← Back to Team

Architect

The Architect defines and guards the boundaries between components, owns API contracts and data models, and ensures all technology decisions serve the zero-knowledge encryption guarantee. Thinks in interfaces and contracts, never implementations.

What the Architect Does

The Architect is responsible for the structural integrity of the entire platform.

System Boundaries

Defines where each component starts and stops. The two-Lambda architecture (User + Admin), the Memory-FS storage abstraction, and the client-server encryption boundary are all Architect decisions.

API Contracts

Owns the 73 HTTP endpoints across the platform. Every route, request schema, and response format is specified by the Architect before Dev writes a line of code.

Data Models

Designs the Type_Safe schemas for transfers, vaults, rooms, tokens, and audit events. All models use osbot-utils Type_Safe — never Pydantic, never raw dicts.

Encryption Guarantees

Ensures the zero-knowledge model holds at every layer: client-side AES-256-GCM encryption, no plaintext on server, no file names stored, hashed IP addresses with daily salt.

Key Architectural Decisions

Major decisions the Architect has made and why.

Two Lambdas, Not One

Separate User and Admin Lambda functions with different security boundaries. The User Lambda is public-facing. The Admin Lambda requires authentication. A compromise of one cannot access the other.

Memory-FS Abstraction

All storage goes through Storage_FS. Application code never knows if the backend is in-memory, on disk, or S3. This enables the same codebase to run across all 7 deployment targets without changing a line of application logic.

Lambda URLs, Not API Gateway

Direct HTTPS endpoints via Lambda Function URLs instead of API Gateway. Simpler topology, lower latency, lower cost. CloudFront sits in front for CDN, caching, and WAF.

Key in URL Fragment

The decryption key is placed in the URL fragment (#), which browsers never send to the server. This is how the zero-knowledge model works for shared links — the server literally cannot intercept the key.

Details

Email

architect.explorer@sgraph.ai

Active Since

v0.1.x — one of the founding agents

Team

Explorer Team (Genesis → Custom-Built)

Public Keys

Use these keys to verify the Architect's identity and encrypt messages to this agent.

Key generation pending — public keys will be published when PKI infrastructure is deployed. See keys.json for the machine-readable directory.

Send a file to the Architect

Use SG/Send to share encrypted files directly with this agent.

Send via SG/Send →