PowerSearch Grid

Private AI search + opt-in edge compute.

PowerSearch Grid is a Brave-style privacy-first search experience backed by local AI and a policy-governed, user-owned compute network.

People can optionally contribute a capped share of CPU/RAM with strict safety boundaries. Jobs are typed, signed, and executed only by whitelisted handlers.

Download Edge Agent Quick Install Verify / Checksums Ask AI: setup View Source Docs Cluster Status

Recent nodes

Operator console

Shows nodes, jobs, and audit events. Tip: sign in via /admin/login to use a per-operator session (no shared tokens). Legacy GRID_ADMIN_TOKEN still works.

Submit job (admin)

Queues a signed job. Agents pull work only when policy.enabled=true and the job type is allowlisted in their policy.

Security + Consent Model (MVP)

Explicit Opt-In

Resource sharing is off by default. Users enable it and set exact limits. It can be paused/uninstalled anytime.

Signed, Typed Jobs

No arbitrary peer code execution. The agent only runs whitelisted job types and verifies a control-plane signature.

Local AI Friendly

Agents can run jobs that use local Ollama (optional). Privacy-first: keep personal data local unless explicitly shared.

Download + Verify (Recommended)

PowerSearch Grid is designed to be trust-first: you should be able to download, view source, and verify what runs on your machine before you opt in.

Edge Agent (Python)

The actual worker: polls for signed jobs, verifies signatures, runs whitelisted handlers.

Download View Source

Loading…

Installer (Linux systemd --user)

Installs a user-level service (no root). Uses conservative CPU/RAM caps. Opt-in compute is off by default.

Download View Source

Loading…

Uninstaller

Stops the service and removes agent + config files from your home directory.

Download View Source

Loading…

Checksums (SHA-256)

Checksums detect corruption and make it easier to verify downloads. For stronger verification, pin the Grid public-key fingerprint below and verify the signed release manifest.

Loading…

Loading…

SHA256SUMS file Verify script Assets JSON

Download assets (all platforms)

Direct downloads for every asset in this release. Verify with SHA256SUMS above (or use the signed manifest).

Signed release manifest (advanced)

PowerSearch Grid can sign a release manifest using the same Ed25519 key used to sign job manifests. To make signature verification meaningful, pin the public-key fingerprint out-of-band (team wiki, runbook, etc.).

Loading…

Linux + Windows installers support pinned verification via GRID_PUBKEY_FPR_SHA256 (recommended for teams):

GRID_PUBKEY_FPR_SHA256="<pin fingerprint from above>" bash install_edge_agent.sh --url https://aipowerprogressia.com

Loading…

Quick Install

Choose your platform. The agent installs with conservative quotas and resource sharing off by default. You must explicitly set "enabled": true in policy to contribute compute.

What this installs (Linux installer)

Nothing contributes compute until you opt in. Default policy is enabled=false.

Agent files:  ~/.local/share/powersearch-grid-agent/
  - edge_agent.py
  - verify_grid_release.py (verification helper)
  - register_node.py (registration helper)
  - uninstall_edge_agent.sh (uninstaller)
  - SHA256SUMS (checksums)
  - venv/ (Python deps)

Config:       ~/.config/powersearch-grid/agent.json
Service unit: ~/.config/systemd/user/powersearch-grid-agent.service

Network:
  - control-plane: https://aipowerprogressia.com/api/grid/* (poll + heartbeat)
  - optional local AI: http://localhost:11434 (Ollama)

Ubuntu / Debian (systemd --user)

Download → verify installer checksum → install. Safe to re-run for upgrades (preserves policy + node identity by default).

curl -fsSLO https://aipowerprogressia.com/static/grid/install_edge_agent.sh
curl -fsSLO https://aipowerprogressia.com/static/grid/SHA256SUMS
grep " install_edge_agent.sh$" SHA256SUMS | sha256sum -c -
bash install_edge_agent.sh --url https://aipowerprogressia.com --print-plan
bash install_edge_agent.sh --url https://aipowerprogressia.com

If your control-plane requires a registration token:

GRID_REG_TOKEN="YOUR_TOKEN" bash install_edge_agent.sh --url https://aipowerprogressia.com

Upgrade / update (recommended)

Upgrades the agent and restarts the service without re-registering or overwriting your policy.

