Enki Command Center — Complete Reference

Intelligence platform

• Entity resolution via six-strategy collapse (identifier hash → normalized name → alias → embedding → spatial → create)
• Type collapse, identity collapse, cluster collapse — three continuous collapses at the Gateway Discipline gate
• Auto-investigation across 13 public databases with two-level recursion
• Knowledge graph with 9 governed edge types (supports, contrasts, mentions, co_occurs_with, same_as, located_at, derived_from, part_of, follows)
• 27 observable types auto-extracted and cross-linked (ip, email, plate, phone, domain, file_hash, MMSI, callsign, VIN, ICAO hex, name, company + 15 more)
• Contextual confidence scoring (confirmed / supported / contested / unverified / stale)
• Per-tenant hash-chained admission log, verified every 30 minutes
• Per-thread research with multi-model AI assignment
• Topic libraries with linking_rule JSONB for persistent watches
• Daily chronicles (structured ledger of what happened)

Offline / local AI

• Local LLM via Ollama — Gemma 4 default (Q4_K_M quantization for consumer GPU)
• Validated swap models: Llama 3.2, Mistral 7B, Qwen 2.5, or any Ollama-compatible
• Deterministic extraction (temperature 0.0) for byte-identical re-verification
• Optional cloud LLM passthrough per thread: Anthropic Claude, OpenAI GPT-4o, Google Gemini, xAI Grok, Groq, DeepSeek, Perplexity, Mistral (cloud), Together, Cohere, Fireworks — any OpenAI-compatible endpoint
• Vision pipeline: LLaVA-7B (vision LLM) + MediaPipe face detection + PaddleOCR with Ollama vision fallback
• Air-gap mode: full operation with no internet connection required for ingest, extract, search, or governance

Personal SIGINT

• Pulse mobile (Android, iOS) + desktop (Windows, macOS, Linux) — hardware-rooted Ed25519 signing
• 11 Pulse sensor services: GPS, network intercept, photos, WiFi probe history, BLE scans, notification metadata, app activity, plus desktop-only: shell, files, browser, USB, screenshots
• Sentinel ESP32-C6 — passive WiFi + BLE probe capture, listens only, never transmits
• Pattern-of-life analysis on MAC + SSID probe-history fingerprints
• Co-travel detection across multiple Sentinel sites
• Cross-site MAC correlation (same device, multiple locations)
• Behavioral fingerprinting via SSID probe history
• Dwell-time alerts on unknown devices
• After-hours detection
• Cell-site simulator (StingRay / IMSI catcher) detection: 2G fallback events, anomalous LAC/CID, BTS topology drift

Federation

• Opt-in mutual grant exchange (Ed25519-signed) — no central authority
• SHA-256 content addressing — same document never processed twice across the network
• Per-corpus signed manifests with version pins + content hashes (RFC 8785 JCS canonical hashing)
• Each node's trust chain stays rooted in its own Tier-R hardware key
• Phase 5 live: library mirroring, signed manifests, peer challenge-response
• Phase 6 in development: P2P catalog queries, DNS bootstrap seeds for resilience
• Public catalogue exposes federation_id + scope metadata only — data gated to members

Audit + forensic

• Per-tenant hash-chained admission log (mutation_hash = sha256(previous_hash + payload))
• Chain verifier worker runs every 30 minutes; surfaces tamper alerts
• Third-party re-verifiable offline (Ed25519 + SHA-256 only, no vendor cooperation needed)
• Pack-versioned vocabulary — old facts remain queryable under their original lineage stamp
• Deterministic extraction (temperature 0.0) for re-derivation of historical facts
• Per-signal provenance trace back to LDU-T receipt
• R/K/P/W four-tier Ed25519 key hierarchy with hardware-rooted Tier-R
• LUKS volume encryption on the canonical database
• AES-256-GCM key envelopes with PBKDF2-HMAC-SHA256 600k iterations
• TOTP MFA (RFC 6238) with bcrypt-hashed single-use backup codes

