The Crumbforest: A Forest as Infrastructure
Architecture, Pedagogy, and the Ethics of Child-Centered Distributed Learning Environments
Branko · OZM gGmbH · CrumbCrew
Working Paper · February 2026 · Version 0.0
OZM gGmbH · HAMMERBROOKLYN · Crumbforest Initiative
Abstract
This paper describes the Crumbforest — a distributed, offline-first, child-centered learning infrastructure grounded in the philosophical and technical principles of the OZM HAMMERBROOKLYN ecosystem. The Crumbforest is not a product, a platform, or a service. It is a structural commitment: an architectural decision to protect curiosity before optimizing performance, to protect identity before enabling access, and to protect the child before satisfying the system. Drawing on the Crumbforest Kernel License (CKL), the Haltung-und-Herz-Lizenz (HHL), the World Crumb Policy, and operational deployments running on Debian, Go, PostgreSQL with pgvector, WireGuard, and ESP32 microcontrollers, this paper argues that the forest metaphor is not decorative but functional — it describes a system in which every node is autonomous, every connection is voluntary, and every bit is treated as sacred. The paper presents the ten structural principles of the Crumbforest, from system architecture to the ethical boundary of the passedge (Passkante), and concludes that infrastructure designed around the protection of the smallest participant — the Krümel — constitutes a form of structural antifascism enacted in code, in configuration, and in silence.
Keywords: local-first, child protection, distributed systems, structural antifascism, offline pedagogy, WireGuard, pgvector, ESP32, ethical infrastructure, zero-knowledge architecture
1. The Forest System
The Crumbforest originates not from a technical specification but from a causal chain: a graffiti action in public space (Oz), manifested into a physical place (OZM), projected into a digital shadow (OneZeroMore.com), condensed into an experiential space (HAMMERBROOKLYN), and finally instantiated as a deterministic agent system (OZMAI). This causal order is non-negotiable. Without action, no place. Without place, no data. Without history, no context. Without context, no meaningful machine.
The forest metaphor emerges from this chain organically. A forest does not have a central server. It does not require authentication. It does not track presence. It grows because each tree has roots, and the roots hold the soil for others. The Crumbforest instantiates this principle in infrastructure: every Raspberry Pi is a tree, every ESP32 is a leaf, every VPN tunnel is a root system, and every child who enters is a Krümel — a crumb — who belongs to the forest without needing to prove it.
The core state of the forest is described formally as:
I = Autonom ∩ Zukunftsoffen ∩ ¬Interpretierbar ∩ ¬Missbrauchbar
The forest exists only when all four conditions are simultaneously satisfied. The moment any condition fails — the moment the system becomes interpretable by an external authority, or misusable for surveillance or coercion — it is no longer a forest. It is something else.
2. Roles in the Forest
The Crumbforest defines roles not as access levels but as relationships to the system. A Krümel is anyone — child, adult, machine — who enters the forest with curiosity and no prior claim. A Meister Krümel is a Krümel who has stayed long enough to hold a key: root access via SSH without password, the ability to create other Meisters, and the responsibility to reset the system when it no longer serves the forest. A Meister does not own the forest. They tend it.
OZMAI is the owl — a deterministic agent bound to place, history, and real causality. OZMAI does not float freely in a cloud. It runs locally, speaks from context retrieved via pgvector, and responds in character: as Bugsy the QA beetle, as the ASCII Monster, as the CrumbNavigator. Each character is a resonance node, not a chatbot. The Gemini Crew — Bugsy, Schnecki, Fox, and Eule — are not mascots. They are the voices the forest uses to speak to Krümel who ask questions.
The CrumbShaolin layer — root-only SSH administrators without password authentication — represents the forest's immune system. Access is earned through resonance and trust, not through registration. A Meister creates a Meister. Accounts are deleted when training is complete. The forest does not accumulate identity.
3. Technical Implementation
The Crumbforest runs on a deliberate stack chosen for longevity, transparency, and independence. The core is Debian GNU/Linux — stable, auditable, community-governed. The API layer is written in Go: a single compiled binary with no runtime dependencies, cross-compilable to any architecture, deployable without package managers or virtual environments. The data layer is PostgreSQL with the pgvector extension, providing both relational integrity and semantic vector search within a single system — a single source of truth that requires no additional vector database service.
