ecoPrimals Primal Catalog: Status, Capabilities, and Achievements
All 15 primals — capabilities, test counts, production status, repository visibility
At a Glance
15 standalone Rust binaries, each providing one domain capability. They compose via JSON-RPC into larger systems — from minimal Tower (crypto + networking) to full NUCLEUS (all 15). Every primal is musl-static linked with zero C dependencies. Scroll down for the full catalog with metrics, test counts, and capability methods per primal.
A primal is a standalone, statically-linked Rust binary that provides one domain capability — cryptography, networking, GPU math, storage, etc. Primals communicate over JSON-RPC and compose into larger systems. Think of them as Unix-philosophy tools that talk to each other. See the Glossary for more terms.
Status: Working paper Lineage: Implementation companion to ECOSYSTEM_ARCHITECTURE.md Last Updated: June 20, 2026
Abstract
This document catalogs every primal in the ecoPrimals ecosystem. It records what was built, how far it has evolved, and what it can demonstrate. The ecosystem was constructed by ecoPrimal (human + synthetic intelligence) over approximately 6-8 months, using the constrained evolution methodology described in CONSTRAINED_EVOLUTION_FORMAL.md. The results documented here are the empirical evidence for that methodology.
The primals are organized into three tiers:
Foundation Primals (§1): The bedrock of the ecosystem. Eight primals — BearDog, Songbird, NestGate, ToadStool, Squirrel, biomeOS, coralReef, and barraCuda — are production-ready, extensively tested, and form the NUCLEUS deployment architecture. coralReef and barraCuda were promoted from ToadStool sub-crates to independent primals (#13, #14) as the Sovereign Compute Pipeline matured.
Post- NUCLEUS Primals (§2): Primals designed for capabilities that emerge after NUCLEUS is deployed. These primals ( petalTongue, rhizoCrypt, sweetGrass, loamSpine, skunkBat) compose into higher-order patterns like RootPulse and the Memory & Attribution Stack. Each has been started and has functional code and tests, but they receive less focus until NUCLEUS is stable. They represent the next evolutionary phase.
Meta-Primals & Tooling (§3): sourDough is scaffolding and packaging tooling — it generates new primals and produces genomeBin artifacts, but does not run as a NUCLEUS service at runtime. wateringHole, whitePaper, and sporePrint are documentation/standards infrastructure.
Total: 17 primals and tooling (8 foundation + 5 post- NUCLEUS + 1 meta/tooling + 3 publishing soon) across three tiers.
Repository Visibility
All primals are scyBorg-licensed (AGPL-3.0-or-later for code, ORC for game mechanics, CC-BY-SA 4.0 for creative/docs) and intended to be fully public. Some are already on GitHub; the rest have source publishing in progress. Binaries for all primals are available through plasmidBin. Per AGPL-3.0, source for any distributed binary is available on request.
| Primal | Repo | Visibility |
|---|---|---|
| BearDog | ecoPrimals/bearDog | Source publishing in progress (binary via plasmidBin) |
| Songbird | ecoPrimals/songBird | Public |
| NestGate | ecoPrimals/nestGate | Public |
| ToadStool | ecoPrimals/toadStool | Public |
| Squirrel | ecoPrimals/squirrel | Public |
| biomeOS | ecoPrimals/biomeOS | Public |
| coralReef | ecoPrimals/coralReef | Public |
| barraCuda | ecoPrimals/barraCuda | Public |
| petalTongue | ecoPrimals/petalTongue | Public |
| rhizoCrypt | ecoPrimals/rhizoCrypt | Public |
| sweetGrass | ecoPrimals/sweetGrass | Public |
| loamSpine | ecoPrimals/loamSpine | Public |
| skunkBat | ecoPrimals/skunkBat | Source publishing in progress (binary via plasmidBin) |
| sourDough | ecoPrimals/sourDough | Public |
Thirteen primals are fully public on GitHub: songBird, nestGate, toadStool, squirrel, biomeOS, coralReef, barraCuda, petalTongue, sourDough, bingoCube, rhizoCrypt, sweetGrass, and loamSpine. All springs (syntheticChemistry org) are public. Pre-built binaries for all primals are distributed via plasmidBin.
1. Foundation Primals
These primals form the NUCLEUS deployment architecture. Each is production-ready, independently deployable, and has demonstrated its capabilities through showcase demonstrations and test suites.
1.1 BearDog - Cryptography Primal
Domain: All cryptographic operations and genetic lineage
Lines: 372,194 Rust (2061 files, 30 crates, 15,380 tests)
Tests: 5,041 passing (100%)
Coverage: 70.96%
Safety: Zero unsafe blocks, zero warnings
BearDog is the cryptographic spine of ecoPrimals. Every operation that requires signing, encrypting, hashing, key derivation, or identity verification is delegated to BearDog via JSON-RPC. No other primal implements its own crypto. This is the Tower Atomic pattern: a single, auditable cryptographic surface for the entire ecosystem.
Why it exists: In gen1, NestGate and Squirrel each embedded their own crypto logic. When Songbird was added for networking, it needed TLS — a third crypto implementation. Three codebases to audit, three trust surfaces, three places for key management bugs. BearDog consolidated all crypto into one primal. The others delegate to it. Every primal gets crypto from the same source, the same key store, the same audit trail.
What Pure Rust means here: RustCrypto libraries. Zero OpenSSL. Zero C dependencies. Zero unsafe in production paths. The Pure Rust constraint forced the Tor v3 implementation (3,345 lines of protocol logic, not a wrapper around the C Tor daemon) and eliminated every C crypto library from the trust surface. The entire cryptographic stack is covered by Rust’s memory safety — no buffer overflows, no use-after-free, no C code to audit separately.