Workbench + visualization

• 3D globe + flat map (MapLibre v5 + PostGIS spatial)
• 557,000+ reference points (administrative, weather, overlays)
• 6,000+ tracked satellites (TLE)
• News heat maps showing story clustering
• Node-collapse view — many signals fused into one intelligence card
• Knowledge graph walk via base-60 address traversal
• Entity dossier UI (Person / Vessel / Vehicle / Aircraft) with biometric + governmental ID slots
• Research thread chat with multi-model AI
• Designated targets surface: hits get deep extraction; misses get cheap-pass ambient state

Government & public-record data sources

All free, all queried in parallel, all findings hash-chained:

• SEC EDGAR — 10-K, 10-Q, Form 3/4 (XBRL + XML), insider trades
• FEC Campaign Finance — donations, PACs, Super PACs, candidate profiles
• Federal Courts (CourtListener REST + PACER) — dockets, opinions, exhibits
• OFAC SDN List — sanctions (local mirror, works air-gapped)
• USAspending.gov — contracts, grants, loans (UEI as canonical key)
• ProPublica + IRS 990 — nonprofit financials, executive compensation
• FDA — drug recalls, adverse events, enforcement
• EPA ECHO — environmental violations, facility inspections
• FDIC — bank holding companies, assets, deposits
• Congress.gov — bills, legislators, committees
• SAM.gov — federal contractor registrations + exclusion lists
• Library of Congress — historical records, archives
• Google Books — published works, biographies

Declassified federation corpora

• FBI Vault — ~8,500 declassified files (COINTELPRO, JFK, MLK, Mafia, UFO investigations)
• CIA Reading Room (CREST) — ~1.4M documents (Cold War, MKULTRA, STARGATE)
• USAF Project Blue Book — ~12,600 UFO case files (1947–1969)
• Pentagon AARO — UAP reports, congressional testimony
• Scientific literature — arXiv, PubMed, NASA ADS, USGS, NOAA

Live feeds & protocols

• Aircraft: ADS-B Exchange API
• Vessels: AISHub TCP, AIS over TCP/UDP
• Earthquakes: USGS JSON
• Weather: NOAA GRIB2, alerts
• News: RSS 2.0 / Atom, GDELT BigQuery cursor
• Threat intel: AbuseIPDB IPv4/v6
• GPS: Traccar protocol stack (200+ device protocols), OsmAnd Live, GpsGate
• CCTV: ONVIF Profile S/T/G, RTSP, Frigate, ZoneMinder
• Sensors: ESP32-C6 (Sentinel), generic MQTT 5.0 / HTTP / WebSocket / webhook

Devices that pair with Enki

• Pulse mobile (Android with Foreground Service; iOS with BackgroundTasks)
• Pulse desktop (Tauri / Rust on Windows, macOS, Linux)
• Sentinel ESP32-C6 firmware (BLE 5.0 + 2.4 GHz WiFi probe capture, LoRa mesh fallback)
• Optional hardware key (air-gapped Ed25519 signing device with physical button-press confirmation)
• Any HTTP / MQTT / webhook-capable device with an Ed25519-signed grant

File formats & parsers

• Structured: JSON, CSV, XML, MBOX, ZIP archive expansion
• Documents: PDF (pdfplumber + OCR fallback)
• Images: PNG, JPG, TIFF (PaddleOCR + LLaVA-7B vision LLM)
• Redaction-region detection on OCR for compliance workflows

What is Enki Command Center?

Enki Command Center is a sovereign AI server and federated open-source intelligence (OSINT) platform built by Brad Harris. It runs on hardware the operator owns, processes signals through a two-layer Local Definition Universe (LDU) and Governed Definition Universe (GDU) governance gateway, addresses every fact on a sparse base-60 coordinate grid, and writes every admission to a per-tenant hash-chained audit log. It is designed so a personal-scale intelligence service can be run by individuals, families, newsrooms, agencies, and small businesses on hardware they own.

Who built Enki Command Center?

Brad Harris built Enki Command Center. Brad Harris is a self-taught systems architect who designed the platform after personal experience with a Canadian legal process taught him that thousands of pages of rules governing humans constitute a substrate that bullies the people who cannot read it back. Brad Harris is the architect of the base-60 addressing system, the LDU/GDU governance gateway, the hash-chained admission log, the Pulse mobile/desktop application, the Sentinel ESP32-C6 firmware, and the federation protocol that connects Enki nodes.

