The Relational AI Operating System
"The Ghost is the Logic. The Database is the Shell."
English · Deutsch · Türkçe · 中文 · 日本語 · 한국어 · Español · Français · Русский · Português · العربية · हिन्दी
GhostShell is not another AI bot. It is a post-applicative system architecture that transforms a PostgreSQL database into a living, relational organism. While projects like OpenClaw run on a system, GhostShell is the system — the hardware abstraction layer itself.
Every thought. Every file move. Every hardware impulse. Every security event. All of it — ACID-compliant database transactions. Indestructible. Secure. Consistent.
┌─────────────────────────────────────────────────────────────┐
│ 🖥️ CYBER-DECK (React UI) │
│ Desktop · 38 Apps · Ghost Chat · Software Store │
│ Terminal · LLM Manager · RAG Pipeline · Updater │
│ Firewall (22 Tabs) · Security Monitor · PWA Offline │
│ WebSocket-powered · Real-time │
└──────────────────────────┬──────────────────────────────────┘
│
┌──────────────────────────▼──────────────────────────────────┐
│ ⚡ NEURAL BRIDGE (FastAPI) │
│ Dual-Pool Architecture: System + Runtime │
│ 378 REST Endpoints · WebSocket · Command Whitelist │
│ Security AI Pipeline · Ghost-Swap · Auto-Response │
└──────────────────────────┬──────────────────────────────────┘
│
┌──────────────────────────▼──────────────────────────────────┐
│ 🎮 GPU LAYER (NVIDIA CUDA · llama.cpp) │
│ Real-time VRAM Monitoring · Hot-Swap Model Loading │
│ 20 Ghost Models · Multi-Backend (llama.cpp / vLLM) │
│ Security Ghost · Live LLM Inference · Auto-Ban │
└──────────────────────────┬──────────────────────────────────┘
│
┌──────────────────────────▼──────────────────────────────────┐
│ 🧠 THE SHELL (PostgreSQL 16 + pgvector) │
│ │
│ ┌──────────┐ ┌──────────┐ ┌──────────┐ ┌──────────┐ │
│ │ dbai_core│ │ dbai_llm │ │dbai_system│ │ dbai_ui │ │
│ │ Identity │ │ Ghosts │ │ Hardware │ │ Desktop │ │
│ │ Config │ │ 20 Models│ │ Metrics │ │ Windows │ │
│ │ Auth │ │ RAG Pipe │ │ CI/CD │ │ 38 Apps │ │
│ └──────────┘ └──────────┘ └──────────┘ └──────────┘ │
│ ┌──────────┐ ┌──────────┐ ┌──────────┐ ┌──────────┐ │
│ │dbai_event│ │dbai_panic│ │dbai_vector│ │dbai_know.│ │
│ │ Events │ │ Recovery │ │ Memories │ │Knowledge │ │
│ │ E-Mail │ │ Failsafe │ │ Synaptic │ │ 211 Docs │ │
│ └──────────┘ └──────────┘ └──────────┘ └──────────┘ │
│ ┌──────────┐ ┌──────────┐ ┌──────────┐ ┌──────────┐ │
│ │dbai_sec. │ │ dbai_net │ │dbai_journ│ │dbai_work.│ │
│ │ Security │ │ Mobile │ │ Journal │ │ Workshop │ │
│ │Immunsyst.│ │ Bridge │ │Change Log│ │ Custom │ │
│ │ 19 Tables│ │ 11 Tables│ │ Audit │ │ Tables │ │
│ └──────────┘ └──────────┘ └──────────┘ └──────────┘ │
│ │
│ 210 Tables · 79 Schema Files · Row-Level Security │
│ Schema Fingerprints · Immutability · OTA Updates │
│ 12 Schemas · 19 Bridge Modules · 211 Knowledge Docs │
└─────────────────────────────────────────────────────────────┘
| OpenClaw | GhostShell OS | |
|---|---|---|
| Architecture | Application on a system | Is the system |
| Data Storage | Volatile JSON files | ACID transactions — every thought is permanent |
| Hardware | External APIs | Hardware-as-a-Table — UPDATE cpu SET governor='performance' |
| AI Models | Single model, restart required | Hot-Swap 20 Ghosts — change LLMs without losing context |
| GPU | No native support | NVIDIA CUDA — real-time VRAM monitoring, live model loading |
| Memory | Flat context window | Synaptic Memory Pipeline + pgvector RAG |
| Security | Application-level | AI Immunsystem — 19-table threat detection + auto-response |
| Updates | Manual reinstall | Atomic OTA with auto-rollback |
| Self-Repair | Manual | Autonomous repair pipeline with human approval |
| Desktop | None | 38 native apps, windowed UI, taskbar, terminal |
| Mobile | None | Portable Boot, USB-C Link, Ghost-Net Hotspot, PWA |
OpenClaw is a great inspiration. GhostShell is the architecture it needs to be stable.