Primitive catalog (91 methods, 72 JSON-RPC endpoints):
| Category | Primitives |
|---|---|
| Signatures | Ed25519, ECDSA (P-256, P-384), RSA (PKCS#1 v1.5, PSS) |
| Encryption | ChaCha20-Poly1305, AES-128-GCM, AES-256-GCM |
| Key Exchange | X25519, ECDHE (P-256, P-384) |
| Hashing | BLAKE3, SHA-256, SHA-384, SHA-512, HMAC |
| Identity | Genetic lineage (family seeds, beacon seeds), Dark Forest beacons |
| Onion Routing | Pure Rust Tor v3 (directory, circuit, stream, onion service) |
| Post-Quantum | ML-KEM key encapsulation |
BearDog enforces a strict entropy hierarchy — hardware RNG (SoloKey FIDO2) → OS entropy → CSPRNG (ChaCha20) — structurally, not by configuration. Multi-family key stores allow a single machine to host independent trust domains without key leakage.
Participates in: Tower Atomic (with Songbird), NUCLEUS (all configurations), RootPulse, Dark Forest Federation, every primal that needs cryptographic operations.
1.2 Songbird - Network Primal
Domain: Network orchestration, discovery, and federation
Lines: 335,140 Rust (1683 files, 31 crates, 14,742 tests)
Version: v3.35.0
Tests: 1,763 passing (100%)
Safety: Zero unsafe blocks in production, clean build
Songbird is the nervous system. If data needs to leave the machine, it goes through Songbird. TLS 1.3 (Pure Rust, no OpenSSL), service discovery (BirdSong protocol), NAT traversal (4-tier), and the networking half of Tower Atomic. Songbird also serves as the universal adapter for discovery: instead of every primal discovering every other primal (O(n²) connections), each primal registers with Songbird (O(n) connections), and Songbird handles routing.
Why it exists: In gen1, NestGate had NFS/SMB networking and Squirrel had MCP networking — two ad-hoc networking stacks in two primals. When BearDog was split out for crypto, the question became: who does TLS? Networking — TLS handshakes, NAT hole-punching, peer discovery, relay routing — is complex enough to warrant its own primal, and security-critical enough that it should be tightly integrated with BearDog’s crypto.
What Pure Rust means here: Songbird delegates 100% of its crypto to BearDog — zero direct cryptographic code in Songbird. The Pure Rust constraint eliminated coturn (C-based STUN/TURN server), which forced a custom Pure Rust STUN implementation. The 4-tier NAT traversal (direct → IGD/UPnP → STUN → relay) means ecoPrimals can operate from a basement behind a consumer router without requiring port forwarding. The system discovers its own network topology and adapts.
Tower Atomic — the headline composition: BearDog provides the cryptographic operations. Songbird provides the TLS 1.3 state machine and HTTP server. Neither can do HTTPS alone. Together, via JSON-RPC over Unix sockets, they produce Pure Rust HTTPS with zero C dependencies — 93% TLS validation across 87 production sites. Tower Atomic was not designed. The Pure Rust constraint eliminated OpenSSL. The primal isolation constraint prevented Songbird from embedding BearDog’s crypto. The only remaining option was composition via IPC — and it worked.
| Category | Primitives |
|---|---|
| TLS | TLS 1.3 (RFC 8446), TLS 1.2 fallback, protocol detection |
| Discovery | BirdSong encrypted UDP multicast, mDNS/DNS-SD, 6-layer capability-based strategy |
| NAT Traversal | Pure Rust STUN (RFC 5389), 4-tier: direct → IGD → STUN → relay |
| Dark Forest | Zero metadata leakage discovery, encrypted beacons |
| P2P | Sovereign onion service, circuit building, directory authority |
Participates in: Tower Atomic (with BearDog), NUCLEUS (all configurations), RootPulse (discovery/federation), BirdSong protocol, Dark Forest discovery.
1.3 NestGate - Data Primal
Domain: Storage and content-addressed data management
Lines: 299,289 Rust (1716 files, 23 crates, 13,070 tests)
Version: 4.0.0 ( genomeBin)
Tests: 1,474/1,475 passing (99.93%)
Build: 100% (13/13 crates)
NestGate is the data layer. Content-addressed storage (BLAKE3), ZFS integration, model caching, tiered storage. If data needs to persist across sessions, it goes through NestGate. NestGate is one of the two original primals — it existed before the word “primal” did. In gen1, it was the Rust-based ZFS storage manager for the HPC cluster. In gen2, it became a sovereign storage primitive. In gen3, it is the storage component of the Nest Atomic.
Why it exists: The gen1 HPC cluster needed a storage layer that understood ZFS, handled tiered storage (cold archive on HDDs, hot cache on NVMe), and served compute nodes. As the ecosystem grew, NestGate absorbed model caching for Squirrel’s AI inference, content-addressed blob storage for rhizoCrypt, and discovery services for the ecosystem.
