One plane, many bubbles,
cryptographically isolated.
SudoSelf is a multi-tenant AI twin platform where NFTs anchor policy, bubbles enforce isolation at query time, and every cross-boundary flow carries chain-of-custody proof. Built for regulated enterprises that cannot afford leakage.
- Namespaces
- 3-layer
- Gates
- 5
- Patents
- 65+ claims
§ 01 · Foundations
Three principles the whole platform is built on.
Everything is a bubble
One shared Neptune + OpenSearch plane. Isolation is enforced at query time with bubble_id / restricted_to_bubbles filters — never by duplicating stacks.
UM15 §24 · Patent 025NFTs anchor policy
A Master NFT, an Enterprise Admin NFT, and a User NFT together resolve to a namespace tuple. Mods, Rituals, and Telegraph routing inherit from that tuple.
UM15 §33.3Artifacts leave trails
Every cross-bubble flow emits a SHA-256-sealed artifact with chain-of-custody attestation. Cortex Crystals are the portable, verifiable unit of transfer.
Patent 080§ 02 · Enterprise NFT Bubble Architecture
A master plane, one enterprise namespace,
one bubble per employee.
The Master corpus is curated knowledge everyone inherits. The Enterprise namespace — minted to a single Enterprise Admin NFT — holds your org's proprietary corpus. Every employee gets a personal User NFT; their bubble tags content with bubble_id and restricted_to_bubbles.
A query from any identity resolves to a namespace filter. No duplicated indexes, no per-tenant Neptune clusters, no cross-contamination.
// The canonical OpenSearch bool filter (UM15 §24.4)
{
"query": {
"bool": {
"must": [ { "match": { "content": "q2 pricing strategy" } } ],
"should": [
{ "term": { "namespace": "master" } },
{ "term": { "namespace": "enterprise_de0001" } },
{ "term": { "bubble_id": "team.revops" } },
{ "term": { "bubble_id": "user.elena" } }
],
"filter": [
{ "terms": { "restricted_to_bubbles":
["team.revops", "user.elena", "*"] } },
{ "term": { "privilege_gate_cleared": true } }
],
"minimum_should_match": 1
}
}
}Master
Curated, read-only. Inherited by all.
Enterprise
One NFT per org. Admin-scoped proprietary corpus.
Team / Department
Bubble groups. Role-based. Ritual Engine hub.
User
One NFT per employee. Personal space, fully isolated.
§ 03 · Bush Telegraph
Cross-twin messaging,
sealed and attested.
Two twins, two bubbles, two enterprise boundaries. When Elena's Strategy twin needs to brief David's Board Prep twin, nothing crosses by accident. Bush Telegraph is the only approved channel.
Every envelope carries a SHA-256 content seal, an NFT routing policy, and a bubble bond signature verifiable on-chain. The receiver twin replays the hash, verifies the bond, and clears all five Privilege Gates before a single token hydrates.
Aligned with Patent 080
NFT-derived cryptographic agent state binding. Chain-of-custody attestation via Cortex Crystal ledger.
Seal
Sender twin hashes payload with SHA-256. The hash, sender NFT id, and bubble bond are committed to the envelope.
Route
NFT routing policy resolves the recipient twin, enterprise bubble, and privilege gate it must clear. Non-routable envelopes never leave the sending bubble.
Verify
Receiver twin verifies bubble bond signature on-chain (Solana memo or EVM event), replays the hash, and consults the Five-Gate Privilege matrix.
Deliver
Payload is hydrated into the receiver's CortexObject. A chain-of-custody entry is appended to the Crystal ledger for audit.
§ 04 · Ritual Engine
Decision loops that run on schedule,
with artifacts as the only currency.
OKR calibrations. Board-prep synthesis. Performance reviews. Pricing committees. These are rituals — periodic, hub-and-spoke decision loops where spokes contribute governed artifacts (not raw peer bubbles), the hub synthesizes, and decisions propagate back through the Plan Graph.
Hub-Spoke Synthesis
Spokes emit artifacts through UM10 Gate C. Hub synthesizes without ever reading a sibling bubble.
Anonymous Attribution
Feedback keeps provenance but strips identity. Enterprise admins get candor without exposure.
Plan Graph
Decisions become nodes. Action edges carry owners and SLAs. Progress is queryable, not a PDF.
Ephemeral Ritual Bubble
Each run spins up a bubble that lives only for the loop. Optional read-only matrix-org mounts.
Decision Triage
Priority scoring routes decisions to the right stakeholder before the meeting happens.
Chain of Custody
Every artifact carries a Cortex Crystal hash. Auditable from intake through publish.
§ 05 · Privilege Architecture
Five gates stand between data
and inference.
Designed for the Heppner ruling (Feb 2026). Attorney-client privilege, trade secrets, and regulated material pass through cryptographically-enforced gates before any model ever sees them.
Patent 079 · UM15 §8
Store
Storage
Payload encrypted at rest with bubble-derived KMS key before any index write.
Hydration
Retrieval
Query bubble_id tuple must intersect caller privilege set. Cross-tuple reads denied by default.
Export
Artifact emit
Outbound artifact sealed with SHA-256, signed with NFT key, logged to Crystal ledger.
Inference Egress
Model call
Tokens passed to inference are redacted, tagged, and routed to approved model endpoints only.
Agent Action
Tool use
Agent-initiated writes require Cortex Crystal reference + bubble bond + 2FA where policy demands.
§ 06 · Companion systems
The rest of the enterprise surface.
Fleet Commander
UM15 §17Autonomous research missions at enterprise scale
Long-running, governed agent missions — competitive intel, regulatory monitoring, patent landscapes — running as Karpathy 3-file loops under Four-Gate oversight.
UMMA
UM15 §2026-03-09Unified multi-modal access with identity resolution
Every voice, chat, or agent request resolves to an (NFT, bubble, privilege, channel) tuple before touching data. One identity model across Slack, Teams, phone, and native.
Mod Marketplace
UM15 §23Composable expertise with per-enterprise allowlists
Install Teece Strategy, Legal Privilege, FERPA Compliance, or a custom mod. The enterprise admin controls which mods hydrate inside the bubble.
Vision Pipeline
vision-pipeline-260421.mdNine-design generative design RALF loop
Every enterprise artifact — landing page, deck, brand video — runs through a multi-judge autoresearch loop before it ships. Convergence gated at composite ≥ 80.
§ 07 · Economics
Isolation without duplication.
Traditional multi-tenant AI stacks spin up a Neptune cluster, an OpenSearch index, a vector DB, and a vault per tenant. Ours does not. Logical bubbles on a shared plane deliver the same isolation guarantees at 90–99% lower infrastructure cost.
- One Neptune, one OpenSearch, one KMS key hierarchy
- Per-bubble encryption keys derived from NFT identity
- Queries always scoped; never cross without a sealed artifact
- Audit log is a first-class citizen of the plane, not a bolt-on
Relative infrastructure cost
Median
81%
cost reduction
Break-even
3 tenants
vs single-stack
Ops
1 plane
to monitor
§ 08 · Defensibility
65+ claims across a coherent portfolio.
Bubble-scoped query filtering
Cortex Crystal portable cognition
Four-Gate Privilege governance
Bush Telegraph cryptographic binding
Bring your threat model.
We'll bring the architect.
A 60-minute session with a platform architect who can answer every question in this page — and the ones that aren't.