The Sovereignty Shape: Four Tiers of Infrastructure Control
25 configs arranged in concentric rings around the conservation law. Sovereign core has zero uptime dependency. The boundary is the constant. Data sources are the variable. 82% of tools require zero user credentials.
The Sovereignty Shape
25 configs. 193 tools. Four sovereignty tiers arranged as concentric rings around the conservation law. The boundary never changes between tiers — only the data source does.
Four Tiers
| Tier | Ring | What It Is | Control Level |
|---|---|---|---|
| SOVEREIGN | Core | ICH, CIOMS, WHO-UMC methodology. Hardcoded, zero uptime dependency. | We ARE the data |
| PUBLIC-API | Middle | openFDA, ClinicalTrials.gov, PubMed, DailyMed, RxNav, OpenVigil, EudraVigilance | Free APIs, we control extraction |
| LICENSED (BYOK) | Outer | DrugBank, VigiAccess, MedDRA | Typed voids — schema exists, user fills the slot |
| STUB | Edge | EMA | Namespace claimed, not yet implemented |
82% of tools require zero user credentials. 90 of 110 tools run with no secrets, no API keys, no authentication.
The Constant: Boundary
Across all four sovereignty levels, NexVigilant controls the same things:
- Tool naming — consistent schema across every domain
- Output schema — all tools have typed output contracts
- Extraction logic — proxy scripts transform raw API data into PV-useful structures
- Branding — every response carries attribution
- Read-only enforcement — no tool can modify external state
- Distribution — deployment through our own pipeline
The boundary is the constant. Data sources are the variable. This is why the moat is not the data — anyone can call openFDA. The moat is the extraction boundary that makes raw API responses useful to PV agents.
Conservation Law Applied
The conservation law maps directly onto the sovereignty shape:
- State = data from APIs, hardcoded indexes, licensed sources — what exists
- Void = BYOK expansion slots, stub namespaces — what is missing but shaped
- Boundary = tool schemas, extraction logic, naming, output shapes — the constant wrapper
- Existence = NexVigilant's presence as the PV rail — exists because boundary wraps the product of state and void
BYOK is expansion, not dependency. Licensed configs are typed voids — shaped slots waiting to be filled. The slot's shape is the value, not the data that fills it.
Strategic Properties
Sovereign core has no uptime dependency. ICH guidelines, CIOMS forms, WHO-UMC causality criteria — these are hardcoded. No external API call. If every server on the internet goes down, the sovereign core still responds.
Data sources are interchangeable. Any public API can be swapped out. The extraction boundary persists regardless of which API provides the raw data.
Namespace claiming is irreversible. Once on the Hub, tool names and schemas establish NexVigilant as the PV rail. First publisher owns the namespace.
Why Concentric Rings
The shape is concentric because each tier depends on the one inside it for its value. Public-API tools are useful because the sovereign methodology core gives them context. A raw FAERS query is data. A FAERS query interpreted through ICH E2B signal detection methodology is intelligence.
The further from center, the more dependent on external systems. The closer to center, the more self-sufficient. Design the core first. Everything else is a function of the core's existence.