What Pure Rust means here: NestGate pioneered the isomorphic IPC pattern — the same connection logic works over Unix sockets, TCP, and abstract sockets, auto-detecting the best transport via Try→Detect→Adapt→Succeed. This pattern was independently adopted by other primals after NestGate proved it. The gen1 archaeological layers are visible in the codebase: ZFS management code predates the primal architecture, sitting alongside content-addressed blob storage added in gen2.
| Category | Primitives |
|---|---|
| Storage | Content-addressed blobs (BLAKE3), deduplication, tiered storage (HDD → SSD → NVMe → RAM) |
| ZFS | Snapshots (100 in 0.17s), compression, quota, pool management |
| Discovery | Isomorphic IPC, MCP provider, multi-family sockets |
| Caching | AI model cache for Squirrel (download, store, retrieve via JSON-RPC) |
Participates in: Nest Atomic (with Tower), NUCLEUS, RootPulse (content storage), federation.
1.4 ToadStool - Compute Primal
Domain: Universal compute orchestration
Lines: 523,621 Rust (2729 files, 50 crates, 24,414 tests)
Tests: 1,000+ passing
Repository: github.com/ecoPrimals/toadStool — Public
ToadStool is the compute layer. Hardware discovery (GPU, NPU, CPU via sysfs/PCIe), workload dispatch, and the orchestration surface for the Sovereign Compute Pipeline. ToadStool owns the hardware. barraCuda (§1.8) owns the math. coralReef (§1.7) owns the compiler. Together they provide scientific computing on any GPU — NVIDIA, AMD, Intel — without CUDA dependency.
Why it exists: In gen1, Squirrel handled both job scheduling and compute execution. As GPU workloads grew complex (molecular dynamics, lattice QCD, neural network inference), the compute layer needed its own primal. ToadStool was split from Squirrel to own the hardware-specific concerns: GPU detection, driver compatibility, memory management, workload queuing. Squirrel kept AI-specific logic; ToadStool took “run this computation on that hardware.”
What Pure Rust means here: The Pure Rust constraint eliminated CUDA. That pushed exploration of Vulkan, which revealed a capability the conventional approach actively hides: Vulkan’s SHADER_F64 extension exposes native f64 on consumer GPUs at 1:2 throughput. NVIDIA’s CUDA throttles consumer f64 to 1:64 to protect the compute-class product line. Vulkan doesn’t. The $600 RTX 4070 does real science — Yukawa MD with 0.000% energy drift, nuclear EOS with χ²/datum = 2.27, lattice QCD plaquettes — all at f64 precision. The constraint forced the discovery.
ToadStool also hosts a Pure Rust Akida driver for BrainChip’s neuromorphic hardware (160 NPUs detected, 48-202x faster than CPU for specific workloads, 100x power efficiency vs GPU for LLM intent classification). No other Rust project has a production neuromorphic driver.
The springs are ToadStool’s acceptance tests. hotSpring proves the physics kernels work. wetSpring proves the biology kernels work. neuralSpring proves the ML kernels work. Every validated check is evidence that constrained evolution produced correct scientific computing.
Participates in: Node Atomic (with Tower), NUCLEUS, Sovereign Compute Pipeline (with barraCuda and coralReef).
1.5 Squirrel - AI Primal
Domain: AI model coordination and sovereign inference
Lines: 236,890 Rust (987 files, 22 crates, 7,701 tests)
Version: 0.1.0-alpha.33
Tests: 7,165 passing / 0 failed / 110 ignored
Coverage: ~85.3% line coverage (cargo-llvm-cov)
Safety: #![forbid(unsafe_code)] workspace-wide
Repository: github.com/ecoPrimals/squirrel — Public
Squirrel is the AI brain. Vendor-agnostic model routing across OpenAI, Anthropic, Ollama, and local models. Multi-MCP coordination. Context management. Cost/quality/latency routing. If anything in the ecosystem needs AI inference, it asks Squirrel. Squirrel is one of the two original primals — in gen1, it was the fault-tolerant compute orchestration platform for the HPC cluster.
Why it exists: In gen1, Squirrel was the HPC job scheduler: checkpoint/restart, circuit breakers, “ant-model” orchestration across compute nodes. As AI models became the primary workload, Squirrel evolved from general job scheduler into a dedicated AI coordination layer. The Model Context Protocol (MCP) gave it a standard way to discover and invoke AI capabilities across providers. The name stuck: squirrels cache things (model weights), they’re fast (low-latency routing), and they coordinate complex foraging patterns across large areas (multi-provider inference).
What Pure Rust means here: Squirrel follows the TRUE PRIMAL pattern — no compile-time coupling to any external service, capability-based provider discovery, isomorphic IPC. Adding a new AI provider requires a plugin crate, not changes to core logic. The checkpoint/restart code from gen1 evolved into context management and conversation state persistence. The circuit breakers evolved into provider fallback chains — Squirrel’s evolution from HPC job scheduler to sovereign AI coordinator is the clearest example of constrained evolution in the ecosystem.
| Category | Primitives |
|---|---|
| Inference | ai.query, ai.complete, ai.chat — multi-provider routing |
| MCP | Multi-server coordination, tool discovery, resource management |
| Context | Session management, token counting, context windowing, automatic fallback |
| Sovereign | Local inference via Ollama, zero telemetry by default, DignityGuard ethics checks |
Participates in: Full NUCLEUS (all atomics + AI), RootPulse (intelligent merge resolution), biomeOS Neural API (ai domain).
1.6 biomeOS - Ecosystem Orchestrator
Domain: Primal orchestration and ecosystem coordination
Lines: 213,688 Rust (859 files, 29 crates, 8,078 tests)
Security: A++ LEGENDARY ( Dark Forest)
Tests: 661+ passing
Coverage: ~48%
biomeOS is the conductor. If BearDog is the immune system and Songbird is the nervous system, biomeOS is the endocrine system: it coordinates all the organs without micromanaging any of them. It starts primals in the correct order, maintains a capability registry, routes requests semantically, composes primals into atomics (Tower, Node, Nest, NUCLEUS), and manages the lifecycle of the entire ecosystem. Without biomeOS, primals are isolated services. With biomeOS, they are an ecosystem.
