SovereignEdge

SovereignEdge deploys zero-token NPU agents to subjugate Google Workspace, creating secure, ISO-compliant environments that foster innovation education and data sovereignty for schools and SMEs.

Comment

Inspiration

Regulated small and medium enterprises (SMEs)—such as boutique law firms and CPAs—along with modern educational institutions face a fatal operational paradox. They are racing to harness the paradigm shift of generative AI, yet they are paralyzed by catastrophic cloud data liabilities, toxic PII leakage, and volatile API token inflation. For schools trying to pioneer innovation education, the problem is twice as severe: they must foster digital resilience and hands-on AI literacy in students while bound by strict legal obligations to protect juvenile privacy and pedagogical data.

Traditional AI platforms force a compromise: either accept technological stagnation or expose private data. We engineered SovereignEdge to eliminate this trade-off. Our inspiration was to execute total programmatic subjugation over native infrastructures, creating an airtight, zero-cost compliance fortress where schools and firms can safely capture the power of AI while retaining 100% data sovereignty.

What it does

SovereignEdge converts an institution’s native Google Workspace tenant into an isolated, hyper-secure cognitive execution engine. Operating under an Extreme Agile framework optimized for a solo operator, the platform deploys autonomous AI agents to index, sanitize, metadata-tag, and orchestrate private files.

At its core, the platform acts as an absolute defensive shield. Whether handling privileged litigation records or sensitive student diagnostics, all data packets are intercepted at the local edge, passed through a strict Anti-Corruption Layer (ACL), and scrubbed of high-risk identifiers before cloud interaction. This architecture allows schools and enterprises to deploy a completely sandboxed AI interface—enabling safe pedagogical workflows, digital resilience, and automated corporate compliance without monthly infrastructure bloat.

How we built it

The architecture is an elegant fusion of hardware edge execution and native cloud automation, built across three distinct layers:

  • The Edge Engine (Zero-Token NPU Processing): Local directory monitoring and initial ingestion are handled via PowerShell 7+ scripts and Python 3.12 orchestration frameworks. Heavy classification and feature extraction tasks are completely offloaded to local Small Language Models (SLMs like Phi-4 and Llama 3.2 via Ollama) running directly on the host Neural Processing Unit (NPU) using the AMD Ryzen AI OpenVINO runtime.
  • The Middleware Gateway (Anti-Corruption Layer): Inbound payloads flow through a central Google Apps Script (GAS) doPost HTTPS gateway acting as an Anti-Corruption Layer (ACL). This gateway validates JSON schemas, executes real-time regex PII masking, and pulls access keys dynamically via OAuth from GCP Secret Manager, isolating production secrets in a 25-minute ephemeral memory cache.
  • The Stateful Ledger Backend: File iteration is governed by an autonomous, iterative Breadth-First Search (BFS) state-machine crawler (Crawler.gs). To eliminate external databases and reduce architectural overhead, the platform utilizes native Google Sheets as an append-only transaction ledger, using SHA-256 content hashes to guarantee absolute data provenance.

The Zero-Token Economic Proof

To validate the business viability of SovereignEdge, we model the operational costs. Let $D$ represent the monthly volume of documents processed and $T_a$ indicate the average token density per corporate or pedagogical file. If processed entirely through standard cloud API endpoints at a token price $P_{\text{token}}$ per million input tokens, the recurring cost model scales linearly:

$$C_{\text{cloud}} = \left( \frac{D \times T_a}{1,000,000} \right) \times P_{\text{token}}$$

Evaluating this matrix under real-world conditions for a data-dense client environment where $D = 150,000$ documents/month, $T_a = 4,000$ tokens/file, and $P_{\text{token}} = \$2.50$:

$$C_{\text{cloud}} = \left( \frac{150,000 \times 4,000}{1,000,000} \right) \times \$2.50 = 600 \times \$2.50 = \$1,500 \text{ / Month}$$

By offloading document sorting and triage entirely to our local edge NPU pipeline, the operational expenditure drops to a flat rate:

$$C_{\text{local}} = \$0.00 \text{ / Month}$$

Because the client absorbs 100% of their base cloud tenant storage costs, this architectural layout locks in a 95%+ gross profit margin for the operator.

Challenges we ran into

  • The 6-Minute Cloud Execution Limit: Google Apps Script enforces a hard 6-minute execution timeout. To circumvent truncate crashes during bulk directory crawls, we engineered a proactive self-termination guard. The system monitors runtime, halts execution at exactly 4.5 minutes, commits the active cursor state to the Crawl_Queue ledger, and automatically schedules a time-driven clock trigger to cleanly resume operations 60 seconds later.
  • Binary Quota Crashes: Parsing system files or shortcut loops frequently causes API quota exhaustion. We solved this by developing a strict Binary Type-Guard that checks MIME-types instantly, skipping raw system blobs (application/vnd.google-apps.script) silently to preserve token availability and prevent Quota 429 errors.
  • Data Density Limits: Google Sheets restricts files to 10 million cells. We integrated an automated Cell Density Preemption script. When active matrices cross an 85% safety threshold, the system triggers an automated rollover sequence, creating a fresh transaction ledger file while sealing the historical archive under an immutable Google Vault litigation hold.

Accomplishments that we're proud of

We successfully proved that a solo founder running a strict WIP=1 constraint can deploy an enterprise-tier compliance framework across completely different organizational structures. We are immensely proud of achieving absolute domain isolation (Bounded Contexts) inside a single architecture, successfully segregating data pipelines into isolated domain capsules:

  • LITIGATION_TORT_CONTEXT: Dictates institutional safety, tracking employer liability metrics and actuaries.
  • VARM_MEDICAL_CONTEXT: Governs clinical medical evaluations and care continuity under high-security guidelines.
  • EDUCATIONAL_INNOVATION_CONTEXT: A dedicated capsule engineered specifically for schools. It automates the extraction of insights from pedagogical materials, masking juvenile metrics at the edge and empowering educators to integrate advanced AI workflows into the curriculum safely.

What we learned

We learned that the most secure software design is not built by adding heavy external dependencies, but through the total programmatic subjugation of native tools. True systemic resilience is achieved by taking raw, hyper-complex AI primitives and binding them to deterministic mathematical constraints. When you lock the AI in a strict logical cage, it loses the capacity to hallucinate, creating a system that is sovereign by design and secure by default.

What's next for SovereignEdge

We are preparing for immediate go-to-market scaling, positioning the system as "The 48-Hour Secure AI Citadel Deployment." Our next evolutionary sprint focuses on expanding local NPU model capabilities, reinforcing edge-to-cloud security boundaries, and deploying high-margin value-based subscription structures for compliance-stressed SME and educational verticals worldwide.

Built With

Share this project:

Updates