Connectivity is not guaranteed
The design assumes slow, degraded, or unavailable networks rather than treating offline behavior as an exception.
Design exploration
Field-Operated AI, Bounded at the Device
Myosotis is a design study for AI systems that use mobile devices as governed field nodes. The work focuses on trust boundaries, local policy evaluation, explicit operator consent, and auditable execution under degraded or sensitive operating conditions.
- Device-local authority
- Explicit capability scope
- Fail-closed execution under uncertainty
Problem frame
Cloud-first assumptions weaken at the edge.
Field environments introduce intermittent connectivity, ambiguous network trust, proximity to sensitive data, and higher consequences for mistaken action. In these settings, a mobile device cannot be reduced to a thin client and a cloud service cannot be treated as the final authority for local action.
Authority must remain legible
Tool execution needs clear scope, attribution, and operator-visible outcomes, especially when sensitive data or actuation is involved.
Consent is a control boundary
Approval must be specific, bounded, and auditable. Silence, timeout, or ambiguity should not imply permission.
Architecture note
Reverse the default trust model.
Myosotis treats the mobile device as a governed execution node rather than a passive endpoint. The cloud can coordinate discovery and routing, but device-side policy remains the final decision point for local tools, sensitive context, and operator-facing actions.
01
Resolve scope
The control plane routes requests and defines bounded scope.
02
Evaluate locally
The device validates policy, consent, and capability constraints before tool execution.
03
Execute or deny
Actions either proceed within policy or fail closed with a visible, attributable outcome.
04
Record and sync intentionally
Audit is recorded as part of normal operation, and sync remains an explicit, controlled action.
Safety model
Designed around containment, not capability expansion.
The architecture is centered on risk containment. Devices, agents, and tools are untrusted by default. Authority is established only through scoped capability grants, cryptographic provenance, local enforcement, and immutable audit trails.
The system enforces
Local policy evaluation before execution
The system does not allow
Remote bypass of the policy engine
The system contains
Failure to the affected device and visible workflow state
The system requires
Explicit consent where policy or context demands it
The system records
Attributable audit events as part of normal operation
Field conditions
Designed for operating environments, not demos.
Myosotis is shaped around environments where connectivity is unreliable, conditions are time-sensitive, and operator clarity matters. The design is intended for contexts where mobile devices interact with sensitive data, physical processes, or regulated workflows.
Healthcare
Bedside capture, clinical workflows, and attributable approval.
Transportation
Mobile coordination under inconsistent connectivity and varied trust zones.
Security
Bounded device actions where policy and operator visibility are mandatory.
Defense and field services
Operational environments where degraded conditions are expected, not exceptional.
Current state
Design system first. Proof later.
Myosotis currently exists as an RFC-backed design and governance exploration. The current work defines architectural constraints, threat models, policy semantics, audit requirements, distributed execution behavior, and consent flows.
It does not claim production validation yet. The value here is architectural rigor, explicit constraints, and disciplined claims.
Available now
Reference architecture, threat model, and whitepaper summary.
Not claimed
Production deployment, runtime performance, or efficacy outcomes.
Next step
Use the published design to evaluate fit, constraints, and risks.
Reference material
Start with the design constraints.
For review, start with the design summary and threat model. The site is intentionally framed as a public design artifact, not a product launch page.
Contact: myosotis@micrantha.com