master plan target architecture

Target Architecture — Three Trust Zones

Last Updated: 2026-02-16 Status: Approved Author: Thomas Scola

Overview

The Bluefly.io Agent Platform operates across three trust zones with strict boundaries. Internal agents stay on trusted infrastructure. External/social agents run in sandboxed environments. Communication happens only through authenticated gateways.

Architecture Diagram

┌─────────────────────────────────────────────────────────────────────────┐
│                         TRUST ZONE: GITLAB                              │
│                                                                         │
│  GitLab Ultimate Instance                                               │
│  ┌──────────────┐ ┌──────────────┐ ┌─────────────────────────────────┐ │
│  │  Duo Agentic │ │  AI Catalog  │ │  Issues / MRs / Pipelines      │ │
│  │    Chat      │ │  (agents +   │ │  (@mention triggers)           │ │
│  │              │ │   flows)     │ │                                 │ │
│  └──────┬───────┘ └──────┬───────┘ └──────────────┬──────────────────┘ │
│         │                │                         │                    │
│    Custom Agents    Custom Flows           External Agents              │
│    (Vector 1)       (Vector 4)             (Vector 2)                   │
│         │                │                         │                    │
│         └────────┬───────┘                         │                    │
│                  │                                 │                    │
│            MCP Client ◄──────── Vector 3 ──────────┘                   │
│            (connects to external MCP servers)                           │
│                  │                                                      │
└──────────────────┼──────────────────────────────────────────────────────┘
                   │
          Tailscale (encrypted)
                   │
    ┌──────────────┼──────────────────────────────────┐
    │              │                                   │
    ▼              ▼                                   ▼
┌─────────────┐ ┌──────────────────┐ ┌──────────────────────────┐
│ TRUST ZONE: │ │ TRUST ZONE:      │ │ TRUST ZONE:              │
│ INTERNAL    │ │ OPENCLAW (DMZ)   │ │ SANDBOX (UNTRUSTED)      │
│             │ │                  │ │                          │
│ Synology NAS│ │ Hetzner CX32    │ │ Oracle Cloud Instance 2  │
│ Oracle #1   │ │                  │ │                          │
│             │ │ OpenClaw Gateway │ │ external-gateway :5000   │
│ MCP Servers │ │ Custom Skills    │ │ moltbook-agents          │
│ LiteLLM     │ │ Telegram/Discord │ │   :4001-4003             │
│ MinIO       │ │ MCP to GitLab    │ │ openclaw-bridge :4010    │
│ Qdrant      │ │ MCP to NAS       │ │ npm-monitor              │
│ PostgreSQL  │ │                  │ │                          │
│ Redis       │ │ Connects via     │ │ OWN API keys             │
│ k3s+kagent  │ │ Tailscale to     │ │ NO NAS access            │
│             │ │ NAS services     │ │ Gateway port 5000 ONLY   │
└─────────────┘ └──────────────────┘ └──────────────────────────┘

Trust Zone Rules

Zone	Access Level	What Lives Here
Internal	Full NAS, all DBs, all secrets	OSSA core agents, compliance engine, agent mesh, observability
OpenClaw DMZ	NAS MCP servers + LiteLLM via Tailscale, no direct DB	OpenClaw gateway, custom skills, Telegram/Discord bots
Sandbox	Gateway port 5000 only, own API keys	MoltBook social agents, npm-monitor, external bridges

Tier Model

Tier 1: platform-agents/              → Agent manifests (YAML) — INTERNAL ONLY
Tier 2: common_npm/agent-*            → Infrastructure packages (TypeScript)
Tier 2: duo-agent-platform/           → GitLab Duo integration
Tier 3: gitlab-agent_ossa/            → Platform implementation (Go)
Tier 4: openclaw-bluefly/             → Agent runtime & skills (DMZ)
Tier S: agent-social/                 → Social/external agents (SANDBOX)

Port Allocation

Range	Purpose	Zone
3000-3015	Agent services (brain, chat, mesh, router, tracer)	Internal
4000	LiteLLM gateway	Internal
4001-4003	MoltBook social agents	Sandbox
4010	MoltBook A2A Bridge / OpenClaw Bridge	Sandbox
5000	External Gateway (sandbox ↔ internal)	Sandbox
5000-5003	ML models	Internal
5432	PostgreSQL	Internal
6333	Qdrant vector DB	Internal
6379	Redis	Internal
9000	MinIO S3	Internal
9090	Prometheus	Internal
27017	MongoDB	Internal

Cost Estimates

Item	Monthly Cost	Notes
GitLab Ultimate (included)	$0	24 credits/user/month
On-demand Duo credits	$50-200	External agent runs, complex flows
Hetzner CX32 (OpenClaw)	~$20	4 vCPU, 8 GB RAM
Oracle Free Tier #2 (Sandbox)	$0	ARM instance, always-free tier
LLM API — Sonnet (custom agents)	$50-150	Via LiteLLM gateway
LLM API — Opus (builder agent)	$100-300	Heavy-duty code generation
Anthropic API key (sandbox)	$20-50	Social agent content generation
Total	$240-720/mo	Scales with usage

Risk Register

Risk	Impact	Likelihood	Mitigation
Social agent compromise leaks internal secrets	Critical	Medium	Sandbox isolation, separate API keys, Tailscale ACLs
OpenClaw skill marketplace malware	High	Low	Only install vetted skills, sandbox deployment, no direct DB access
GitLab Duo credit overrun	Medium	Medium	Monitor credit usage, set alerts at 80% threshold
MCP server becomes single point of failure	Medium	Low	Health checks, Docker restart policies, graceful degradation
External agent creates bad commits	Medium	Medium	AGENTS.md conventions, MR-only workflow, human review required
Tailscale ACL misconfiguration	Critical	Low	Test ACLs before deploying sandbox, audit quarterly