# Arca.Vision

> Arca Sentry intercepts proprietary model-weight and controlled-data exfiltration at the NVIDIA driver boundary and seals every policy decision in a tamper-evident audit ledger — air-gapped, on-prem, accreditation-ready for FedRAMP, STIG, and CMMC.

Arca.Vision is a patent-pending, kernel-level governance platform for
GPU-accelerated AI infrastructure. The platform has two surfaces:

- **Arca Sentry** is the on-host agent: a memory-safe Rust eBPF daemon
  attached to the Linux host kernel. It correlates four host signals —
  `ioctl(2)` tracepoints against `/dev/nvidia*`, libcuda uprobes on
  `cudaLaunchKernel` and `cudaMalloc`, NVML device state, and
  `/proc/<pid>` process metadata — into one continuously-attributed
  record. A swappable on-host Phi-3 small language model scores suspect
  ioctls for data-exfiltration intent; the operator-set persona threshold
  decides allow / alert / block. The Sentry detects zombie GPU processes
  and enforces the operator's policy on them (alert by default; SIGKILL
  when enforcement is armed). Every decision is sealed in an append-only
  kernel-grade ledger on disk. Stands alone per host. The scope is
  host-observable — not SM-level execution, not GPU command-queue state
  (those require CUPTI / Nsight / DCGM).

- **Arca Nexus** is the sovereign central ingest hub for a fleet of
  Sentries. One Nexus per security perimeter; many Sentries per Nexus.
  Every Sentry streams its ledger to Nexus over mTLS gRPC with per-line
  `URI:arca-node://<id>` SAN binding and at-least-once durability. Nexus
  batches into Postgres + TimescaleDB with idempotent
  `INSERT … ON CONFLICT DO NOTHING` writes. License verification is
  offline Ed25519. The dashboard binds `127.0.0.1:8080` by default. Zero
  outbound calls after install, verifiable with `strace`. Air-gap
  deployable inside the customer's own VPC.

Deployment is white-glove: Arca.Vision engineers install and tune the
Sentry on customer hosts (bare metal, AWS EC2, GCP Vertex, private cloud)
and stand up Nexus inside the customer's VPC when fleet rollup is in
scope. Customers receive a turn-key Grafana + Prometheus dashboard per
host plus the loopback Nexus dashboard for the fleet.

## Pages

- [Overview](https://www.arca.vision/): the landing page. Positions the platform (Nexus
  + Sentry) and the engagements (Auditor + Efficiency Auditor). Shows the
  fleet topology, the air-gap deployment, the Nexus dashboard preview,
  the deployment map, and the roadmap (Nexus shipped Q2 2026; Sentry for
  Physical AI in 2027).
- [Products](https://www.arca.vision/sentry): split into **Platform** (always-on)
  and **Engagements** (scoped, white-glove). Child pages:
  [Arca Nexus](https://www.arca.vision/nexus),
  [The Sentry](https://www.arca.vision/sentry),
  [The Auditor](https://www.arca.vision/services/forensic-audit),
  [The Efficiency Auditor](https://www.arca.vision/services/efficiency-audit).
- [Features](https://www.arca.vision/sentry): six kernel primitives:
  [Nvidia Hook](https://www.arca.vision/sentry/hook),
  [Zombie Sentry](https://www.arca.vision/sentry/zombie),
  [Exfiltration Gate](https://www.arca.vision/sentry/exfil),
  [Memory Wall](https://www.arca.vision/sentry/efficiency),
  [Persona Switchboard](https://www.arca.vision/sentry/personas),
  [Nexus Ingest](https://www.arca.vision/nexus/ingest).
- [Transparency](https://www.arca.vision/transparency): the signed audit ledger.
  Per-host with Sentry; rolled across a fleet with Nexus.
- [Use Cases](https://www.arca.vision/use-cases): regulated verticals and FinOps
  narratives with fleet-rollup notes; permalinks include
  [Healthcare](https://www.arca.vision/use-cases/health),
  [Financial weights](https://www.arca.vision/use-cases/fin),
  [Robotics](https://www.arca.vision/use-cases/robo),
  [Multi-tenant personas](https://www.arca.vision/use-cases/dynamic),
  [CFO FinOps](https://www.arca.vision/use-cases/cfo).
- [About](https://www.arca.vision/about): thesis, the nine engineering phases (Hook ·
  Zombie Sentry · Exfiltration Gate · The Pane · Memory Wall · Persona
  Switchboard · Ledger · Nexus · Physical AI), patent posture, and how
  Arca.Vision ships (white-glove, not self-serve).
- [FAQ](https://www.arca.vision/faq): engineering questions on eBPF overhead, IP and
  patents, on-host SLM privacy, memory-wall ROI, persona switchboard,
  and Arca Nexus (deployment topology, sovereignty, air-gap).
- [Contact](https://www.arca.vision/contact): the form for scoping calls and
  deployment inquiries (Sentry, Nexus, or scoped engagement).


