# System Architecture Overra is designed as a minimal, deterministic containment infrastructure composed of two primary components: 1. Dashboard Interface (Client Layer) 2. Local Agent (Enforcement Layer) The architecture enforces strict separation between authorization construction and state mutation. Only one component the local agent is permitted to change system state. *** ### Architectural Overview The system operates through a structured flow: `Wallet → Dashboard → Local Agent → State Controller → Containment Engine → Audit Log` Each component has clearly defined responsibilities. *** ### 1. Wallet (Cryptographic Authority Layer) The wallet serves as the root authority for the endpoint. **Responsibilities:** * Sign structured authorization payloads * Prove ownership of the registered public key **The wallet does not:** * Execute containment * Verify authorization * Modify endpoint state directly Authority is derived exclusively from valid signatures. *** ### 2. Dashboard Interface (Presentation Layer) The dashboard acts as the interface between the user and the local agent. **Responsibilities:** * Connect to wallet * Construct authorization payloads * Request wallet signatures * Transmit signed payloads to the agent * Display current system state * Display audit logs **The dashboard does not:** * Verify signatures * Execute containment actions * Mutate system state It is treated as an untrusted interface for enforcement purposes. *** ### 3. Local Agent (Enforcement Layer) The local agent is the authoritative execution boundary. **Implemented in Rust, it is responsible for:** * Signature verification (Ed25519) * Authority validation * Nonce replay protection * Timestamp validation * State machine enforcement * Containment execution * Append-only audit logging All state transitions occur exclusively inside the agent. No centralized server participates in enforcement. *** ### Trust Boundaries **Overra Network defines explicit trust boundaries between components:** * Wallet → Trusted for signature authenticity * Dashboard → Untrusted for state mutation * Local Agent → Trusted enforcement boundary The agent is the only component permitted to mutate containment state. This separation reduces privilege confusion and limits attack surface. *** ### Communication Model The dashboard communicates with the local agent through local endpoints. **Typical interactions include:** * Authorization submission * Status queries * Log retrieval All state-changing operations require valid signed payloads. Unsigned or malformed requests are rejected. *** ### State Ownership **The local agent maintains:** * Current system state (NORMAL / CONTAINED) * Registered authority public key * Nonce store * Audit logs **State persistence ensures:** * Replay protection survives restarts * Containment status remains consistent * Logs remain intact across sessions *** ### Architectural Properties **The system guarantees:** * Deterministic state transitions * Local-only enforcement * No centralized override * Clear separation of concerns * Constrained execution surface **The architecture intentionally excludes:** * Remote shell capability * Arbitrary command execution * Centralized enforcement APIs Overra is designed as infrastructure, not administrative tooling. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://overra.gitbook.io/overra-docs/architecture-technical-core/system-architecture.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.