amduat-api/tier1/asl-federation-replay-1.md

# ASL/FEDERATION-REPLAY/1 -- Cross-Node Deterministic Replay

Status: Draft
Owner: Architecture
Version: 0.1.0
SoT: No
Last Updated: 2025-01-17
Tags: [federation, replay, determinism, tgk, pel]

**Document ID:** `ASL/FEDERATION-REPLAY/1`
**Layer:** L2 -- Federation replay semantics (no transport)

**Depends on (normative):**

* `ASL/FEDERATION/1`
* `ASL/LOG/1`
* `ASL/1-CORE-INDEX`
* `TGK/1`

**Informative references:**

* `ASL/SYSTEM/1` -- unified system view
* `ENC-ASL-CORE-INDEX` -- domain metadata
* `ASL/DAP/1` -- admission gating
* `ASL/POLICY-HASH/1` -- policy compatibility

---

## 0. Conventions

The key words **MUST**, **MUST NOT**, **REQUIRED**, **SHOULD**, and **MAY** are to be interpreted as in RFC 2119.

ASL/FEDERATION-REPLAY/1 defines **deterministic replay rules** for federated propagation. It does not define network protocols or encodings.

---

## 1. Purpose

This document defines how artifacts, PERs, and TGK edges are propagated and replayed across federation nodes while preserving deterministic reconstruction.

---

## 2. Core Inputs

* **ArtifactKey**: canonical identifier for artifacts and PERs
* **SnapshotID**: snapshot boundary for replay
* **logseq**: append-only ordering within a domain
* **Canonical Edge Key**: TGK edge identity

---

## 3. Replay Record Requirements

Each propagated record MUST be replayable without external context. Records MUST carry:

* `domain_id` (source domain)
* `record_type` (artifact, PER, TGK edge, tombstone)
* `logseq` (source-domain ordering)
* `snapshot_id` and `log_prefix` bounds for which the record is visible
* Canonical identity (ArtifactKey or Canonical Edge Key)
* Visibility metadata (internal/published, cross-domain source when applicable)

Records MAY include optional integrity fields (hashes, signatures), but replay MUST
remain deterministic without them.

---

## 4. Propagation Rules

### 4.1 Artifacts and PERs

* Artifacts and PERs are propagated with their `ArtifactKey` and `logseq`.
* Only artifacts visible under a published snapshot MAY be propagated.
* Duplicate ArtifactKeys MUST be de-duplicated by identity.
* Imported entries MUST preserve origin metadata (domain identity and visibility).

### 4.2 TGK Edges

* TGK edges are propagated with their canonical edge identity and `logseq`.
* Edge propagation MUST preserve the same snapshot/log visibility constraints as artifacts.

---

## 5. Deterministic Replay Ordering

Replay order MUST be deterministic across nodes:

1. Sort by `logseq` ascending
2. Tie-break by canonical identity (ArtifactKey or Canonical Edge Key)

This ordering MUST be applied identically by all receivers.

---

## 6. Snapshot Bounds

* Replay MUST be bounded by `{SnapshotID, LogPrefix}`.
* Records with `logseq` greater than the replay prefix MUST be ignored.
* Replay MUST use the source domain's `{SnapshotID, LogPrefix}` as the bound for imported state.

---

## 7. Federation View Construction

Receivers construct a federation view by combining:

1. Local domain state at `{SnapshotID, LogPrefix}`.
2. Admitted foreign published state bounded by the source domain's `{SnapshotID, LogPrefix}`.

Admission and policy compatibility MUST be enforced before any foreign state is admitted.

---

## 8. Tombstones and Shadowing

* Tombstones MUST be replayed in log order and apply only within their source domain.
* A tombstone from domain A MUST NOT shadow artifacts from domain B.
* Shadowing is resolved per-domain using ASL/LOG/1 order and ASL/1-CORE-INDEX semantics.

---

## 9. Conflict Handling

1. **ArtifactKey collision**

   * If bytes match existing artifact: discard duplicate.
   * If bytes differ: reject and flag conflict.

2. **TGK edge conflicts**

   * Multiple edges with the same canonical identity are resolved by log order and tombstone rules.

3. **PER conflicts**

   * PERs with identical inputs and program identity but divergent outputs MUST be rejected.

