Status: early-stage, evidence-bound systems architecture repository.
“The simulacrum is never what hides the truth.” — Jean Baudrillard
Latticra is a contract-first systems architecture project for high-assurance infrastructure engineering, Linux/Fedora integration research, Lat language development, bounded intermediate representation work, no-effect runtime-boundary modeling, and AI-era tool-boundary planning.
The repository is foundational engineering work. It is not a deployed platform, certified product, production runtime, or operating-system replacement.
C is the metal.
C++ is the disciplined structure.
Latticra is the contract.
Latticra is being built as a defensive, auditable, open systems architecture.
Its core idea is simple: before any future system effect becomes operational, the request, identity, capability, policy, boundary, and evidence posture should be explicit and inspectable.
Today, Latticra focuses on:
- explicit state and boundary models;
- deterministic validation and report surfaces;
- constrained authority vocabulary;
- disabled-by-default effect posture;
- bounded C implementation records;
- constrained C++ policy and audit direction;
- Lat language parsing, validation, diagnostics, and metadata lowering;
- LIR bounded intermediate representation reporting;
- L-UI operator-visible report direction;
- Nucleus coordination and task-boundary reports;
- Runtime Boundary classification before operational behavior;
- Latticra Seal tool-boundary and trust-boundary planning;
- Fedora/Linux validation evidence for narrow host-facing paths.
The current repository accomplishes an evidence-bound foundation, not a production platform.
Current evidence-backed and guarded areas include:
public_project_identity=1
foundation_documents_and_contracts=1
status_and_strategy_records=1
deterministic_shell_guards=1
c_invariant_tests=1
lat_parse_validate_lower_pipeline_present=1
lir_metadata_reporting_present=1
runtime_boundary_report_classification_present=1
nucleus_report_only_task_boundary_present=1
latticra_seal_report_only_tool_boundary_metadata_present=1
fedora_disposable_vm_local_rpm_validation_present=1
production_runtime_present=0
This means Latticra currently provides contracts, metadata surfaces, local deterministic tests, report-only C slices, planning records, and validation evidence. It does not yet provide active runtime enforcement.
Latticra does not currently provide a kernel, bootable image, production installer, Fedora-approved package, Fedora distribution-ready package, daily-driver installer, immutable Fedora installer, production runtime, runtime behavior, command execution authority, unrestricted C++ authority, effect-performing C++ authority, effect-performing task execution, interactive L-UI rendering, terminal-control L-UI rendering, LIR execution, Lat execution, Lat compiler product, Lat interpreter product, accreditation, certification, or operating-system replacement.
The project also does not currently claim to be a finished security product, sandbox, malware/ransomware prevention system, AI-agent security product, or production MCP implementation.
Latticra is organized as a layered systems architecture. The layers are still early, evidence-bound, and mostly no-effect.
Lat
Contract/declaration language direction.
LIR
Bounded intermediate representation and graph-shape metadata.
L-UI
Operator-visible declaration and reporting surface.
Nucleus
Coordination, classification, task records, and report boundaries.
Runtime Boundary
Disabled-by-default classification line before operational behavior.
Latticra Seal
Trust-boundary, request-boundary, policy-boundary, and tool-boundary planning.
Fedora/Linux substrate
Current host-facing validation lane and integration target.
The current direction is not to replace Linux immediately. The current direction is to mature Latticra as a governed layer of contracts, metadata, reports, validation, and future authority gates that can be validated on Linux/Fedora before deeper independence is claimed.
Lat is the Latticra language direction.
The current Lat path is no-effect and metadata-oriented. It gives the project a bounded path from grammar parsing to semantic validation to LIR metadata lowering.
Current posture:
lat_parser_present=1
lat_semantic_validation_present=1
lat_diagnostics_present=1
lat_to_lir_lowering_present=1
lir_metadata_reporting_present=1
lat_execution=0
lir_execution=0
compiler_product=0
interpreter_product=0
The goal is not execution first. The goal is inspectable declaration, deterministic validation, and evidence-bearing representation before execution becomes a valid topic.
Latticra Seal is a substructure inside the Latticra ecosystem.
Its role is to model trust-boundary, request-boundary, policy-boundary, and tool-boundary behavior for AI-era automation and MCP-style tool invocation planning while remaining evidence-bound and no-effect.
Seal is not a separate production security product. It is the Latticra subsystem that asks:
What is the tool?
Who or what requested it?
Were the parameters declared?
Is the request fresh?
Is the request signed?
Was policy evaluated?
Is runtime authority still denied?
What report proves the boundary decision?
Current Seal posture:
seal_agentic_automation_metadata_present=1
seal_parameter_schema_metadata_present=1
seal_request_freshness_metadata_present=1
seal_signed_request_metadata_present=1
seal_policy_decision_metadata_present=1
seal_runtime_gate_metadata_present=1
runtime_gate_report_only=1
runtime_authority_granted=0
effect_performed=0
host_read_performed=0
host_write_performed=0
network_performed=0
The completed core blocked-request case set currently covers:
unknown_tool_case_validated=1
unsigned_request_case_validated=1
stale_request_case_validated=1
replayed_request_case_validated=1
core_blocked_case_set_complete=1
A careful public claim is:
Latticra Seal now has a report-only runtime gate path with core negative-test evidence for AI-era tool-boundary planning.
