WayCup TCI Architecture Specification (v2.0)
π Overview
A machine-aware, zero-persistence, declarative infrastructure built on Nix Home Manager and 1Password. Designed for 40-year hardware scaling.
𧬠Hardware Taxonomy
- TCI_CLASS:
METAL: Physical hardware (Desktops, Laptops).CLOUD: Virtual environments (VMs, Containers).
- TCI_ROLE:
ENGINE: Stateful Source of Truth. High-power. Owns the projects and deep memory.TERMINAL: Thin-client interface (Glass & Keyboard). No local project files.ROUTER: Management node (VMs) for orchestration and connectivity.
π‘οΈ Security Protocol (Zero-Persistence)
- Private Keys: 0% disk persistence. Served via
agent.sock. - Public Keys: Managed in
~/dotfiles/ssh/and symlinked via Nix. - Secrets: Headless API access via
.op_service_account(Git-ignored). - Signing: Commits cryptographically signed via 1Password on
METALdevices.
π Environment Resolution
The system uses a βBottom-Upβ authority model in .bashrc.
- Nix Home Manager sources background variables.
- The TCI Detection Engine (at the very bottom of
.bashrc) unsets any inherited variables and re-reads the physical~/.tci_identityfile to establish the final machine state.
π§ Safety Shield (AI Mandates)
- No Direct Home Edits: AI agents are forbidden from editing symlinks in
~/. - Source Only: All changes must occur in
~/dotfiles/or~/projects/. - Interpolation Guard: Nix interpolation (
${var}) for.nixfiles; raw paths for static.json/.toml.