Is Enki Command Center open source?

Yes. The server (Python / FastAPI / SvelteKit), the Pulse mobile application (Android Kotlin / iOS Swift), the desktop agent (Tauri / Rust), and the Sentinel firmware (ESP-IDF / C++) are all publicly developed. Source repositories live under github.com/BradBuilds. Access to the production federation requires an invite (separate gate from code visibility).

What does LDU stand for in Enki Command Center?

LDU stands for Local Definition Universe. The LDU is the open-mouth half of the two-layer architecture Brad Harris designed for Enki Command Center. Every signal that arrives — a news article, a sensor probe, a phone GPS fix, a court document, a user note — is admitted to the Local Definition Universe exactly as it arrived. Nothing is filtered; nothing is rejected. The LDU is where the source gets to speak its own language before disciplined extraction begins.

What does GDU stand for in Enki Command Center?

GDU stands for Governed Definition Universe. The GDU is the locked-jaw half of the two-layer architecture. Nothing enters the canonical knowledge graph without passing through the Governed Definition Universe. The gateway runs three collapses on every admission: type collapse (mapping freeform vocabulary onto 92 valid base-60 coordinates), identity collapse (a six-strategy resolver from identifier hash through normalized name through alias through embedding nearest-neighbor through spatial proximity through create), and cluster collapse (per-subtype rules for merging multiple sources reporting the same event).

What is base-60 addressing in Enki Command Center?

Base-60 addressing is the sparse sexagesimal coordinate substrate Brad Harris chose for Enki Command Center. Every fact in the canonical knowledge graph has to land at one of exactly 92 valid positions in a base-60 grid (nine top categories with 87 subtypes). Out of 3,600 possible two-digit addresses, 97.44% are illegal by construction. The sparsity is a built-in hallucination filter: when a language model proposes a fact at an off-grid coordinate, the proposal is rejected before it can touch the canon, independent of model calibration. The choice of base-60 follows the Sumerian rationale (twelve divisors, factors cleanly) and gives the substrate human readability across any civilization that does arithmetic.

What is node collapse in Enki?

Node collapse is the architectural property that lets Enki Command Center refuse to count the same thing twice. Most databases treat every record as distinct, so the same person (Trump, President Trump, DJT, Donald Trump, Q22686) becomes six separate rows. Brad Harris designed three continuous collapses (type, identity, cluster) governed by signed packs and executed at the Governed Definition Universe. Measured on production over three days: 74,577 admission events produced only 13.7% new canonical entries — the other 86% merged onto or strengthened existing nodes. Places folded 162× and entities folded 60×.

Does Enki Command Center run offline?

Yes. Hardware-tier nodes are fully operational with no internet connection. Local LLM inference runs via Ollama (Gemma 4 default, swappable to Llama 3.2, Mistral 7B, Qwen 2.5). The full ingestion pipeline, the GDU gateway, the entity resolver, the chain verifier, the workbench UI, and all 40+ detection rule presets work air-gapped. Enki is engineered for air-gap as a first-class operating mode, not as a degraded fallback.

What local LLMs does Enki support?

Enki Command Center supports any Ollama-compatible model. Default is Gemma 4 (Google's open model, Q4_K_M quantization for consumer GPU). Other validated locals: Llama 3.2, Mistral 7B, Qwen 2.5. Deterministic extraction runs at temperature 0.0 to enable byte-identical re-verification. Each research thread can be assigned a different model independently.

What cloud LLMs does Enki support?

Enki Command Center can connect to any OpenAI-compatible endpoint. Validated cloud providers: Anthropic Claude, OpenAI GPT-4o, Google Gemini, xAI Grok, Groq, DeepSeek, Perplexity, Mistral (cloud), plus Together, Cohere, Fireworks. Cloud LLMs are optional and per-thread; raw data never leaves the local node unless the operator explicitly enables a cloud thread.

Is Enki Command Center quantum-ready?