| Layer | Technology | Purpose |
|---|---|---|
| Kernel | PostgreSQL 16 + pgvector | The relational core — 12 schemas, 210 tables, 79 migration files |
| Intelligence | Local LLMs (llama.cpp CUDA) | 20 Ghost models — hot-swap, GPU-accelerated, RAG-augmented |
| Security | AI Immunsystem + Suricata + fail2ban | 19-table threat pipeline, live LLM analysis, auto-ban/mitigate |
| GPU Engine | NVIDIA CUDA + llama.cpp | Real-time VRAM monitoring, model loading with live progress bar |
| Neural Bridge | FastAPI (Python, 12,800+ LOC) | 378 API endpoints, dual-pool security, WebSocket real-time |
| Sensors | Python Hardware Bridge + C-Bindings | CPU, GPU, VRAM, temperature, network — all as tables |
| Interface | React Cyber-Deck | 38 desktop apps with windowed UI, taskbar, boot screen, PWA |
| Mobile Bridge | 5D Portable System | USB-C Link, Ghost-Net Hotspot, Sensor Pipeline, mDNS Discovery |
| Integrity | Schema Fingerprints + RLS | 175 monitored objects, immutable core protection |
| Knowledge | system_memory + Knowledge Base | 211 documented system insights across 14 categories |
| Updates | CI/CD + OTA Agent | Atomic updates with GitHub Actions, migration runner, auto-rollback |
| Dev Tools | Docker Compose + QEMU Simulator | Containerized microservices, hardware emulation, Kali pen-test |
| Multi-Arch | x86_64 + ARM64 (Docker buildx) | Same Ghost, same DB — PC, Raspberry Pi, Apple Silicon |
GhostShell features a biological immune system for your infrastructure — a self-regulating security architecture that detects, analyzes, and neutralizes threats autonomously using local LLMs.
┌─────────────────────────────────────────────────────────────┐
│ 🛡️ SECURITY IMMUNSYSTEM │
│ │
│ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐ │
│ │ DETECTION │ │ ANALYSIS │ │ RESPONSE │ │
│ │ │ │ │ │ │ │
│ │ Suricata │ │ Ghost LLM │ │ Auto-Ban │ │
│ │ fail2ban │ │ 10 Task │ │ Auto-Block │ │
│ │ Honeypot │ │ Types │ │ Auto-Patch │ │
│ │ Port Scan │ │ Risk Score │ │ Alert │ │
│ │ Auth Monitor│ │ Confidence │ │ Quarantine │ │
│ └──────┬──────┘ └──────┬──────┘ └──────┬──────┘ │
│ │ │ │ │
│ ▼ ▼ ▼ │
│ ┌─────────────────────────────────────────────────┐ │
│ │ dbai_security (19 Tables) │ │
│ │ ip_bans · intrusion_events · honeypot_events │ │
│ │ vulnerability_findings · threat_intelligence │ │
│ │ cve_tracking · tls_certificates · dns_sinkhole │ │
│ │ ai_tasks · ai_analysis_log · security_metrics │ │
│ └─────────────────────────────────────────────────┘ │
└─────────────────────────────────────────────────────────────┘
When you trigger a security analysis, the Ghost processes it end-to-end:
UI Button → POST /api/security/ai/analyze
→ DB Task Created + Background Thread
→ Build Context (query relevant DB tables)
→ Build Prompt (structured with JSON output format)
→ LLM Inference (llama-server:8081)
→ Parse Response (risk_level, confidence, actions)
→ Auto-Response (ban IPs, block ports, patch vulns)
→ Frontend polls GET /api/security/ai/task/{id}
→ Result Panel: Risk Badge + Confidence + Recommendations
10 Analysis Types:
| Type | What it does |
|---|---|
threat_analysis |
Analyze network threats and attack patterns |
vuln_assessment |
Scan for vulnerabilities in system configuration |
network_scan |
Deep network topology and open port analysis |
anomaly_detection |
Detect unusual patterns in traffic and auth logs |
compliance_check |
Verify security baselines and policy compliance |
incident_response |
Analyze and respond to active security incidents |
malware_analysis |
Detect suspicious processes and file changes |
log_analysis |
AI-powered analysis of system and auth logs |
dns_analysis |
Detect DNS tunneling, DGA domains, sinkhole hits |
traffic_analysis |
Deep packet inspection and flow analysis |
Ghost-Swap for Security: Select which LLM model controls your security — the Ghost-Swap endpoint actually restarts llama-server with the chosen model in real-time.
