Uracil Sentinel (World's first AI-powered, Quantum resistant blockchain security manifold)

 

Uracil Sentinel: AI‑Driven 14‑Domain Security Manifold with Immutable Audit and Autonomous Response

Whitepaper | May 2026

Abstract

Uracil Sentinel is an AI‑powered security manifold that continuously monitors 14 critical security domains (Physical Perimeter, Access Control, Cyber Network, etc.) using a combination of physics‑based state evolution and tiny neural networks that learn from domain‑specific logs and telemetry. Each domain maintains its own persistent .pt model (saved to disk), a knowledge graph of terms, and a rolling physics state (NF, Burden, Psi). Anomalies are detected via manifold divergence, triggering automated countermeasures (alert, revoke, isolate) that are logged to an immutable, encrypted ledger and optionally mirrored to the blockchain. The system includes a rate‑limiting network sentinel, a telemetry bridge for signal normalisation, and a watchdog that restarts the orchestrator if the heartbeat fails.

All security reasoning can be logged on the Uracil Chain via log_immutable, creating a tamper‑proof audit trail for compliance and forensic analysis.

1. Problem Statement

Organisations face three fundamental security gaps:

Problem	Consequence
Siloed monitoring – Physical, network, endpoint, and governance tools operate independently.	Attackers exploit blind spots between domains.
Static rules – Signature‑based detection misses novel zero‑day patterns.	High false‑positive rates and undetected intrusions.
No immutable audit – Logs can be altered after an incident.	Legal and compliance exposure.

Uracil Sentinel solves these by:

• Unifying 14 security domains under a single manifold.

• Using physics‑inspired state (damped oscillations) and neural learning to adapt.

• Recording every alert and response action in an append‑only, encrypted ledger (local immutable_ledger file, with optional blockchain anchoring).

2. Architecture Overview

text

┌─────────────────────────────────────────────────────────────────────────────┐

│ Uracil Sentinel Core │

│ ┌─────────────────┐ ┌─────────────────┐ ┌─────────────────────────────┐ │

│ │ TelemetryBridge │ │ ISROSecureScanner│ │ ManifoldEngine │ │

│ │ (normalises raw │→ │ (validates, │→ │ (calculates tension per │ │

│ │ signals) │ │ sanitises, │ │ domain, updates state) │ │

│ └─────────────────┘ │ computes │ └──────────────┬──────────────┘ │

│ │ divergence) │ │ │

│ └────────┬────────┘ │ │

│ │ │ │

│ ▼ ▼ │

│ ┌─────────────────┐ ┌─────────────────────────────┐ │

│ │ResponseMitigator│ │ 14 Security Domains │ │

│ │ (LOG, ALERT, │ │ (each with: │ │

│ │ REVOKE, │ │ - physics state a_n, b_n │ │

│ │ ISOLATE) │ │ - tiny GRU neural network │ │

│ └────────┬────────┘ │ - knowledge graph │ │

│ │ │ - persistent .pt weights) │ │

│ ▼ └─────────────────────────────┘ │

│ ┌─────────────────┐ │

│ │ImmutableLedger │ │

│ │ (append‑only, │ │

│ │ chained hashes) │ │

│ └─────────────────┘ │

└─────────────────────────────────────────────────────────────────────────────┘

│

│ (optional) log_immutable

▼

┌─────────────────────────┐

│ Uracil Chain │

│ (immutable blockchain │

│ records for compliance)│

└─────────────────────────┘

External components:

- NetworkSentinel (ingress filter, rate limiter, packet batch)

- CryptoVault (AES‑GCM metadata encryption)

- ShieldWatchdog (heartbeat monitor, restarts orchestrator)

- ShieldOrchestrator (unified facade for protect_stream)

3. The 14 Security Domains

Each domain is a first‑class citizen with its own:

• Physics state (a_n, b_n, nf_n, s_n, v_n, m_n) – evolves over time via damped oscillations.

• Small neural network (embedding + GRU + linear) – trained on domain‑specific text (logs, policies, sensor readings).

• Knowledge graph – word associations built from training text.

• Persistent weights – saved to nn_weights/<domain>.pt after every training step.

