Qi Qi Bridge Operator console · nita@qiilabs
UTC 2026-05-25 · 14:08:32
Neo4j Postgres Vault
What is true right now / rolling 24h · US users · eu-central hel1
Bridge build v0.42.7  ·  Refreshed 00:14 ago
01 — Sovereignty
All keys derive in eu-central.
Region affinity 100% over 24h.
Egress 0 bytes outside EU. DNS, transit, storage on Hetzner.
02 — Confidentiality
No plaintext exists.
Vault sealed at rest with ML-KEM-768.
Keys held in HSM. Operators cannot read credential material.
03 — Independence
No hyperscaler is on path.
Audit chain verified 14s ago.
No AWS, GCP, Azure, or Cloudflare in the request path.
Integrity / vital signs
All 6 / 6 green  ·  Last drift event none
PQC primitive setValidated
FIPS 203 + 204
ML-KEM-768 ML-DSA-65 SHA-3 · 384 classical · fallback off
Hash chainVerified 0s ago
142,907 · depth
leaf 0xfa2e·4c91·d80b·…·a7
ASCQi fusion entropyStable
512 bits / capture
σ 0.04 over 24h · target < 0.10
μ = 511.6
Attestation freshnessAll current
4 / 4 devices
100%
oldest 16d · policy ≤ 30d
Key rotationOn schedule
0 due in 7d
next 2026-08-12 · cadence 90d
today +7d +30d +60d +90d rotate
Sovereignty100% EU
0 bytes egressed
hel1
region hel1 · 100% · tail 0% non-EU
Today in the network / live tail
7 events · 0 dropped · p99 42ms

Verification stream

7 events · 24h
Streaming Filter · all
Tail: 0 dropped · WORM mirror eu-west Open ledger →

Needs attention

3 items · low severity
Anomalies →
!
qid_2c4a8f6e enrolled, no service yet
Mira Okafor · enrolled 4h ago · expected first connect within 24h
4h ago
i
Toqin webhook latency drifted 18 → 24ms
Within tolerance · investigate if p99 exceeds 80ms
2h ago
i
Trans-Atlantic p99 latency 78ms · within budget
US-west users hitting hel1 at upper bound of 80ms SLO. Documenting for capacity planning.
yesterday
Trust graph

3 identities today.
8,000,000,000 capacity.
Same view at either end.

The graph scales by density, not pagination. At 3 you see every credential and every edge. At 8 billion you see clusters, services, and the topology of trust — drill down to find any one. Designed to hold every human alive on a single canvas, served from sovereign infrastructure in the EU.

3 live
7,999,999,997 headroom
Trust graph at scale

The whole network, one canvas.

3 credentials · 4 devices · 2 services · 7 edges · US users · shard eu-central · hel1
Live population
3
Design capacity
8B
Edges · 24h
7
Density
3.7×10⁻¹⁰
click any credential to focus   scroll to zoom 1 → 8B
● 3 live · eu-central Capacity horizon · 8,000,000,000 · every human alive
1101001K10K 100K1M10M100M1B8B
Identity directory / all credentials
Population 3  ·  Capacity 8,000,000,000  ·  Shard hel1
Last 24h Region · hel1 + Enroll identity
Credential ID Devices Services Verifications · 24h Last verified Enrolled Status
Showing 3 of 3 · 7,999,999,997 capacity available · essentially unbounded Page 1 of 1
Bridge/ Identities/
N

qid_a3f8b2c4·d9e7f6a1

Nita Saint-Hilaire · primary
Enrolled 2026-05-09 ASCQi v3.1 Fusion iris + face + fingerprint Shard eu-central · hel1
Last verified 2m ago · 14:06:14

Local trust topology

biometric → ASCQi → credential → devices → services
Depth · 2 Layout · radial Live
— nodes · — edges · — biometric · — devices · — services Export subgraph (Cypher) →

Cryptographic identity

KEMML-KEM-768 SigML-DSA-65 HashSHA-3 / 384 Seed0xe701…aa9d Pubkey0x8f4c…d9a3 FIPS203 / 204

