Cognitive Server

§ Technical Brief · v2026.05

The Cognitive Server Architecture Paper

A complete technical specification: hardware base, software stack, MCP implementation, multi-tenant isolation, and compliance evidence chain.

Version2026.05
Pages48
FormatPDF · A4
ClassificationPublic (redacted)
AuthorsCognitive Server Engineering
Last updatedJune 2026
LanguageEN

Executive summary

What this paper covers

This paper is the complete technical reference for Cognitive Server — the sovereign cognitive infrastructure platform for regulated European industries. It covers the hardware base (certified appliance (Dell · HPE · Lenovo · xFusion), TPM 2.0, Ubuntu 24.04 LTS), the container runtime and GPU isolation layer, the AI stack (Ollama, Llama 3, Nomic embeddings), the MCP host implementation, and the four cognitive applications (Core, Vault, Hub, Nexus) wrapped by The Fabric (Shield, Bridge, Chain).

The target audience is technical evaluators: IT architects, CISOs, CTOs and procurement teams in regulated organisations. The paper assumes familiarity with OAuth 2.1, JSON-RPC 2.0, and the ISO 27001:2022 control framework. Non-technical executives should start with the sector briefings available at /resources.

The public version is redacted: deployment runbooks, network topology diagrams with IP ranges, and the full penetration test report are available under a signed NDA to qualified evaluators. See the restricted materials section at /resources for the request process.

Contents

Table of contents

  1. 01

    Hardware base

    Dell / HPE / Lenovo / xFusion appliance, TPM 2.0 attestation, Ubuntu 24.04 LTS hardening

  2. 02

    Container runtime

    Docker, NVIDIA/CUDA isolation, persistent logging

  3. 03

    AI stack

    Ollama runtime, Llama 3 weights, Mistral, Nomic embeddings, model router

  4. 04

    MCP host implementation

    Tools, Resources, Prompts under a sovereign perimeter

  5. 05

    Multi-tenant isolation

    JWT contract, namespace isolation, Dynamic Client Registration

  6. 06

    RBAC

    Shield enforcement model, four roles, scope tables

  7. 07

    Audit chain

    Chain fabric specification, JSONL export format, BCE/EBA compatibility

  8. 08

    Federation

    GAIA-X and Pontus-X integration, residency tags, cross-perimeter discovery

  9. 09

    Network sovereignty

    WireGuard VPN, Traefik TLS termination, zero egress by default

  10. 10

    ISO 27001:2022 mapping

    93 controls, evidence matrix, RBAC matrix reference

Request access

Request the full paper

The architecture paper is sent encrypted to your corporate email address within one business day of your request. A brief qualification form is required to ensure the material reaches technical evaluators.

Request the architecture paper →

Sent encrypted · Corporate email only · No tracking pixels · One business day

Prefer to read the architecture online?

Explore the architecture reference →

Or review the compliance evidence:

ISO 27001:2022 mapping →