That is intentionally limited. It does not mean Latticra Seal currently implements runtime enforcement, policy enforcement, cryptographic verification, MCP protocol behavior, MCP server behavior, MCP client behavior, AI-agent execution control, tool execution, host behavior, network behavior, object sealing, key storage, revocation lookup, or production agent security.
Relevant Seal records:
docs/LATTICRA_SEAL_MCP_ALIGNMENT_PLAN.mddocs/LATTICRA_SEAL_AGENTIC_AUTOMATION_SECURITY_CONTRACT.mddocs/LATTICRA_SEAL_PARAMETER_SCHEMA_CONTRACT.mddocs/LATTICRA_SEAL_REQUEST_FRESHNESS_CONTRACT.mddocs/LATTICRA_SEAL_SIGNED_REQUEST_CONTRACT.mddocs/LATTICRA_SEAL_POLICY_DECISION_CONTRACT.mddocs/LATTICRA_SEAL_RUNTIME_ENFORCEMENT_GATE_CONTRACT.mddocs/status/SEAL_CORE_BLOCKED_CASES_STATUS.md
Latticra now has one evidence-backed host-facing validation path: Fedora disposable VM local RPM validation.
The validated path is narrow:
disposable_vm_validation_completed=1
live_host_validation_completed=1
host_install_ready=1
production_installer_ready=0
fedora_distribution_ready=0
fedora_approval_claimed=0
daily_driver_install_ready=0
immutable_fedora_ready=0
evidence_level=9
The validated package is a local, documentation-only, noarch RPM:
latticra-0.0.0-0.1.local.fc44.noarch.rpm
The validated payload remains:
/usr/share/doc/latticra/README.md
The successful disposable Fedora VM transcript recorded package build, RPM install, RPM verification, RPM removal, and post-removal absence verification.
This does not mean Latticra is production ready, Fedora approved, Fedora distribution ready, daily-driver safe, immutable-Fedora ready, a production installer, a bootable OS replacement, a security product, a sandbox, or a malware/ransomware prevention system.
The only install-readiness statement currently supported by evidence is disposable Fedora VM local RPM validation for the documentation-only local RPM described above.
Evidence records:
docs/status/FEDORA_DISPOSABLE_VM_LOCAL_RPM_VALIDATION_EVIDENCE_STATUS.mddocs/status/FEDORA_DISPOSABLE_VM_RPM_README_ALIGNMENT_STATUS.mddocs/FEDORA_DISPOSABLE_VM_LOCAL_RPM_VALIDATION_LANE.mddocs/FEDORA_DISPOSABLE_VM_LOCAL_RPM_VALIDATION_TRANSCRIPT_CONTRACT.md
The repository uses shell guards and C invariant tests through the C workflow.
Core examples:
sh scripts/test-lat-pipeline.sh
sh scripts/test-runtime-boundary.sh
sh scripts/test-nucleus-task-execution.sh
sh scripts/test-l-ui-rendering.shSeal case validation:
sh scripts/test-latticra-seal-unknown-tool-case.sh
sh scripts/test-latticra-seal-unsigned-request-case.sh
sh scripts/test-latticra-seal-stale-request-case.sh
sh scripts/test-latticra-seal-replayed-request-case.shFedora disposable VM local RPM validation evidence status is covered by:
sh scripts/test-fedora-disposable-vm-local-rpm-validation-evidence-status.shFedora disposable VM RPM README alignment is covered by:
sh scripts/test-fedora-disposable-vm-rpm-readme-alignment.shStart with:
docs/FOUNDATION_INDEX.mdSTATUS.mddocs/status/CURRENT_STATUS.mddocs/status/ANNOUNCEMENTS.mddocs/status/README.mddocs/strategy/README.mddocs/project_notes/README.mdSECURITY.md
Important architecture records:
docs/C_CPP_FOUNDATION_DIRECTION.mddocs/CONSTRAINED_CPP_AUTHORITY_LAYER_CONTRACT.mddocs/LAT_PIPELINE_IMPLEMENTATION.mddocs/LAT_PIPELINE_DIAGNOSTIC_INTEGRATION_REFINEMENT.mddocs/LIR_REPORT_REFINEMENT.mddocs/L_UI_RENDERING_IMPLEMENTATION.mddocs/NUCLEUS_TASK_EXECUTION_CONTRACT.mddocs/RUNTIME_BOUNDARY_CONTRACT.md
Latticra follows an evidence-first development model.
The repository should only claim what its contracts, tests, reports, and validation records support.
No contract without identity.
No authority without capability.
No effect without a boundary.
No promotion without evidence.
Support Bryforge:
https://buymeacoffee.com/Bryforge
See SECURITY.md for vulnerability reporting, supported branch status, safe testing rules, and security non-claims.
Latticra uses Apache-2.0. See LICENSE and docs/LICENSE_POLICY.md.