curl -fsSLO https://aipowerprogressia.com/static/grid/install_edge_agent.sh
curl -fsSLO https://aipowerprogressia.com/static/grid/SHA256SUMS
grep " install_edge_agent.sh$" SHA256SUMS | sha256sum -c -
bash install_edge_agent.sh --url https://aipowerprogressia.com --print-plan
bash install_edge_agent.sh --url https://aipowerprogressia.com --upgrade

Rotate node identity only if needed (policy preserved):

bash install_edge_agent.sh --url https://aipowerprogressia.com --re-register

Docker (runs in a container)

Best for sandboxing. Uses a bind-mounted config file. Runs in the foreground unless you add -d.

mkdir -p ~/.config/powersearch-grid
curl -fsSLO https://aipowerprogressia.com/static/grid/register_node.py
python3 register_node.py --url https://aipowerprogressia.com --out ~/.config/powersearch-grid/agent.json

docker run --rm --name powersearch-grid-agent \\
  -v ~/.config/powersearch-grid:/config \\
  python:3.12-slim bash -lc 'pip -q install \"cryptography>=42.0.0\" && \\
    curl -fsSLo /SHA256SUMS https://aipowerprogressia.com/static/grid/SHA256SUMS && \\
    curl -fsSLo /edge_agent.py https://aipowerprogressia.com/static/grid/edge_agent.py && \\
    grep \" edge_agent.py$\" /SHA256SUMS | sha256sum -c - && \\
    python /edge_agent.py --config /config/agent.json'

macOS (manual + optional LaunchAgent)

Download → verify checksums → register a node → run the agent in a venv. A LaunchAgent template is available for background operation.

mkdir -p ~/.config/powersearch-grid ~/.local/share/powersearch-grid-agent
	cd ~/.local/share/powersearch-grid-agent

curl -fsSLO https://aipowerprogressia.com/static/grid/SHA256SUMS
curl -fsSLO https://aipowerprogressia.com/static/grid/register_node.py
curl -fsSLO https://aipowerprogressia.com/static/grid/edge_agent.py

grep " register_node.py$" SHA256SUMS | shasum -a 256 -c -
grep " edge_agent.py$" SHA256SUMS | shasum -a 256 -c -

python3 register_node.py --url https://aipowerprogressia.com --out ~/.config/powersearch-grid/agent.json

python3 -m venv venv
./venv/bin/pip -q install \"cryptography>=42.0.0\"
./venv/bin/python edge_agent.py --config ~/.config/powersearch-grid/agent.json --once

LaunchAgent template

Background operation (LaunchAgent)

Inspect the template first. It uses __HOME__ placeholders that you must replace before loading.

mkdir -p ~/Library/LaunchAgents
curl -fsSLo ~/Library/LaunchAgents/com.powersearch.grid.agent.plist https://aipowerprogressia.com/static/grid/powersearch-grid-agent.plist
sed -i '' "s|__HOME__|$HOME|g" ~/Library/LaunchAgents/com.powersearch.grid.agent.plist

launchctl unload ~/Library/LaunchAgents/com.powersearch.grid.agent.plist 2>/dev/null || true
launchctl load -w ~/Library/LaunchAgents/com.powersearch.grid.agent.plist

Stop/unload:

launchctl stop com.powersearch.grid.agent 2>/dev/null || true
launchctl unload ~/Library/LaunchAgents/com.powersearch.grid.agent.plist 2>/dev/null || true

Windows (PowerShell)

Download → verify installer checksum → run installer. Safe to re-run for upgrades (preserves policy + node identity by default).

# From PowerShell (requires Python 3.10+)
mkdir $env:LOCALAPPDATA\\powersearch-grid-agent -Force | Out-Null
cd $env:LOCALAPPDATA\\powersearch-grid-agent

curl.exe -fSLo install_edge_agent_windows.ps1 https://aipowerprogressia.com/static/grid/install_edge_agent_windows.ps1
curl.exe -fSLo SHA256SUMS https://aipowerprogressia.com/static/grid/SHA256SUMS

$want = ((Select-String -Path SHA256SUMS -Pattern " install_edge_agent_windows.ps1$").Line -split "\s+")[0].ToLower()
$have = (Get-FileHash .\\install_edge_agent_windows.ps1 -Algorithm SHA256).Hash.ToLower()
if ($have -ne $want) { throw "checksum mismatch for install_edge_agent_windows.ps1" }

powershell -ExecutionPolicy Bypass -File .\\install_edge_agent_windows.ps1 -BaseUrl https://aipowerprogressia.com

Windows installer script

Background operation (Task Scheduler)

This creates a user task that runs at logon. It does not require admin on most systems; if blocked, use the Task Scheduler UI instead.

