Kea is the unified monorepo for four core infrastructure tools, each named after a behavioural trait of the Kea parrot: strategic roosting, vocal coordination, investigative dexterity, and adaptive intelligence.
The system provides a closed-loop audit-and-remediation pipeline: sensors probe infrastructure, signals are routed via zero-copy protocols, and the orchestrator executes playbooks to fix or alert.
| Directory | Component | Purpose |
|---|---|---|
bivouac/ |
Kea-Bivouac — The Command Authority | Orchestration and deployment controller. Manages the separation of administration from runtime, executes playbooks, enforces mTLS zero-trust communication. |
call/ |
Kea-Call — The Contact-Signalling Protocol | Cap’n Proto and MCP definitions for ecosystem communication. Zero-copy binary serialisation between sensors (Mandible) and logic (Wit) via the Request-Signal-Action loop. |
mandible/ |
Kea-Mandible — The Investigative Mandible | High-dexterity sensor suite. Contains four crates: Kea-Beak (filesystem/network auditor at 10k files/sec), Kea-Mandible CLI, WP-Praxis (WordPress core auditor), and Slop-Gate (bloat detection filter). |
wit/ |
Kea-Wit — WebAssembly Interface Types | WIT interface definitions and tooling for WebAssembly Component Model development, validation, and code generation. |
Kea-Call
Kea-Mandible -----(Cap'n Proto)-----> Kea-Wit
(Sensors) (Logic)
| |
| Kea-Bivouac |
+----------> (Orchestrator) <---------+
See TOPOLOGY for a detailed architecture map, completion dashboard, and MVP roadmap.
# Build all Rust components
just build
# Run all tests
just test
# Full check suite (format, lint, test)
just check
# Deep audit a target path (via Mandible)
just mandible-pry /var/www/html
# WordPress audit (via Mandible)
just mandible-wordpress /var/www/html
# Execute a failover playbook (via Bivouac)
just bivouac-playbook integrity-violation
# Security scan (pre-commit)
just panickea/
├── bivouac/ # Kea-Bivouac (orchestration and deployment)
│ ├── src/ # Rust application source
│ ├── tests/ # Integration tests
│ ├── playbooks/ # TOML playbook definitions
│ └── fuzz/ # ClusterFuzzLite fuzz targets
├── call/ # Kea-Call (signalling protocol definitions)
├── mandible/ # Kea-Mandible (investigative sensors)
│ └── crates/ # Workspace: kea-beak, kea-mandible, wp-praxis, slop-gate
├── wit/ # Kea-Wit (WebAssembly interface types)
├── .github/workflows/ # 17 RSR-standard CI/CD workflows
├── .machine_readable/6a2/ # Machine-readable state (A2ML format)
├── .well-known/ # Security and AI discovery files
├── justfile # Top-level build recipes
├── TOPOLOGY.md # Architecture map and completion dashboard
├── LICENSE # MPL-2.0 (tooling compat; see NOTICE)
├── LICENSES/ # MPL-2.0.txt + MPL-2.0.txt
└── NOTICE # Licensing explanation
Per the Hyperpolymath language policy:
| Domain | Technology |
|---|---|
| Systems / Core | Rust |
| Serialisation | Cap’n Proto (zero-copy) |
| Interfaces | WIT (WebAssembly Component Model) |
| Runtime (where JS needed) | Deno |
| Configuration | TOML, Nickel |
| ABI (planned) | Idris2 |
| FFI (planned) | Zig |
| API (planned) | zig |
-
Slop-Gate heuristic tuning (60% → 90%)
-
WP-Praxis edge case coverage (multisite, custom themes)
-
WIT specification formalisation
-
End-to-end integration test: Mandible → Call → Bivouac
-
Idris2 ABI definitions for cross-component type safety
-
Zig FFI layer for C-compatible sensor plugins
-
zig API connectors for external integrations
-
Chainguard-based OCI container image
-
BoJ-server integration (Kea sensors as MCP cartridge data sources)
-
Crate publication to crates.io
Licensed under MPL-2 (Palimpsest License).
The root LICENSE file contains MPL-2.0 for tooling compatibility. See
NOTICE for details.
Copyright © 2024-2026 Jonathan D.A. Jewell <j.d.a.jewell@open.ac.uk>
Jonathan D.A. Jewell <j.d.a.jewell@open.ac.uk>