Every decision, traceable.
Local-First is not a slogan. It is a four-layer network lock, hash-chain audit, tiered RBAC and compliance mapping.
Defense in Depth, Engineered
Applied as a standard enterprise pattern: application allowlist, egress audit, container isolation, host firewall — four layers of least-privilege networking, with critical paths remaining online when disconnected.
AuditLedger · Append-only Audit
Every LLM inference, every execution, every rule change is appended to a local ledger and exportable as a compliance report.
RBAC · Roles and Multi-site Isolation
Standard role model (admin / operator / observer / user) with multi-site and floor-level access scopes — each person sees only what their role covers.
Aligned with MLPS / HIPAA / GDPR
Selected control-point mapping against MLPS 2.0 L3, HIPAA-like, and GDPR-like; the full matrix ships with the procurement brief. Audit logs export as JSONL, CSV, or PDF.
Defense in Depth · Layered Network Protection
This section reflects standard enterprise networking and MLPS 2.0 engineering practice — not a proprietary security model.
Layer 1 · Application
Business allowlist + endpoint signature, zero exception
Layer 2 · Audit
Write to hash-chain before send, every packet logged
Layer 3 · Container
Egress from namespace limited to allowlist host
Layer 4 · Host iptables
Host-level firewall enforcement, hard deny
Selected Control Points
A selection of control points. The full matrix ships with the procurement brief and is enforced at acceptance.
| Control Point | MLPS 2.0 L3 | HIPAA-like | GDPR-like |
|---|---|---|---|
| Tamper-evident audit | 8.1.4.1 | 164.312(b) | Art.30 |
| Identity & Access | 8.1.4.3 | 164.308(a)(3) | Art.32 |
| Data Localization | 8.1.3.5 | 164.316 | Art.44-49 |
| Minimum Necessary | 8.1.2 | 164.502(b) | Art.5(1)(c) |
| Incident Response | 8.1.10 | 164.308(a)(6) | Art.33 |
| Encrypted Transport | 8.1.4.5 | 164.312(e) | Art.32 |