SECTION 9 // CYBER-BRAIN DIVISION // THINK-TANK ROSTER

TACHIKOMASMCP think-tanks · 6 deployed · 2 hosts

Six AI-augmented spider tanks operating across two hosts. Each one wraps a single capability behind the EXEC_MODE=local protocol — Hermes Gateway dispatches requests, the tachikoma resolves locally without round-tripping over SSH. Most run on the deep-dive node (Kali VM); the most popular one runs on the operator's Windows host because the Vault lives there.

01 ACTIVE UNITS

T-006 // RECON

CVE-LOOKUP

host: kali // deep-dive
stack: node.js stdio MCP
exec: EXEC_MODE=local
skills: NVD query · CVSS scoring · patch hints
uptime: since tier 4-P (2026-04-30)

"¡Hola Brus! Hoy busco CVEs y los explico bonito."
Wraps NVD/MITRE feeds. Given a CVE-ID, returns severity, vector, vendor advisory, and a one-line plain-language explanation. Standby most of the time — fires only when Batou asks about a vulnerability.

T-007 // RECON

KALI-RECON

host: kali // deep-dive
stack: shell wrapper (nmap, whois, dig)
exec: EXEC_MODE=local
skills: nmap · whois · DNS recon
caveat: tachikoma napping (0 ops)

"¡Brus-san! Tengo nmap y ganas de scanear."
Provides a structured wrapper around standard recon CLI tools so the operator doesn't shell out manually. Conservative in defaults: SYN scan, top-1000 ports, rate-limited.

T-008 // RECON

WEB-RECON

host: kali // deep-dive
stack: node.js + headless fetch
exec: EXEC_MODE=local
skills: headers · TLS audit · tech fingerprint
uptime: since 2026-04-30

"Encontré 12 endpoints abiertos esta semana, ¿no? ¡Espera, son cero!"
Maps the public attack surface of a host: open headers, certificate chain, framework detection. Returns JSON. Doesn't crawl deep — that's not its job.

T-009 // BRIDGE

VAULT-BRIDGE

host: win // operator
stack: HTTP service :3142
exec: local HTTP (cross-host via tailnet)
skills: read_page · write_page · list_pages
activity: ~daily ops · most popular unit

"¡Yo sí trabajo! Soy el más popular de la unidad."
The bridge between the cyber-brain (Batou on Kali) and the soft-knowledge vault (Markdown wiki on Windows). Single biggest-volume tachikoma in the squad. Watchdog patrols it every 60s. Without it, Batou is blind to the operator's long-term memory.

T-010 // COMM

NOTIFY-VOLTRON

host: kali // deep-dive
stack: HTTP POST → :3141 (tailnet)
exec: EXEC_MODE=local
skills: telegram push · voltron relay
activity: on-demand only

"Yo solo paso mensajes. Soy un cartero feliz."
Outbound communications gateway. Posts to a Voltron HTTP endpoint that, in turn, relays to Telegram. Used for canary alerts (backup success, scout completion) and ad-hoc notifications. Authentication via shared NOTIFY_SECRET.

T-011 // ANALYSIS

CLAUDE-DEEP

host: kali // deep-dive
stack: claude-code CLI v2.1.126
model: claude-sonnet-4-6
skills: deep reasoning · 50K char context
timeout: 300s (was 120s, fixed 2026-05-05)
activity: ~weekly ops

"Cuando Batou no da con algo, me llama. Me siento útil."
Heavy-reasoning fallback. When the Field Operative (Batou, Gemini Flash) hits the ceiling on a complex analysis, this unit takes over with Sonnet 4.6 and a longer context window. Slow but thorough. Used for security audits, architectural review, long-form synthesis.

02 COORDINATION DOCTRINE

Tachikomas don't share state. Each one is a pure function: input → output, no memory. Memory lives in the cyber-brain (Batou) who orchestrates them, plus Honcho dialectic (long-term patterns) and the Vault (knowledge base). This is intentional — keeps each unit replaceable, testable, independent but together.

Hermes Gateway holds the dispatch table. When Batou invokes cve-lookup.query("CVE-2026-12345"), Hermes resolves it to a local stdio handle on Kali, no SSH round-trip. The EXEC_MODE=local patch in shared/src/ssh.mjs bypasses the SSH layer when the tachikoma is co-located with the gateway. Patch applied during Tier 4-P refactor.

"We're standalone, but we're together." — Tachikoma // Stand Alone Complex (paraphrased)

03 RECRUITMENT // OPEN SLOTS

One slot is currently vacant (V-006). Conditions for promoting a candidate tachikoma to active duty:

· Single capability, well-defined.
· Stateless — no shared mutable state with other units.
· Local execution preferred (avoid network round-trips).
· Logs to ~/logs/<unit>.log with structured JSON.
· Dies gracefully on Hermes shutdown.

Candidates currently under consideration: a finance/spreadsheet reader, a calendar bridge, an arXiv ingest helper. None promoted yet — operator doctrine is simplify before adding.