation context is sent. The vault, memories, credentials, and documents are never included. Web search sends only the query. n8n sends only the intent and parameters. Every external connection is deliberate, scoped, and initiated by you.

IV

Architecture Enforces, Not Policy

Pioneer tier blocks cloud LLMs at the Rust command layer — not a UI toggle, not a settings flag. It is enforced in compiled code. A Pioneer persona will never send inference to a cloud LLM regardless of configuration.

V

Open Source as Verification

AGPL v3. The architecture is visible, forkable, and auditable. Any person can verify exactly what Pathfinder does with their data. Trust is not required — verification is available.

"The most trustworthy AI is one that cannot betray you. Not one that has agreed not to. Not one that has a good reputation. One that, by its structure, has no pathway to act against the person it serves."

Sovereignty by design. — OpenNextFrontier

04 — Architecture

Built on a Sovereign Stack

Pathfinder is a native desktop application built with Tauri 2 and a Rust backend. It is not a web app. It is not an Electron app. It is a single compiled binary with a bundled SQLite database and an AES-256-GCM encrypted vault — all running on your hardware, with no external server required.

PATHFINDER ARCHITECTURE — v0.1.5 ┌─────────────────────────────────────────────────────────┐ │ FRONTEND React 19 · TypeScript · Tailwind 4 · Vite │ │ ChatPanel · Settings (11 panels) · VaultUnlock · AppShell │ └──────────────────────┬──────────────────────────────────┘ │ Tauri invoke() ┌──────────────────────▼──────────────────────────────────┐ │ RUST COMMANDS agent_chat · vault_* · persona_* · memory_* │ │ Thin handlers — delegate to services layer │ └──────────────────────┬──────────────────────────────────┘ │ ┌──────────────────────▼──────────────────────────────────┐ │ SERVICES vault.rs · persona.rs · memory.rs · conversation.rs │ │ gateway/ (Gateway trait) tools/ (Tool trait) │ │ scheduler_engine.rs (tokio cron) │ └────────┬──────────────────────────┬───────────────────┘ │ │ ┌────────▼──────┐ ┌──────────▼──────────────────────┐ │ pathfinder.db │ │ pathfinder.vault │ │ SQLite WAL │ │ AES-256-GCM · PBKDF2 100k │ │ 18 migrations │ │ Never written to disk unencrypted │ └───────────────┘ └─────────────────────────────────┘ External (user-initiated only): Cloud LLM → conversation context only (no vault, no memories) Web search → query only n8n → intent + parameters only Telegram → your bot, your token, polling mode

The Rust backend enforces all security constraints at the command layer before any data is processed. The frontend is a pure consumer of Tauri commands — it never accesses the vault or database directly. This separation means tier enforcement cannot be bypassed by modifying frontend code.

The SQLite database uses WAL (Write-Ahead Logging) mode with rusqlite 0.37 bundled — no system dependency required. The vault is a key-value store encrypted with AES-256-GCM using a key derived from the user's passphrase via PBKDF2/SHA-256 at 100,000 iterations. The key is cached in RAM as a VaultSession and zeroized from memory on drop — it is never written to disk.

05 — Security Tier Model

Progressive Capability, Constant Sovereignty

Pathfinder uses a four-tier security model. Each tier adds capability — none remove sovereignty. Tiers are per-persona, not per-installation. A single Pathfinder installation can simultaneously run a Scout persona (local LLM only) and a Pioneer persona (cloud LLM enabled), each with its own model, memory, and security constraints.

Tier 0

Settler

Vault, memory capture, Telegram gateway, scheduler, credentials manager, BM25 knowledge search. No LLM of any kind required.

No API key needed

Tier 1

Scout

All Settler capabilities plus local LLM inference via Ollama or BitNet. Agent loop, tools, skills, document search. No cloud required.

Ollama recommended

Tier 2

Pioneer

All Scout capabilities plus cloud LLM access (Claude, GPT, Gemini). Web search, n8n workflows, full agent capability. Local and cloud mixed per persona.

API key required

Tier 3

Explorer

All Pioneer capabilities plus hardware wallet signing, ZK proofs, and cryptographic ledger integration.

Future release

The Scout tier block is the clearest example of sovereignty by architecture. When a persona is set to Settler or Scout (tiers 0 or 1), the agent_chat Rust command checks security_tier <= 1 before routing to any cloud provider and returns an error — not a warning, an architectural rejection. This check runs in compiled Rust — it is not a frontend setting that can be toggled or bypassed. A Scout persona will never send inference to Anthropic, OpenAI, or Google, regardless of what API keys are stored in the vault.