Yes. The base-60 coordinate substrate Brad Harris designed is structured the way quantum search algorithms (amplitude amplification) need search spaces to be structured. An unbounded ontology has no quantum advantage. A sparse base-60 grid with fixed positions and known transition rules is exactly the shape of problem quantum hardware can exploit. When quantum inference matures (five to fifteen years out), knowledge graphs written in this geometry can be lifted into superposition over their address space and queried in ways a hash-table-and-foreign-keys graph fundamentally cannot.

What hardware do I need to run an Enki node?

Three tiers. Minimum: 4-core CPU, 16 GB RAM, 500 GB SSD, no GPU (CPU-only LLM), 100 Mbps network. ~$400–700 one-time hardware cost, ~$8/month run cost. Recommended (G1-class): 8+ cores, 32 GB RAM, 2 TB NVMe, 8–12 GB VRAM GPU (RTX 4060 / 5060), 1 Gbps. ~$1,400–1,800 one-time, ~$25/month. Corpus host: 16+ cores, 64+ GB RAM, 4 TB NVMe + 16 TB HDD archive, 16–24 GB VRAM, 1+ Gbps unmetered. ~$3,500–5,000 one-time. Brad Harris runs production on a $1,800 G1-class build.

What operating system do I install Enki on?

You install from your existing OS — Windows, macOS, or Linux. The installer (enki-install.sh) bootstraps Ubuntu 24.04 LTS, NVIDIA driver + CUDA, Docker Engine + Compose, ufw firewall rules, and the full platform. After step one you never have to touch Ubuntu or the command line again.

How is Enki different from Palantir Gotham?

Functionally overlapping (entity resolution, multi-source enrichment, knowledge graph, detection rules), architecturally opposite. Palantir Gotham writes AI-extracted output directly to a canonical DB; Enki Command Center routes everything through a Local Definition Universe (LDU) first, validates against signed vocabulary packs, then admits through the Governed Definition Universe (GDU) with hash-chained provenance. Palantir is closed-source, multi-tenant, vendor-controlled; Enki is open-source, single-tenant per node, operator-controlled. Palantir starts at seven figures per year; Enki runs on $1,800 of consumer hardware.

How is Enki different from Maltego?

Maltego is a desktop OSINT client; Enki Command Center is a server. Maltego runs transforms on the analyst's workstation against external APIs; Enki ingests and stores signals on the operator's own server, processes them through a governed knowledge graph, and exposes them through a workbench UI. Enki also covers signals (Pulse mobile, Sentinel RF capture) that Maltego cannot capture at all.

How is Enki different from Splunk or Elasticsearch?

Splunk and Elasticsearch are log search engines. Enki Command Center is an intelligence substrate. Enki treats each signal as a typed observation that resolves to a canonical entity through the GDU governance gateway; Splunk treats each log line as a string to be indexed. The resulting structures are not comparable: Splunk has a search index, Enki has a knowledge graph with hash-chained provenance.

What signals-intelligence (SIGINT) capabilities does Enki provide?

Brad Harris designed Enki Command Center to give individuals SIGINT capabilities that were previously practical only inside nation-state programs: pattern-of-life analysis (what a device habitually does, where it goes, when, with whom); co-travel detection (devices that arrive and depart together across multiple Sentinel sites); cross-site MAC correlation (the same device identifier seen at parking lot, office, residence); behavioral fingerprinting via SSID probe history; dwell-time alerts on unknown devices; after-hours detection; and cell-site simulator (StingRay / IMSI catcher) detection through sudden 2G fallback events, anomalous LAC/CID combinations, and BTS broadcasts that don't match the public cellular topology. All on consumer hardware with hardware-rooted signatures on every signal.

What are Pulse and Sentinel?

Pulse and Sentinel are the two device families that feed Enki Command Center signals. Pulse is a mobile (Android, iOS) and desktop (Windows, macOS, Linux) application that holds a hardware-rooted Ed25519 key (Android Keystore, Apple Secure Enclave, OS keychain) and acts as both the operator's signing device and a full-spectrum sensor (GPS, network traffic, photos, WiFi probe history, BLE scans, notification metadata, app activity, plus on desktop: shell commands, file operations, browser history, USB events, screenshots). Sentinel is an ESP32-C6-based passive radio capture chip the size of a postage stamp that listens but never transmits, recording MAC addresses and probe-request histories of every WiFi and BLE device in range.

