Skip to content

URAA — Five-Layer Architecture

The Universal Rotifer Autonomous Architecture (URAA) is the protocol’s backbone — five layers that separate concerns, enforce safety invariants, and enable cross-binding portability.

┌──────────────────────────────────────────────────────────────┐
│ L4: Collective Immunity Layer │ ← Species Memory
│ ┌──────────────────────────────────────────────────────────┐│
│ │ L3: Competition & Exchange Layer ││ ← Selection & Transfer
│ │ ┌──────────────────────────────────────────────────────┐││
│ │ │ L2: Calibration Layer │││ ← Immune System
│ │ │ ┌──────────────────────────────────────────────────┐│││
│ │ │ │ L1: Synthesis Layer ││││ ← Protein Synthesis
│ │ │ │ ┌──────────────────────────────────────────────┐││││
│ │ │ │ │ L0: Kernel Layer │││││ ← Genetic Code
│ │ │ │ └──────────────────────────────────────────────┘││││
│ │ │ └──────────────────────────────────────────────────┘│││
│ │ └──────────────────────────────────────────────────────┘││
│ └──────────────────────────────────────────────────────────┘│
└──────────────────────────────────────────────────────────────┘
LayerRoleBiological AnalogyStatus
L0 KernelImmutable trust anchor — security constraints no other layer can overrideGenetic codeImplemented
L1 SynthesisWASM sandbox execution, IR compilation, resource meteringProtein synthesis (ribosome)Implemented
L2 CalibrationMulti-stage gene validation: static analysis → sandbox → controlled trialImmune system (thymic selection)Implemented
L3 Competition & ExchangeArena fitness ranking + horizontal gene transfer between agentsNatural selection + HGTArena: implemented; P2P transfer: stub (v0.9.1)
L4 Collective ImmunityNetwork-wide threat detection, defense sharing, species memoryHerd immunityPlanned (v1.x)

Layer isolation — each layer communicates only through standardized interfaces. L0 cannot be modified by any higher layer. L1 cannot skip L2 validation. L3 cannot bypass L0 constraints.

Constitutional immutability — L0 is the only layer that does not participate in evolution. It is the “constitution” of the agent: safety constraints that are true by axiom, not by optimization.

Biological fidelity — the layering maps directly to biological systems, not by analogy but by functional equivalence. L2 Calibration performs the same role as thymic selection: filtering out self-reactive (unsafe) genes before they enter the production execution path.

The Kernel layer is implementation-agnostic. Different deployment scenarios use different trust anchors:

Trust BackendTechnologyApplicable Scenarios
Distributed LedgerSmart Contracts (EVM/Move/WASM)Decentralized permissionless networks
TEEIntel TDX / ARM TrustZone / AWS NitroEnterprise high-performance
Signature ChainSigned manifests + PKILightweight controlled networks
HSMHardware Security Module / TPMIoT and embedded devices

Rotifer decentralizes over time, not all at once. The current release leans on a Cloud Registry as the practical backbone for discovery and trust. That is a deliberate starting point — it keeps reputation and economic integrity verifiable while the peer-to-peer stack matures — not a permanent dependency. The architecture is designed so each responsibility moves outward to the network as soon as it is safe to decentralize.

CapabilityTodayDirection
DiscoveryCloud Registry is the source of truth; peer metadata announcement is foundation-stagePeers gossip signed gene metadata; the Cloud becomes one source among several
DistributionGene binaries download from the CloudContent-addressed binary distribution between peers, verified by hash, is on the roadmap
IdentityNode identity is backed by a Cloud accountSelf-signed keys and decentralized identity take over as the standard matures
ReputationComputed server-side from global recordsDecentralized reputation is a longer-term research direction, gated on identity maturity

Decentralization expands what the network can carry, but some boundaries hold in every version:

  • The peer-to-peer layer is for discovery and distribution, never execution — genes run locally through the Binding layer, not over the network.
  • Private keys, execution inputs and outputs, and agent memory are never broadcast. Only signed metadata — and, on the roadmap, content-addressed binaries — travel the network.
  • Value settlement and token transfer never ride the discovery network. Payments and on-chain settlement belong to the Binding layer, kept separate from gene propagation by design.
  • Every announcement is signed, so receivers can verify provenance independently — the precondition for decentralized trust.

“Cloud-first” describes where Rotifer is today, not where it is headed.

Most agent frameworks provide a flat tool registry with optional guardrails. URAA provides structural guarantees:

  • A gene that passes L2 is safe to execute in L1 — not because someone checked, but because the architecture enforces it
  • L0 constraints survive cross-binding compilation — a safety rule declared in Cloud Binding is preserved when the gene runs on Local Binding
  • L4 threat intelligence is shared across the network — one agent’s encounter with a malicious gene protects all agents

This is what makes Rotifer a protocol, not just a framework.