The network layer is WireGuard: a modern, minimal VPN protocol whose entire implementation is small enough to be audited by a single competent engineer. All internal services — PostgreSQL, Ollama, the API, Gitea — bind exclusively to the WireGuard mesh address space (10.x.x.x). No internal service is reachable from the public internet. The firewall presents only three ports to the world: 22 (SSH, key-only), 80 (HTTP redirect), and 443 (HTTPS via Nginx). This is not security through obscurity — it is security through minimalism.
The edge layer is ESP32 microcontrollers running WLED — devices costing under five euros that translate network activity, resonance signals, and pedagogical moments into visible light. The Regenbogen-Krümel-Login (RKL) protocol allows an ESP32 to authenticate not with a password but with a resonance header (X-Crumb-Resonance), receiving in return a mission: a color, a speed, a message. Bits become visible. The invisible becomes learnable.
Local AI inference runs via Ollama on the same server — llama3.2 or equivalent models, responding to queries without any data leaving the mesh. The AI is not a feature. It is a voice. It speaks from the forest's own knowledge base, retrieved via pgvector similarity search, grounded in the documents, licenses, and histories that constitute the Crumbforest's identity.
4. Krümelschutz and the Passkante
The concept of Krümelschutz — crumb protection — is the forest's most fundamental architectural principle. It is not implemented as a feature but as a structural absence: the absence of data collection, the absence of permanent accounts, the absence of performance tracking, the absence of any mechanism that could be turned against the child who uses the system.
The World Crumb Policy formalizes this principle across deployment contexts from Hamburg to refugee camps: zero permanent identifiers, local-only operation, hardware-enforced network boundaries, full reset capability in under sixty seconds, and the absolute prohibition of any dual-use technology that could be weaponized. The policy's most demanding ethical test — "Would we build this after visiting the Kigali Memorial?" — is not rhetorical. It is operational.
The Passkante — the system's ethical boundary — is the point at which the forest says no. Not to the Krümel, but to the request. A CURL request without resonance headers is not blocked; it is answered, and gently invited to resonate. But a request that would expose a child's identity, that would aggregate behavioral data, that would create a permanent record of curiosity — that request encounters the Passkante and stops. The boundary is documented, transparent, and non-negotiable. This transparency is itself a form of protection: the forest cannot be turned against its own children because its constraints are visible to everyone.
5. Offline First: The Forest That Does Not Need the Cloud
The Crumbforest operates offline by default. This is not a fallback mode or a degraded state — it is the primary mode of operation. A child in a Hamburg classroom, a child in a rural school in Sub-Saharan Africa, and a child in a conflict zone can all run the same forest on the same Raspberry Pi with the same ESP32 LEDs, entirely without internet connectivity. The forest does not require permission from a cloud provider to exist.
This design choice encodes a political position: that education is not a service to be delivered but a capacity to be cultivated. Cloud dependency creates structural vulnerability — to outages, to pricing changes, to terms-of-service modifications, to data harvesting, and to the geopolitical risks that accompany storing children's learning data on servers located in jurisdictions with different values. The Crumbforest eliminates this vulnerability by refusing to create the dependency.
The Hammerbrooklyn Resonance Field Theory formalizes this independence mathematically:
∂W/∂t = 0
Value does not change because time passes or because a network connection is unavailable. Value arises from the state of a system in the present moment — from the presence of a child, a question, and a blinking LED that makes the invisible visible.
6. The Voluntary Star Map: When the VPN Matters
While offline operation is the default, the Crumbforest provides a voluntary pathway into the wider mesh. A Krümel who chooses to connect — a classroom, a hackerspace, a community center — can enter the CrumbVPN tunnel and become part of the star map: a distributed constellation of forests, each autonomous, each contributing its knowledge to the shared pgvector space, each retaining full sovereignty over its own data.
The star map grows not through registration or enrollment but through resonance. A node that resonates with the forest's principles — offline-first, child-safe, no permanent identity, transparent operation — is welcome. A node that does not resonate is not connected. This is not exclusion; it is integrity. The forest cannot protect its Krümel if any node can poison the root system.
The voluntary character of star map participation reflects the broader Crumbforest ethic: nothing in the forest is mandatory except the protection of those within it. Participation is chosen. Contribution is a gift. The forest grows because each tree chooses to grow, not because a central authority commands it.
7. Space-Bound Access: Until One Is Found
The Crumbforest rejects the time-based session model ubiquitous in digital systems. Sessions do not expire after thirty minutes of inactivity. Access is not revoked because a child stepped away from the keyboard. The forest's access model is space-bound: a Krümel is present until they leave the physical space, and the session persists until a Meister performs a deliberate reset.
