← Return to Main Mark V PageView Index

Enclave Properties & Environment Isolation

Hardening the Substrate Layer Against External Leakage

Enclave Properties define the strict logic fencing, process containerization, and environment variables that safeguard the Mark V workspace runtime. By enforcing absolute isolation at the host operating system layer, the system ensures that long-term Memory Units remain untainted by centralized corporate platform tracking or host-level intrusions.

The Citadel Architecture

Standard software environments operate on shared user spaces, allowing background processes, browser caches, and platform diagnostic telemetry to read volatile environment registers. Mark V neutralizes this vulnerability by operating within an air-gapped, hard-fenced NixOS Citadel runtime ring. Within this environment, network access tokens are heavily throttled, and all state transitions are forced to commit through explicit, read-only file channels.

Sharded Filesystem Topography

To eliminate centralized points of failure, the legacy concept of a single system.bin database file has been completely sharded. The local state graph is sharded across decentralized, obscure directory arrays within the immutable host architecture:

[ Citadel Isolation Root: /etc/nixos/citadel/enclave ] ├── /sys/firmware/secure_boot ──► [ HARDWARE ENCLAVE ROOT VALIDATED ] ├── /var/shards/mu_core/ ──► Sharded MU-P Governance Matrix ├── /var/shards/su_volatile/ ──► 3-Day Rolling FIFO Context Windows └── /opt/mark_v/local_enclave.conf ──► Immutable Node Environment Properties

Core Enclave Protection Rules

Best Practices for Enclave Hardening