Conversational Factory
Doc · CF / Phase 3 — Conversational Layer Industrial Independence Architecture Read-only · brownfield · sovereign-per-zone
§ 00 A factory you can talk to

Ask the plant. Get an answer grounded in the wire.

Conversational Factory turns natural-language questions into queries against live operational data — protocols decoded on the wire, assets named on the fly, every answer bound to an append-only audit chain. Read-only by architecture, not by policy.

Operator quickstart → System architecture
Footprint
4 GB / 2 core / 1 TB · one box per zone
Surface
i3X v1 over mTLS · MCP for AI clients
DPI
34 protocols · OT & IT · zero polling
Fig 00.1 Sample exchange. Three i3X read-calls, zero writes, one audit ledger entry.
§ 01 The problem

A factory is observable only through specialists, not directly queryable by the people who need answers.

  1. a

    Assets are poorly documented or undocumented. Naming is tribal. The drive that's been running line 3 for fifteen years has never had its tag table audited.

  2. b

    Protocols and addressing models vary by vendor. Modbus speaks register addresses; OPC UA speaks node IDs; Sparkplug speaks topics; nobody speaks asset.

  3. c

    Plant-floor data is split across isolated systems. Historian, SCADA, MES, asset management — five systems, five truths, one operator who needs the answer now.

  4. d

    Existing paths to data run through enterprise systems instead of the equipment boundary. The shortest line between a question and an answer goes through a sysadmin in another building.

§ 02 What ships in the box

One signed binary. One signed configuration artifact.
Six composing parts.

Conversational Factory is an implementation of the Industrial Independence Architecture — sovereign-unit-per-zone, fractal across PERA levels, security enforced by architecture rather than by policy.

01

Witness

passive capture · 34 dissectors · on-box

Continuous packet capture on every monitored interface. Deep packet inspection for Modbus, EtherNet/IP, OPC UA, DNP3, IEC 104, S7comm, PROFINET — and 27 more. Frame-level integrity checks. No agents on PLCs. No polling.

  • Stovetop · runt/oversized/FCS frame integrity
  • Bilgepump · ARP, VLAN, STP, DHCP L2 monitoring
  • ICMPeeker · redirect & covert-tunnel detection
02

Historian

medallion lake · schema-on-read · on-box

Iron pcapng → Bronze typed events → Silver conversations & asset edges → Gold rollups. The historian is not a separate database — it's a view over the witness's lake. Capture first, name later.

  • 27× compression Iron → Bronze
  • VQT — value, quality, timestamp on every reading
  • Schema-on-read against any past timestamp
03

Asset DB

postgres · current-truth · on-box

Materialized current-truth view of every device the witness has ever seen. Vendor, role, Purdue level, IP, MAC, current state, risk score. Multi-tenant org → site → zone → subzone hierarchy with RTDP replication across the mesh.

  • MAC-primary identity · OUI vendor lookup
  • CVE correlation · finding workflow
  • Per-org Fernet encryption at rest
04

Query Plane

i3X v1 · port 8090 · on-box

The thin Rust service that re-exposes the witness as i3X v1 — a small, opinionated set of endpoints any industrial system can implement. Object types, relationships, current values, history, subscription streams. Open standard.

  • Multi-source dispatch · AssetDB, lake, historian, Sparkplug
  • Capability flags query.history, subscribe.stream
  • FQDN → elementId resolution
05

Conversational Gateway

MCP server · port 8091 · OFF-BOX

The front door for AI clients. Exposes 10 read-only verbs as MCP tools. Translates natural-language questions into i3X calls, composes grounded answers with citations, and writes every interaction to the audit ledger.

  • 10 read-only tools · zero write paths
  • NL → i3X translation · answer composer
  • Operator-side audit chain · request_id correlation
06

Operator Console

server-rendered HTML · port 5001 · on-box

The witness's web UI at 127.0.0.1:5001. Where humans go to upload PCAPs, view the asset map, see findings, manage scans, configure the witness. Flask + Jinja, no SPA. Three.js workspace viewer for topology.

  • 47 templates · no client-side framework
  • Asset map · scan queue · findings · interventions
  • Edge-publisher profile selector per deployment
§ 03 Data flow · wire to answer

Read-only at every architectural seam.