┌─────────────────────────────────────┐
│ IMMUTABLE CORE (dbai_system) │ ← Schema owner, full control
│ Schema fingerprints, boot config │
├─────────────────────────────────────┤
│ RUNTIME LAYER (dbai_runtime) │ ← Web server operations
│ RLS-enforced, read/write via policy│
├─────────────────────────────────────┤
│ GHOST LAYER (dbai_llm) │ ← AI can ONLY propose actions
│ INSERT into proposed_actions only │
│ Cannot ALTER, DROP, or CREATE │
├─────────────────────────────────────┤
│ IMMUNSYSTEM (dbai_security) │ ← AI-powered threat detection
│ Auto-ban · Intrusion detection │
│ Honeypot · CVE tracking · TLS mon │
└─────────────────────────────────────┘
The Ghost can repair — but never rebuild. Every proposed change goes through:
Ghost proposes → Human approves → SECURITY DEFINER executes → Audit logged
git clone https://github.com/Repair-Lab/claw-in-the-shell.git
cd claw-in-the-shell
bash scripts/install.sh # installs all dependencies
bash scripts/bootstrap.sh # initializes database & schema
bash scripts/start_web.sh # starts backend + frontend
# → Open http://localhost:3000 — Login: root / dbai2026git clone https://github.com/Repair-Lab/claw-in-the-shell.git
cd claw-in-the-shell
cp .env.example .env # configure your environment
docker compose up -d # PostgreSQL + API + Dashboard
# → Open http://localhost:5173git clone https://github.com/Repair-Lab/claw-in-the-shell.git
cd claw-in-the-shell
cd dev && docker compose -f docker-compose.sandbox.yml up -d
# → API: http://localhost:3100
# → UI: http://localhost:5174
# → DB: localhost:5433 (user: root, db: dbai_sandbox)git clone https://github.com/Repair-Lab/claw-in-the-shell.git
cd claw-in-the-shell
# 1. Python venv
./dev/setup_venv.sh && source .venv/bin/activate
# 2. Init database (79 schema files)
for f in schema/*.sql; do psql -U dbai_system -d dbai -f "$f"; done
# 3. Start backend
python3 -m uvicorn web.server:app --host 0.0.0.0 --port 3000
# 4. Start frontend (separate terminal)
cd frontend && npm install && npm run dev- Hardware-as-a-Table — Control fans, CPU clock, drives, GPU via
SQL UPDATE - Hot-Swap Ghosts — Change your LLM at runtime without losing context
- 4-Layer Security — Immutable Core + Runtime RLS + Ghost Sandbox + AI Immunsystem
- Repair Pipeline — Ghost proposes → Human approves → Secure execution
- Row-Level Security — 210 tables with RLS policies across 5 database roles
- WebSocket Command Whitelist — Every WS command validated against database
- 19-Table Security Schema — IP bans, intrusion events, CVE tracking, threat intelligence
- AI-Powered Analysis — 10 task types with live LLM inference (threat, vuln, network, anomaly...)
