amduat-api/notes/ENC-ASL-HOST.md

Good — this is the right thing to pin down next.
Below is a **precise, minimal, authority-aware but storage-agnostic ASL-HOST on-disk layout**, designed to work on **ZFS, btrfs, or plain POSIX**, and to survive before ASL-STORE / ASL-CORE are fully implemented.

This layout defines **where things live**, not **how bytes are encoded**.

---

# ASL-HOST On-Disk Layout — v0.1

---

## 1. Design Goals (Normative)

The on-disk layout MUST:

1. Enforce **domain isolation**
2. Separate **authority, storage, and execution**
3. Support **append-only logs**
4. Support **snapshots as first-class**
5. Allow **courtesy leases and revocation**
6. Remain **forward-compatible** with ASL-STORE and ENC specs

The layout MUST NOT:

* Encode artifact semantics
* Encode index formats
* Encode cryptographic algorithms

---

## 2. Root Layout

```text
/asl-host/
├── host/
│   ├── host-id
│   ├── host-policy
│   └── trusted-roots/
│
├── domains/
│   ├── <domain-id>/
│   │   ├── domain.json
│   │   ├── admission/
│   │   ├── auth/
│   │   ├── store/
│   │   ├── index/
│   │   ├── log/
│   │   ├── snapshots/
│   │   ├── leases/
│   │   └── tmp/
│
├── federation/
│   ├── peers/
│   ├── exports/
│   └── imports/
│
└── quarantine/
```

Everything below this root is owned by ASL-HOST.

---

## 3. Host-Level Metadata

### `/asl-host/host/`

```text
host/
├── host-id              # stable ID for this machine
├── host-policy          # local admission & resource policy
└── trusted-roots/
    ├── root-A.pub
    ├── root-B.pub
    └── ...
```

**Notes:**

* Trusted roots are **offline-established**
* Used for **admission verification**
* Not domain-specific

---

## 4. Domain Directory (Authoritative Boundary)

Each domain has **one directory**, nothing crosses this boundary implicitly.

```text
/domains/<domain-id>/
```

This directory MUST be the **sole owner** of:

* blocks
* logs
* snapshots
* indexes
* domain-local authority state

---

## 5. Domain Descriptor

### `/domains/<domain-id>/domain.json`

This is **host-owned metadata**, not part of ASL-CORE.

```json
{
  "domain_id": "...",
  "state": "COURTESY | FULL | SUSPENDED | REVOKED",
  "created_at": "...",
  "admitted_at": "...",
  "root_key_fingerprint": "...",
  "policy_hash": "...",
  "current_snapshot": "...",
  "current_logseq": 12345
}
```

This file is **not signed** — it is derived state.

---

## 6. Admission Records

### `/domains/<domain-id>/admission/`

```text
admission/
├── dam.cbor
├── dam.sig
├── admission-request.cbor
├── admission-decision.cbor
└── admission-decision.sig
```

This directory contains **immutable records** of how the domain was admitted.

---

## 7. Authority Material (Domain-Local)

### `/domains/<domain-id>/auth/`

```text
auth/
├── root.pub
├── operators/
│   ├── op1.pub
│   └── ...
├── device.pub
└── revocations/
```

**Rules:**

* Private keys MAY exist only temporarily (e.g. SystemRescue)
* ASL-HOST MUST NOT rely on private keys being present

---

## 8. Store Root (Blocks)

### `/domains/<domain-id>/store/`

```text
store/
├── blocks/
│   ├── open/
│   ├── sealed/
│   └── gc/
├── objects/          # optional future packing
└── encryption/
```

**Notes:**

* `open/` blocks may be lost
* `sealed/` blocks are immutable
* `gc/` is host-managed
* Encryption metadata is **opaque to ASL-STORE**

---

## 9. Index Area (Semantic-Free)

### `/domains/<domain-id>/index/`

```text
index/
├── segments/
│   ├── seg-000001/
│   └── ...
├── bloom/            # optional
└── tmp/
```

ASL-HOST only guarantees:

* sealed segments are immutable
* segments become visible only after seal record

---

## 10. Append-Only Log

### `/domains/<domain-id>/log/`

```text
log/
├── append.log
├── checkpoints/
│   ├── chk-000001/
│   └── ...
└── seal.log
```

**Rules:**

* append-only
* monotonic
* replayable
* seal.log records segment seals

---

## 11. Snapshots

### `/domains/<domain-id>/snapshots/`

```text
snapshots/
├── snap-000001/
├── snap-000002/
└── pinned/
    ├── snap-000001
```

**Host responsibility:**

* mapping snapshots to log positions
* enforcing pinning
* enforcing courtesy limits

---

## 12. Courtesy Leases

### `/domains/<domain-id>/leases/`

```text
leases/
├── lease-001.json
├── lease-002.json
└── active
```

Each lease file:

```json
{
  "lease_id": "...",
  "granted_by": "...",
  "storage_bytes": 1073741824,
  "expires_at": "..."
}
```

ASL-HOST enforces these.

---

## 13. Temporary / Execution Space

### `/domains/<domain-id>/tmp/`

Used for:

* Sedelpress staging
* PEL execution scratch
* unsealed buffers

**Never snapshot-pinned.**

---

## 14. Federation Area

### `/asl-host/federation/`

```text
federation/
├── peers/
│   ├── <peer-domain-id>/
│   │   ├── pinned-roots/
│   │   ├── imported-snapshots/
│   │   └── replay-state.json
├── exports/
└── imports/
```

Federation is **explicit and opt-in**.

---

## 15. Quarantine

### `/asl-host/quarantine/`

Used for:

* rejected domains
* policy violations
* forensic inspection

No domain in quarantine may execute or publish.

---

## 16. ZFS / Snapshot Mapping (Recommended)

If using ZFS:

| Path                      | ZFS Dataset         |
| ------------------------- | ------------------- |
| `/domains/<id>`           | dataset             |
| `/domains/<id>/store`     | child dataset       |
| `/domains/<id>/snapshots` | ZFS snapshots       |
| `/domains/<id>/tmp`       | no-snapshot dataset |

This gives **real snapshot semantics** aligned with ASL rules.

---

## 17. Invariants (Non-Negotiable)

1. No block crosses domain boundaries implicitly
2. No snapshot without log position
3. No sealed block mutation
4. No admission without DAM
5. No federation without ASL-HOST approval

---

## 18. Why This Works

✔ Clean separation of concerns
✔ Domain sovereignty enforced by path
✔ Admission-first architecture
✔ Rescue and sovereign flows unified
✔ ASL-STORE can drop in later

---

## 19. One-Sentence Summary

> **ASL-HOST’s on-disk layout is a constitutional map: it tells every byte who it belongs to, why it exists, and when it may be trusted.**

If you want, next we can:

* write a **reference filesystem implementation**
* simulate a **full rescue → admission → publish flow on disk**
* define **revocation propagation on disk**
* or map this directly to **ZFS commands**

Just say where to push next.