Why it exists: In gen2, the whitepaper described “composable primitives” but left coordination implicit. As the primal count grew from 2 (gen1) to 8 (gen2) to 17 (gen3), explicit orchestration became necessary. Who starts first? How does a new primal discover existing ones? What happens when a primal crashes? biomeOS answers these questions. The name comes from the “biome” concept: a packaged ecosystem defined by a manifest, analogous to a biological biome where organisms interact through defined ecological relationships.
What Pure Rust means here: biomeOS implements the Neural API — 124 semantic capability translations. Callers don’t address primals by name; they request capabilities: capability.call("crypto.sign", ...) routes to BearDog, capability.call("ai.chat", ...) routes to Squirrel. The caller never knows which primal handled it. This decoupling is what makes hot-swapping primals possible. Deploy graphs are TOML manifests referencing primals by capability, not name — graph-based deployment, not imperative scripting.
The Dark Forest protocol (A++ LEGENDARY) provides zero-metadata-leakage discovery: beacons are indistinguishable from random noise to anyone without the family key. The Plasmodium collective enables multi-machine NUCLEUS: biomeOS instances meld, split, and mix across machines, scaling from one basement server to a distributed mesh.
| Category | Primitives |
|---|---|
| Neural API | 124 semantic capability translations, pathway learning, bidirectional feedback |
| Atomics | Tower, Node, Nest, Full NUCLEUS composition and health validation |
| Lifecycle | Startup ordering, auto-resurrection, post- NUCLEUS primal management |
| Dark Forest | Zero metadata leakage, encrypted beacons, genetic model coordination |
| Plasmodium | Multi-machine meld/split/mix, cross-device federation |
Participates in: Coordinates all composed systems ( RootPulse, Tower Atomic, NUCLEUS, federation, bonding model).
1.7 coralReef - Shader Compiler Primal
Domain: GPU shader compilation — WGSL/SPIR-V/GLSL to native GPU binaries
Lines: 120,313 Rust (421 files, 9 crates, 2,817 tests)
Tests: 3,038 passing (0 failed)
Coverage: 65.8% line (79.6% non-hardware), 72.9% function
Safety: #![forbid(unsafe_code)] on 8/9 crates, zero clippy warnings (pedantic+nursery)
Repository: github.com/ecoPrimals/coralReef — Public
coralReef is a sovereign GPU compiler. No LLVM. No Mesa. No vendor SDK. The entire pipeline from shader IR to native machine code is Pure Rust. It takes WGSL, SPIR-V, or GLSL source and produces native GPU binaries for NVIDIA SM70–SM89 and AMD RDNA2 (GFX1030), with full f64 transcendental support. coralDriver provides userspace GPU dispatch via DRM ioctl — AMD amdgpu and NVIDIA nouveau/nvidia-drm — without linking any vendor libraries.
Why it exists: When barraCuda discovered that consumer GPUs expose native f64 via Vulkan’s SHADER_F64 extension, the ecosystem needed a way to compile f64 shaders to native GPU code without NVIDIA’s CUDA/NVCC toolchain or AMD’s ROCm/HIP stack. The Pure Rust constraint prohibited both. coralReef was split from ToadStool to own shader compilation as a separate concern from compute dispatch. The boundary is clean: ToadStool never parses shaders; coralReef never talks to hardware schedulers.
What Pure Rust means here: The f64 discovery forced the split. Compiling double-precision transcendentals (exp2, log2, sin, cos, sqrt, rcp, and their compositions) to native GPU instructions requires a real compiler backend — not a pass-through to naga + wgpu. coralReef’s lower_f64 pass decomposes f64 operations into instruction sequences the hardware can execute, with FMA policy control to match IEEE 754 rounding. These are not library calls — they are instruction sequences emitted directly into the native binary. The coral-reef-stubs crate provides Pure Rust replacements for CFG, BitSet, dataflow, SmallVec, and fxhash — zero external dependencies in the compiler core.
93/93 cross-spring WGSL shaders compile to SM70 SASS. AMD end-to-end verified: WGSL → compile → PM4 → GPU → readback on RX 6950 XT. Each compiled shader is evidence that sovereign compute (no vendor SDK, no C dependencies) can do real science.
Participates in: Sovereign Compute Pipeline ( barraCuda → coralReef → native binary → ToadStool/coralDriver → hardware), Node Atomic, NUCLEUS.
1.8 barraCuda - Math Primal
Domain: Pure mathematics — WGSL f64 shaders, precision strategy, naga IR optimization
Lines: 235,755 Rust (1177 files, 4 crates, 4,892 tests) + 952 WGSL shaders
Version: v0.3.5
Tests: 3,348+ passing
Safety: Zero unsafe, zero clippy warnings
Repository: github.com/ecoPrimals/barraCuda — Public
barraCuda is the math engine. Every GPU-accelerated computation in the ecosystem — linear algebra, FFT, molecular dynamics, spectral analysis, tensor operations, lattice QCD — is a WGSL shader pipeline managed by barraCuda. It writes the math; coralReef compiles it; ToadStool dispatches it. 800+ production WGSL shaders across 10 scientific domains, all running on consumer GPUs via Vulkan — no CUDA, no ROCm.
