A deterministic-first, cryptographically auditable operator platform for critical infrastructure, military C4ISR, energy grids, and government systems.
Cloud LLMs are stochastic black boxes. ORDL is a deterministic-first, adaptive-second kernel with hard safety bounds that never mutate — designed for domains where "probably safe" is not safe enough.
Generative AI (ChatGPT, Claude, Kimi, Moonshot) is optimized for conversational fluency and general reasoning. It is not optimized for:
- Deterministic safety — same input, same output, every time
- Cryptographic audit trails — every action signed and tamper-evident
- Air-gapped sovereignty — runs on bare metal without cloud dependency
- Native classification handling — USG, NATO, EU, UN, HIPAA built in, not bolted on
- Immutable safety bounds — hard constraints that cannot drift via fine-tuning
ORDL fills that gap. It is not a chatbot. It is an operator kernel — like an operating system for autonomous decision-making in high-stakes environments.
| Capability | Cloud LLM (GPT-4, Kimi, Moonshot) | ORDL Operator Core |
|---|---|---|
| Output determinism | ❌ Stochastic / non-reproducible | ✅ Cryptographically bounded, reproducible |
| Action audit trail | ❌ Log files only | ✅ HMAC-SHA3-256 per action, verifiable chain |
| Air-gapped operation | ❌ Requires internet + API keys | ✅ Runs on bare metal, zero external dependency |
| Classification handling | ❌ Post-hoc content filtering | ✅ Native (USG, NATO, EU, UN, HIPAA, GER, BRA, JPN) |
| Safety guarantee | ❌ Fine-tuning can drift | ✅ Hard immutable bounds, promotion-gated change |
| Inference cost | ❌ $ per token, API latency | ✅ 80,820 steps/min on commodity CPU |
| Model size | ❌ Hundreds of billions of parameters | ✅ 41,000 parameters (pure NumPy) |
| Train time | ❌ Days on GPU clusters | ✅ ~30 seconds on CPU |
91/91 unit tests passing
4/4 chaos engineering tests passing (partition, node death, corruption, slow gossip)
12/12 federation & closed-loop tests passing
9/9 scenario replay validation passing (100% deterministic)
Extraction parity: GO — 100% coverage, 0 blockers
Bandit security scan: CLEAN
Ruff lint: CLEAN
Sustained throughput: 80,820 steps/minute (1,347/sec) on single-core CPU.
| Adapter | Source | Status | Typical Records |
|---|---|---|---|
| NOAA Weather | alerts.weather.gov | ✅ Live | 50+ alerts/day |
| USGS Earthquakes | earthquake.usgs.gov | ✅ Live | 200+ events/day |
| UN OCHA HDX | data.humdata.org | ✅ Live | 4+ datasets |
| GDELT Global Events | data.gdeltproject.org | ✅ Live | 1,200+ records/15min |
| CISA KEV | api.cisa.gov | When available |
| Adapter | Domain | Protocols |
|---|---|---|
| C4ISR Tactical | Military | Link-16 J-Series, track fusion, SECRET+ handling |
| Military Logistics | Military | GCSS-Army, readiness calculator, NSN/UIC tracking |
| SCADA Monitor | Critical Infrastructure | Modbus TCP, DNP3, IEC 61850, OPC-UA (read-only) |
| Energy Grid | Energy | ERCOT/CAISO/PJM/ENTSO-E APIs, CIM XML, IEEE 2030.5 |
| FOIA Tracker | Government | FOIA request pipeline, status tracking |
git clone https://github.com/your-org/ordl-operator-core.git
cd ordl-operator-core
docker build -t ordl-operator .