The 14 domains are:

#	Domain	Gravity	Purpose
1	Physical Perimeter	Zero‑G	Gates, barriers, intrusion detection
2	Access Control	Microgravity	Identity, authentication, RBAC
3	Cyber Network	Nanogravity	Firewalls, IDS/IPS, zero trust
4	Endpoint Security	Zero‑G	Devices, EDR, antivirus
5	Communication	Microgravity	Encryption, satellite links
6	Human Behaviour (Adherence)	Zero‑G	Policy compliance, insider threat
7	Supply Chain	Nanogravity	Third‑party risk, SBOM
8	Infrastructure	Microgravity	Power, cooling, redundancy
9	Environment (Sensors/Physics)	Nanogravity	Temperature, radiation, seismic
10	Personal Intel (Biometrics)	Nanogravity	Fingerprint, iris, liveness
11	External Threat	Microgravity	DDoS, APT, cyber attacks
12	Cross‑Domain	Nanogravity	Data diodes, guards, filters
13	Temporal Pattern / Time Series	Zero‑G	Log analysis, anomaly detection
14	Security Governance	Microgravity	Policies, audits, compliance

Each domain’s gravity state affects its physics speed (Zero‑G=1.0, Microgravity=0.7, Nanogravity=0.2), influencing how fast its state evolves.

4. Core Components

4.1 SecurityDomain (brain_parts_ISRO.py)

Physics state update:

text

a_n += term * direction * speed

b_n -= term * direction * speed

nf_n += 0.02 * term.real * (1 - s_n)

where term is the damped oscillation term (0.1 * fact * exp(-beta*n)) + imaginary.

Health metrics:

• SNR = signal (size of word_weights) / noise (|a_n.real - b_n.real|).

• Status = HEALTHY (SNR>10), YELLOW (SNR>5), ORANGE (SNR>2), PONR (SNR>1), COLLAPSED.

• Confidence = running average of 1 - (|a-b|/20) over last 100 steps.

Neural network:

• Embedding (vocab_size=30000, embed_dim=32) → GRU (hidden_dim=64) → linear to vocab.

• Trained on text via train_on_text() – updates knowledge_graph and word_weights.

• Persisted to nn_weights/<domain>.pt (contains embedding, gru, fc_out, optimizer, vocab maps).

• .pt files are automatically saved after every training call and after every physics update (when update_all_domains is called).

Example .pt structure:

text

embedding: state_dict

gru: state_dict

fc_out: state_dict

optimizer: state_dict

word_to_id: dict

id_to_word: dict

next_id: int

4.2 ISROSecureScanner (secure_vuln_engine.py)

Input validation (hardened):

• Strict TelemetryPacket schema with source_id prefix check (SAT‑, GRD‑, CTRL‑, TEST‑).

• Payload integrity hash re‑computation – prevents tampering in transit.

• Value sanitisation: type allowlist + string length limit (512) + control character rejection.

Divergence calculation:

text

divergence = 1.0 - (domain.confidence * (domain.SNR / 10.0))

Returns VulnerabilityReport with domain, attribute, observed value, divergence score, severity (LOW/MEDIUM/HIGH/CRITICAL), and timestamp.

Safe training: only values with divergence < warning threshold (0.6) are used to train the domain’s neural network – prevents poisoning from anomalous telemetry.

4.3 ResponseMitigator (response_mitigator.py)

Maps severity to actions:

Severity	Action	Requires configuration
LOW	LOG_ONLY	none
MEDIUM	ALERT_ADMIN	alert_webhook (Slack, PagerDuty)
HIGH	REVOKE_ACCESS	iam_endpoint
CRITICAL	ISOLATE_NODE	sdn_endpoint

All actions are logged to the immutable ledger and thread‑safe (per‑domain locks). Fallback to logged stubs if endpoints not configured.

4.4 NetworkSentinel (network_sentinel.py)

• Rate limiter: max 1000 packets per second (configurable).

• Packet validation: length 20–65535 bytes, type bytes/bytearray.

• Thread‑safe buffer (deque, maxlen 5000).

• get_batch() atomically drains buffer for scanning.

4.5 ImmutableLedger (immutable_ledger.py)

• Append‑only text file (isro_shield.ledger) with chained hashes.

• Each entry: timestamp, data, prev_hash, hash.

• File locking (fcntl on Unix, no‑op on Windows) to prevent corruption.

• verify_integrity() re‑computes all hashes – detects any tampering.