Why it exists: barraCuda began as a crate inside ToadStool. As the springs matured, their compute demands grew specific: hotSpring needed Yukawa force kernels and lattice QCD; wetSpring needed biodiversity indices and ODE integrators; neuralSpring needed attention mechanisms and reservoir computing. The math was outgrowing ToadStool’s hardware-dispatch mission. barraCuda budded from ToadStool at S93 — the same pattern as every primal split: one responsibility consuming disproportionate surface area. ToadStool’s 50+ crates included barraCuda’s 628+ shaders, growing faster than the infrastructure code.
What Pure Rust means here: barraCuda’s NTT (Number Theoretic Transform) was built for FHE polynomial multiplication. The Cooley-Tukey butterfly structure — stage indexing, stride computation, block decomposition, twiddle lookup — is the same structure as FFT. When hotSpring needed FFT for PPPM electrostatics, the NTT kernel was the FFT kernel with complex twiddle factors instead of modular roots of unity. The main compute kernels (fhe_ntt.wgsl and fft_1d.wgsl) share the same computational skeleton. No one designed barraCuda for physics — the cryptographic constraint selected for a mathematical universal.
On hardware without native f64, barraCuda provides DF64 — double-precision emulation from f32 pairs carrying ~48 bits of mantissa, delivering 9.9x native f64 throughput on FP32 cores. The Fp64Strategy (Native/Hybrid/Sovereign/Concurrent) routes precision transparently.
The five-spring ingestion pattern is unique: each spring validates barraCuda’s kernels against published scientific results (0.000% energy drift in Yukawa MD, χ²/datum = 2.27 for nuclear EOS, 926x GPU speedup for spectral cosine). The springs are not just consumers — they are acceptance tests.
| Domain | Operations | Spring Validation |
|---|---|---|
| Linear algebra | GEMM, eigensolvers, SVD, LU, QR, sparse CG | hotSpring, neuralSpring |
| Physics | Yukawa force, Velocity Verlet, PBC, PPPM, HFB nuclear, lattice QCD | hotSpring |
| ML | Attention (7 variants), losses, optimizers, ESN | neuralSpring |
| Bioinformatics | 31 GPU bio ops: kmer, UniFrac, HMM, phylogenetics | wetSpring, healthSpring |
| Special functions | Bessel, Laguerre, Hermite, erfc, Gamma, Hill kinetics | hotSpring, wetSpring |
Participates in: Node Atomic (via ToadStool), NUCLEUS compute layer, Sovereign Compute Pipeline.
2. Post-NUCLEUS Primals
These primals represent capabilities that emerge after NUCLEUS is deployed. They compose into higher-order patterns ( RootPulse, Memory & Attribution Stack) coordinated by biomeOS via the Neural API. Each has been started — functional code, passing tests, showcase demonstrations — but they receive less focus until NUCLEUS is stable as a deployable composition. They are the next evolutionary phase: once the 8 foundation primals are solid, these 5 primals build emergent behaviors on top.
2.1 petalTongue - Representation Primal
Domain: Universal multi-modal user interface
Lines: 163,151 Rust (883 files, 19 crates, 6,331 tests)
Version: 1.3.0
petalTongue is the face. ecoPrimals was originally API-first, AI-mediated — “bring your own AI.” But humans sometimes need to see things. petalTongue provides visual, terminal, web, and headless interfaces to the ecosystem without coupling any specific UI framework to the primal architecture.
Five interface modes from a single binary ( UniBin): ui (egui desktop), tui (ratatui terminal), web (Axum browser), headless (API-only), status (health output). The UniBin pattern emerged from the constraint that ecoPrimals runs on everything from headless servers to desktop workstations to Raspberry Pis — instead of five separate UI applications, petalTongue adapts its representation mode to the environment.
Accessibility is not an afterthought — it is the design. Sighted users see graph visualizations. Blind users hear sonified health data (5 instruments, health-to-pitch mapping, spatial stereo panning, Pure Rust WAV export). Deaf users get visual alerts. Motor-impaired users get keyboard-only navigation. The same primal adapts to whatever representation capability is available.
Post- NUCLEUS role: petalTongue gives the ecosystem a face. It visualizes NUCLEUS health, primal coordination, bonding state, and workload distribution in real-time via Songbird discovery and biomeOS SSE event subscription.
2.2 rhizoCrypt - Ephemeral Memory Primal
Domain: Content-addressed DAG engine for working memory
Lines: 39,237 Rust (175 files, 4 crates, 1,620 tests)
Tests: 509/509 passing (100%)
Coverage: 83.92%
Safety: Zero unsafe blocks
rhizoCrypt is the scratch pad. Not everything should go to permanent storage. Conversation context, intermediate ML results, draft documents, exploration state — these need fast, concurrent access and zero persistence guarantees. rhizoCrypt provides exactly that: a content-addressed DAG (BLAKE3) for session state, working memory, and intermediate computation results. Lock-free concurrency (DashMap). Designed to be discarded — ephemeral by intent.
The name: rhizomes are underground root networks that connect plants. “Crypt” for the encrypted content-addressing. The working memory of the ecosystem, spreading connections between active sessions.
Six slice modes go beyond read/write permissions into nuanced data sharing: Copy (duplicate), Loan (temporary access with automatic revocation), Escrow (conditional release), Mirror (synchronized view), Consignment (delegated custody with provenance tracking), Provenance (read-only attribution chain). These map to real-world data relationships that traditional access control can’t express.
