Sumarhus Alpha

Sumarhus Alpha is what happens when you spend three years working with AI tools and then decide to give the AI a proper home. Not a chat window, not a wrapper around an API — a distributed system with its own agents, message bus, inference cluster, and a deployment pipeline that ships immutable container images to production on every push to main.

The name comes from Halldor Laxness's Independent People. Bjartur of Sumarhus builds his own home on his own terms, refuses every offer of help, and endures everything the Icelandic landscape throws at him. There is something of that stubbornness here — a deliberate choice to build sovereign infrastructure when perfectly good cloud platforms exist. The difference, I hope, is that the stubbornness serves a dual purpose: every component solves a real operational problem and doubles as a laboratory for learning new languages, architectures, and deployment patterns. Go and Rust were not chosen by accident. They were chosen because building production services in them is the fastest path to genuine proficiency.

The Agent Mesh

Five Go microservices form the core of the system, each compiled to a distroless Docker image under 5 MB:

• Daemon — Chat interface with Claude streaming, budget tracking, and authentication. The front door to the system.
• Orchestrator — Task routing, agent registry, and NATS-based coordination. Decides which agent handles which request.
• LLM Router — Cost-aware model selection across 21 models and 7 providers. Simple queries route to local inference at zero cost; complex work routes to frontier models.
• Backup Agent — Encrypted backups using age and zstd compression. Automated, verifiable, sovereign.
• Claude Code Worker — A NATS agent wrapping the Claude Code CLI, running on the Mac and accepting tasks from the mesh.

All five agents communicate through NATS JetStream — a lightweight message bus with key-value buckets for agent registry, task state, and model configuration. The choice of NATS over heavier alternatives (Kafka, RabbitMQ) reflects the design philosophy: minimum viable infrastructure, maximum operational clarity.

Infrastructure Monitoring in Rust

A Rust MCP server (mcp-tools) provides real-time infrastructure monitoring — Docker container status, Tailscale network health, disk usage, and system vitals — exposed through the Model Context Protocol. Built with rmcp 0.15 and Tokio, compiled to a 1.3 MB static musl binary. Rust was chosen here for the same reason it was chosen for the problem: when a monitoring tool fails, you want the failure to be in the tool's logic, not in its runtime.

The Hardware

Three machines connected through a Tailscale WireGuard mesh:

• MacBook Pro — Primary workstation running PAI via Claude Code. The development environment, memory system, and claude-code-worker agent live here.
• Proxmox Hypervisor — Three VMs: a Docker host running 15 containers, Home Assistant managing IoT and a Siemens S7-1200 PLC (the hot tub), and a PocketBase instance for structured data.
• Hercules — Dual-GPU workstation (RTX 5090 + RTX 4090, 56 GB VRAM). Runs vLLM on the 5090 (Qwen 2.5 32B AWQ) and Ollama on the 4090 (Llama 3.3 70B, DeepSeek-R1 32B). Local inference for simple queries; frontier APIs for the hard stuff.

Intelligence Layer

The LLM Router manages 21 models across 7 providers: Anthropic (Opus 4.6, Sonnet 4.5, Haiku 4.5), Google (Gemini 2.5/3.0 Flash and Pro), OpenAI (GPT-4.1 family), OpenRouter, DeepSeek, and two local backends (vLLM, Ollama). Cost-aware routing means a status check costs nothing and a deep analysis uses the best available model. The system scales without the API bill scaling with it.

AtomStation — The Frontend

AtomStation is a Next.js 16 dashboard served at fylkid.is through a Cloudflare Tunnel — zero inbound ports, full DDoS protection, WebAuthn passkey authentication. It provides real-time visibility into infrastructure health, agent status, Garmin biometrics, journal entries, and system logs. Built with React 19, Tailwind CSS 4, Recharts, and Framer Motion.

The infrastructure also services external projects. Contact form submissions on smarason.is route through a Go bridge at api.fylkid.is, which validates and forwards them to the self-hosted PocketBase instance on the Proxmox hypervisor. The data never touches a third-party platform — it flows from the public website, through the Sumarhus network, into sovereign storage. AtomStation surfaces these messages alongside everything else the system manages.

Example Flow: A Contact Message

To see how the pieces connect, follow a single contact form submission through the system:

1. A visitor submits the contact form on smarason.is (hosted on Vercel).
2. The form POST hits api.fylkid.is — a Go bridge service running in a Docker container on VM 100, exposed through Cloudflare Tunnel.
3. The Go bridge validates the payload, rate-limits the request, and writes the message to PocketBase on VM 102 over the Tailscale mesh.
4. PocketBase stores the message with full data sovereignty — no third-party analytics, no cloud database, no external access.
5. AtomStation at fylkid.is queries PocketBase and displays the message in the dashboard, alongside infrastructure health, agent status, and Garmin biometrics.
6. A notification fires through the PAI hook system, and the message appears in the daily operational log.

Six services, three machines, two domains, one mesh network — and the visitor just filled in a form. That is what sovereign infrastructure looks like from the inside.

CI/CD and Deployment

A GitHub Actions pipeline runs on every push to main: ESLint and Vitest in parallel with a Gitleaks security scan, then a Docker build pushing to GHCR, then deployment to the VM via Tailscale SSH. No source code touches production — only immutable container images pulled from the registry. The deploy script refuses to run if the production .env file is missing, because production secrets are sacred and automation should never overwrite them.

The PAI Skill System

35 specialized skills span research (multi-model parallel research, academic writing, OSINT), development (CLI generation, browser automation, code review), security (penetration testing, prompt injection analysis, reconnaissance), creative work (art generation, extended thinking), health (Garmin integration, fitness tracking), and governance (the VALOR framework). 133 workflows coordinate multi-step operations. 16 hooks in Claude Code create a continuous learning loop: capturing outputs, analyzing sentiment, logging ratings, and feeding everything into persistent memory.

Security Model

The most honest part of this project is the security log. Version 1.2 shipped credentials in a documentation file committed to git. The remediation — rotating every credential, rewriting history, configuring Tailscale grants-based ACLs, migrating to GPG-encrypted pass stores, adding Gitleaks scanning — took three times longer than doing it right would have. Seven security lessons are documented with before-and-after code, published as a teaching resource. The system earns trust not by being perfect but by being transparent about every failure and building automated guardrails to prevent repetition.

Prototyping Laboratory

Sumarhus is not only operational tooling. It is a deliberate training ground — a place to build production-grade services in unfamiliar languages and learn by shipping, not by reading. The Go agents started as an experiment in systems programming; they are now the backbone of the mesh. The Rust MCP server started as a weekend curiosity; it is now the infrastructure monitoring layer. The LLM Router started as a cost spreadsheet; it is now a service that routes every query to the most cost-effective model. Every prototype either graduates to production or teaches something worth keeping.

Philosophy

The system is never finished. That is not a limitation — it is the design. A personal AI infrastructure that stops evolving stops being useful. The architecture is built for change: walking skeleton first, cosmetics last, one integration at a time, git commit per feature. The dual purpose — practical tools and learning laboratory — means every hour invested compounds twice: once in operational capability, once in technical skill.

Bjartur built Sumarhus one stone at a time. The stones here are containers.