A single Pathfinder installation can run a Scout persona (local-only) and a Pioneer persona (cloud-enabled) simultaneously — each with its own model, system prompt, and capability set. Tiers are per-persona, not per-installation.

The first-run wizard performs an environment scan — pinging Ollama, listing installed models, checking RAM and disk — and auto-recommends the appropriate starting tier based on what is already installed on the machine.

06 — Capabilities

What Pathfinder Can Do Today

🎭

Multi-Persona Identity

Unlimited personas, each a different mind — own model, system prompt, tone, security tier, color, and key overrides. Me-Corporate on Opus. Me-Personal on local qwen3. Me-Hobby on BitNet at zero cost.

🔐

AES-256-GCM Vault

PBKDF2/SHA-256, 100k iterations. API keys, credentials, documents — all encrypted. Key zeroized from RAM on drop. Never written to disk. Credentials never stored in the database.

📱

Telegram Gateway

teloxide, polling mode, no public IP required. Intent tokens: memory:, journal:, note:, find:, card:, password:, doc:. Photo, voice, and document capture. Persona switching via PIN.

🔧

Agent Loop + Tools

Up to 5 iterations, dedup check, unknown tool fallback, brace-matching parser. Web search (Serper), document search (BM25), n8n workflows (400+ integrations), calculator. Short-circuit when no tools available.

⏰

Cron Scheduler

Tokio-based cron engine. One-shot and recurring jobs. Telegram delivery. Per-job run history. Jobs fire while the app is open — autonomous AI work on your schedule.

📚

Knowledge RAG

BM25 keyword search on knowledge_chunks table. docs/ folder auto-indexed on startup. Trailhead persona injects full documentation context via RAG — ask Pathfinder how to use Pathfinder.

🔑

Credentials Manager

Passwords in vault at shared.credentials.{id}.password — never in SQLite. pfcreds encrypted export/import (AES-256-GCM JSON blob). CSV import. Retrieve via Telegram password: intent token.

⚡

Skills Pipeline

Folder-based skill system: 00_references → 01_input → 02_process → 03_output. skill.json manifest. No Rust required to build a skill. Morning Brief and Research skills included.

07 — Sovereignty in Practice

What Stays Local. Always.

The sovereignty claim is architectural, not absolute. Here is exactly what stays local and what travels, when you choose to let it:

Data

Stays Local

Travels When

What Is Sent

Vault contents

Always

Never

—

Memories

Always

Never

—

Credentials / passwords

Always

Never

—

Personas & system prompts

Always

Never

—

Conversation context

By default

Cloud LLM chosen

Current conversation only

Web search query

N/A

Web search tool used

Search query only

n8n workflow call

N/A

n8n tool used

Intent + query + parameters

Pioneer tier personas never appear in the "Travels When" column for conversation context — cloud LLMs are blocked by the Rust command layer before the call is ever made.

08 — Community & Extensibility

Five Extension Points. One Sovereignty Core.

Pathfinder is designed for community extensibility from the start. Five defined extension points allow contributors to add capabilities without touching the sovereignty core — the vault encryption, tier enforcement, and core DB schema remain founder-controlled.

📡

Gateway Modules

Implement the Rust Gateway trait to add new transport channels. Signal, Discord, IRC, Meshtastic — the trait is defined and ready. Telegram is the reference implementation.

🔧

Tool Factory

Implement the Tool trait to add new agent-callable tools. Tier + key gating is automatic. The ALL_TOOLS registry filters at call time. No core code changes required.

🏷️

Token Handlers

Add new intent token prefixes to the gateway handler. The token protocol is how Pathfinder routes Telegram messages without LLM involvement — fast, cheap, sovereign.

💾

Storage Adapters

Implement the MemoryStore trait to add new memory backends. Vector search via nomic-embed-text is the planned next adapter alongside the existing BM25 SQLite implementation.

⚡

Skills — No Rust Required

The lowest-barrier extension point. A skill is a folder with a skill.json manifest and markdown files. No compilation. No Rust. Anyone who can write markdown can build a Pathfinder skill. The folder pipeline (00_references → 01_input → 02_process → 03_output) handles execution.

Community contributions are gated on Block 12 — which requires a cryptographic contribution ledger (blockchain-based) to be production-ready. This is intentional: the contribution process itself must be sovereign. Every merge will require a CLA and an on-chain record. No contribution can reach users without explicit founder approval until the DAO governance model is operational.

The community layer sits above individual Pathfinder instances and can never reach inside them. It pushes capabilities downward. It never pulls data upward.

09 — Comparison

Pathfinder vs Cloud AI

Cloud AI tools — Claude.ai, ChatGPT, Gemini — are excellent at inference. They are not designed for sovereignty. The comparison below is not a criticism of their models; it is an observation about their architecture.