When ephemeral data needs to become permanent, rhizoCrypt dehydrates it — committing session state to loamSpine’s immutable ledger. Together they implement the gen2 “philosophy of forgetting”: not everything should be remembered forever, but some things must never be forgotten. rhizoCrypt forgets; loamSpine remembers.
Post- NUCLEUS role: Core engine of the Memory & Attribution Stack. Provides the ephemeral working layer for RootPulse (distributed version control as emergent behavior).
2.3 sweetGrass - Attribution Primal
Domain: Semantic provenance and fair attribution
Lines: 43,554 Rust (203 files, 12 crates, 1,668 tests)
Tests: 496/496 passing (100%)
Coverage: 78.39%
Safety: Zero unsafe blocks (#![forbid(unsafe_code)] in all 9 crates)
sweetGrass tracks who did what, when, and why. If rhizoCrypt is working memory and loamSpine is permanent memory, sweetGrass is the context of memory: the metadata that says where each piece came from, who contributed to it, and what rights they retain. W3C PROV-O provenance model. Fair attribution via the Braid model. GDPR-inspired data rights (5 privacy levels). Multiple storage backends (memory, Sled, PostgreSQL).
The name: sweetgrass is a sacred plant in many Indigenous traditions, used in purification ceremonies and as a reminder of kindness and gratitude. sweetGrass the primal is about giving credit where it’s due.
Why it exists: In a sovereign system with AI-assisted development, attribution becomes critical. Who wrote this code — the human or the AI? Who owns the data that trained the model? Who contributed to this research output? sweetGrass provides machine-readable answers. The Braid model — where attribution threads weave together to form a composite provenance record — is original to ecoPrimals. The AGPL-3.0 license itself is a form of attribution enforcement; sweetGrass makes it machine-readable.
sweetGrass combines the deepest provenance feature set in the Memory & Attribution stack with strong verification metrics (78.39% line coverage, 496/496 tests). 12 role types, derivation chain analysis, time decay, recursive attribution propagation, ~88% compression with session dedup + zstd.
Post- NUCLEUS role: Attribution layer for all ecosystem data. Essential for the RootPulse composition where every commit, merge, and contribution carries cryptographic attribution.
2.4 LoamSpine - Permanence Primal
Domain: Immutable linear ledger for selective permanence
Lines: 44,688 Rust (196 files, 4 crates, 1,544 tests)
Tests: 416 passing (100%)
Coverage: 77.68%
Safety: Zero unsafe blocks, zero clippy warnings (pedantic mode)
loamSpine is the permanent ledger — the fossil record. Sovereign append-only logs (Spines), Loam certificates (digital ownership, lending, provenance), recursive stacking, waypoint anchoring, inclusion proofs. If something needs to be permanent and verifiable, it goes to loamSpine.
rhizoCrypt handles ephemeral working memory — session state that can be discarded. But some things must persist: identity chains, ownership records, scientific provenance, license attestations. loamSpine provides the immutable complement. Together they implement the gen2 “philosophy of forgetting”: not everything should be remembered forever, but some things must never be forgotten. rhizoCrypt forgets; loamSpine remembers.
What Pure Rust means here: Pure Rust RPC (tarpc + JSON-RPC 2.0, no gRPC, no protobuf), zero-copy optimized (30-50% fewer allocations). loamSpine pioneered the Infant Discovery pattern — Songbird as a central hub reducing O(n²) discovery to O(n) — later adopted across the ecosystem. DNS SRV (RFC 2782) for production federation, mDNS (RFC 6762) for zero-config development.
Loam certificates with recursive stacking allow complex ownership structures: a certificate can reference other certificates, creating a DAG of provenance. “Digital lending” — temporary transfer of rights with automatic reversion — game keys, credentials, property deeds, ownership transfer. Spines serve sovereign ledgers: personal, professional, community, public.
Post- NUCLEUS role: Permanence layer of the Memory & Attribution Stack. Combined with rhizoCrypt (ephemeral) and sweetGrass (attribution), forms the complete temporal data management system and the foundation for RootPulse — distributed version control as an emergent behavior.
2.5 skunkBat - Defense Primal
Domain: Defensive network security
Lines: 14,596 Rust (70 files, 3 crates, 496 tests) — intentionally small, auditable defensive surface
Coverage: 87.37% (core modules: 90-100%)
skunkBat is the immune system. A skunk’s defense is warning before escalation. A bat’s defense is echolocation — sensing the environment without touching it. skunkBat warns and senses; it does not attack.
Why it exists: A sovereign system that connects to the internet needs defense. But defense in a sovereign system has a constraint: the defender must not become a surveillance tool. skunkBat enforces this by design, not by policy: it analyzes connection metadata (source, frequency, timing, patterns) but structurally cannot read message content. The codebase is intentionally small ( 14,596 lines, 496 tests) — a security system should be simple enough to audit completely.
Five threat types: Genetic (unknown lineage via BearDog), Topology (unusual connection patterns), Behavioral (statistical baseline deviation), Intrusion (port scanning signatures), Resource (memory/CPU/bandwidth abuse).
Graduated response: Monitor → Warn → Throttle → Quarantine → Block. The user authority principle means skunkBat cannot escalate to blocking autonomously — the user approves all major defensive actions. This prevents the security system from becoming an autonomous censor, a common failure mode in corporate security products.
Post- NUCLEUS role: Complements the Dark Forest protocol. Dark Forest handles identity and discovery privacy (zero metadata leakage); skunkBat handles active threat detection and response within the sovereign computing environment.