4.6 CryptoVault (crypto_vault.py)

• AES‑GCM encryption for metadata (e.g., telemetry payloads at rest).

• Uses a master key (set via environment variable ISRO_MASTER_KEY).

• encrypt_metadata() / decrypt_metadata() – nonce is prepended.

4.7 TelemetryBridge (telemetry_bridge.py)

• Maps raw sensor readings to normalised [0,1] signals for all 14 domains.

• Uses predefined DOMAIN_SCALE_FACTORS.

• Unknown keys are logged and ignored; missing domains default to 0.0.

4.8 ManifoldEngine (manifold_engine.py)

• Maintains a 14‑dimensional state_vector.

• calculate_domain_tension() = (signal * alpha/beta) * (complexity * stability * gravity_mod).

• stabilize_manifold() updates the vector and returns it.

4.9 SecurityOrchestrator (security_orchestrator.py)

• Uses ManifoldEngine to evaluate system integrity.

• Returns manifold_state, alerts (if tension exceeds threshold), integrity_score.

4.10 ShieldWatchdog (shield_watchdog.py)

• Monitors heartbeat file (default /var/run/uracil/shield_heartbeat, mode 0600).

• Verifies file ownership and permissions – prevents spoofing.

• If heartbeat missing or stale (timeout 5s), triggers rate‑limited restart (max 3 restarts/hour).

• Runs as a daemon thread.

4.11 ISROShield (shield_orchestrator.py)

• Unified facade: protect_stream(encrypted_payload).

• Decrypts with CryptoVault, scans with ISROSecureScanner, mitigates with ResponseMitigator, updates heartbeat.

• Returns True if no vulnerabilities found.

5. Workflow: End‑to‑End Security Event

1. Telemetry ingestion (e.g., network packet hex, log line, sensor reading).

2. Normalisation via TelemetryBridge → signals for 14 domains.

3. Validation & scanning by ISROSecureScanner:

   • Schema check, integrity hash, sanitisation.

   • Divergence calculation per domain.

   • Vulnerability reports created for divergences above thresholds.

4. Response mitigation (ResponseMitigator.execute()):

   • Logs to ImmutableLedger.

   • If severity ≥ MEDIUM, sends admin alert (webhook).

   • If severity ≥ HIGH, calls IAM endpoint to revoke credentials.

   • If severity = CRITICAL, calls SDN endpoint to isolate network segment.

5. Optional blockchain anchoring – call log_immutable from the AI agent to store the vulnerability report on Uracil Chain.

6. Domain training – stable telemetry (low divergence) is used to train the domain’s neural network, which updates its .pt file on disk.

7. Manifold update – ManifoldEngine.stabilize_manifold() records the new tension vector.

6. Persistence & State Management

• Domain weights are saved as .pt files in nn_weights/.

  • Each file is a dictionary containing the GRU model, embedding, output layer, optimizer state, and vocabulary.

  • Files are automatically created/updated after every train_domain_on_text() call and after update_all_domains() (physics step).

  • This allows the system to restart and resume learning without retraining from scratch.

• Immutable ledger (isro_shield.ledger) grows indefinitely. Can be pruned manually, but integrity verification will detect any removal.

• Heartbeat file – location configurable; default is root‑owned /var/run/uracil/shield_heartbeat for security.

7. Integration with Uracil AI Agent

The Uracil AI assistant (chat interface) can invoke Sentinel tools via natural language:

User intent	Tool called	Description
“Scan this telemetry”	scan_telemetry	Process JSON/hex, return vulnerability report.
“Show security health”	security_health	Get SNR, status, confidence for all 14 domains.
“Verify ledger integrity”	verify_ledger	Check isro_shield.ledger for tampering.
“Ingest packet”	ingest_packet	Feed raw packet into rate‑limiter.
“Process batch”	process_batch	Scan all buffered packets.
“Train domain X on this text”	train_security_domain	Update neural weights and save .pt.
“Log reasoning”	log_reasoning	Write domain‑specific reasoning to immutable ledger (and optionally to blockchain).
“Evaluate manifold”	evaluate_manifold	Send raw signals, get tension and alerts.
“Get manifold state”	get_manifold_state	Retrieve current 14‑dimensional vector.
“Reset manifold”	reset_manifold	Zero the state vector (calibration).

All tools are available through the ToolDispatcher in the Tech and Cyber domains. The AI automatically prompts for user consent before executing log_immutable (blockchain write).