Capability

🦅 Pathfinder

Claude.ai

ChatGPT

Data stays on your machine

★ Always

✕ Their servers

Works fully offline

★ Scout tier

✕

Multiple personas

★ Unlimited

✕ Single identity

Multiple LLM providers

★ 5 providers

✕ Claude only

✕ GPT only

Telegram gateway

★ Built-in

✕

Cron scheduler

★ Built-in

✕

Encrypted credentials vault

★ Built-in

✕

Open source

★ AGPL v3

✕

Agent loop + tools

✓ Built

✓ Yes

No conversation training

★ Guaranteed

~ Opt-out

10 — Roadmap

Where Pathfinder Is Going

Phase I

Foundation

Blocks 1–9 — Complete (v0.1.5)

Tauri 2 native app · AES vault · 5 LLM providers · Multi-persona · Telegram gateway · Agent loop · Scheduler · Skills · Trailhead RAG · Credentials · First-run wizard · NSIS installer

✓ Complete

Phase II

Reach

Blocks 10–11 — Android + Developer Readiness

Tauri Android target · Samsung Galaxy Tab APK · Architecture docs · Gateway/tool/skill walkthroughs · GitHub Actions CI · Mock LLM mode · Echo gateway reference · Issue/PR templates

In Progress

Phase III

Community

Block 12 — Community Contributions (Blockchain-gated)

Cryptographic contribution ledger · CLA + on-chain record · Extension marketplace · Contributor ZK verification · Cryptographic accountability bonds · Revenue distribution via smart contract

Planned

Phase IV

Living Platform

Explorer Tier + Decentralized Governance

Hardware wallet signing · ZK proofs · Cryptographic ledger identity · DAO governance · Event access verification · Signal/Discord/Meshtastic gateways · Voice I/O · .soul portable export · Social publishing

Future

11 — AI Literacy Initiative

An Educated Community is a Resilient Community

Alongside Pathfinder as a product, OpenNextFrontier is developing an AI Literacy Initiative — a locally-rooted educational program that teaches practical AI skills to businesses, nonprofits, and individuals, with a built-in access model that ensures those who can't afford tuition still get a seat.

The goal is not to produce AI power users. It is to produce people who understand what AI is, what it is not, where it is heading, and what questions to ask. People who can evaluate claims made by vendors, employers, and politicians. People who know when to embrace a technology and when to push back.

"People are worried about their jobs, their privacy, and a future they feel they have no voice in. That fear is not irrational. An educated community is a resilient community."

— AI Literacy Initiative Briefing Note

What students take home: A working AI assistant that runs locally on their own computer — no subscription, no ongoing cost, no vendor dependency. Something real, not just a certificate.

The model: Businesses and professionals who can afford quality AI education fund seats for nonprofit staff, community organizations, students, and individuals who couldn't otherwise participate. Paying students aren't just buying education — they're enabling access for others.

Governance vision: A foundation arm (nonprofit, eventual 501(c)(3)) holds the educational mission and access fund. A commercial arm sustains operations and generates the cross-subsidy. Community governance expands over time to include educators, builders, and participants.

12 — Conclusion

The Argument, Stated Simply

Personal AI is becoming infrastructure. The architecture decisions being made today will determine who owns the most intimate layer of human cognition for the next generation.

Pathfinder is a bet on a different outcome: that it is possible to build personal AI that is genuinely personal. That sovereignty by design is not a niche concern but an architectural necessity. That the most trustworthy AI is not the one that promises best — it is the one that cannot betray you by structure.

The project is open-source. The architecture is visible. The vault is yours. The data is yours. The personas are yours. The memories are yours.

That is not a claim. That is a design.

"Your self-sovereign AI agent. Intelligence that serves its owner because it is built to — not because it promised to."

Sovereignty by design. — OpenNextFrontier · opennextfrontier.com

Get started: Download Pathfinder from opennextfrontier.com. Single .exe installer. No account. No subscription. Your data never leaves.

Read the source: github.com/epictetusmemory-design/pathfinder-tauri — AGPL v3.

Explore the docs: opennextfrontier.com — architecture, wire diagram, layer map, capabilities, this white paper.

Your Self-SovereignAI Agent

The Case for Sovereign Personal AI

What "Trust Us" Actually Means

Sovereignty by Design

Built on a Sovereign Stack

Progressive Capability, Constant Sovereignty

What Pathfinder Can Do Today

What Stays Local. Always.

Five Extension Points. One Sovereignty Core.

Pathfinder vs Cloud AI

Where Pathfinder Is Going

An Educated Community is a Resilient Community

The Argument, Stated Simply

Your Self-Sovereign
AI Agent