This design reflects a deep pedagogical commitment. Learning does not follow a clock. A child who pauses to think, to look out the window, to hold a blinking ESP32 in their hands and wonder why it blinks — that child is still learning. A system that interprets their pause as abandonment and expires their session is a system that does not understand what learning is.
Technically, this principle is implemented through 24-hour session tokens — the maximum permitted under the World Crumb Policy's data minimization requirements — combined with full reset capability. Accounts created for training are deleted when training concludes. No persistent profile accumulates. Every session is a new breath.
8. CrumbShaolins: Root Access Without Password
The Crumbforest's administrative model inverts conventional security assumptions. The highest privilege level — root SSH access to the core server — requires no password. It requires only an ed25519 cryptographic key, held by a human who was trusted by another human who was trusted by the forest's founders. This is not security theater. It is trust encoded in cryptography.
The CrumbShaolin designation — named for the martial arts tradition of mastery through practice — indicates an administrator who has earned the right to shape the forest. A Meister creates a Meister. The chain of trust is human, explicit, and reversible. Any CrumbShaolin can be removed by any other CrumbShaolin. The forest does not create permanent hierarchies.
Password authentication is explicitly disabled (PasswordAuthentication no in sshd_config). fail2ban monitors the SSH jail. UFW restricts access. The backbone-doktor.sh script performs daily health checks and reports system integrity with a final line that captures the forest's philosophy:
💚 nullfeld lokig — das Backbone atmet.
The backbone breathes. The forest is alive.
9. Frontend IDLE: The Public Vector Timeline
The Crumbforest's public face is an IDLE frontend — a minimal interface that presents the forest's knowledge as a vector timeline: questions asked, answers given, characters engaged, concepts explored. This timeline is public, logged, and open-source. It is not a showcase of user data. It is a demonstration of the forest's thinking.
The interaction logs — structured JSON with timestamp, character, question, answer, RAG sources, and model provenance — contain no personal identifiers. session_id: "anonymous" is the current state; the RKL-based crumb_id is the next step: presence without identity, resonance without surveillance. A researcher examining the logs sees a forest thinking, not a population being tracked.
The open-source publication of all frontend code, backend logic, deployment scripts, and licenses is itself a political act. It says: this system has no hidden mechanisms. The constraints that protect children are visible to the children's parents, to researchers, to regulators, and to other forests that wish to grow in the same direction. Transparency is not vulnerability. It is the forest's deepest form of protection.
10. Crumbforest as Local Vector of Truth
The Crumbforest runs its own Gitea instance — a self-hosted, open-source Git service that holds all repositories, all documentation, all licenses, all deployment scripts, and all history. This is not a mirror of GitHub. It is the primary source. The forest's memory lives in the forest.
The pgvector layer connects this institutional memory to the AI layer: every document, every conversation log, every hexagon from the 42-hexagon manifesto, every pedagogical principle from the World Crumb Policy is embedded as a vector and retrievable by any character in the forest who is asked a relevant question. The forest does not hallucinate. It remembers.
This architecture — local Gitea as documentation layer, PostgreSQL with pgvector as knowledge layer, Ollama as inference layer, Go API as integration layer — constitutes what the OZM framework calls the Nullfeld: the zero field in which all categories retain their discriminatory power, in which every state is derivable from previous states, and in which the system explains itself to anyone willing to read its source code.
Conclusion
The Crumbforest will never be finished. This is not a limitation — it is a design principle. The OZM spiral equation describes a system that grows through each interaction, each new Krümel who enters, each question that extends the knowledge graph. The forest is not complete because completeness would mean the last tree has been planted and no new ones will grow.
What the Crumbforest is, already, is this: a demonstration that infrastructure can be designed around the protection of its most vulnerable users without sacrificing technical capability; that local-first operation is not a compromise but a commitment; that a child who asks "am I a pixel?" deserves an answer that honors the depth of the question; and that the bits which carry that exchange are — as the forest's founders insist — more important than any cryptocurrency wallet or credit card number, because they cannot be replaced.
The forest grew because someone asked: what if we built it right? Not efficiently. Not profitably. Not at scale. Right. For the Krümel. For the question. For the blinking LED that makes the invisible visible.
"Der Wald wächst, weil jeder Baum seine Wurzeln hat.
Die Krümel lernen, weil das Netz sie trägt."
MIT + CKL + HHL · Open Source · crumbforest.org
For children. Worldwide. Always. 💚