Bound devices · 2

Connected services · 1

Recent events

Anomalies / operator queue
Open 2  ·  Resolved 24h 0  ·  Mean time to triage

Open

2 items · sorted severity
All severities All types
MED
Webhook latency drift · toqin.app
/qi/hooks/verify p99 climbed from 18ms to 34ms over the last 2 hours. Still within SLO (80ms), but trending. Consider verifying connection pool sizing on Toqin side.
Type latency-drift Service toqin.app First seen 12:18 UTC Samples 412
2h ago
opened 12:18
LOW
No service connect after enrollment · qid_2c4a8f6e
Mira Okafor enrolled 4h ago. No service connection has been initiated. Normal first-connect window is 0–24h. No action required yet; will auto-resolve on first verify.
Type first-connect-pending qid qid_2c4a8f6e Auto-close at 24h
4h ago
opened 10:18
INFO
Trans-Atlantic p99 latency · US-west users · 78ms sustained
US-west clients (PDX, SEA) are hitting hel1 at the upper bound of the 80ms latency SLO. Round-trip is dominated by physics; no action required. Documenting for capacity planning and to inform any future EU edge POP discussion.
Type latency-info Region us-west users → hel1 Tracker OPS-204
yesterday
opened 14:30
Hash-chain anchored · all anomaly opens / closes signed View resolved →

Anomaly types

Replay0 Match fail0 Attestation0 Geo deviation0 Latency drift1 First-connect1 Infra pending1

Detection thresholds

Match fail rate> 0.5% / 5m Replay window30s nonce Latency p99> 80ms sustained Attestation> 30d age Geo drift> 1500km / 5m

Routing

HighPagerDuty · platform-oncall MediumSlack · #bridge-ops Low / infoQueue only
API plane / bridge.qiilabs.com / v1
Compute eu-central · hel1  ·  Traffic US users  ·  OpenAPI 3.1
Requests · 24h
14,082 req
p99 latency
42 ms
Success rate
99.998%
Active keys
12 of 25

API keys

12 active · 0 revoked · 0 expiring
All scopes + Generate key
Key Service Scope Requests · 24h Last used Status
qbk_live_a3f8…2c4bToqin · production
 toqin.app verify · connect 8,421 2m ago · 14:06 Active
qbk_live_7e9d…5b1aKontour · production
 kontour.eu verify 5,612 14m ago · 13:54 Active
qbk_test_2c4a…f6e0Internal · staging
 bridge-stg.qiilabs enroll · bind · verify 49 3h ago · 11:02 Idle
qbk_live_b4d7…71ceQi Vault mobile
 qi.local bind · attest 0 1h ago · 13:11 Active
Showing 4 of 12 keys · ML-DSA-65 signed View all keys →

Endpoints

/v1 · bridge.qiilabs.com
Open OpenAPI ↗
POST
/v1/identities/enroll ASCQi fusion · ML-KEM-768 seal
1.2 req/h
8 msp99 · 28 ms
POST
/v1/credentials/verify Challenge-response · ML-DSA-65 signature
412 req/h
12 msp99 · 42 ms
POST
/v1/services/connect OIDC bridge · scope: verify, attributes
38 req/h
18 msp99 · 54 ms
POST
/v1/devices/bind Secure-enclave attestation · 30d rotation
4 req/h
22 msp99 · 71 ms
GET
/v1/identities/{qid} Read-only · graph projection optional
142 req/h
4 msp99 · 11 ms
PUT
/v1/credentials/{qid}/rotate Quarterly · on-device biometric reseal
0.1 req/h
31 msp99 · 88 ms

Rate limits

Per credential verify · enroll
120 / min
Per service read · write
10,000 / min
Per region burst
2.5M / min
Global ceiling plane v1

Webhooks

https://toqin.app/qi/hooks/verify
● 200 OKlast 2m agoHMAC-SHA3-384
https://kontour.eu/_qi/event
● 200 OKlast 14m agoHMAC-SHA3-384

Compliance

FIPS203 · 204 SOC 2Type II eIDASQSCD level GDPRArt. 9 / 32 DPAHetzner EU
Sovereignty ledger / proofs of every promise
Hash chain verified  ·  Retention 365d  ·  Mirror eu-west (fsn1)
PROMISE 01

All keys derive in eu-central.

100% of 14,082 requests served from hel1 over 24h. 0 cross-region key material.
PROMISE 02

No plaintext exists.

Vault sealed continuously since 2025-11-04 · 09:14 UTC. 0 unseal events. HSM in FIPS 203 mode.
PROMISE 03

No hyperscaler is on path.

0 requests traversed AWS, GCP, Azure, Cloudflare. Transit via RETN + Hibernia. DNS authoritative on Hetzner DNS.
PROMISE 04

Operators cannot read your credentials.

0 break-glass events. HSM access requires 3-of-5 quorum + biometric. Last quorum drill 2026-04-22.
PROMISE 05

Every state change leaves a signed trace.

Hash chain depth 142,907. Last leaf 0xfa2e·4c91. Chain verified by mirror 14s ago.

Chain log

last 24 entries · WORM
Chain valid
Append-only · ML-DSA-65 signed · mirrored fsn1 Export proof bundle →