8. Security & Compliance Benefits

• Non‑repudiation: Every security event (vulnerability, response action) is recorded in the immutable ledger with a hash chain.

• Forensic readiness: ghost_history‑style commands could be added; the ledger itself is a complete audit trail.

• Resilience: Watchdog restarts the orchestrator if it stops updating the heartbeat.

• Hardened ingestion: Strict schema, integrity hash, and sanitisation prevent injection attacks.

• Domain‑specific learning: Each domain adapts to its own data without interfering with others.

• Optional blockchain anchoring: High‑severity alerts can be written to Uracil Chain for external verification and long‑term storage.

9. Performance Characteristics

Component	Metric
Telemetry packet validation	<50µs per packet (sans hashing)
Divergence calculation (14 domains)	~200µs (Python + small NN)
Neural network training (100 words)	~10ms (per domain)
Immutable ledger append	~1ms (with file lock)
Manifold state update	~5µs per domain (pure arithmetic)
Heartbeat check	<1ms

10. Example: Detecting a Cyber Network Anomaly

User command (via AI chat):

text

scan_telemetry {"packet_len": 9000, "port": 4444, "source_id": "GRD-01"}

System flow:

1. ISROSecureScanner maps packet_len to Cyber Network domain.

2. Sanitises values (int, within limits).

3. Queries Cyber Network domain: current SNR = 8.2, confidence = 0.92.

4. Calculates divergence = 1 - (0.92 * min(8.2/10,1)) = 1 - 0.754 = 0.246 → MEDIUM.

5. ResponseMitigator logs event and sends alert to webhook.

6. AI returns: “Medium severity in Cyber Network (divergence 0.246). Alert sent. Log on chain? [Yes/No]”

If user consents, the AI runs:

text

log_immutable security_agent security_alert "{...}" "Cyber Network anomaly"

11. Conclusion

Uracil Sentinel provides a production‑ready, physics‑inspired security manifold that unifies 14 domains, learns from telemetry, and automatically responds to threats. Its components are hardened against injection, thread‑safe, and persistent (.pt weights, immutable ledger). Integration with the Uracil AI agent allows natural‑language security operations, and optional blockchain anchoring creates an unalterable compliance record.

The system is already deployed in the Uracil AI workspace, with .pt files saved for each domain after every training cycle. It can be extended to additional domains by adding entries to MANIFOLD_TOPOLOGY and DOMAIN_SCALE_FACTORS.