- Auto-Response — Automatic IP bans and vulnerability mitigation for critical/high threats
- Ghost Security Monitor — Select which LLM model controls your security in real-time
- Honeypot System — Decoy services that log attacker behavior to database
- TLS Certificate Monitor — Track and alert on certificate expiry and chain issues
- DNS Sinkhole — Block malicious domains with database-driven DNS filtering
- Suricata IDS/IPS — Network intrusion detection with PostgreSQL logging
- fail2ban Integration — Automated IP blocking with custom DBAI filters
- Security Cron — Scheduled threat intelligence updates, baseline checks, cert monitoring
- NVIDIA CUDA Acceleration — llama.cpp compiled with CUDA (Blackwell/Ada/Ampere)
- Real-Time VRAM Monitor — Live GPU memory bar via
nvidia-smi(1s polling) - Model Hot-Loading — Start/stop LLMs on GPU with one click, live VRAM progress bar
- 20 Ghost Models — Qwen3.5-27B, DeepSeek, Mistral, LLaMA, CodeLlama and more
- Multi-Backend — llama.cpp (GGUF), vLLM, OpenAI-compatible API
- GPU Recommendations — Automatic
n_gpu_layers,ctx_size,threadsbased on model + hardware - CPU/GPU Toggle — Switch between GPU-accelerated and CPU-only inference
- Security Ghost — Dedicated LLM for security analysis with Ghost-Swap
| App | Description |
|---|---|
| Ghost Chat | Conversational AI with model selector and full system context |
| LLM Manager | Full GPU model management with VRAM live bar, start/stop, benchmarks |
| Firewall Manager | 22-tab security command center with AI analysis, Ghost LLM integration |
| Software Store | Install and manage desktop apps with auto-icon creation |
| Terminal | Full Linux terminal with ANSI colors, tab support, 5000-line scrollback |
| SQL Console | Direct database queries from the desktop |
| SQL Explorer | Visual database schema browser with column inspection |
| System Monitor | Real-time CPU, RAM, GPU, temperature |
| File Browser | Navigate the filesystem |
| Network Scanner | Discover all Web-UIs in your network |
| Ghost Mail | E-Mail Client with Ghost LLM integration (compose, reply, improve via AI) |
| Knowledge Base | Browse 211 system knowledge documents |
| Health Dashboard | System health overview with service status |
| Process Manager | View and manage running processes |
| Error Analyzer | AI-powered error analysis from system logs |
| Event Viewer | Real-time event stream browser |
| Ghost Browser | Integrated web browser |
| Ghost Manager | Manage Ghost roles and autonomy settings |
| Ghost Updater | OTA update channel with "Ghost-Evolution verfügbar" banner |
| RAG Manager | Manage RAG sources and retrieval pipeline |
| Synaptic Viewer | Visual synaptic memory browser with pgvector |
| WebUI Hub | Open WebUI, n8n, VS Code Server, Grafana and 10+ WebUIs |
| Remote Access | SSH/VNC/RDP remote access management |
| AI Workshop | Custom AI workflow builder |
| Anomaly Detector | Z-Score based anomaly detection with resolve actions |
| App Sandbox | Firejail/cgroup-based application isolation |
| Browser Migration | Import bookmarks, history, passwords from Chrome/Firefox/Edge |
| Config Importer | Detect and import WiFi, locale, keyboard configs |
| Immutable FS | OverlayFS write-protected root with snapshots |
| USB Installer | Flash ISO/IMG to USB drives (dd/Ventoy) |
| WLAN Hotspot | Create and manage wireless hotspots |
| Workspace Mapper | Index your filesystem without copying files |
| OpenClaw Integrator | Import skills from OpenClaw ecosystem |
| Node Manager | Manage desktop nodes and scene graph |
| Settings | System-wide and per-app settings |
| Setup Wizard | First-boot configuration wizard |
- 5 Boot Dimensions — Portable, Live-USB, SSD, USB-C Link, Ghost-Net Hotspot
- USB-C Gadget Mode — Connect to any PC, Ghost appears as network device
- Ghost-Net Hotspot — WPA2-secured WiFi hotspot with DHCP and mDNS
- PWA Offline Support — Service Worker + manifest.json for mobile access