---

## 10. Replay State and Idempotency

Replay MUST be idempotent:

* Re-applying the same record set MUST NOT change the resulting state.
* Receivers SHOULD track `{domain_id, logseq}` high-water marks per peer.
* Checkpointing MUST be aligned to `{SnapshotID, LogPrefix}` boundaries.

---

## 11. Provenance and Audit

Receivers SHOULD maintain:

* Last applied `logseq` per peer
* Snapshot provenance tables for applied records

This supports deterministic audit and replay verification.

---

## 12. Non-Goals

* Transport protocol selection
* Streaming formats
* Compression or batching

---

## 13. Summary

ASL/FEDERATION-REPLAY/1 defines a deterministic replay ordering and conflict rules to ensure federation is reproducible across nodes and snapshots.
Add federation and trust/policy tier1 specs 2026-01-17 08:52:02 +01:00			`# ASL/FEDERATION-REPLAY/1 -- Cross-Node Deterministic Replay`

			`Status: Draft`
			`Owner: Architecture`
			`Version: 0.1.0`
			`SoT: No`
			`Last Updated: 2025-01-17`
			`Tags: [federation, replay, determinism, tgk, pel]`

			Document ID: `ASL/FEDERATION-REPLAY/1`
			`Layer: L2 -- Federation replay semantics (no transport)`

			`Depends on (normative):`

			* `ASL/FEDERATION/1`
			* `ASL/LOG/1`
			* `ASL/1-CORE-INDEX`
			* `TGK/1`

			`Informative references:`

			* `ASL/SYSTEM/1` -- unified system view
			* `ENC-ASL-CORE-INDEX` -- domain metadata
Refine federation replay and authority specs 2026-01-17 08:58:56 +01:00			* `ASL/DAP/1` -- admission gating
			* `ASL/POLICY-HASH/1` -- policy compatibility
Add federation and trust/policy tier1 specs 2026-01-17 08:52:02 +01:00
			`---`

			`## 0. Conventions`

			`The key words MUST, MUST NOT, REQUIRED, SHOULD, and MAY are to be interpreted as in RFC 2119.`

			`ASL/FEDERATION-REPLAY/1 defines deterministic replay rules for federated propagation. It does not define network protocols or encodings.`

			`---`

			`## 1. Purpose`

			`This document defines how artifacts, PERs, and TGK edges are propagated and replayed across federation nodes while preserving deterministic reconstruction.`

			`---`

			`## 2. Core Inputs`

			`* ArtifactKey: canonical identifier for artifacts and PERs`
			`* SnapshotID: snapshot boundary for replay`
			`* logseq: append-only ordering within a domain`
			`* Canonical Edge Key: TGK edge identity`

			`---`

Refine federation replay and authority specs 2026-01-17 08:58:56 +01:00			`## 3. Replay Record Requirements`
Add federation and trust/policy tier1 specs 2026-01-17 08:52:02 +01:00
Refine federation replay and authority specs 2026-01-17 08:58:56 +01:00			`Each propagated record MUST be replayable without external context. Records MUST carry:`

			* `domain_id` (source domain)
			* `record_type` (artifact, PER, TGK edge, tombstone)
			* `logseq` (source-domain ordering)
			* `snapshot_id` and `log_prefix` bounds for which the record is visible
			`* Canonical identity (ArtifactKey or Canonical Edge Key)`
			`* Visibility metadata (internal/published, cross-domain source when applicable)`

			`Records MAY include optional integrity fields (hashes, signatures), but replay MUST`
			`remain deterministic without them.`

			`---`

			`## 4. Propagation Rules`

			`### 4.1 Artifacts and PERs`
Add federation and trust/policy tier1 specs 2026-01-17 08:52:02 +01:00
			* Artifacts and PERs are propagated with their `ArtifactKey` and `logseq`.
			`* Only artifacts visible under a published snapshot MAY be propagated.`
			`* Duplicate ArtifactKeys MUST be de-duplicated by identity.`
Refine federation replay and authority specs 2026-01-17 08:58:56 +01:00			`* Imported entries MUST preserve origin metadata (domain identity and visibility).`
Add federation and trust/policy tier1 specs 2026-01-17 08:52:02 +01:00
Refine federation replay and authority specs 2026-01-17 08:58:56 +01:00			`### 4.2 TGK Edges`
Add federation and trust/policy tier1 specs 2026-01-17 08:52:02 +01:00
			* TGK edges are propagated with their canonical edge identity and `logseq`.
			`* Edge propagation MUST preserve the same snapshot/log visibility constraints as artifacts.`