docker-compose uphelm install ordl-operator helm/ordl-operator/ \
--set profile=osint-global \
--set replicaCount=3./scripts/install_systemd.sh
systemctl start ordl-operator# Copy model artifact + profiles + spool directory
cp -r artifacts/model /target/airgap/
cp -r artifacts/profiles /target/airgap/
cp -r artifacts/spool /target/airgap/
# Run with local profile only
python scripts/ordl_launch.py --profile osint-global --collect┌─────────────────────────────────────────────────────────────┐
│ ORDL Operator Core │
├─────────────────────────────────────────────────────────────┤
│ Adapters Kernel V2 Truth Registry │
│ ───────── ──────── ───────────── │
│ NOAA State Assembly Layered Precedence │
│ USGS Planning Conflict Detection │
│ GDELT Validation Classification Filter │
│ C4ISR Execution Federated Resolution │
│ Energy Step Logging Air-Gap Sync │
│ SCADA │
├─────────────────────────────────────────────────────────────┤
│ Security Layer │
│ ───────────── │
│ HMAC-SHA3-256 Audit Chain │ Classification Engine │
│ Vault-compatible Secrets │ Peer Compatibility Filter │
│ Tamper Detection │ Cross-Scheme (USG/NATO/EU) │
├─────────────────────────────────────────────────────────────┤
│ Model (41K params, NumPy) │
│ ───────────────────────── │
│ State Encoder (256→64) │ Policy Bank (learned actions) │
│ Action Encoder (128→64) │ Contrastive Trainer │
│ Deterministic > Learned │ Promotion-Gated Deployment │
└─────────────────────────────────────────────────────────────┘
ORDL's safety architecture is promotion-gated:
- Observe — collect real-world observations via adapters
- Replay — test candidate policies against scenario packs deterministically
- Evaluate — measure outcomes against truth registry constraints
- Promote — only promoted policies enter the active policy bank
Learned models can suggest actions. They cannot override deterministic safety bounds. Ever.
Monitor SCADA/ICS networks for anomaly detection and automated alerting without ever writing to control systems. Read-only by architecture.
Ingest Link-16 tracks, fuse multi-source sensor data, and generate alert queues with native SECRET+ classification handling and need-to-know enforcement.
Monitor ISO market pricing (ERCOT, CAISO, PJM, ENTSO-E), renewable generation forecasts, and line status — with NERC CIP compliance built into action preconditions.
Aggregate NOAA, USGS, GDELT, and UN OCHA feeds into a unified geopolitical picture with cryptographically verifiable provenance chains.
Air-gapped deployment for HIPAA-compliant clinical decision support with deterministic, auditable recommendations.
- TCP Transport — production mesh with signed messages
- Air-Gap Spool — data diode compatible, no network required
- In-Memory — deterministic testing harness
Chaos-tested: partition recovery, node death/rebirth, message corruption rejection, slow gossip convergence.
python scripts/train_policy_embedder.py \
--epochs 150 \
--target-count 5000 \
--output-dir artifacts/modelTrains in ~30 seconds on CPU. Produces:
state_encoder.json— state embedding networkaction_encoder.json— action embedding networkpolicy_bank.json— ranked action libraryloss_curve.json— training telemetry
- Bandit static analysis: clean (0 high/medium issues)
- No dependencies beyond
numpyanddefusedxmlfor core operation - All external HTTP requests validated for scheme (http/https only)
- XML parsing hardened against XXE/billion-laughs
- Hash-chained step logs with per-record HMAC-SHA3-256
See SECURITY.md for the full threat model and disclosure policy.
# Run full test suite
pytest tests/ -v
# Run chaos engineering tests
pytest tests/test_chaos_engineering.py -v
# Run extraction parity scan
python scripts/verify_extraction_parity.py
# Run scenario lab
pytest tests/test_scenario_lab.py -v
# Run federated demo with live data
python demo_scripts/run_federated_demo.py --duration 120Six pre-configured operational profiles included:
osint-global— Open-source intelligence aggregationmilitary-nato— NATO-aligned C4ISR + logisticscritical-infra-us— US critical infrastructure monitoringenergy-eu— European energy grid (ENTSO-E)healthcare-us— HIPAA-aligned clinical supportngo-humanitarian— UN OCHA + field data
This is an open-core project. The kernel and all adapters are MIT-licensed.
- Bug reports: Issues
- Feature requests: Discussions
- Security disclosures: See SECURITY.md
Priority areas for contribution:
- Additional ISO API integrations (PJM, NYISO, MISO)
- Healthcare FHIR adapter (Epic, Cerner)
- Additional classification schemes
- Performance benchmarking on ARM/embedded
deterministic ai sovereign ai air-gapped ai critical infrastructure ai scada monitoring c4isr military ai government ai energy grid ai operator kernel ai safety llm alternative deterministic operator cryptographic audit classification-aware ai nerc cip hipaa ai nato stanag air gap deployment
MIT — free for government and academic use.
ORDL is not a chatbot. It is infrastructure. Built for the domains where failure is not an option.