FiberCAD Technical Architecture

Version 1.0 — April 17, 2026 — Confidential

Contents

  1. System Overview
  2. Microkernel Architecture
  3. Layered Data Architecture (FiberJSON)
  4. Integrity Chain & Signing
  5. Planning Algorithms
  6. Baremetal Tool Layer (MCP)
  7. Rules Engine
  8. Output Generation
  9. Security Model
  10. Performance Architecture
  11. LLM Integration
  12. Rust Migration Path

1. System Overview

FiberCAD is a fiber network planning engine built on a microkernel + plugin architecture. It automates the full FTTH distributed split design workflow: from raw address data to construction-ready DXF output with cryptographic integrity verification.

CLI / MCP Client | v +------------------+ tool_use calls +-------------------+ | LLM Agent |<-------------------------->| Baremetal Tools | | (Claude) | structured results | (Python fns) | | | | | | Judgment, | | project_summary | | trade-offs, | | validate_design | | documentation | | measure_distance | +------------------+ | query_elements | | route_between | +--------+----------+ | +------------+ +----------+ +----------+ +------v------+ | ingest/ |--->| planning/|--->| rules/ |--->| output/ | | OSM, CSV, | | boundary | | engine + | | DXF, HTML, | | GeoJSON | | routing | | profiles | | BOM, JSON | +------+-----+ +----+-----+ +----+-----+ +------+------+ | | | | +-------+-------+------+-------+-------+-----------+ | | | +------v------+ +----v----+ +------v------+ | kernel/ | | model/ | | verify/ | | config, | | network,| | standalone | | security, | | elements| | integrity | | checkpoint | | geometry| | verifier | +-------------+ +---------+ +-------------+

2. Microkernel Architecture

The kernel provides domain-agnostic services. Domain modules register as plugins and are dispatched through a chain-of-responsibility pattern.

Kernel Modules

ModuleResponsibilityPattern
plugin.pyDispatch chain: Handled/NotHandled per domainChain of responsibility
tool.pyMCP-compatible tool schema definitions + exportSchema registry
config.pyConfig profiles with precedence (CLI > env > profile > defaults)Layered config
http.pyHttpBackend protocol for testable I/OStrategy pattern
errors.pyTyped errors with exit codes + contextual enrichmentError hierarchy
security.pyPath sanitization, prompt injection stripping, secret redactionInput filter chain
circuit_breaker.pyClosed/Open/HalfOpen per endpointCircuit breaker
rate_limiter.pyToken bucket (Nominatim: 1 req/s)Token bucket
checkpoint.pyResumable batch operations keyed by input_hashCheckpoint/resume
audit.pyJSONL event log, daily rotationAppend-only log
project.pyIn-memory project container (working graph)

Dispatch Pattern

class DispatchResult:
    HANDLED = "handled"
    NOT_HANDLED = "not_handled"

class Dispatcher(Protocol):
    def dispatch(self, tool_name: str, args: dict) -> tuple[str, Any]:
        """Returns (HANDLED, result) or (NOT_HANDLED, None)"""
        ...

# Chain: ingest -> planning -> rules -> output -> integrity
def dispatch_chain(dispatchers: list[Dispatcher], tool_name: str, args: dict):
    for d in dispatchers:
        status, result = d.dispatch(tool_name, args)
        if status == DispatchResult.HANDLED:
            return security.strip_prompt_injection(result)  # post-processing
    raise ToolNotFoundError(tool_name)

3. Layered Data Architecture (FiberJSON)

Data flows through graduated enrichment layers. Each layer is a separate file, building on the previous. This enables selective regeneration, independent versioning, and full provenance tracking.

