Skip to main content
Part of Alfred’s six-layer architecture. Infrastructure is the foundation everything else runs on.

Your Alfred is yours alone

Every Alfred Black subscriber gets a dedicated, isolated server. Your data never shares hardware, databases, or services with anyone else.
PropertyDetail
ServerDedicated Hetzner Cloud instance (cx53: 8 vCPU, 32GB RAM)
StorageLUKS2 full-disk encryption (AES-256-XTS)
NetworkPrivate Tailscale mesh (WireGuard-based VPN)
ExposureZero public-facing ports — no inbound access from the internet
Your Alfred is not a container on a shared cluster. It’s a dedicated machine, encrypted at rest, accessible only through a private network.

Encryption

Your vault and all associated data are stored on a LUKS2-encrypted volume using AES-256-XTS. The encryption key is a 64-character random string, generated uniquely per instance during provisioning.The encrypted volume contains your Obsidian vault, Alfred worker state, OpenClaw state, secrets (API keys, provider credentials), and Restic backup metadata.The LUKS passphrase is backed up to the control plane for disaster recovery. Even if the server is lost, your data can be restored from encrypted backups.
  • Tailscale — End-to-end encrypted mesh network using the WireGuard protocol. All traffic between your browser/apps and your Alfred travels through this encrypted tunnel.
  • HTTPS — TLS 1.3 via Cloudflare for browser connections, and via Tailscale Serve for direct API access.
  • Cloudflare Tunnel — Outbound-only encrypted channel for OpenClaw device connectivity. Your server’s IP is never exposed.
When you create an API key, the full key (alf_...) is shown to you once. A SHA-256 hash is computed and stored. The original key is discarded — it cannot be recovered. Authentication compares hashes, never raw keys.

Network isolation

Your Alfred has zero public ports for application services. All services listen on 127.0.0.1 only:
ServicePortExternal Access
Tenant API3100Tailscale Serve (HTTPS)
OpenClaw Gateway18789Cloudflare Tunnel (outbound-only)
Temporal Engine7233Tailscale Serve (HTTPS)
A Hetzner Cloud firewall permits only Tailscale WireGuard (UDP 41641) and ICMP inbound. SSH is restricted to pre-authorized IP ranges. No service listens on a public interface.

Container hardening

Docker containers run with defense-in-depth hardening:
ProtectionDetail
Privilege escalationno-new-privileges: true on all containers
Capabilitiescap_drop: ALL — all Linux capabilities removed
Memory limits2GB per container default; learn container runs at 4GB for the Whisper model
PID limits256 processes per container — prevents fork bombs
NetworkAll containers bound to localhost only

Whisper model

The whisper-large-v3 model (~3GB) is baked directly into the learn container’s Docker image. This means zero-config deployment — no model downloads at runtime, no external model registries, no startup delays. The learn container has a mem_limit of 4GB to accommodate the model in memory.

Terminal proxy

The Terminal proxy provides direct CLI access to OpenClaw from your dashboard. It uses the Docker Engine exec API with real PTY allocation, supporting proper SIGWINCH signals for terminal resize events. This gives you a native terminal experience — full-screen editors, interactive prompts, and correct line wrapping all work as expected.

Temporal schedule creation

Temporal schedules are created using the --type flag (not --workflow-type). All scheduled workflows — specialist runs, intuition processes, stream polling — are registered through this mechanism during provisioning.

Health monitoring

The SaaS layer checks your Alfred’s health every 2 minutes over the encrypted Tailscale network. It monitors service status, disk and memory usage, container health, and Tailscale connectivity. Results power your dashboard’s Command Center.

Backup strategy

Automated daily backups at 3:00 AM via Restic with AES-256 encryption to Hetzner Object Storage. Retention: 7 daily, 4 weekly, 12 monthly snapshots. Containers are stopped during backup for consistency. Even if the S3 bucket is compromised, backup data cannot be read without the Restic password.

Data lifecycle

EventWhat happens
Subscription startsDedicated server provisioned, encrypted volume created, secrets uploaded via SSH
Active subscriptionContinuous operation, daily encrypted backups, health monitoring
Subscription cancelledData preserved for 30 days — resubscribing restores access immediately
After 30 daysEnvironment permanently decommissioned, all data destroyed
Your vault is an Obsidian-compatible collection of Markdown files. You can pair a device to access your vault directly and maintain your own local copies at any time.

Security

Full security architecture, threat model, and incident response

How the API Works

The full request path from your browser to your vault