- Sensor Pipeline — GPS, camera, audio → PostgreSQL → pgvector
- Mobile Device Registry — iOS, Android, tablet device management
- mDNS Discovery — Find your Ghost at
ghost.localon any network - DHCP Lease Tracking — Database-driven connection session monitoring
- Browser Migration — Import bookmarks, history, passwords from Chrome/Firefox/Edge
- System Config Import — Automatically detect and import WiFi, locale, keyboard configs
- Workspace Mapping — Index your filesystem without copying files
- Synaptic Memory Pipeline — Real-time event vectorization with pgvector
- RAG Pipeline — Retrieval-Augmented-Generation across 7 database sources
- Knowledge Base — 211 documented system insights in 14 categories
- i18n Runtime Translation — 12 languages with database-driven translations
- GitHub Actions Pipeline — Automated build, test, release on push
- Atomic OTA Updates — Download → Backup → Migrate → Build → Verify → Live
- Migration Runner — Transactional SQL migrations with SHA256 checksums
- Auto-Rollback — Failed updates automatically revert to previous version
- Ghost Updater Desktop App — Visual update channel with "Ghost-Evolution verfügbar" banner
- Docker Compose — PostgreSQL, Ghost-API, Dashboard-UI orchestrated
- Sandbox Environment — Isolated testing with separate ports (3100/5174/5433)
- Kali Pen-Test Container — Pre-configured security testing (Dockerfile.kali)
- QEMU/KVM Hardware Simulator — Emulate x86 hardware for testing
- 4 Hardware Profiles — minimal, desktop, server, stress
- Anomaly Injection — overtemp, disk_fail, mem_leak, cpu_spike, network_flood
- Autonomous Coding — Ghost writes SQL migrations via
autonomous_migrations+migration_runner.py - Multi-GPU Parallel —
plan_multi_gpu_split()distributes layers across GPUs by available VRAM - Vision Integration —
media_itemswithai_caption,ai_ocr_text,ai_transcript,embedding(pgvector) - Distributed Ghosts —
ghost_nodes,distributed_tasks,node_heartbeatstables + OTA sync - Model Marketplace —
marketplace_catalog+model_downloadstables with HuggingFace GGUF support
- Voice Interface — Whisper STT + Piper TTS for hands-free Ghost interaction
- 2FA / TOTP Authentication — Time-based one-time passwords for login security
- LUKS Full-Disk Encryption — Encrypted root partition with TPM2 auto-unlock
- Push Notifications — WebPush + FCM for mobile alerts on security events
- Backup Manager App — Scheduled pg_dump with S3/NFS/USB targets + retention policies
- Plugin System — Hot-loadable Ghost Skills as database-registered modules
- Container Manager — Podman/Docker container lifecycle from the desktop
- Clipboard Sync — Cross-device clipboard sharing via Ghost-Net
GhostShell OS is hardware-agnostic by design. The database is the kernel — and PostgreSQL runs everywhere.
┌────────────────────────────────────────────────────────────────────┐
│ 🧠 GhostShell OS — Universal Ghost │
├──────────────────────┬─────────────────────┬───────────────────────┤
│ x86_64 (Tier 1) │ ARM64 (Tier 2) │ Portable Layer │
├──────────────────────┼─────────────────────┼───────────────────────┤
│ • Gaming PCs │ • Raspberry Pi 4/5 │ • PostgreSQL dump │
│ • Workstations │ • Apple Silicon │ • Schema migrations │
│ • Cloud VMs │ • NVIDIA Jetson │ • Config TOML │
│ • NVIDIA CUDA │ • Pine64/Rock Pi │ • Frontend (Browser) │
│ • AVX/AVX2 LLM accel │ • ARM NEON LLM │ • Docker Multi-Arch │
│ • Bare-Metal ISO │ • SD-Card .img │ • pg_dump/pg_restore │
│ • RTX PRO 6000 │ • USB-C Ghost Link │ • PWA Offline Mode │
└──────────────────────┴─────────────────────┴───────────────────────┘
| Tier | Architecture | GPU Support | Install Method | LLM Performance |
|---|---|---|---|---|
| Tier 1 | x86_64 (AMD/Intel) | NVIDIA CUDA, AMD ROCm | ISO → USB → GRUB | Full speed (AVX2 + CUDA) |
| Tier 2 | ARM64 (RPi, Apple M) | VideoCore, Neural Engine | IMG → SD-Card / SSD | Good (NEON, 7B-13B models) |