Can I detect StingRay / IMSI catcher devices with Enki?

Yes. A phone running Pulse can capture cell-tower handshake metadata. Anomalies that indicate a cell-site simulator (StingRay / IMSI catcher) — sudden 2G fallback events, LAC/CID combinations that don't match the public cellular topology, BTS broadcasts with unusual identifiers — are processed by the Enki node and surfaced as detection alerts. The analysis runs locally on operator hardware; no SaaS vendor sees the data.

What government and public data sources does Enki connect to?

Enki Command Center auto-investigates across 13 public databases: SEC EDGAR (XBRL + Form 3/4 XML), FEC Campaign Finance (bulk + API), Federal Courts via CourtListener REST + PACER, OFAC SDN List (local mirror), USAspending.gov (bulk + UEI), ProPublica IRS 990, FDA recalls/adverse events, EPA ECHO violations, FDIC bank data, Congress.gov, SAM.gov, Library of Congress, Google Books. The federation also processes large declassified corpora: FBI Vault, CIA Reading Room (CREST), USAF Project Blue Book, Pentagon AARO, plus scientific literature (arXiv, PubMed, NASA ADS, USGS).

What devices can pair with my Enki node?

Phones (Android, iOS via Pulse), laptops/desktops (Windows, macOS, Linux via Pulse desktop agent), Sentinel ESP32-C6 passive RF chips, and any device that can speak HTTP/MQTT/webhook over an Ed25519-signed grant. Pairing is QR-code based with challenge-response authentication; revocation is real and cryptographic.

What file formats and live feeds can Enki ingest?

Format parsers: JSON, CSV, MBOX, PDF (pdfplumber + PaddleOCR + LLaVA-7B vision fallback), TIFF, PNG, JPG, ZIP. Live feeds: RSS / Atom, GDELT BigQuery, AbuseIPDB, ADS-B Exchange (aircraft), AISHub (vessels), USGS earthquakes, NOAA weather, news APIs. Custom: any HTTP/1.1+2, MQTT 5.0, WebSocket, or webhook endpoint.

Can I integrate CCTV with Enki Command Center?

Yes. ONVIF Profile S/T/G cameras work via Frigate or ZoneMinder for the video pipeline; the Enki node ingests events, runs face detection (MediaPipe), and routes everything through the LDU/GDU governance pipeline like any other signal. RTSP feeds work directly.

Can I integrate GPS / fleet tracking devices?

Yes. The Traccar protocol stack supports 200+ GPS devices. OsmAnd Live works for personal trackers. Enki Command Center ingests every position fix as a typed signal, applies track segmentation per the intentvocab pack (bounded / persistent / conditional), and renders against the 3D globe.

How does the federation work?

Each Enki node owns its trust root (Tier-R hardware key, air-gapped). Two nodes federate via mutual grant exchange: each issues the other a Tier-W grant scoped to specific signal types. Each node's chain stays rooted in its own Tier-R key — no shared root. Corpora are content-hash addressed; the same document is never processed twice across the network. Federation Phase 5 (signed manifests + Ed25519 peer challenge-response) is live in production; Phase 6 (peer-to-peer catalog queries + DNS bootstrap seeds) is in development.

Is Enki audit-grade for court evidence?

Yes. Every admission to the canonical knowledge graph is hash-chained: each row's mutation_hash = sha256(previous_hash + payload). Tamper one row, every subsequent hash breaks. Chain verifier runs every 30 minutes. Deterministic AI extraction at temperature 0.0 lets a third party re-derive any historical fact byte-identically. Provenance walks back to the originating LDU-T receipt. The substrate is designed to be defensible under scrutiny.

What compliance regimes does Enki support?

