Architecture & Network Flow
Stack: Linear → n8n → Pipeline (CrewAI) → Ollama/DeepSeek/Claude → GitHub PR Hosts: Mac Mini 2015 (orchestrator), Mac Studio M1 Max (worker), MacBook Air M1 (client) Network: Tailscale Mesh VPN — zero public ports
1. Node topology
| Node | Role | Hardware | Always on | Services |
|---|---|---|---|---|
| Mac Mini | Orchestrator | Intel i7, 16 GB | Yes | Docker: postgres, redis, n8n, telegram-bridge, light-router |
| Mac Studio | Worker | M1 Max, 64 GB | Yes | Ollama (brew), Docker: pipeline, opencode |
| MacBook Air | Client | M1, 8 GB | On-demand | OpenCode CLI, VS Code, git |
| iPhone | Remote control | — | Yes | Telegram app |
2. Trust zones
| Zone | Members | Reachability |
|---|---|---|
| Mesh | All 3 Macs via Tailscale | 100.x.x.x (Tailscale IPs only) |
| Loopback | Docker containers on Mini/Studio | Localhost only |
| Cloud | DeepSeek, Claude, GitHub APIs | Outbound HTTPS only |
Zero public ports. No reverse proxy, no Cloudflare Tunnel, no open firewall rules. All inter-node communication is over Tailscale Mesh.
3. Flow diagram
4. LLM fallback chain
Studio Ollama (local, free) → DeepSeek ($0.14/M) → Claude Sonnet 4.5 ($3/M)The pipeline tries each provider in order. If one fails or is unavailable, it proceeds to the next.
5. Self-healing properties
| Layer | Mechanism | Recovery time |
|---|---|---|
| Docker containers | restart: unless-stopped | < 5 s |
| Ollama | brew services start ollama | < 10 s |
| Tailscale mesh | macOS managed extension | < 10 s |
| Power failure | sudo pmset -a autorestart 1 | < 60 s |
| Git push failure | Pipeline retries up to 3 times | Per attempt |