Timmy-time-dashboard/docs/sovereignty-audit.md

Sovereignty Audit — Runtime Dependencies

Issue: #1508 Date: 2026-04-15 Status: Draft

Purpose

SOUL.md mandates: "If I ever require permission from a third party to function, I have failed."

This document audits all runtime dependencies, classifies each as essential vs replaceable, and defines a path to full sovereignty.

---

Dependency Inventory

1. LLM Inference

Provider	Role	Status
Nous Research (OpenRouter)	Primary inference (mimo-v2-pro)	Third-party
Anthropic	Claude models (BANNED per policy)	Third-party, disabled
OpenAI	Codex agent	Third-party
Google	Gemini agent	Third-party

Classification: REPLACEABLE Local path: Ollama + GGUF models (Gemma, Llama, Qwen) on local hardware Current blocker: Frontier model quality gap for complex reasoning Sovereignty score impact: -40% (inference is the heaviest dependency)

2. Bitcoin Network

Provider	Role	Status
Bitcoin Core (local or remote node)	Chain heartbeat, inscription verification	Acceptable

Classification: ACCEPTABLE — Bitcoin is permissionless infrastructure, not a third party Sovereignty score impact: 0% (running own node = sovereign)

3. Git Hosting (Gitea)

Provider	Role	Status
forge.alexanderwhitestone.com	Issue tracking, PR workflow, agent coordination	Self-hosted

Classification: ACCEPTABLE — self-hosted on own VPS Sovereignty score impact: 0% (self-hosted)

4. Telegram

Provider	Role	Status
Telegram Bot API	User-facing chat interface	Third-party

Classification: REPLACEABLE Local path: Matrix (self-hosted homeserver) or direct CLI/SSH Current blocker: User adoption — Alexander uses Telegram Sovereignty score impact: -10%

5. DNS / Network

Provider	Role	Status
Domain registrar	DNS resolution	Third-party
Cloudflare (if used)	CDN/DDoS protection	Third-party

Classification: REPLACEABLE Local path: Direct IP access, local DNS, Tor hidden service Current blocker: Usability — direct IP is fragile Sovereignty score impact: -5%

6. Operating System

Provider	Role	Status
macOS (Apple)	Primary development host	Third-party
Linux (VPS)	Production agent hosts	Acceptable (open source)

Classification: ESSENTIAL (no practical alternative for current workflow) Notes: macOS dependency is hardware-layer, not runtime-layer. Agents run on Linux VPS. Sovereignty score impact: -5% (development only, not runtime)

---

Sovereignty Score

Sovereignty Score = (Operations that work offline) / (Total operations)

Current estimate: ~50%
  - Inference: can run locally (Ollama) but currently routes through Nous
  - Communication: Telegram routes through third party
  - Everything else: self-hosted or local

Target: 90%+
  - Move inference to local Ollama for non-complex tasks (DONE partially)
  - Add Matrix as primary comms channel (in progress)
  - Maintain Bitcoin node for chain heartbeat

---

Classification Summary

Dependency	Essential?	Replaceable?	Local Alternative	Priority
LLM Inference (Nous)	No	Yes	Ollama + local models	P1
Telegram	No	Yes	Matrix homeserver	P2
DNS	No	Yes	Direct IP / Tor	P3
macOS	Dev only	N/A	Linux	N/A
Bitcoin	Yes	N/A	Already sovereign	N/A
Gitea	Yes	N/A	Already self-hosted	N/A

---

Local-Only Fallback Path

Tier 1 — Fully sovereign (no network):

• Local Ollama inference
• Local file storage
• Local git repositories
• Direct CLI interaction

Tier 2 — Sovereign with network:

• • Bitcoin node (permissionless)
• • Self-hosted Gitea (own VPS)
• • Self-hosted Matrix (own VPS)

Tier 3 — Pragmatic (current state):

• • Nous/OpenRouter inference (better quality)
• • Telegram (user adoption)
• • DNS resolution

Goal: Every Tier 3 dependency should have a Tier 1 or Tier 2 alternative tested and documented.

---

Acceptance Criteria Status

1. Document all runtime third-party dependencies — DONE (this document)
2. Classify each as essential vs replaceable — DONE (table above)
3. Define local-only fallback path for each — DONE (tiered system)
4. Create sovereignty score metric — DONE (formula + current estimate)

---

Sovereignty and service always.