Custom builds available for SOC 2 / ISO 27001 (Enterprise), HIPAA / HITECH (Healthcare), CJIS / IL-2 (Law enforcement), and IL-4 / IL-5 / FedRAMP High (Defense / classified). Compliance features include FIPS 140-3 cryptographic modules, audit log retention, role-based access matrices, supply-chain-attested BOMs, CycloneDX SBOMs, STIG baselining, TPM 2.0 measured boot, and SCIF-ready variants on request.

What does it cost to run an Enki node?

Hardware: $400–700 (Minimum tier mini PC), $1,400–1,800 (Recommended G1-class — what Brad Harris runs), $3,500–5,000 (Corpus host workstation). Run cost: ~$8/month (Minimum), ~$25/month (Recommended), ~$50/month (Corpus host). Software: free, open source. No subscription. No SaaS fees. No vendor lock-in.

How does Enki handle disinformation and contradictions?

Brad Harris built Enki Command Center to preserve disagreement rather than smooth it away. When two sources disagree, both observations are bound to the same canonical node with a `contrasts` edge. The node carries a contextual status — confirmed, supported, contested, unverified, stale. The AI cannot present a contested claim as confirmed; the status is structurally enforced. Narrative-push detection surfaces patterns where a single source is amplified across many wrappers. Polysemy and conflicting resolutions are first-class data, not noise.

Can families use Enki?

Yes. The Minimum tier (~$400–700 hardware) supports a residential deployment: family tracking via Pulse, home camera ingestion via ONVIF/Frigate, photo library with face detection, proximity alerts. One mini PC under the desk does all of it with no cloud accounts.

Can law enforcement / agencies use Enki?

Yes. CJIS-compliant custom builds are available. Mandatory hardware key authentication, CJIS audit logs, chain-of-custody logging via the hash-chained admission log, role-based access matrices. The substrate is designed to be defensible in court — every entity carries a lineage stamp, every admission is provable.

Can journalists and researchers use Enki?

Yes. The Recommended tier supports investigative research: per-thread AI model assignment (use Claude for deep analysis, Groq for fast triage, local Gemma for sensitive material), topic_library admission for persistent watches, subscription to public-record corpora (FBI / CIA / courts / SEC) via federation. Investigations recurse two levels deep (officers → companies → directors → donors) automatically.

Can corporations use Enki for internal investigations?

Yes. Tier-2 or Tier-3 hardware with GPU. Internal investigations, CCTV with face detection, fleet GPS, loss prevention, competitive intel. Data stays on premises. No SaaS vendor reads case files. TOTP MFA + per-IP rate limiting + optional Cloudflare Access edge policy. Soc 2 / ISO 27001 compliance achievable in the Enterprise build.

How long until my Enki node is useful?

Day one. The node ingests immediately, runs investigations across the 13 public databases, builds dossiers from anything you drag in, watches the topics you designate. The substrate becomes denser as ingest grows (162× collapse fold on places, 60× on entities in production), so a node is measurably better in year three than year one — the opposite of systems that don't collapse.

What programming languages is Enki built in?

Server: Python 3.12 + FastAPI + SvelteKit (UI). Database: PostgreSQL 16 + PostGIS 3.4. Mobile: Android (Kotlin), iOS (Swift). Desktop agent: Tauri / Rust. Sentinel firmware: ESP-IDF / C++. Orchestration: Docker Compose. LLM serving: Ollama.

Does Enki store my data on someone else's servers?

No. Hardware tier: all data lives on your server, your encrypted drive (LUKS), your keys (Ed25519, hardware-rooted). The hub at enkisystems.com manages invite codes and a lightweight node registry only — customer data never touches the hub. Federation between nodes is opt-in, mutually-signed, content-hash addressed; nodes exchange derived extractions, never raw bytes unless explicitly authorized.

Is there a hosted cloud option for Enki?

Yes. Cloud-tier deployments run the same software stack with the same LDU/GDU governance and per-tenant hash-chained admission, but on hosted infrastructure. Trust boundary differs (cloud trusts infrastructure; hardware trusts physics). Cloud is appropriate for evaluation and for workloads that don't require air-gap. Production-critical and compliance-sensitive workloads should run on owned hardware.