L0 Input L1 GIS L2 Topology L3 Physical L4 Compliance L5 Artifacts +-----------+ +-----------+ +------------+ +------------+ +-------------+ +------------+ | addresses |-->| buildings |-->| boundary |-->| conduit |-->| rule |-->| DXF | | area bbox | | roads | | groups | | routes | | validation | | BOM xlsx | | | | parcels | | splitter | | equipment | | stats | | HTML map | | | | ROW/EOP | | tree | | splices | | violations | | work orders| +-----------+ +-----------+ +------------+ +------------+ +-------------+ +------------+ Math Model Algorithm (Standards) Program (Deliverables)

Layer Schema Versions

LayerSchemaInput FromKey Content
L0fibercad/input/v1UserAddresses, area polygon
L1fibercad/gis/v1L0 + OSMBuilding footprints, road network, parcels
L2fibercad/topology/v1L1 + algorithmBoundary groups, splitter tree, connectivity
L3fibercad/physical/v1L2 + algorithmConduit paths, equipment positions, splices
L4fibercad/compliance/v1L3 + rules profileValidation results, design statistics
L5L3 + L4Generated artifacts (DXF, BOM, reports)
Key property: Each layer references the hash of the previous layer. Change L1 data, and L2-L5 are immediately identifiable as stale. Regenerate L2 with a new algorithm, and L0-L1 remain valid.

4. Integrity Chain & Signing

Every layer file contains an _integrity header with SHA-256 content hash, Ed25519 signature, and provenance link to the previous layer.

{
  "_integrity": {
    "version": "1",
    "content_hash": "sha256:a1b2c3...",
    "signature": "ed25519:x9y8z7...",
    "signer": {
      "id": "fibercad-engine/1.0.0",
      "public_key": "ed25519:pub_abc123..."
    },
    "timestamp": "2026-04-17T14:32:00Z",
    "provenance": {
      "previous_layer": "L1_gis.fiberjson",
      "previous_hash": "sha256:d4e5f6...",
      "previous_signature_valid": true
    },
    "generation": {
      "tool_version": "0.1.0",
      "algorithm_versions": {
        "boundary_groups": "1.0.0",
        "routing": "1.0.0"
      },
      "profile": "lumos_v6"
    }
  }
}

Verification

  1. Canonicalize content (sorted keys, no whitespace)
  2. Verify SHA-256 hash matches
  3. Verify Ed25519 signature using public key from L0 (trust anchor)
  4. Verify provenance hash matches actual hash of previous layer
  5. Walk the full chain L0 → L4
Standalone verifier: verify/fibercad_verify.py has zero FiberCAD dependencies (only cryptography + hashlib). Distributable independently for third-party audit.

Key Management

5. Planning Algorithms

5.1 Boundary Group Generation O(n log n)

Constrained road-network agglomerative clustering. Partitions addresses into groups of ~32 for one 1x8 splitter each, with ~4 spare ports.

  1. Build road graph from L1 (nodes = intersections, edges = road segments)
  2. Snap each address to nearest road segment
  3. Compute road-network distances (not Euclidean — houses across a highway are far apart)
  4. Agglomerative clustering: merge nearest contiguous clusters until size ≈ 32
  5. Generate boundary polygon (convex hull expanded to parcel boundaries)

5.2 Splitter Placement O(n)

Two-stage: 1x8 at boundary group centroid (road-network), 1x4 at sub-cluster centroids. All snapped to nearest parcel line per standards.

5.3 Conduit Routing O(V × E log V)

Greedy Steiner tree approximation on road network. MST of splitter positions using Dijkstra road-network distances, mapped back onto actual road segments. Post-processing inserts handholes (every ≤500ft), assigns drops (max 6), verifies no T-connections.

5.4 Sanity Checks

Run between L2→L3 transition before committing the layer:

6. Baremetal Tool Layer (MCP-Compatible)

Deterministic tools that LLMs call via tool_use. The LLM never sees raw geometry — it receives structured summaries (~30 tokens instead of 3,000).

ToolCategoryWhy Baremetal
project_summarySummaryCompact stats, saves tokens
design_statsSummaryAggregated metrics (math)
query_elementsSpatialO(log n) spatial index query
measure_distanceSpatialGeometry math
find_nearestSpatialSpatial index lookup
route_betweenGraphDijkstra (O(E log V))
trace_pathGraphGraph traversal
validate_designRulesDeterministic rule checking
suggest_placementPlanningCentroid math + road-snap
verify_chainIntegrityCryptographic verification
Token efficiency: The LLM sees "BG-03: 34 homes, 1x8 at (36.07, -79.82), 4 x 1x4, 2847 ft conduit, 0 violations" (~30 tokens) instead of the full GeoJSON geometry (~3,000 tokens).

