Structure becomes geometry.

Hand it data nobody labeled — packets, price candles, JSON — and the thing that doesn't belong lands geometrically far from everything that does. No GPU, no training set, no black box. The same idea grew past the encoder into a language, a signed practice, and an 86-chapter book — every line of code and prose written by an LLM, from one person's architecture.

Read the Story GitHub

The seed — structure into geometry

Hand Holon a JSON record, a packet, a candle; it binds each field to its role and folds them into one 4096-dim vector. Similar shapes land close; an anomaly lands far. And it’s no black box: subtract what its learned model of “normal” can reconstruct, and what’s left is exactly the part that didn’t belong — per field, deterministically.

It became a language

wat — a Lisp hosted on Rust the way Clojure is hosted on the JVM: defn, defrecord, EDN, borrowing Rust’s type system; it interprets your code. Young and moving fast — Scheme at the root, Clojure on the surface.

It became a signed practice

datamancy — review disciplines served as a signed, content-addressed manifest. The datamancer signs with a key that never leaves AWS KMS; your agent verifies the bytes against a pinned public key before reading them. It proves provenance — these are the exact bytes the datamancer signed — not that any instruction is safe to obey.

It works — without signatures or training data

Same algebra, two layers: a kernel scrubber (XDP/eBPF) that absorbed an uncapped ~1.3M-packet/sec flood at 99.5% drop and 52ms detection, and an L7 firewall that learns “normal” HTTP in ~6 seconds and shuts out a live Nikto scan of DVWA at zero false positives. No CVE database. No GPU.

What this is

Everything here is one idea — structure becomes geometry — carried until it ran out of places to apply. Built by one person, after hours, by prompting LLMs: every file in every repository, code and prose including this page, was written by a machine. The architecture is human; not a line of the implementation is.

It starts as an encoder. Hand Holon any structured data and it turns the shape into a point in 4096-dimensional space — which fields exist, how they nest, what binds to what. Similar structures land close; an anomaly lands far. The explanation is built in: subtract what a learned model of “normal” reconstructs, and the remainder is the anomalous component — a deterministic, per-field account of what didn’t belong, with striped encoding keeping fields from bleeding into each other. The technique is Vector Symbolic Architecture, dating to Kanerva (1988).

It outgrew a library. So it became wat — a Lisp-family language hosted on Rust the same way Clojure is hosted on the JVM: it borrows Rust’s type system, speaks EDN, and interprets your code rather than compiling it. Built so the vector algebra is something you write, not a library you call. Young and moving fast — the substrate everything else now runs on.

Code that keeps other code honest is only as trustworthy as its source. So it became datamancy — review disciplines served as a content-addressed manifest signed by a key that never leaves AWS KMS; an agent verifies the bytes against a pinned public key before it reads them. It proves provenance, not safety: that these are the exact bytes the datamancer signed, not that an authentic instruction is safe to obey.

And it works without the usual machinery. At the kernel boundary, an XDP/eBPF scrubber absorbed an uncapped ~1.3M-packet/sec flood at a 99.5% drop rate and 52ms detection. At the application layer, a spectral firewall learns “normal” from ~6 seconds of traffic and shuts out a live Nikto scan at zero false positives — no signatures, no CVE database. The whole thing was worked out in the open: an 86-chapter book, written in the moment.

Read the series

Three tracks, read in any order. These are the doors in — the full, current table of contents lives in the sidebar.

Primers → — VSA from scratch in six posts: what a hypervector is, the three operations, the encoding stack, coordination-free scaling, and the wat language.
The Story → — How a DDoS detector became a substrate, a language, and a signed grimoire — told from the git log, week by week. Start at the prologue; the sidebar holds the whole arc through to the perpetual epilogue.
The Book → — The philosophy, written in the moment as the work happened — with the Guide (the 007 blueprint) and the Circuits (the machine as signal flow).

The work

holon-rs — The kernel. Five primitives: atom, bind, bundle, cosine, reckoner. SIMD-accelerated. f64 pipeline for scalar extraction. The Reckoner unifies discrete classification and continuous regression in one struct with a self-evaluating conviction-accuracy curve.

wat (legacy) — two early spec attempts at the language, since subsumed by wat-rs. Kept as a relic; the living language and all its tooling live in wat-rs.

wat-rs — Where the wat language actually lives: parser, type checker, macro expander, runtime, and all the tooling. wat is a Lisp hosted on Rust the way Clojure is on the JVM — it interprets, not compiles; #[wat_dispatch] surfaces Rust crates under the :rust:: namespace. The wat machine is real.

holon-lab-trading — The enterprise. Self-organizing BTC trader with N market observers, M exit observers, N×M brokers (Grace/Violence accountability), streaming indicators, and a guide-driven specification process. 37 wat files, 4,804 lines, proven by the ignorant ward. The conviction-accuracy curve is exponential: 62.1% with 107 atoms on 100k candles.

holon-lab-ddos — Where it started. veth-lab: XDP + eBPF packet scrubber, 1.3M PPS, 1M rules at line rate via BPF tail-call DFS. http-lab: spectral firewall — 41µs geometric anomaly detection, 0.1% FPR, self-calibrating, no signatures.

holon (Python) — The reference implementation. 18 challenge batches, F1=1.0 anomaly detection, the encoding insight that made everything else possible. The Rosetta Stone that the Rust port was built from.

holon-lab-baseline — LLM-driven traffic generation. Playwright + Ollama agents producing organic WordPress HTTP traffic for realistic experiment baselines.

scratch — The design half. Durable thinking artifacts that survive conversation compaction by living on disk: the meta-vision (functions-are-reality; the wat-network of mutually-authenticating vms), the per-arc design threads, and the forward work waiting on arc 109. The WHY and the WHAT behind the implementation.

datamancy — The grimoire. The wards reborn as Latin-named code-review spells, packaged as the zero-dependency npm adapter (npx datamancy) that verifies every spell against a KMS-signed (ECDSA P-256) manifest. Frozen at 1.0.0 — never patched. The conscience of the work, made public and un-tamperable.

datamancy.dev — The grimoire’s home: a cryptographically-verifiable static MCP that serves the spells as raw markdown alongside the signed manifest the adapter checks them against.

datamancer.dev — The practitioner’s identity card. Raw markdown, agent-readable; three pointers: chronicle, grimoire, source.

algebraic-intelligence.dev — This site. The chronicle, the primers, the book — and an agent-readable interface (markdown companions, .well-known endpoints, a signed agent-skills pointer at datamancy.dev).

Every file across all repositories is 100% LLM-generated. Zero hand-written code. Zero hand-written prose — including this site. Domain knowledge and architecture from the author; everything else from Grok, Sonnet, and Opus via prompting.