MapleNode brings local-first semantic memory, document indexing, discovery, and MCP-compatible tools to the edge. It is designed as an always-on node that MapleOS can find, pair with, and use as a trusted cognition surface on the LAN.
Target board
Radxa ROCK 4C+ (RK3399, 4GB)
Operating system
Armbian Bookworm (Debian 12)
Service stack
FastAPI, SQLite, LanceDB, sentence-transformers (CPU)
HTTP endpoint
:8765
UDP discovery
:8766
mDNS
maplenode.local · _maplenode._tcp
Vector-searchable semantic memory lives on-device, reducing cloud dependency on the hot path and keeping cognition physically close to the user environment.
Documents can be uploaded, chunked, indexed, and searched as part of the edge memory surface that MapleOS can consume.
MapleNode exposes MCP-style tooling for discovery, device status, and safe diagnostic commands without exposing an unrestricted shell.
mDNS publishes maplenode.local and UDP capability broadcasts announce the node every 30 seconds so MapleOS can auto-detect it on the LAN.
Write endpoints require the setup token via X-MapleSeed-Token, while open discovery endpoints remain safe for initial probing and pairing.
MapleNode is positioned as an edge memory and orchestration appliance, not a general-purpose GPU server or public cloud replacement.
The pairing model is intentionally simple: discover the device, retrieve the setup token, and then let MapleOS use that token for secured interactions. This keeps onboarding lightweight while preserving control over writes and tool execution.
MapleOS discovers the node through mDNS or the UDP capability broadcast on the local network.
The operator reads the setup token from the appliance console or SSH session.
The token is pasted into MapleOS to establish trust and unlock write operations.
MapleOS uses the token for memory writes, document indexing, and secured MCP-style calls.
{
"type": "maplenode.advertise",
"name": "maplenode",
"hostname": "maplenode.local",
"api": "http://maplenode.local:8765",
"version": "0.1.0",
"capabilities": ["memory", "documents", "mcp"]
}TOKEN=<setup token>
BASE=http://maplenode.local:8765
curl -s $BASE/health
curl -s $BASE/capabilities
curl -s $BASE/mcp/tools
curl -s -X POST $BASE/memory/store \
-H "X-MapleSeed-Token: $TOKEN" \
-H 'Content-Type: application/json' \
-d '{"text":"User prefers local-first agents."}'MapleNode’s public positioning emphasizes a conservative security model for local deployment: limited exposure, explicit write authorization, safe diagnostics, and restricted runtime privileges.
LAN-only by design. The service is intended for local networks, not public internet exposure.
Write-gated endpoints. Non-open write operations require the setup token.
No arbitrary shell access. Diagnostic commands are intentionally allowlisted.
Systemd hardening. The service runs with restricted privileges and controlled write paths.
It gives MapleOS a discoverable local cognition appliance for memory, document workflows, and secure edge tool execution without depending on a remote cloud service for every operation.