Cognitive Server

APP · 02 — THE SOVEREIGN DATA SPACE

Vault — the sovereign data space.

Vault is the cognitive server's memory under European jurisdiction. A Vector Data Space built on Qdrant, with every asset sealed by an HMAC SHA-256 fingerprint and surfaced through a Compute-to-Data execution boundary. Skills, regulatory texts, embeddings and generated artefacts live inside the perimeter — Vault returns the answer, never the raw bytes. Aligned with GAIA-X and Pontus-X federation contracts so that what stays sovereign on the appliance can still be discovered, attested and exchanged across trusted European nodes.

Explore the stack →Read the thesis

Modules

What ships inside Vault

MOD-01

Sovereign Vector Vault

Qdrant-backed vector store with HMAC SHA-256 integrity on every asset, residency tags, GAIA-X compliance classification and a single-click "save to vault" path from any cognitive application.

MOD-02

Compute-to-Data Boundary

Skills execute against tenant data inside the Vault perimeter. Only the signed result leaves — raw rows, prompts and embeddings remain sovereign. Each execution emits a Chain receipt with input fingerprint and output hash.

MOD-03

Artefact Engine

Generates Word, Excel and PDF deliverables from Vault assets and writes them back as signed artefacts. Every artefact carries provenance metadata, the skill identifier, the operator's tenant JWT and the originating Chain trace.

MOD-04

Sovereign Notifications

Tenant-aware notification stream for vault events: integrity failures, residency violations, artefact completions, federation handshake outcomes. Persistent for criticals, auto-dismiss for transient signals.

Hooks

Programmatic surface

useSovereignVault

useSovereignVault(tenantId: string) => { assets, save, verify, classification }
CRUD surface over the tenant's vector vault with HMAC verification on every read. Returns assets, residency classification and a save() that re-signs and re-indexes in one call.

useComputeToData

useComputeToData(skillId: string) => { run, lastReceipt, status }
Executes a Vault skill against tenant data without exporting it. Returns only the signed result and a Chain receipt; the underlying bytes never cross the Vault boundary.

useArtefactEngine

useArtefactEngine() => { generate, list, sign, exportTo(format) }
Builds Word, Excel or PDF artefacts from Vault assets, signs them with the tenant key, and routes downloads through the Shield-enforced perimeter.

useSovereignNotifications

useSovereignNotifications() => { stream, dismiss, persistCritical }
Subscribes to the tenant-scoped Vault notification stream. Critical events stay until acknowledged; routine signals auto-dismiss after their lifetime expires.

Integration example

Drop Vault into a tenant app

// Run a regulatory diff skill against tenant policy assets without exporting them
import {
  useSovereignVault,
  useComputeToData,
} from "@cognitivserver/vault";

export function PolicyDiffPanel({ tenantId }: { tenantId: string }) {
  const { assets } = useSovereignVault(tenantId);
  const { run, lastReceipt } = useComputeToData("regulatory_diff_v2");

  async function compare(assetId: string) {
    // Raw policy bytes never leave Vault. Only the signed diff is returned.
    const result = await run({ assetId, regime: "NIS2" });
    console.log("Chain receipt:", lastReceipt?.traceId);
    return result;
  }

  return <PolicyDiffUI assets={assets} onCompare={compare} />;
}

Language · ts

Related applications

The rest of the stack

APP · 01

Core

Core is the cognitive heart of the server. It runs the chat experience, drives the Audit Chain, and owns the SSO and design system that every other application inherits. Llama 3 served by Ollama runs in-situ on the local GPU — every prompt, retrieval and tool call is traced by Chain before it leaves the request boundary.

Open core

APP · 03

Hub

Hub is where the cognitive server learns the operator's landscape. A live catalog of every connected ERP, CRM, MES, WMS and TMS, with a Fleet Manager that probes each connector continuously and an Ecosystem Dashboard that surfaces the entire posture in one screen. Built for the reality of European mid-market: SAP next to Odoo, Salesforce next to a homegrown WMS — all addressable through a single sovereign perimeter so Core can reason across them and Nexus can orchestrate them.

Open hub

APP · 04

Nexus

Nexus is the MCP Host of the cognitive server. It carries the approved Skill Catalog, four granular RBAC roles — admin, director, operator, viewer — and the compliance posture surface that turns every reasoning step into evidence. Bridge transports the JSON-RPC traffic, Shield evaluates the scope, Chain seals the result, and a Firebase mirror keeps the live posture visible across the operator's regulators, auditors and lines of business. Where Vault remembers and Hub connects, Nexus decides who is allowed to do what — and proves it.

Open nexus

Engage

Want to see this in your data center?

Request a briefing →