niklas/amduat-api
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity
amduat-api/ops/ENC-ASL-AUTH-HOST.md

226 lines
4.9 KiB
Markdown
Raw Normal View History

Added some notes that needs to be analyzed.
2026-01-17 00:19:49 +01:00
Perfect! Heres a draft specification for **ENC-ASL-AUTH-HOST v0.1**, the **on-disk layout and encoding** for the authority host. This complements ASL-AUTH-HOST by formalizing **how artifacts, blocks, logs, snapshots, and certificates are stored**.
---
# ENC-ASL-AUTH-HOST v0.1 — On-Disk Layout
## 1. Purpose
Defines the **physical and logical layout** of an ASL authority hosts storage.
Ensures:
* Deterministic artifact placement
* Snapshot-aware storage
* Offline-first operation
* Compatibility with ASL-HOST, PERs, and SOPS bundles
---
## 2. Root Layout
```
/asl-auth-host/
├─ /domains/
│ ├─ <domain-id>/
│ │ ├─ /store/
│ │ ├─ /log/
│ │ ├─ /snapshots/
│ │ ├─ /certs/
│ │ ├─ /policies/
│ │ └─ /dam/
├─ /tools/
│ └─ <binary-tools> # deterministic, versioned rescue/auth tools
├─ /env-claims/
│ └─ <snapshot-hash>.claim
└─ /sops-bundles/
└─ <bundle-id>.sops
```
---
## 3. Domains Directory
**`/domains/<domain-id>/`** contains all **domain-specific storage and authority artifacts**.
### 3.1 Store
```
/domains/<domain-id>/store/
├─ blocks/
│ ├─ <block-id>.bin # raw artifact bytes
│ └─ <block-id>.meta # metadata: size, type_tag, sealed_flag
├─ indices/
│ ├─ segment-<n>.idx # ASL-STORE index segments
│ └─ bloom-<n>.bf # optional bloom filters
```
* Each block is **immutable once sealed**
* Segment indices point to block IDs and offsets
* Encoding follows **ASL-STORE-INDEX + ENC-ASL-STORE(-INDEX)** rules
---
### 3.2 Log
```
/domains/<domain-id>/log/
├─ log-<seq>.aol # append-only log files
```
* Each log record contains:
* Artifact additions
* DAM signatures
* Snapshot seals
* Tombstone records
* Deterministic replay reconstructs **CURRENT** state
---
### 3.3 Snapshots
```
/domains/<domain-id>/snapshots/
├─ snapshot-<id>.meta
├─ snapshot-<id>.blocks # optional reference map
```
* Snapshot metadata includes:
* Logseq boundary
* Sealed segments
* Block references
* Environment claim artifact reference
* Snapshots are **immutable**
---
### 3.4 Certificates
```
/domains/<domain-id>/certs/
├─ root.pub # root public key
├─ root.priv.enc # encrypted private key
├─ dam-signer.pub # optional signing key for DAMs
├─ dam-signer.priv.enc
```
* All private keys are encrypted and **never leave offline host**
* Public keys are referenced in DAM artifacts
---
### 3.5 Policies
```
/domains/<domain-id>/policies/
├─ policy-<hash>.json
```
* Policy hash stored as artifact
* Policies include:
* Domain admission rules
* Courtesy leases
* GC / retention rules
---
### 3.6 Domain Admission Manifests (DAM)
```
/domains/<domain-id>/dam/
├─ dam-<seq>.json.sig # signed DAM artifact
```
* Each DAM artifact contains:
* Domain ID
* Root key fingerprint
* Policy hash
* Courtesy lease info (optional)
* Signed by root key
---
## 4. Tools
```
/tools/
├─ asl-auth-host # main authority binary
├─ asl-rescue # SystemRescue patched tools
└─ sops # for offline bundle creation
```
* Versioned, deterministic, immutable binaries
* Executables stored as ASL artifacts if desired
---
## 5. Environment Claims
```
/env-claims/
├─ <snapshot-id>.claim
```
* Contains:
* OS image hash
* Boot environment info
* Installed tool hashes
* ASL-HOST store checksum at snapshot
* Stored as artifact and optionally signed by root key
---
## 6. SOPS Bundles
```
/sops-bundles/
├─ <bundle-id>.sops
```
* Encrypted container for DAMs, PER receipts, and optionally policies
* Can be delivered to new nodes for **admission or rescue**
* Includes checksums for integrity
---
## 7. Encoding Conventions
1. **Blocks**: `<block-id>.bin` (raw bytes), accompanied by `<block-id>.meta`
2. **Indices**: segment-based index; segment files immutable after seal
3. **Log**: append-only, each entry:
* `logseq | artifact_key | block_ref | type_tag | operation | signature`
4. **Snapshots**: snapshot ID derived from hash of CURRENT log + block refs
5. **Certificates**: PEM or ASL-artifact wrapped keys
6. **SOPS Bundles**: standard encrypted JSON/YAML with embedded checksums
---
## 8. Security Notes
* Private keys must **never be exposed** or included in SOPS bundles unencrypted
* Blocks in store may be encrypted with **per-domain keys**
* Environment claims ensure **proof of offline execution**
* DAMs must be signed to be trusted
---
This layout allows the **authority host** to:
* Bootstrap personal or group domains
* Accept rescued artifacts
* Produce deterministic PERs and snapshots
* Create SOPS bundles for new nodes
* Operate fully offline
---
If you want, I can **draw a full diagram showing the ENC-ASL-AUTH-HOST tree, block-flow, snapshot integration, and PER generation**, so its easier to visualize the data flow during rescue or admission.
Do you want me to make that diagram next?
Reference in a new issue Copy permalink