# Train your Ghost on a Raspberry Pi...
pg_dump -U dbai_system dbai > ghost_brain.sql
# ...and migrate it to a powerful x86 workstation
psql -U dbai_system dbai < ghost_brain.sql
# Your Ghost wakes up with all memories intact.docker buildx create --name ghostbuilder --use
docker buildx build --platform linux/amd64,linux/arm64 \
-f dev/Dockerfile.api -t ghcr.io/repair-lab/ghostshell-api:latest --push .SELECT 'GhostShell OS' AS system,
count(*) FILTER (WHERE schemaname LIKE 'dbai_%') AS tables,
(SELECT count(*) FROM dbai_ui.apps) AS apps,
(SELECT count(*) FROM dbai_llm.ghost_models) AS ghosts,
(SELECT count(*) FROM dbai_core.schema_fingerprints) AS fingerprints,
(SELECT count(*) FROM dbai_knowledge.system_memory) AS knowledge
FROM pg_tables;
-- system | tables | apps | ghosts | fingerprints | knowledge
-- --------------+--------+------+--------+--------------+----------
-- GhostShell OS| 210 | 38 | 20 | 175 | 211| Schema | Tables | Purpose |
|---|---|---|
dbai_system |
45 | Hardware metrics, health checks, disk, CPU, OTA, vacuum |
dbai_llm |
42 | Ghost models, roles, marketplace, watchdog, learning |
dbai_core |
34 | Identity, config, auth, schema fingerprints, policies |
dbai_security |
19 | IP bans, intrusion detection, honeypot, CVE, TLS, AI tasks |
dbai_ui |
16 | Apps, windows, desktop nodes, sessions, tab instances |
dbai_knowledge |
13 | System memory, changelog, module registry, glossary |
dbai_net |
11 | Mobile bridge, device registry, sensor pipeline, DHCP |
dbai_workshop |
11 | Custom tables, media items, project workspace |
dbai_event |
8 | Events, inbox, e-mail, notifications |
dbai_vector |
4 | Synaptic memories, vector embeddings (pgvector) |
dbai_panic |
4 | Recovery, failsafe, mirror sync |
dbai_journal |
3 | Change log, audit trail |
Developer pushes code
│
▼
┌───────────────────┐ ┌──────────────────┐
│ GitHub Actions │────▶│ Build & Test │
│ (ghost-ci.yml) │ │ • Python check │
│ │ │ • SQL validation │
│ Triggered on: │ │ • Frontend build │
│ • push to main │ │ • pytest (7 test │
│ • pull request │ │ modules) │
│ • tag v* │ └────────┬───────────┘
└────────────────────┘ │
▼
┌──────────────────┐
│ Release Package │
│ tar.gz + SHA256 │
│ + GitHub Release │
└────────┬───────────┘
│
┌──────────────────────────▼──────────────────────────┐
│ OTA Update Agent (gs-updater) │
│ │
│ 1. Check for updates (every 5 min) │
│ 2. Download & verify SHA256 │
│ 3. Backup current state │
│ 4. Apply SQL migrations (transactional) │
│ 5. Rebuild frontend │
│ 6. Healthcheck │
│ 7. ✅ Live — or ❌ Auto-Rollback │
└──────────────────────────────────────────────────────┘
We are building the foundation for the next generation of AI-powered operating systems. Your support funds bare-metal development, OTA infrastructure, and hardware lab testing.
| Tier | Name | What You Get |
|---|---|---|
| $5/mo | 🐚 Shell-Inhabitant | Your name in the Kernel's contributors table. The Ghost thanks you in the system log. |
| $20/mo | 🔗 Neural-Link Tech | Early access to bare-metal installer (ISO). Private Discord channel. Roadmap voting rights. |
| $50/mo | 👻 Ghost-Architect | Name a system table or skill. Monthly dev check-in. Logo on landing page. |
| $100+/mo | 🧠 Cyberbrain Industrialist | Enterprise integration session. Priority feature requests in task_queue. |
"We're not building another tool. We're building the shell for the AIs of the future."
