TreeChain's mesh used to include a fifth node: a glyphjammer-api instance hosted on Render. It served traffic. It replicated entries. It was the last vendor-managed surface in the system.
I shut it down this week.
The reason it existed was inertia. We launched on Render because Render was easy. Push to GitHub, get a TLS-terminated API in five minutes. For a one-person research project, that is the right tool.
It stops being the right tool when the project becomes infrastructure that other people are supposed to trust.
Render's terms can change. Their availability is their responsibility. Their datacenter is in a single jurisdiction. If a court compels Render to disclose data, my consent is not in the loop. If they decide my workload violates some policy nobody can find in writing, my whole system goes dark.
Those are not paranoid concerns — they are normal vendor risks. They are also incompatible with the threat model TreeChain operates under.
The migration was straightforward in theory and tedious in practice.
Stand up nginx with a real Let's Encrypt wildcard cert on Helsinki. Repoint apex DNS at Helsinki. Remove the Render node from every peer registration. Update the chain head. Verify replication still flows across the four real nodes. Check that the public endpoints still resolve.
The tedious part was the cleanup. Health-check loops referenced the Render URL in three different services. Dashboards listed five nodes. Code paths assumed five-node fan-out. None of it would fail loudly when Render disappeared — it would just silently degrade.
I went through every service, every dashboard, every config file. Removed the Render references. Tested replication after each removal. Watched the chain advance.
Now there are four nodes. Helsinki, Oregon, Singapore, Ashburn. Four legal jurisdictions. Four physical sites. One operator — me. No vendor in the loop.
If I disappear tomorrow, the mesh keeps replicating. If a single jurisdiction subpoenas one node, the other three keep operating. If Hetzner has an outage in one region, the chain stays consistent across the other three.
Provider diversification is still on the list — all four are at Hetzner. That is the next move. But the vendor surface that mattered most was the one I just removed.
Sovereignty is a strong word. I do not use it carelessly. What I have built is more accurately *operator independence*: I can keep TreeChain running indefinitely without any single counterparty. That is a precondition for the trust model. It is not the whole thing.
But it is a precondition. And as of this week, it is real.