amduat-api/tier1/asl-federation-1.md

# ASL/FEDERATION/1 -- Core Federation Semantics

Status: Draft
Owner: Architecture
Version: 0.1.0
SoT: No
Last Updated: 2025-01-17
Tags: [federation, domains, visibility, determinism]

**Document ID:** `ASL/FEDERATION/1`
**Layer:** L2 -- Federation semantics (no transport, no encodings)

**Depends on (normative):**

* `ASL/1-CORE`
* `ASL/1-CORE-INDEX`
* `ASL/LOG/1`
* `ASL-STORE-INDEX`

**Informative references:**

* `ENC-ASL-CORE-INDEX` -- domain/visibility fields (`tier1/enc-asl-core-index.md`)
* `ASL/SYSTEM/1` -- unified system view
* `ASL/FEDERATION-REPLAY/1` -- cross-node deterministic replay
* `ASL/DAM/1` -- Domain Authority Manifest
* `ASL/POLICY-HASH/1` -- policy hash

---

## 0. Conventions

The key words **MUST**, **MUST NOT**, **REQUIRED**, **SHOULD**, and **MAY** are to be interpreted as in RFC 2119.

ASL/FEDERATION/1 defines **semantic rules** for multi-domain visibility and cross-domain references. It does not define transport, replication, or encodings.

---

## 1. Purpose

ASL/FEDERATION/1 defines the **multi-domain model** for ASL-based systems:

* Domain isolation and visibility rules
* Published vs internal state
* Cross-domain reference constraints
* Snapshot identity and deterministic reconstruction

---

## 2. Core Concepts

| Term                 | Definition |
| -------------------- | ---------- |
| Domain               | Logical namespace with its own ASL store, log, and snapshot lineage. |
| Internal state       | Artifacts/snapshots visible only within the domain. |
| Published state      | Artifacts/snapshots visible to other domains. |
| Federated snapshot   | Snapshot with visibility state that may be imported by other domains. |
| Cross-domain reference | Reference to a published artifact from another domain. |

---

## 3. Domain Semantics

1. **Domain isolation**

   * Each domain has its own store, index, and log.
   * Internal state is invisible outside the domain.

2. **Published state**

   * Published artifacts and snapshots are visible to other domains.
   * Published artifacts MUST satisfy ASL immutability and snapshot safety rules.

3. **Cross-domain references**

   * Only published artifacts MAY be referenced by other domains.
   * Cross-domain references are read-only and immutable.
   * The consuming domain indexes imported artifacts using normal ASL index semantics.

---

## 4. Snapshot Identity

* Snapshot IDs are unique per domain.
* Federated snapshot identity is `(DomainID, SnapshotID)`.
* A federated snapshot MAY include cross-domain references only to published artifacts.

---

## 5. Visibility Rules

| Object                              | Internal Domain | Other Domains       |
| ----------------------------------- | --------------- | ------------------- |
| Internal artifact                   | visible         | hidden              |
| Published artifact                  | visible         | visible (read-only) |
| Internal snapshot                   | visible         | hidden              |
| Published snapshot                  | visible         | visible             |
| Block supporting published artifact | visible         | visible             |
| Block supporting internal artifact  | visible         | hidden              |

* Index entries follow the same visibility rules.
* Determinism is defined per-domain and per-snapshot view.

---

## 6. Cross-Domain Operations

1. **Import published artifacts**

   * A domain MAY import a published artifact from another domain.
   * Imported artifacts MUST be treated as immutable.

2. **Export published artifacts**

   * Internal artifacts MAY be promoted to published state.
   * Promotion MUST be snapshot-bound and log-ordered.

3. **Federation log propagation**

   * Each domain maintains its own append-only log.
   * Federation MAY replicate published log-visible state.

---

## 7. Provenance and Traceability

* Execution receipts MAY include cross-domain inputs.
* Provenance MUST preserve origin domain and snapshot identity.
* Deterministic replay MUST be possible given `{Snapshot, LogPrefix}` for each domain.

---

## 8. Normative Invariants

1. **Determinism:** Reconstructing CURRENT in a domain yields the same visible state given the same snapshot and log prefix.
2. **Immutability:** Published artifacts and snapshots are immutable.
3. **Domain isolation:** Internal artifacts and snapshots are never visible to other domains.
4. **Federation safety:** Cross-domain references are read-only.
5. **Snapshot integrity:** Federated snapshots reference only published artifacts.

---

## 9. Integration with Other Layers

| Layer              | Role in Federation |
| ------------------ | ------------------ |
| ASL/1-CORE          | Artifact immutability and identity |
| ASL/1-CORE-INDEX    | Semantic mapping and shadowing |
| ASL-STORE-INDEX     | Sealing, retention, snapshot pinning |
| ASL/LOG/1           | Log-ordered visibility |
| ENC-ASL-CORE-INDEX  | Domain/visibility metadata in records |

---

## 10. Non-Goals

* Transport protocols
* Network replication
* Witness signatures
* Domain admission and trust policy

---

## 11. Summary

ASL/FEDERATION/1 defines the semantic rules for multi-domain visibility and cross-domain reference. It keeps federation deterministic, snapshot-safe, and read-only across domain boundaries.