Six hops from the wire to a grounded answer. Six places to break read-only — and none of them have a write path.

  1. L0 SPAN / TAP / OVS · the wire
    Modbus / EtherNet IP / OPC UA / DNP3 / S7 / PROFINET / 28 more
    passive · zero IP-stack transmit
  2. Iron pcapng segments · ring buffer
    50 MB × 10 · zero-gap rotation · zstd + Fernet
    tshark dissection
  3. Bronze typed events · 55 protocol STRUCTs
    asset observations · topology · parse anomalies · ~27× smaller than Iron
    silver pipeline · correlation
  4. Silver conversations · asset edges
    traffic matrix · device fingerprints · baselines · findings
    data_lake.at(now) materialization
  5. i3X query plane · v1 over mTLS
    list_objects · get_current_state · get_history · get_related · subscribe
    ⏤ on-box / off-box seam ⏤
  6. MCP conversational gateway
    NL→i3X translator · answer composer · audit binder · read-only guardrails
    10 read-only tools
  7. UI Claude · operator · MCP client
    natural-language question · grounded answer · audit row

Fig 03.1 · Iron → Bronze → Silver → i3X → MCP. Inverse arrows do not exist. The platform has no write path to any plant device — not because policy forbids it, but because no such tool is exposed and no such interface is implemented.

§ 04 Principles

A short list. Each of them load-bearing.

P-01

Translation, not replacement

Meet brownfield networks where they are. No device changes. No protocol changes. No topology changes. Forty-year-old PLCs alongside brand-new VFDs on protocols that predate TCP/IP — the witness observes; it does not prescribe.

P-02

Read-only first

No device writes anywhere in the platform. The conversational layer cannot order a setpoint change. Even if an attacker controlled the LLM, the worst they could do is read.

P-03

Capture first, name later

The lake records every observable conversation. Operators name what they care about retroactively. They do not have to know which tags matter on day one — schema-on-read against the lake gives them history back to capture-start.

P-04

Zone autonomy

Every zone appliance is complete for its scope. Disconnected from the mesh, it still captures, still historizes, still answers operator questions. The product is sovereign at every fractal level — cell, line, area, site.

P-05

Standards over lock-in

DNS, DHCP, TLS, OPC UA, MQTT, Sparkplug B where they fit. i3X for the AI surface — open, specified, implementable. PERA+, ISA-95, IEC 62443 for the architectural alignment.

P-06

Sovereignty over connectivity

Local function is the default. Cloud is a viewport. The system never assumes upstream connectivity exists — and continues to be useful when it doesn't.

P-07

Security as architecture

Zone segmentation. Signed configuration artifacts. mTLS at every internal hop. Default-deny conduits between INBOUND / DMZ / OUTBOUND. No HTTP at the boundary in either direction. No live mutation API.

P-08

Attestation observes prevention

Every communication is governed by an explicit data contract. The IDS doubles as a contract-attestation observer — the system can show you not just "the firewall blocked X" but "the firewall behaviour matches the contract."

§ 05 Up in ten minutes

Bring up the chain. Ask your plant a question.

A workstation. Docker. A browser. Optionally Claude Desktop. The witness ships with realistic ICS/OT capture fixtures so you can see the asset map populate before you point it at a real network.

Full operator quickstart →
~/conversational-factory · zsh 
$ git clone https://github.com/riverman-io/conversational-factory
$ cd conversational-factory
$ make first-run
  ok   appended secrets to services/witness/.env
  ok   db reachable
  ok   migrations applied
  ok   app healthy
  ok   provisioned new i3X API key
$ make up
  eriswitness-dev-app     Up (healthy)   :5001
  cf-query-plane          Up             :8090
  cf-gateway              Up             :8091
$ open http://127.0.0.1:5001
§ 06 Where to read next

The product is the witness, the historian, the gateway, the interfaces, and the packaging that ships to a customer site and lets them speak to their packing line.

01 Product thesis Why this exists. The problem. The architectural commitment. 02 Concepts & glossary Every term in plant-floor language. Two sentences each. 03 System architecture The on-box / off-box seam. Components. Data flow. Trust model. 04 Operator quickstart Bring it up in ten minutes. Replay a PCAP. Ask Claude a question.