← overview

Federation HA — Ed25519 mesh

Layer 3 · cluster of cryptographic trust · N paired pools · distributed RAID

Each pool = self-contained · no central pool · reciprocal Ed25519 pairing (proprietary trust) PRIMARY POOL headquarters · main admin proprietary pool identifier max trust · pubkey baked in compute workers + proxies + RAG admin dashboard · GDPR employees GPU SATELLITE datacenter · heavy compute proprietary pool identifier high trust · paired reciprocal GPU workers (RTX/A100) cross-pool inference offload BRANCH SATELLITE remote branch · CPU proprietary pool identifier standard trust · paired reciprocal lightweight worker proxies local RAG · project mode reciprocal Ed25519 pairing reciprocal Ed25519 pairing reciprocal pairing M replicated memories W cross-pool workers G replicated model catalog A auto-migration A auto-migration ⚡ Symmetric admin HA Admin connected to any pool = full cluster view aggregated (workers, online pools, incidents, RAG, federation). Pool_A down → admin switches to Pool_B without losing control. 🔐 Zero-data-out preserved Cross-pool RAG fanout: the request is signed Ed25519 at origin. Each peer answers with its relevant chunks. No cross-pool storage. No data leaves the customer cluster. 🎯 Self-orchestrating fleet Workers and proxies migrate automatically across pools based on load AND failure (5 min anti-flap hysteresis). Admin sets policy via UI; never moves a piece by hand. Each pool keeps its own production Ed25519 keypair (air-gap ceremony). No public Internet required.
Primary pool (HQ, main admin)
GPU satellite (datacenter compute)
Branch satellite (CPU)
Reciprocal Ed25519 pairing

Ed25519 pairing

  • • Pubkey exchange in person or air-gapped (never cloud)
  • • Reciprocal signature ≠ centralized authority
  • • Proprietary trust scale (internal levels)
  • • Signed replication enabled per trust level
  • • Zero default trust granted

What is replicated cross-site

  • • Encrypted user memories
  • • Replicated model catalog (master/satellite)
  • • Cross-pool worker trust (proprietary logic)
  • • Project documents (cross-site RAG)
  • • Distributed adaptive routing

What stays pool-local

  • • Sovereign per-pool audit
  • • Local administrator overrides
  • • Incident journal (pool-local)
  • • Per-pool admin toggles
  • • Runtime UI flags (pool-local config)

Auto-orchestration

  • • Reactive failover : 5 min anti-flap hysteresis
  • • Sticky return ≤60s when primary recovers
  • • Proactive load rebalancing (no panne required)
  • • Graceful drain of in-flight jobs (60s timeout)
  • • Master/satellite catalog : explicit admin promotion only
Cellule-PRO · Federation HA · overview · Live topology