			`---`

Refine federation replay and authority specs 2026-01-17 08:58:56 +01:00			`## 5. Deterministic Replay Ordering`
Add federation and trust/policy tier1 specs 2026-01-17 08:52:02 +01:00
			`Replay order MUST be deterministic across nodes:`

			1. Sort by `logseq` ascending
			`2. Tie-break by canonical identity (ArtifactKey or Canonical Edge Key)`

			`This ordering MUST be applied identically by all receivers.`

			`---`

Refine federation replay and authority specs 2026-01-17 08:58:56 +01:00			`## 6. Snapshot Bounds`
Add federation and trust/policy tier1 specs 2026-01-17 08:52:02 +01:00
			* Replay MUST be bounded by `{SnapshotID, LogPrefix}`.
			* Records with `logseq` greater than the replay prefix MUST be ignored.
Refine federation replay and authority specs 2026-01-17 08:58:56 +01:00			* Replay MUST use the source domain's `{SnapshotID, LogPrefix}` as the bound for imported state.
Add federation and trust/policy tier1 specs 2026-01-17 08:52:02 +01:00
			`---`

Refine federation replay and authority specs 2026-01-17 08:58:56 +01:00			`## 7. Federation View Construction`

			`Receivers construct a federation view by combining:`

			1. Local domain state at `{SnapshotID, LogPrefix}`.
			2. Admitted foreign published state bounded by the source domain's `{SnapshotID, LogPrefix}`.

			`Admission and policy compatibility MUST be enforced before any foreign state is admitted.`

			`---`

			`## 8. Tombstones and Shadowing`

			`* Tombstones MUST be replayed in log order and apply only within their source domain.`
			`* A tombstone from domain A MUST NOT shadow artifacts from domain B.`
			`* Shadowing is resolved per-domain using ASL/LOG/1 order and ASL/1-CORE-INDEX semantics.`

			`---`

			`## 9. Conflict Handling`
Add federation and trust/policy tier1 specs 2026-01-17 08:52:02 +01:00
			`1. ArtifactKey collision`

			`* If bytes match existing artifact: discard duplicate.`
			`* If bytes differ: reject and flag conflict.`

			`2. TGK edge conflicts`

			`* Multiple edges with the same canonical identity are resolved by log order and tombstone rules.`

			`3. PER conflicts`

			`* PERs with identical inputs and program identity but divergent outputs MUST be rejected.`

			`---`

Refine federation replay and authority specs 2026-01-17 08:58:56 +01:00			`## 10. Replay State and Idempotency`

			`Replay MUST be idempotent:`

			`* Re-applying the same record set MUST NOT change the resulting state.`
			* Receivers SHOULD track `{domain_id, logseq}` high-water marks per peer.
			* Checkpointing MUST be aligned to `{SnapshotID, LogPrefix}` boundaries.

			`---`

			`## 11. Provenance and Audit`
Add federation and trust/policy tier1 specs 2026-01-17 08:52:02 +01:00
			`Receivers SHOULD maintain:`

			* Last applied `logseq` per peer
			`* Snapshot provenance tables for applied records`

			`This supports deterministic audit and replay verification.`

			`---`

Refine federation replay and authority specs 2026-01-17 08:58:56 +01:00			`## 12. Non-Goals`
Add federation and trust/policy tier1 specs 2026-01-17 08:52:02 +01:00
			`* Transport protocol selection`
			`* Streaming formats`
			`* Compression or batching`

			`---`

Refine federation replay and authority specs 2026-01-17 08:58:56 +01:00			`## 13. Summary`
Add federation and trust/policy tier1 specs 2026-01-17 08:52:02 +01:00
			`ASL/FEDERATION-REPLAY/1 defines a deterministic replay ordering and conflict rules to ensure federation is reproducible across nodes and snapshots.`