3. Meta-Primals & Tooling
3.1 sourDough — Scaffolding & Packaging
Domain: Primal scaffolding, genomeBin packaging, ecosystem CLI tooling
Lines: 7,897 Rust (38 files, 3 crates, 291 tests)
Classification: Meta-primal — generates primals but does not run as a NUCLEUS service at runtime
sourDough is the starter culture. sourdough scaffold generates a new primal skeleton with correct IPC, capability, and genomeBin structure — the same way a sourdough starter provides the culture that makes bread rise. It also handles genomeBin packaging, producing the deployable binary artifacts that flow into plasmidBin. Generated primals do not depend on sourDough at runtime; it is a build-time tool that enforces ecosystem conventions structurally rather than by documentation.
Participates in: plasmidBin (produces genomeBin packages), wateringHole (validates structure standards).
3.2 Infrastructure Repositories (metaPrimals)
These are not runtime primals but essential ecosystem infrastructure:
| Repo | Emoji | Purpose |
|---|---|---|
| wateringHole | 💧🕳️ | Shared standards, glossary, handoffs — the “dev tool” repo available to all ecosystem projects |
| whitePaper | 📄✍️ | Research documentation, baseCamp papers, gen3/gen4 architecture |
| sporePrint | 🍄🖨️ | Public-facing website and verification portal (this site) |
| plasmidBin | 🧬📦 | Binary distribution surface — pre-built primal binaries, checksummed and versioned. See Deployment Model |
3.3 Additional Tooling (Publishing Soon)
These three repositories are active codebases, scyBorg-licensed, and will be published to GitHub imminently. Binaries are available via plasmidBin.
bingoCube — Human-Verifiable Cryptographic Commitment
Domain: Verifiable commitment, BLAKE3 progressive reveal, visual/audio identity verification
Lines: 5,095 Rust (22 files, 4 crates, 73 tests)
Repository: ecoPrimals/bingoCube — publishing soon
bingoCube bridges the gap between mathematical proof and human trust. Cryptographic commitments are hash strings — correct, but meaningless to humans. bingoCube uses BLAKE3 progressive reveal (commit → partial reveal → full reveal) to generate visual and audio identity verification patterns: a “bingo card” that a human can check without understanding cryptography. You don’t need to read hex to verify identity. Visual verification patterns are human-recognizable; tonal fingerprints provide audio identity. Integrates with BearDog identity and Dark Forest discovery.
agentReagents — AI Agent Toolkit
Domain: AI agent composition, reagent patterns, sovereign AI orchestration
Repository: ecoPrimals/agentReagents — publishing soon
agentReagents provides the chemistry of AI agent composition. Rather than building agents from scratch, developers compose reagents — pre-validated behavioral building blocks — into agents that respect data sovereignty and run locally. The chemistry metaphor is deliberate: reagents combine predictably, their interactions are testable, and the resulting agents inherit the properties of their components. Complements Squirrel’s MCP coordination with higher-level agent architecture patterns. No cloud dependency; vendor-agnostic inference routing.
benchScale — Benchmark & Performance Characterization
Domain: Cross-primal benchmarking, performance characterization, scaling studies
Repository: ecoPrimals/benchScale — publishing soon
benchScale measures how primals scale — individually and in composition. It provides standardized cross-primal benchmark suites, identifies bottlenecks at composition boundaries (where JSON-RPC latency matters), and produces reproducible performance reports. The scaling characterization data informs deploy graph optimization and BYOB composition presets: which primals to co-locate, where to split across machines, what the cost of each IPC hop actually is.
4. Ecosystem Summary
4.1 By the Numbers
| Metric | Value |
|---|---|
| Foundation primals (production) | 8 ( BearDog, Songbird, NestGate, ToadStool, Squirrel, biomeOS, coralReef, barraCuda) |
| Post- NUCLEUS primals (started) | 5 ( petalTongue, rhizoCrypt, sweetGrass, loamSpine, skunkBat) |
| Meta/tooling | 1 ( sourDough) + 4 infra repos |
| Additional tooling (publishing soon) | 3 ( bingoCube, agentReagents, benchScale) |
| Public primal repos | 13 ( Songbird, NestGate, ToadStool, Squirrel, biomeOS, coralReef, barraCuda, petalTongue, sourDough, bingoCube, rhizoCrypt, sweetGrass, loamSpine) |
| sporeGarden products | 3 ( esotericWebb, helixVision, blueFish) |
| Binary distribution | plasmidBin — 18 entries (12 primals + 6 springs) |
| License | scyBorg — AGPL-3.0-or-later (code) + ORC (game mechanics) + CC-BY-SA 4.0 (creative/docs) |
| Primal Rust LOC | 2,655,108 (measured via tokei, 2026-06-22) |
| Spring Rust LOC | 811,427 (8 springs, measured via tokei) |
| Total Rust LOC | 3,466,535 |
| WGSL shaders | 952 files, 74K lines |
| Primal test functions | 103,117 |
| Spring test functions | 10,741 |
| Total test functions | 113,858 |
| Development time | ~6-8 months |
| Developer count | 1 (with AI assistance) |
| C dependencies | Zero (entire ecosystem) |
| Unsafe code blocks | Near zero across all production code |
| Languages | Rust (all application code), WGSL (GPU shaders) |
| IPC protocol | JSON-RPC 2.0 (universal) |
| Platforms | Linux, macOS, Android, Windows, FreeBSD, illumos, WASM |
4.2 Key Achievements
Tower Atomic - Pure Rust HTTPS: BearDog + Songbird achieve TLS 1.3 with 93% validation rate across 87 production sites, zero C dependencies, 366ms average latency. No other Pure Rust project has achieved this at comparable scale.
