The Architect. Twelve monitors. Your pod.

“I can only show you the door. You’re the one that has to walk through it.”

The Architect is the control surface for your local pod — a 12-monitor wall inspired by The Matrix Reloaded. Every variation, every path, every memory, every dream cycle, every edge weight, every Hermes skill, visible at once. The dashboard is hosted at architect.mazemaker.dev; every byte it renders comes from your own pod on 127.0.0.1:8765. Static HTML from Cloudflare, live data from your machine. Nothing leaves YOUR machine.

walk through the door → the 12 monitors Hermes skill indexing how it talks home

Hosted UI. Local data. Zero compromise.

The Architect is a static Single-Page App. Cloudflare Pages serves the HTML, JS, CSS — the same way any other public site does. The moment your browser loads it, the SPA stops talking to Cloudflare and only talks to your loopback.

// what crosses the network

Exactly four bytes worth of conceptual cross-network traffic: the HTML page itself, the JS bundle, the CSS, and a favicon. All static, all cached. After load, the SPA only fetches from http://127.0.0.1:8765 (your wonderland-fronted MCP) and optionally http://127.0.0.1:8769 (the Hermes bridge sidecar). The hosted page is just the renderer.

// what doesn't

Your recall results never leave your machine. Your memory content never leaves your machine. Your Hermes chat never leaves your machine. The graph, the dream cycles, the edge weights, the access logs — all read from your local Postgres (Pro/Enterprise) or SQLite (Community). The Cloudflare Pages origin never sees a byte of your data, because the SPA never POSTs anything back to it.

// why hosted at all

Because shipping a static SPA from one canonical URL means every customer always has the latest cockpit without re-running install.sh. PNA (Private Network Access) preflight headers are baked in so loopback fetches work from HTTPS origins. Bandwidth cost: roughly one bundle every visit, then nothing. The data plane is your pod — the control-plane URL is just a convenience.

// the alternative we rejected

We could have shipped the SPA inside the pod, served from http://127.0.0.1:8765/ directly. We chose the hosted SPA route because customer upgrades are then zero-friction — every page load is the newest version. The pod still serves its own copy at /architect as a fallback for offline operation, but the canonical URL is the public one.

The Twelve Monitors.

Three columns, four rows, one focal-point memory browser in the centre. 10 of 12 panels are live; PEERS is deferred to Phase 4 (gated on the multi-pod handshake protocol). Everything else is in your pod right now. 

══════════════════════════════════════════════════════════════════
  M01·RECALL    M02·DREAM       ◇           M07·TOOLS   M08·HERMES
  M03·EDGES     M04·TOP    FOCAL POINT      M09·INCPT   M10·MIRROR
  M05·SSNS      M06·PEERS                   M11·CHRONO  M12·KEYS
══════════════════════════════════════════════════════════════════
IDPanelWhat it shows
M01RECALLSemantic search. A chord plays for each matched memory when audio is on.
M02DREAMLive dream_stats + a 9-second synthetic NREM → REM → INSIGHT replay animation. On a CUDA pod the cycle is end-to-end GPU (sparse-tensor PPR, batched bridge writes) — a 193k-memory corpus completes in ~38 s.
M03EDGESRecently active wires drawn as oscillating springs. They vibrate continuously — the matrix breathes even at rest.
M04TOPMost-traveled paths, ranked by access_count, with intensity bars.
M05SSNSHermes session ledger — read from ~/.hermes/state.db via the bridge.
M06PEERSFederation + handshake (Phase 4, deferred until the multi-pod handshake protocol lands).
M07TOOLSLive tools/list JSON-RPC against your pod’s /mcp endpoint — the full MCP surface, exactly what every agent sees.
M08HERMESEmbedded chat. POSTs through the bridge to hermes chat -Q. Every message is preceded by the MAZEMAKER-FIRST policy directive — the model is told that mazemaker is the canonical memory source and recall is the FIRST hop for any “do you remember”-class query.
M09INCPTRecently planted memories — inceptions.
M10MIRRORYour usage reflected: recall log, opens, a 24-hour sparkline. All local. The architect doesn’t need a server to see itself.
M11CHRONODrag-scrub the entire memory timeline — watch the matrix grow turn by turn. Time as the 4th axis.
M12KEYSPod identity glyph (FNV-1a hash on the embed-fingerprint) + quota. Visual proof of your pod.

The Fourth Dimension.

Five 4D layers run on top of the 12 monitors. They’re not separate panels — they’re state and motion overlays that make the matrix feel alive.

CHRONO-SCRUB time as axis

M11 drag-scrubs the entire memory timeline. Past, present, future hover-states; see when each memory landed and which session ingested it.

DREAM REPLAY any past cycle

M02’s replay button reconstructs any past NREM/REM/INSIGHT cycle from the dream-session log. Watch which edges strengthened, which bridges formed.

AUDIBLE MATRIX Web Audio

♪ in the top bar. Recall plays a chord per matched memory; hover over an edge plays its weight as a tone. Sine + sawtooth + pink noise, all in-browser.

PHASE STATES auto · Shift+P

The room’s mood shifts with system state. Heavy dream cycle → muted phosphor. Fresh inception storm → flicker. Configurable but auto by default.

EDGE TENSION continuous

M03 wires vibrate even at rest, springs under tension. Activation amplifies the wave; quiet edges hum quietly. The matrix never sleeps.

Hermes Skill Indexing.

The single button that collapses the boundary between tools and knowledge. One press, ~230 Hermes skills become memories. After that, the graph stops distinguishing “something you learned” from “something you can do.”