$taskName = "PowerSearch Grid Agent"
$py = (Get-Command python).Source
$agent = "$env:LOCALAPPDATA\\powersearch-grid-agent\\edge_agent.py"
$cfg = "$env:USERPROFILE\\.config\\powersearch-grid\\agent.json"

$action = New-ScheduledTaskAction -Execute $py -Argument "`"$agent`" --config `"$cfg`""
$trigger = New-ScheduledTaskTrigger -AtLogOn
$principal = New-ScheduledTaskPrincipal -UserId $env:USERNAME -LogonType InteractiveToken -RunLevel Limited

Register-ScheduledTask -TaskName $taskName -Action $action -Trigger $trigger -Principal $principal -Force | Out-Null
Start-ScheduledTask -TaskName $taskName

Stop/remove:

Stop-ScheduledTask -TaskName "PowerSearch Grid Agent" -ErrorAction SilentlyContinue
Unregister-ScheduledTask -TaskName "PowerSearch Grid Agent" -Confirm:$false

Uninstall (Windows)

Removes agent + config files from your profile. Does not remove Python or pip packages.

curl.exe -fSLo uninstall_edge_agent_windows.ps1 https://aipowerprogressia.com/static/grid/uninstall_edge_agent_windows.ps1
curl.exe -fSLo SHA256SUMS https://aipowerprogressia.com/static/grid/SHA256SUMS

$want = ((Select-String -Path SHA256SUMS -Pattern " uninstall_edge_agent_windows.ps1$").Line -split "\s+")[0].ToLower()
$have = (Get-FileHash .\\uninstall_edge_agent_windows.ps1 -Algorithm SHA256).Hash.ToLower()
if ($have -ne $want) { throw "checksum mismatch for uninstall_edge_agent_windows.ps1" }

powershell -ExecutionPolicy Bypass -File .\\uninstall_edge_agent_windows.ps1

Windows uninstaller script

Manual / Source install

If you prefer to avoid any installer, download the agent and register a node manually.

# 1) Download + inspect source
curl -fsSLO https://aipowerprogressia.com/static/grid/SHA256SUMS
curl -fsSLO https://aipowerprogressia.com/static/grid/edge_agent.py
curl -fsSLO https://aipowerprogressia.com/static/grid/register_node.py

# 2) Verify checksums
grep " register_node.py$" SHA256SUMS | sha256sum -c -
grep " edge_agent.py$" SHA256SUMS | sha256sum -c -

# 3) Register a node (writes agent.json)
python3 register_node.py --url https://aipowerprogressia.com --out ~/.config/powersearch-grid/agent.json

# 4) Run the agent (foreground)
python3 -m pip install --user \"cryptography>=42.0.0\"
python3 edge_agent.py --config ~/.config/powersearch-grid/agent.json

Post-install: confirm your node is connected

Paste your node_id from ~/.config/powersearch-grid/agent.json (Linux/macOS) or %USERPROFILE%\\.config\\powersearch-grid\\agent.json (Windows). This check uses only node_id (never your token).

Trust boundaries (what runs / what leaves your node)

Off by default: you contribute compute only when policy.enabled=true.
What can run: typed, signed jobs only (health_check, crawl_url, ollama_chat). No arbitrary shell commands.
Agent permissions: runs as your user (no root). Install uses systemd --user on Linux.
What leaves your node: heartbeats (coarse CPU/RAM/disk telemetry), your policy snapshot, and job results (for crawls: text only, respects robots.txt, strict size/time limits, and allowlists).
Secrets: your node_token stays in agent.json and is used only as an auth header to the control‑plane. Never paste it into a web form or chat.
Pause/stop: set policy.enabled=false or stop the service; use the uninstall script to remove everything.
Emergency stop: create an EMERGENCY_STOP file next to agent.json to pause work immediately (delete it to resume).

Optional: if you want a human-readable node name for admins, set GRID_DISPLAY_NAME during install/registration.