12. Blueprint: Uracil Sentinel Architecture

text

┌─────────────────────────────────────────────────────────────────────────────┐

│ Uracil Sentinel │

├─────────────────────────────────────────────────────────────────────────────┤

│ ┌───────────────────────────────────────────────────────────────────────┐ │

│ │ INGESTION LAYER │ │

│ │ ┌─────────────────┐ ┌─────────────────┐ ┌─────────────────────┐ │ │

│ │ │ NetworkSentinel │ │ TelemetryBridge │ │ CryptoVault │ │ │

│ │ │ • rate limiter │ │ • normalisation │ │ • decrypt incoming │ │ │

│ │ │ • packet buffer │ │ • domain mapping│ │ encrypted payloads│ │ │

│ │ └────────┬────────┘ └────────┬────────┘ └──────────┬──────────┘ │ │

│ │ │ │ │ │ │

│ │ └─────────────────────┼───────────────────────┘ │ │

│ │ ▼ │ │

│ │ ┌─────────────────────────┐ │ │

│ │ │ ISROSecureScanner │ │ │

│ │ │ • schema validation │ │ │

│ │ │ • integrity hash check │ │ │

│ │ │ • sanitisation │ │ │

│ │ │ • divergence calculation│ │ │

│ │ └────────────┬────────────┘ │ │

│ │ │ │ │

│ │ ┌──────────────────┼──────────────────┐ │ │

│ │ ▼ ▼ ▼ │ │

│ │ ┌───────────────────┐ ┌───────────────┐ ┌───────────────────────┐ │ │

│ │ │ 14 Security │ │ManifoldEngine │ │ ResponseMitigator │ │ │

│ │ │ Domains │ │• state_vector│ │ • LOG_ONLY │ │ │

│ │ │ ┌───────────────┐ │ │• tension calc │ │ • ALERT_ADMIN │ │ │

│ │ │ │Physical │ │ └───────┬───────┘ │ • REVOKE_ACCESS │ │ │

│ │ │ │Perimeter │ │ │ │ • ISOLATE_NODE │ │ │

│ │ │ │(physics state,│ │ │ └───────────┬───────────┘ │ │

│ │ │ │ GRU NN, .pt) │ │ │ │ │ │

│ │ │ ├───────────────┤ │ │ ▼ │ │

│ │ │ │Access Control │ │ │ ┌───────────────────────┐ │ │

│ │ │ │... │ │ │ │ ImmutableLedger │ │ │

│ │ │ └───────────────┘ │ │ │ • append‑only │ │ │

│ │ └─────────┬─────────┘ │ │ • chained hashes │ │ │

│ │ │ │ │ • file locking │ │ │

│ │ └────────────────────┼──────────┼───────────────────────┘ │ │

│ │ ▼ │ │ │

│ │ ┌─────────────────────────┐ │ │

│ │ │ SecurityOrchestrator │ │ │

│ │ │ • evaluate_integrity() │ │ │

│ │ └─────────────────────────┘ │ │

│ └───────────────────────────────────────────────────────────────────────┘ │

│ │ │

│ │ optional blockchain logging │

│ ▼ │

│ ┌─────────────────────────────────────┐ │

│ │ Uracil Chain │ │

│ │ (log_immutable of security alerts) │ │

│ └─────────────────────────────────────┘ │

│ │

│ ┌───────────────────────────────────────────────────────────────────────┐ │

│ │ WATCHDOG & RECOVERY │ │

│ │ ┌─────────────────┐ ┌─────────────────────────────────────────┐ │ │

│ │ │ ShieldWatchdog │ │ ISROShield (facade) │ │ │

│ │ │ • heartbeat file│ │ • protect_stream(encrypted_payload) │ │ │

│ │ │ • permission │ │ • returns system stability (bool) │ │ │

│ │ │ verification │ └─────────────────────────────────────────┘ │ │

│ │ │ • rate‑limited │ │ │

│ │ │ restart │ │ │

│ │ └─────────────────┘ │ │

│ └───────────────────────────────────────────────────────────────────────┘ │

└─────────────────────────────────────────────────────────────────────────────┘

Appendix A: File Layout

text

Uracil AI/

├── cyber_security/

│ ├── crypto_vault.py

│ ├── immutable_ledger.py

│ ├── manifold_engine.py

│ ├── network_sentinel.py

│ ├── response_mitigator.py

│ ├── secure_vuln_engine.py

│ ├── security_orchestrator.py

│ ├── shield_orchestrator.py

│ ├── shield_watchdog.py

│ ├── telemetry_bridge.py

│ └── topology_map.py

├── brain_parts_ISRO.py

├── brain_regions_ISRO.py

├── nn_weights/ # created automatically

│ ├── Access_Control.pt

│ ├── Communication.pt

│ ├── Cyber_Network.pt

│ ├── Endpoint_Security.pt

│ ├── Human_Behaviour_(Adherence).pt

│ ├── Infrastructure.pt

│ ├── Physical_Perimeter.pt

│ └── Supply_Chain.pt

├── isro_shield.ledger # immutable event log

└── /var/run/uracil/shield_heartbeat # watchdog heartbeat (Linux)

Appendix B: Available AI Agent Tools (Sentinel)

Tool	Argument	Description
scan_telemetry	JSON string	Analyse telemetry, return vulnerabilities.
security_health	(none)	Report health of all 14 domains.
verify_ledger	(none)	Check integrity of isro_shield.ledger.
ingest_packet	hex string	Feed raw packet into network sentinel.
process_batch	(none)	Process all buffered packets.
train_security_domain	domain_name|text	Train a domain’s NN on new text (saves .pt).
log_reasoning	domain_name|reasoning	Write reasoning to immutable ledger (and optionally blockchain).
evaluate_manifold	JSON ({domain: signal})	Get manifold state, alerts, integrity score.
get_manifold_state	(none)	Return current 14‑dimensional vector.
reset_manifold	(none)	Reset manifold state to zero.

Uracil Sentinel – AI security that learns, adapts, and leaves an immutable trail.
Version 1.0 – Fully integrated with Uracil AI Agent and Uracil Chain.