// what the button does

In M08 HERMES, on the SKILLS tab, press ⟁ INDEX INTO MAZEMAKER. The Architect POSTs to the bridge at POST /hermes/skills/index (streamed events). The bridge enumerates every skill in ~/.hermes/skills/ — built-ins, plugins, your custom slash commands — and writes one memory per skill via mazemaker_remember with the label skill:<source>:<name> and the skill body as content. Idempotent: re-running checks existing labels first and skips already-indexed skills.

// why it's a memory, not a tool registration

Tool registrations are lookup tables — you need to know the tool’s exact name to invoke it. Memories are semantic. Once a skill is embedded, mazemaker_recall("how do I check a deploy?") returns it alongside any actual deploy-check memories you have. Your agent doesn’t need to know the skill exists; recall finds it by meaning. The first time you ever ask about deploy-checking, recall surfaces the skill that already knows how.

// the encryption tradeoff (and why we take it)

The customer pod’s wonderland container AES-encrypts memory content at the storage boundary — your private notes are at rest under a key derived from your install fingerprint. But ciphertext can’t be embedded meaningfully (it’s noise to the model). The skill: prefix is in the public-label-prefix list — same as decision:, bug:, ops:, reference:, auto:, invariant:, commit:, project:, public:. These labels skip AES so their embeddings stay semantic. Skills are publicly-shaped behavior, not private data — so they go through clear-text.

// the payoff in one query

After indexing, ask Hermes: “what’s the skill that lets me run a recurring task in a loop?” The MAZEMAKER-FIRST directive routes the query to mazemaker_recall as the first hop. Recall returns the /loop skill memory, ranked above any noise. The model uses the skill without ever needing to know skills exist as a category. Your toolbox and your knowledge are the same graph now.

The label scheme — selective encryption

Every memory you write through the customer pod gets routed by its label prefix. Private (default, AES at rest), or public (clear text, indexable). The full public-prefix list lives in client/pod/wonderland/daemon.py on the customer pod and is enforced at the wonderland boundary — the engine itself never handles ciphertext directly.

PrefixWhat it capturesWhy public
skill:Hermes skill descriptions (~230 indexed)Shared behavior; not user-private
auto:Per-turn conversation auto-saves (~50 / day)You typed it in plain view; embedding makes it findable
decision:Architectural / tooling decisionsCross-session knowledge, needs semantic recall
bug:Bug symptom + diagnosis + fix notesSame as decisions — useless if encrypted
ops:Ops state, migrations, cutoversOperational history, recall-driven
reference:Pointers to external systemsCross-tool wayfinding
invariant:Discovered invariantsRules-of-thumb, recall by query
commit:Commit-context notes (the why)Recall by topic, paired with git log
project:Project-context notesCross-project orientation
signal:Operator reactions / preferencesCalibrates future behavior — needs recall
feedback:Operator correction notesSame — useless if encrypted
index:Derived metadata indexesSynthetic, no privacy concern
public:Explicit opt-in markerYou said so
(no prefix)Default user memoryEncrypted — your private content stays private
private:Explicit opt-out markerEncrypted — even if convention says otherwise

Operator policy as of 2026-05-05: everything into MCP, always, on call. If you want a memory encrypted, label it private: or use the un-prefixed default. Otherwise the labels above route to clear-text so the graph stays useful.

The Bridge. Optional. Local. Stdlib only.

M07 TOOLS and M01 RECALL work without the bridge — the Architect talks to 127.0.0.1:8765 directly. M08 HERMES chat, M05 SSNS, and Hermes Skill Indexing need the bridge sidecar at 127.0.0.1:8769. It’s ~400 lines of Python stdlib, no pip deps, runs as a systemd-user service.

01install once
~5s

The Architect repo ships the bridge under bridge/. One script copies the unit file into ~/.config/systemd/user/ and enables it.

your terminal 
git clone https://github.com/itsXactlY/mazemaker-architect
cd mazemaker-architect/bridge
bash install.sh
02what it exposes
3 endpoints

Three POST endpoints on the loopback. /chat spawns hermes chat -Q with the MAZEMAKER-FIRST directive prepended. /chat/stream streams the same as Server-Sent Events. /hermes/skills/index embeds every skill into your pod.

smoke test 
curl -X POST http://127.0.0.1:8769/chat \
  -H 'Content-Type: application/json' \
  -d '{"prompt":"do you remember the iter100 number?"}'
03redaction
first4…last4

The Hermes CONFIG view (M08) surfaces ~/.hermes/* through the bridge — same intel hermes status + hermes config show print. Anything matching api_key / token / secret / password / bearer is redacted to first4…last4 before it leaves the host.

The Voice.

The Architect speaks. UI text is oracular, sparse, severe. Every status string is a sentence the Architect would say.

ConventionalThe Architect
Loading…Computing variations.
0 resultsNo path exists. The query is novel.
Save successfulInception confirmed.
Add PeerExtend the Matrix.
Connection lostThe thread is severed.

Status. What’s Live.

Monitors live 10 / 12

Everything except M06 PEERS (Phase 4) and any panel that requires the multi-pod handshake protocol that hasn’t shipped.

4D layers live 5 / 5

CHRONO-SCRUB, DREAM REPLAY, AUDIBLE MATRIX, PHASE STATES, EDGE TENSION — all in the current SPA.

Bridge sidecar ~400 LOC

Python stdlib only. ~/.config/systemd/user/mazemaker-hermes-bridge.service. Enable on demand.

Skills indexed ~230

Typical operator install. One memory per skill, skill:<source>:<name> label, idempotent re-index.

The door is open.
Walk through.

The Architect renders against your local pod. Install the engine first, then point your browser at the cockpit.

architect.mazemaker.dev → install · what to expect how the four domains relate