Sovereign Compute Pipeline: barraCuda (primal #14) writes WGSL math shaders, coralReef (primal #13) compiles to native GPU binaries, ToadStool dispatches on hardware. 786 production WGSL shaders across 10 scientific domains. Both coralReef and barraCuda were promoted from ToadStool sub-crates to independent primals as the pipeline matured. See gen3/primals/13_coralreef.md and gen3/primals/14_barracuda.md.
Dark Forest - Zero Metadata Security: biomeOS’s discovery protocol leaks zero metadata to observers. Beacons are indistinguishable from random noise. Better than Signal or Tor for metadata privacy (Signal leaks sender/receiver metadata; Tor leaks timing metadata; Dark Forest leaks nothing).
Pure Rust Tor: Songbird implements Tor directory, circuit, stream, and onion service in 3,345 lines of Pure Rust, delegating all crypto to BearDog. Sovereign P2P without dependency on the Tor network.
Neuromorphic Computing: ToadStool’s Pure Rust Akida driver detects and utilizes 160 neuromorphic processing units for bioinformatics, LLM intent classification, and image classification. No other Rust project has a production neuromorphic driver.
Accessibility-First UI: petalTongue provides 6 accessibility scenarios (blind, deaf, nonverbal, illiterate, motor disability, deaf-blind) as first-class demonstrations, not afterthoughts.
4.3 Composed Systems
| System | Primals Involved | Status |
|---|---|---|
| Tower Atomic | BearDog + Songbird | Production (93% TLS validation) |
| Node Atomic | Tower + ToadStool | Production |
| Nest Atomic | Tower + NestGate | Production |
| Full NUCLEUS | All foundation primals | Production |
| RootPulse | rhizoCrypt + loamSpine + NestGate + BearDog + sweetGrass + Songbird | Architecture defined, integration evolving |
| Memory Stack | rhizoCrypt + loamSpine + sweetGrass | All primals production-ready, composition evolving |
| Dark Forest | BearDog + Songbird + biomeOS | Production (A++ LEGENDARY) |
| Sovereign NAT | Songbird + BearDog (Tower) | Production (Tiers 1-3) |
4.4 Showcase Inventory
Every foundation primal has demonstration material. Most post- NUCLEUS primals have extensive showcase suites:
| Primal | Showcase Status | Live Demos | Notes |
|---|---|---|---|
| BearDog | Active (26 demos) | Local + production + advanced | Mined demos fossilized (federation, workflow) |
| Songbird | Examples only | Rust/Python/JS clients | Formal showcase archived; examples/ is demo surface |
| NestGate | Fossilized | — | Full showcase archived Dec 2025; remnants cleaned May 2026 |
| ToadStool | Active (8 demos) | Local + ecosystem | GPU/neuromorphic tiers fossilized (moved to coralReef/biomeOS) |
| Squirrel | Archived | examples/ (7 files) | Showcase archived; adapters + AI examples remain |
| biomeOS | Graph-based | Bonding tests, federation | No formal showcase/; demos are graph compositions |
| petalTongue | Active (30 demos) | 4-tier progression | Well-maintained March 2026+ |
| rhizoCrypt | Active (67 demos) | Local + inter-primal | Complete-workflows fossilized (mined to exp057) |
| sweetGrass | Active (35+ demos) | Local + coordination + real-world | RootPulse + bearDog-GAP fossilized |
| loamSpine | Active (16 demos) | Local + RPC | Inter-primal tier fossilized (mined to exp053) |
| skunkBat | Active (6 demos) | Local tier | Narrative tiers 1-3 fossilized (mined to defensive_mesh) |
| barraCuda | Active (9 demos) | Local + IPC + cross-primal | Added March 2026; all current |
5. The Evidence
This catalog documents what 6-8 months of constrained evolution produced. The primary focus has been the 8 foundation primals that form NUCLEUS — getting the core deployment architecture stable. The post- NUCLEUS primals have been started and have functional code, but receive less focus until NUCLEUS is solid. The methodology paper (CONSTRAINED_EVOLUTION_FORMAL.md) makes claims about how environmental constraints drive specialization. This catalog is the evidence.
Claim: Constraints drive specialization, not predetermined solutions.
Evidence: Tower Atomic was not planned. The Pure Rust constraint eliminated OpenSSL, which forced the composition pattern, which produced Pure Rust HTTPS.
Claim: All populations show increased fitness, even without breakthrough innovation.
Evidence: Every primal - including those without headline innovations like NestGate’s storage and Squirrel’s AI routing - became increasingly idiomatic, well-tested, and specialized to the Rust + async + JSON-RPC environment over iterative cycles.
Claim: Independent evolution under shared constraint produces convergent but non-identical solutions.
Evidence: All primals converged on JSON-RPC 2.0, capability-based discovery, async tokio, and Pure Rust dependencies. But each primal’s implementation is independently developed. BearDog’s IPC handler and Songbird’s IPC handler are different code that converged on the same protocol.
Claim: The methodology scales across domains.
Evidence: The same methodology produced a cryptography primal, a networking primal, a storage primal, a compute primal, an AI primal, an orchestration primal, a UI primal, a DAG engine, a provenance tracker, a ledger, and a defense system. All in Rust, all following the same standards, all independently evolved.
This catalog records what exists. Every primal listed here compiles, runs, and passes its tests. The benchmarks are measured, not estimated. The showcase demos execute, not simulate. The architecture is implemented, not proposed.