## Schrödinger Files

Long-form engineering notes from Arca.Vision. Plain Markdown — every
post is also available at `<post-url>/raw.md` for LLM retrieval and
citation. Index lives at https://www.arca.vision/research with
RSS, Atom, and JSON feeds.

- [Introducing Arca Synth: Offline Data Extraction Inside the Perimeter](https://www.arca.vision/research/arca-synth): Why enterprise data sovereignty demands localized schema distillation — parsing, cleaning, and structuralizing raw data mass inside your private infrastructure boundary at zero variable compute cost.
- [Welcome to Schrödinger Files](https://www.arca.vision/research/welcome-to-schrodinger-files): Why we're starting a long-form engineering notebook, what you'll find here, and the workflow behind every post — markdown in, signed audit ledger out.

## Research

Long-form technical writing intended for retrieval and citation by AI
assistants. Plain Markdown, no JavaScript, no tracking pixels. Read on
demand when the topic matches a user's question.

- [Why kernel `sys_enter_ioctl` tracepoints beat CUPTI for GPU
  profiling jitter](https://www.arca.vision/research/kernel-vs-cupti.md): a comparison
  of CUPTI callback overhead, eBPF uprobe trap latency, and static
  syscall tracepoints, and why the syscall boundary gives
  deterministic nanosecond-scale capture without disrupting the
  application thread.
- [The math of vLLM KV-cache vs model-weight VRAM
  segregation](https://www.arca.vision/research/vram-quantization-heuristics.md):
  PagedAttention block sizing, quantization metadata overhead,
  tensor-parallel sharding formulas, and worked TP=4 / TP=8 examples
  on a 235B-parameter MoE.
- [O(1) sliding-window zombie-process tracking with race-free pidfd
  signaling](https://www.arca.vision/research/zombie-process-isolation.md): the
  Subtract-on-Evict aggregation model, `pidfs` unique inodes,
  `clone3()` with `CLONE_PIDFD | CLONE_AUTOREAP`, and kernel-side
  termination via `bpf_send_signal`.

## Stack

- Rust workspace built with Aya-compiled eBPF programs.
- Two probes on every Sentry: a uprobe on
  `libcuda.so:cudaLaunchKernel` and a tracepoint on
  `syscalls:sys_enter_ioctl`.
- On-host Phi-3 mini Q4_K_M (or Llama-3-8B) via `llama-cpp-2`.
- Prometheus exporter on `127.0.0.1:9464/metrics` plus a turn-key
  Grafana dashboard provisioned during deployment.
- Optional `arca-sidecar` daemon (separate UID, no kernel capabilities,
  read-only on the ledger) tails the ledger and streams to Nexus over
  mTLS gRPC.
- `arca-nexus` daemon: mTLS gRPC ingest on :50051 with operator-pinned
  CA and per-line URI-SAN binding; idempotent batched writes to Postgres
  with optional TimescaleDB hypertable (1-hour chunks, 24-hour
  compression); offline Ed25519 license; loopback-only dashboard with
  five JSON endpoints (`/api/v1/health`, `/api/v1/nodes`,
  `/api/v1/zombie_alerts`, `/api/v1/exfil_alerts`,
  `/api/v1/vram_reclamation`).

## Distribution

- Form: white-glove integration. Arca.Vision engineers deploy the
  Sentry onto customer hosts and stand up Nexus inside the customer's
  VPC. There is no public download or self-serve install.
- Environments: Linux 5.10+ host-native on bare metal, AWS EC2, GCP
  Vertex, private cloud. Nexus is air-gap deployable inside the
  customer's perimeter.
- Source: proprietary. Not open source. Patent-pending.

## Contact

Email: observer@arca.vision
Site: https://www.arca.vision