Vörðr

License & Philosophy

This project must declare MPL-2.0-or-later for platform/tooling compatibility.

Philosophy: Palimpsest. The Palimpsest-MPL (PMPL) text is provided in license/PMPL-1.0.txt, and the canonical source is the palimpsest-license repository.

Formally verified container orchestration and verification engine.

Guardian of containers. Watcher of states. Keeper of proofs.

Native .ctp runtime — Reference implementation of the verified-container-spec Runtime Integration.

The Name

Vörðr (Old Norse: /ˈvørðr/) means "guardian" or "watcher" — a spirit that follows and protects. In this system, Vörðr watches container lifecycles, guards state transitions, and ensures formal correctness through mathematical proof.

The ASCII-safe spelling is vordr.

The Languages

Vörðr is polyglot by design, using the right tool for each verification domain:

Language	Domain	Rationale
Elixir	Orchestration & MCP server	BEAM fault tolerance + GenStateMachine for reversible state transitions
Rust	CLI and eBPF monitoring	Zero-cost abstractions, container runtime integration, syscall interception
Idris2	Formal verification core	Dependent types enable proofs about container lifecycles

Project Status

Component	Status	Description
Elixir Orchestrator	Functional (90%)	GenStateMachine-based container state machine with reversibility journal; integration testing needed
Rust CLI	Builds (70%)	Container lifecycle commands exist; build fixed Jan 28; integration testing needed
MCP Adapter	Untested (70%)	ReScript adapter exists; integration status unclear
Idris2 Proofs	Structures Done (95%)	Formal verification types and proof structures; not yet tested in CI
eBPF Monitor	Partial (50%)	Userspace complete (probes, events, anomaly detection); kernel-side eBPF programs not started (0%)
Ada/SPARK Trust	Stub Only (20%)	Ada source exists but not compiled; using C stubs; integration removed Jan 27

Quick Start

Prerequisites

• Elixir (>= 1.16.0) with OTP 26+

• Rust (>= 1.75.0)

• Just command runner (optional)

Build

# Clone the repository
git clone https://github.com/hyperpolymath/vordr.git
cd vordr

# Build Elixir orchestrator
cd src/elixir
mix deps.get
mix compile

# Build Rust CLI
cd ../rust
cargo build --release

Run the MCP Server

cd src/elixir
mix run --no-halt

The Elixir orchestrator exposes an MCP-compatible JSON-RPC interface on port 8080.

CLI Usage

# Start a container
vordr run nginx:latest --name web

# List containers
vordr ps

# Stop a container
vordr stop web

# Rollback last operation (Bennett-reversible)
vordr undo --last

# Show reversibility chain
vordr audit --chain

# Run diagnostics
vordr doctor

Architecture

                          ┌─────────────────────────────────────┐
                          │           VÖRÐR CORE                │
                          │  (Orchestration & Verification)     │
                          └──────────────┬──────────────────────┘
                                         │
         ┌───────────────────────────────┼───────────────────────────────┐
         │                               │                               │
         ▼                               ▼                               ▼
┌─────────────────┐           ┌─────────────────┐           ┌─────────────────┐
│    SVALINN      │           │   CERRO TORRE   │           │     OBLIBENY    │
│  (Edge Shield)  │◀─────────▶│ (Build Verify)  │◀─────────▶│  (Orchestrate)  │
│   [ReScript]    │           │  [Ada/SPARK]    │           │    [Elixir]     │
└────────┬────────┘           └────────┬────────┘           └────────┬────────┘
         │                             │                             │
         ▼                             ▼                             ▼
┌─────────────────┐           ┌─────────────────┐           ┌─────────────────┐
│   OCI Hooks     │           │  Attestations   │           │  State Machine  │
│   [Rust/eBPF]   │           │  [Sigstore]     │           │  [GenServer]    │
└─────────────────┘           └─────────────────┘           └─────────────────┘
         │                             │                             │
         └─────────────────────────────┼─────────────────────────────┘
                                       │
                          ┌────────────┴────────────┐
                          │      DATA LAYER         │
                          │                         │
                          │  ArangoDB  Dragonfly    │
                          │  (Attest)  (Cache)      │
                          │                         │
                          │        LMDB             │
                          │       (Proofs)          │
                          └─────────────────────────┘

Components

Component	Location	Description
Elixir Orchestrator	src/elixir/	GenStateMachine-based container state machine, reversibility journal, supervision tree
Rust CLI	src/rust/cli/	Container lifecycle commands, compose support, auth, diagnostics
Idris2 Verification	src/idris2/	Formal verification of lifecycle transitions (in development)
MCP Adapter	src/mcp-adapter/	ReScript adapter exposing Vörðr tools to MCP clients

Elixir State Machine

The Elixir orchestrator implements a formally verified container lifecycle:

    ImageOnly → Created → Running ⇄ Paused
                   │          │        │
                   │          ▼        │
                   │       Stopped ←───┘
                   │          │
                   ▼          ▼
                 Removed ← ───┘

Each state transition is logged for reversibility:

# Start a container
{:ok, pid} = Vordr.Containers.start_container("nginx:1.26", name: "web")

# Transition state
:ok = Vordr.Containers.start(pid)
:ok = Vordr.Containers.pause(pid)
:ok = Vordr.Containers.resume(pid)

# Rollback with reversibility
:ok = Vordr.Reversibility.rollback(pid, steps: 2)

Integration with Svalinn Ecosystem

Component	Role	Communication
Svalinn	Edge gateway, request validation	Calls Vörðr via MCP/JSON-RPC
Cerro Torre	Provenance-verified builds	Produces .ctp bundles verified by Vörðr
verified-container-spec	Protocol specification	Schema definitions for attestations, runtime integration patterns

Runtime Integration

Vörðr is the reference implementation for native .ctp bundle execution. Other runtimes (nerdctl, Podman) can integrate via plugins, shims, or hooks as described in the Runtime Integration Specification.

Unique to Vörðr:

• Verification is always enforced - no opt-out

• Formally verified state transitions (Idris2 proofs)

• Bennett-reversible container lifecycle

• SPARK-proven cryptographic operations

Svalinn Integration

Svalinn delegates container operations to Vörðr:

{
  "jsonrpc": "2.0",
  "method": "tools/call",
  "params": {
    "name": "vordr_container_create",
    "arguments": {
      "image": "nginx:1.26",
      "name": "web",
      "config": { "readOnlyRoot": true }
    }
  }
}

Cerro Torre Integration

Vörðr verifies .ctp bundles produced by Cerro Torre:

# Pack an image with Cerro Torre
ct pack docker.io/library/nginx:1.26 -o nginx.ctp

# Run via Vörðr with verification
vordr run nginx.ctp --verify

Project Structure

vordr/
├── src/
│   ├── elixir/           # Orchestration layer
│   │   ├── lib/vordr/
│   │   │   ├── application.ex
│   │   │   ├── containers.ex
│   │   │   ├── containers/container.ex  # GenStateMachine
│   │   │   ├── reversibility.ex
│   │   │   └── reversibility/journal.ex
│   │   └── mix.exs
│   ├── rust/             # CLI and runtime
│   │   ├── cli/          # Subcommands
│   │   └── Cargo.toml
│   ├── idris2/           # Formal proofs
│   ├── ada/              # Trust engine
│   └── mcp-adapter/      # ReScript MCP adapter
└── README.adoc

License

SPDX-License-Identifier: MPL-2.0-or-later

Vörðr is free software under the Palimpsest-MPL-1.0 OR PMPL-1.0-or-later. See LICENSE.txt for full terms.