The enclave is split into two physical domains to isolate high-risk talent workloads from sovereign control.

Cluster A — The Citadel (Brain)

• Stable core services
• Identity sovereignty (LDAP-Alpha)
• ZFS replication

Server B — The Arena (Muscle)

• High-density execution
• Public traffic and compilation
• Volatile workloads

Zones 0–5 model operational risk.

Alpha-Override Rule

Apps in Zones 4/5 may query LDAP-Beta for talent lookup, but admin privileges must map to LDAP-Alpha to prevent lockout during talent deletion events.

Cluster A (Control Plane)

• 3× Xeon E3-1275v5, 64GB RAM each
• ZFS replication (15 min)

Server B (Execution Plane)

• 1× AMD EPYC, 24+ cores, 256GB RAM
• heavy I/O, compilation, public traffic

The Two-State Solution

We do not mix “Thinking” with “Doing.” In the Opplet v6.4 Architecture, the infrastructure is physically and logically divided into two distinct hemispheres.

Visual Topology

1. The Citadel (Zone A)

• Role: The Brain.
• Hardware: Low-power, high-reliability (Chromebook / Intel NUC).
• Data: Private Keys, Passwords, Strategy Documents.
• Rule: Nothing enters The Citadel. It only pushes out.

2. The Arena (Zone B)

• Role: The Muscle.
• Hardware: High-power, disposable (VPS / Cloud Runners).
• Data: Public Code, Compiled Binaries, Logs.
• Rule: Assume Breach. The Arena is designed to be wiped and rebuilt in seconds.

The “Air Gap” Protocol

Data flows only one way: Left to Right. The Citadel pushes instructions to the Arena. The Arena executes them and serves the result to the world. The Arena never “calls home” to the Citadel.

Physical Topology

The enclave is split into two distinct physical domains to isolate high-risk “Talent” workloads from the “Sovereign” control plane.

Cluster A (The Citadel)

• Role: The Brain
• Identity: Alpha
• Power: Low-Power Xeon E3

Server B (The Arena)

• Role: The Muscle
• Identity: Beta (Talent Lifecycle)
• Power: High-Density AMD EPYC