7. Rules Engine

Provider standards are encoded as pluggable profiles. The engine dispatches rules, returns typed ValidationResult structs, and never touches the filesystem.

Lumos V6 Rule Set (15 rules implemented, 4 planned)

Rule IDCheckSourceStatus
MAX_CONDUIT_RUNS≤3 runs per streetLumos §18Implemented
NO_T_CONNECTIONSNo conduit coupling outside equipmentLumos §18 + VideoImplemented
MAX_DROPS≤6 drops per conduitLumos §18Implemented
MAX_RUN_LENGTH≤500ft warning, ≤650ft error (two-tier)Lumos §18 + VideoImplemented
HH_ON_PARCELHandholes on parcel linesLumos §18Implemented
BORE_NOT_DRIVEWAYNo bore pits in drivewaysLumos §18Implemented
DEDICATED_DIST_CONDUITDist. cable in own conduitLumos §18Implemented
SPARE_PORTS~4 spare per 1x8Lumos §13.1Implemented
BOUNDARY_SIZEGroups 28-36 homesLumos §13.1Implemented
SLACK_LOOPS15ft/splitter, 50ft/3-wayLumos §16.1Implemented
SPLITTER_SEPARATION1x4 and 1x8 cannot share a handholeVideo corpusImplemented
HH_AUTO_SIZINGMED for 1x8, SM for 3-way, SPLT for 1x4Video corpusImplemented
STREET_CROSSING_HHOne HH per crossing (both for DOT/railroad)Lumos §18 + VideoImplemented
NO_PARALLEL_CONDUITDon’t parallel both sides of streetLumos §18Implemented
MAX_CONDUIT_RUNS≤3 runs per streetLumos §18Implemented
BEND_RULEBend w/o equipment if adjacent ≤150ftVideo corpusMVP
CUL_DE_SACNever fully circumnavigate cul-de-sacVideo corpusMVP
FIBER_NUMBERINGHighest number first, furthest addressVideo corpusWeek 2
RIBBON_SEPARATIONFeeder/secondary cannot share ribbonVideo corpusWeek 2

Each violation includes: rule ID, severity (error/warning/info), affected element ID, human-readable message, and contextual fix guidance (no LLM needed for the explanation).

8. Output Generation

DXF (AutoCAD)

Generated via ezdxf. Layer mapping follows Lumos conventions:

DXF LayerContent
P_CONDUITConduit paths (polylines)
FIBER_FOCFiber optic cable paths
E_ROW / E_EOPRight-of-way / edge of pavement
SPLITTERS_1X8 / 1X4Splitter block references
HANDHOLESHH/SPLT/SM/MED blocks
ADDRESSESAddress text labels (CAPITALS, masked)
BOUNDARY_GROUPSGreen grouping polygons
SLACK_LOOPSCyan fiber loops
SPLICESMidsheath (pink) / fiber (red)

HTML Map Report

Self-contained HTML file with embedded Leaflet.js. All design layers on aerial imagery, clickable popups, validation results panel, design statistics. Zero server dependency.

BOM Workbook

Excel workbook (openpyxl): equipment summary, conduit footage, cable counts, address assignments, material cost estimate.

9. Security Model

Input Sanitization

Prompt Injection Defense

DXF Output Safety

10. Performance Architecture

ConcernSolution
Layer I/OIn-memory working graph; layer files are artifacts, not working storage
HashingStreaming SHA-256 via hashlib.update() during write
Spatial queriesrtree.STRtree for O(log n) nearest-neighbor
Large graphsDict-adjacency (not NetworkX dict-of-dicts) for memory efficiency
GeocodingCheckpoint/resume for crash recovery; token bucket rate limiting
API resilienceCircuit breaker (Closed/Open/HalfOpen) per endpoint
Target performance: <30 seconds for 1K addresses. <5 minutes for 10K addresses.

11. LLM Integration

The LLM (Claude) is an optional review layer, not a core dependency. It calls baremetal tools and reasons about structured summaries.

What the LLM does

What the LLM never does

12. Rust Migration Path

The architecture is designed for migration to Rust (Go as fallback):

Python proves the algorithms. Rust makes them fast. The layered file format and MCP tool definitions are the stable interface — the implementation language is swappable without affecting consumers.
FiberCAD Technical Architecture — Confidential — April 2026