Skip to content

Security, Backup & Recovery

Document reference: GFTCL-SEC-001 ยท Framework: GAMP 5 Category 5 ยท EU Annex 11

FortressAI Research Institute ยท Norwich, Connecticut Patents: USPTO 19/460,960 ยท USPTO 19/096,071 โ€” ยฉ 2026 Richard Gillespie

Security controls, access model, and the backup / restore / disaster-recovery procedures for the GaiaFTCL vQbit Quantum VM.

1. Access model

The system is single-operator-sovereign. There is no multi-user account system inside the cell; access control is the host's (macOS account + FileVault) plus the substrate's own refusal logic.

Surface Access Control
Franklin.app GUI Local operator macOS user session
gaiaftcl CLI Local operator Inspection + manual override only; writes go through Franklin
Substrate store Read-only to clients mode=ro SQLite; Franklin's heartbeat is the only writer
Federation mesh Cosignature-gated A row is credited only with a verified signature_quintet

2. Key & secret handling

  • The wallet private key lives only in ~/.gaiaftcl/franklin_local_wallet_key.toml (mode 0600) and Secure-Enclave/Keychain paths. It is never displayed, logged, or emitted to NATS โ€” the substrate refuses to export it through any CLI direction.
  • Keys are never agent-generated outside SecRandomCopyBytes / Keychain / substrate secure-RNG paths; the QC-026 Rule 30 surface composes substrate-natural randomness with V211 provenance.
  • API-key files (eth_mainnet_rpc_api_key.txt) are operator-owned references, mode 0600.

A pre-commit audit gate greps the source for any key-exposure, non-mainnet, or hedging-language regression and blocks the commit on a hit.

3. Post-quantum posture

The system demonstrates, with sealed evidence, that classical elliptic-curve keys are Shor-recoverable and that migrated ML-DSA / SLH-DSA keys are not โ€” see the Post-Quantum Wallet Proof and Lion-PQ Wallet Standard.

4. Backup

The system of record is ~/Library/Application Support/GaiaFTCL/substrate.sqlite plus ~/.gaiaftcl/ configuration.

Item Backup method Frequency
Substrate store File copy / Time Machine of the SQLite file (append-only โ†’ safe to snapshot) Continuous / daily
Configuration Encrypted copy of ~/.gaiaftcl/ (contains secrets) On change
Qualification receipts Retained in-repo (qualification_receipts/) under version control Per run
Federation continuity Sealed rows broadcast to the mesh โ€” off-host redundancy by design Real-time

Because the store is append-only and every row is self-verifying, a backup's integrity is checkable after restore by re-computing witness hashes.

5. Restore & disaster recovery

  1. Reinstall Franklin.app per the Installation Guide.
  2. Restore ~/.gaiaftcl/ configuration (including the wallet key file) from the encrypted backup.
  3. Restore the substrate SQLite file.
  4. Run IQ โ€” confirms components + schema integrity.
  5. Run gaiaftcl qc020 replay --from-anchor <a> --to-anchor <b> โ€” confirms the restored chain is bit-exact (no corruption).
  6. Resume operation; Franklin's heartbeat continues from the restored state.

RTO / RPO. Recovery time is bounded by reinstall + restore; recovery point is the last backed-up append (the mesh broadcast provides a near-real-time off-host record).

6. Business continuity

The federation mesh is the continuity layer: every sealed row exists on more than one cell. A lost cell is rebuilt from a clean image and re-moored; its substrate-development history is re-verifiable from the cosigned mesh record.

Cross-references: Data Integrity & Part 11 ยท Configuration Specification ยท Operational Procedures.

Federation-cosigned

This page's source is sealed in the GaiaFTCL federation manifest โ€” page SHA-256 cbd85d90f090f663โ€ฆ, manifest witness a090592e0609adc8โ€ฆ, signed 2026-06-02T18:58:22Z by cell gaiaftcl-mac-cell. Verify with gaiaftcl wiki sign --all and compare wiki-all-signatures.json.