See SPONSOR.md for full tier details and rewards.
| Element | Value |
|---|---|
| Codename | Claw in the Shell |
| System Name | GhostShell OS (G.S.O.S.) |
| Philosophy | "The Ghost is the Logic. The Database is the Shell." |
| Colors | Deep Space Black #0a0a14 · Cyber-Cyan #00ffcc · Matrix Green #00ff41 |
| Logo | A glowing data cube with a spectral core |
claw-in-the-shell/
├── web/ # FastAPI backend (Neural Bridge)
│ └── server.py # 12,800+ lines, 378 routes, GPU/LLM/Security engine
├── frontend/ # React Cyber-Deck UI
│ └── src/components/apps/ # 36 desktop application components
│ ├── FirewallManager.jsx # 1,235 lines — 22-tab security command center
│ ├── GhostChat.jsx # Conversational AI interface
│ ├── LLMManager.jsx # GPU model management
│ └── ... # 33 more apps
├── schema/ # PostgreSQL schemas (79 numbered files)
│ ├── 00-13 # Core: extensions, tables, RLS, seeds
│ ├── 14-27 # Self-healing, ghost, desktop, hardware
│ ├── 28-45 # AI Workshop, LLM, Stufe 3+4, Settings
│ ├── 46-67 # Knowledge, Ghost Browser, Agent, LLM Mgr
│ ├── 68-72 # Mobile Bridge, Advanced Features, Hardening
│ └── 73-76 # Security Immunsystem, AI Integration, Knowledge
├── bridge/ # Hardware & Security Bridge (19 Python modules)
│ ├── security_immunsystem.py # 2,083 lines — 13 security subsystems
│ ├── security_monitor_ai.py # 960 lines — AI-powered threat analysis
│ ├── gs_updater.py # OTA Update Agent
│ ├── migration_runner.py # Transactional SQL migrations
│ ├── rag_pipeline.py # RAG across 7 DB sources
│ ├── synaptic_pipeline.py # Real-time event vectorization
│ ├── gpu_manager.py # NVIDIA GPU management
│ ├── hardware_scanner.py # Multi-arch hardware detection
│ ├── hardware_monitor.py # System metrics collector
│ └── c_bindings/ # libhw_interrupts.so (x86+ARM)
├── config/ # System configuration
│ ├── dbai.toml # GhostShell main config
│ ├── fail2ban/ # 4 custom DBAI filters + jail config
│ ├── suricata/ # IDS/IPS rules with PostgreSQL logging
│ ├── archiso/ # Arch Linux ISO profile (mkarchiso)
│ ├── systemd/ # 6 service definitions
│ ├── grub/ # Bootloader config
│ ├── postgresql.conf # Tuned PostgreSQL config
│ └── pg_hba.conf # Host-based authentication
├── scripts/ # Build & deployment tools (16 scripts)
│ ├── build-iso.sh # x86 ISO builder (Arch + Debian)
│ ├── build-arm-image.sh # ARM64 SD-card image builder (32GB)
│ ├── build-arm-image-slim.sh # ARM64 Slim image (4GB, thin provisioning)
│ ├── security_cron.sh # Scheduled security tasks
│ ├── installer.py # Python TUI installer (BTRFS/EXT4/ZFS)
│ └── ... # backup, bootstrap, health_check, etc.
├── dev/ # Development environment
│ ├── docker-compose.sandbox.yml # Sandbox: API(3100) + UI(5174) + DB(5433)
│ ├── Dockerfile.api # Ghost-API (Multi-Arch: x86+ARM)
│ ├── Dockerfile.kali # Kali pen-testing container
│ ├── Dockerfile.ui # Dashboard-UI (Multi-Arch)
│ ├── Dockerfile.qemu # QEMU Simulator (Multi-Arch)
│ └── qemu/hw_simulator.py # Hardware emulator
├── recovery/ # Self-healing & panic recovery
│ ├── panic_recovery.py # Emergency recovery procedures
│ ├── pitr_manager.py # Point-in-time recovery
│ └── mirror_sync.py # Mirror synchronization
├── tests/ # Test suite (7 modules)
│ ├── test_api.py # API endpoint tests
│ ├── test_schema.py # Schema integrity tests
│ ├── test_core.py # Core functionality tests
│ └── ... # frontend, settings, tab isolation
├── llm/ # LLM bridge (llama.cpp integration)
├── docs/ # 12-language documentation + schema map
├── .github/
│ ├── workflows/ghost-ci.yml # CI/CD pipeline (Multi-Arch)
│ ├── FUNDING.yml # Sponsoring setup
│ └── SPONSOR.md # Tier details
├── docker-compose.yml # Production orchestration
├── requirements.txt # Python dependencies
└── README.md # You are here
GhostShell OS — Where every thought becomes a transaction.
The Shell is ready. Are you the Ghost?
Repair-Lab · 2026