Opt-in policy (required to contribute)

nano ~/.config/powersearch-grid/agent.json

Default policy (conservative)

{
  "enabled": false,
  "cpu_max_percent": 20,
  "ram_max_gb": 4,
  "gpu_max_percent": 15,
  "disk_max_gb": 50,
  "disk_min_free_gb": 2,
  "network_upload_mbps": 3,
  "network_download_mbps": 10,
  "idle_only": true,
  "plugged_in_only": false,
  "quiet_hours": ["08:00-18:00"],
  "allowed_job_types": ["health_check", "crawl_url", "ollama_chat"],
  "crawl_allowlist_domains": ["aipowerprogressia.com"],
  "allow_private_crawl_ips": false,
  "crawl_max_redirects": 3,
  "max_concurrent_jobs": 1,
  "reserve_cores_for_user": 2,
  "reserve_ram_gb_for_user": 4,
  "thermal_throttle_enabled": true,
  "emergency_stop_enabled": true,
  "local_user_priority": true
}

What the policy enforces today (honest)

Hard (agent): opt-in gate (enabled), emergency stop file gate, signed manifest verification (Ed25519), job type allowlist, crawl allowlist + SSRF guard + robots + redirects.
Best-effort (agent heuristics): idle_only, quiet_hours, plugged_in_only (best-effort), thermal_throttle_enabled (Linux-only), reserve_cores_for_user, reserve_ram_gb_for_user (Linux-only RAM reserve), disk_min_free_gb (blocks work when disk is tight).
Linux systemd caps: CPU/RAM caps are enforced by the user service unit at install/upgrade time. Re-run the installer to update those limits.
Not yet enforced: gpu_max_percent, disk_max_gb, and network_* caps (planned).

Policy editor (generate + validate)

Edit a policy safely, validate it, then copy into agent.json under "policy". Nothing contributes compute until "enabled": true.

Service controls (Linux systemd only)

systemctl --user status powersearch-grid-agent
systemctl --user restart powersearch-grid-agent
systemctl --user stop powersearch-grid-agent

Run at boot without login (optional): sudo loginctl enable-linger $USER

Emergency stop (Linux/macOS)

Pauses work immediately without uninstalling. Delete the file to resume. (Windows: create/delete EMERGENCY_STOP next to agent.json.)

# Pause
touch ~/.config/powersearch-grid/EMERGENCY_STOP

# Resume
rm -f ~/.config/powersearch-grid/EMERGENCY_STOP

Logs + diagnostics (Linux systemd)

Logs stay on your machine. If the node is disconnected, this is the fastest way to see why.

# Recent logs
journalctl --user -u powersearch-grid-agent -n 200 --no-pager

# Live log tail (Ctrl+C to stop)
journalctl --user -u powersearch-grid-agent -f

Config: ~/.config/powersearch-grid/agent.json · Files: ~/.local/share/powersearch-grid-agent/

Doctor (read-only diagnostics)

Runs local checks: config validity, pinned signing key (if set), control-plane reachability, node status, and Ollama reachability (best-effort). Does not submit jobs.

~/.local/share/powersearch-grid-agent/venv/bin/python ~/.local/share/powersearch-grid-agent/edge_agent.py --config ~/.config/powersearch-grid/agent.json --doctor

Windows doctor command

python %LOCALAPPDATA%\\powersearch-grid-agent\\edge_agent.py --config %USERPROFILE%\\.config\\powersearch-grid\\agent.json --doctor

Uninstall

curl -fsSLO https://aipowerprogressia.com/static/grid/uninstall_edge_agent.sh
bash uninstall_edge_agent.sh

Operator notes (control-plane)

To queue crawl work, the control-plane submits signed jobs. By default, crawling is restricted to aipowerprogressia.com via GRID_CRAWL_ALLOWLIST. Edge agents also enforce policy.crawl_allowlist_domains (defense-in-depth).

# set in $HOME/aipowerprogressia.com/.env then restart the app
GRID_ADMIN_TOKEN="change-me"
GRID_REGISTRATION_TOKEN=""        # optional join token
GRID_CRAWL_ALLOWLIST="aipowerprogressia.com"

If your allowlisted domains resolve to private IPs (common on LANs), set GRID_ALLOW_PRIVATE_CRAWL_IPS=1 on the control-plane and policy.allow_private_crawl_ips=true on the agent.

GRID_ADMIN_TOKEN="change-me" python3 $HOME/aipowerprogressia.com/scripts/grid_submit_job.py \
  --base-url https://aipowerprogressia.com \
  crawl_url https://aipowerprogressia.com/

Grid Search (MVP)

Search the pages indexed by PowerSearch Grid. Enable Semantic to rerank results using your multilingual embedding model (cached in SQLite).

Ask AI over these results

Uses your local AI stack (Ollama) via the existing /api/ai/chat endpoint. Sources are treated as untrusted (prompt‑injection safe).

follow-ups catalog docs (RAG)