niklas/amduat-api
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity
amduat-api/notes/Rescue Node Blueprint v0-1.md

164 lines
8.5 KiB
Markdown
Raw Normal View History

Added some notes that needs to be analyzed.
2026-01-17 00:19:49 +01:00
Perfect — this is exactly the “first-person, first-rescue” scenario. Ill extend the blueprint to reflect **a freshly minted SystemRescue user entering the ecosystem** with old personal data, no prior certificates, and the intention of building both a **personal domain** and seeding the **common / Unity tree**. Ill tie together **PER generation, ASL blocks, snapshots, and trust setup** from scratch.
---
# Rescue Node Blueprint v0.1 — Fresh Entry Scenario
```
┌───────────────────────────────┐
│ Legacy Input Material │
│ - Home directory snapshot │
│ - App config / old data │
│ - Intent / contracts │
└─────────────┬─────────────────┘
┌───────────────────────────────┐
│ Sedelpress / PER Engine │
│ - Deterministic execution │
│ - TGK edges & provenance │
│ - Snapshot boundaries │
│ - Generates initial PER(s) │
│ - Logs intent + provenance │
└─────────────┬─────────────────┘
│ PER + TGK edges
┌───────────────────────────────────────────────┐
│ Bootstrap in Common / Courtesy Space │
│ - Encrypted personal blocks │
│ - ASL-STORE(-INDEX) organizes blocks & logs │
│ - Snapshot pinned for reproducibility │
│ - Acts as temporary “personal domain seed” │
└─────────────┬─────────────────────────────────┘
│ Optional trust / policy hash
┌───────────────────────────────────────────────┐
│ Personal Domain (New) │
│ - Blocks copied from courtesy space │
│ - Own index segments, snapshots │
│ - PERs validated and linked to TGK edges │
│ - Certificates minted (ASL-AUTH) │
│ - Domain Authority Manifest created │
│ - Optional publication to Common later │
└─────────────┬─────────────────────────────────┘
│ Optional publication
┌───────────────────────────────────────────────┐
│ Common / Unity Domain │
│ - Shared artifacts / PERs │
│ - Read-only pinned snapshots │
│ - Courtesy recognition of new user │
│ - Aggregates multiple bootstrap submissions │
└─────────────┬─────────────────────────────────┘
│ Cross-domain trust pins
┌───────────────────────────────────────────────┐
│ Foreign / Other Domains │
│ - Imported artifacts read-only │
│ - Trust via offline roots & policy hash │
│ - Deterministic snapshots reconstructed │
└───────────────────────────────────────────────┘
```
---
## Key Concepts and Steps
### 1. Legacy Material Intake
* Old personal data is treated as **raw artifact input**.
* **Sedelpress** ingests everything deterministically, creating **PER(s) for provenance**.
* Intent and contract are encoded alongside data, defining what must be certified.
### 2. PER Generation
* **First-class operation**: PERs precede storage.
* TGK edges capture lineage and relationships.
* Snapshots of input material are **recorded for deterministic reconstruction**.
### 3. Bootstrap Personal Domain via Common
* **Encrypted blocks** are stored in the Common courtesy space.
* Blocks are **sealed and indexed** (ASL-STORE / ASL-STORE-INDEX).
* Common **pins snapshots** to ensure reproducibility.
* This bootstrap **does not require prior certificates** — Common allows “newcomer courtesy.”
### 4. Personal Domain Minting
* After bootstrap, blocks are copied into the new **personal domain**.
* **Certificates (ASL-AUTH)** are minted, forming your **authority root**.
* Domain Authority Manifest (DAM) is created with:
* Your domain ID
* Seeded artifacts / PERs
* Trust anchors (offline roots)
* PERs are now linked, validated, and can be optionally published to Common.
### 5. Common / Unity Tree
* Aggregates shared PERs and artifacts from multiple users.
* Maintains **read-only pinned snapshots**.
* Facilitates **cross-user consistency and cooperation**.
* Your encrypted bootstrap blocks remain private until you choose to publish.
### 6. Cross-Domain Trust
* Optional import/export of artifacts to other domains:
* **Read-only import**: deterministic reconstruction.
* **Policy hash** ensures correctness.
* **Offline roots** verify trust for foreign domains.
---
## Suggested ASL / Filesystem Layout
| Domain / Layer | Backend / FS | Notes |
| ------------------------- | --------------------- | ----------------------------------------------------------- |
| Legacy Material Intake | POSIX / tmp overlay | Raw input snapshots |
| Sedelpress / PER Engine | Memory + temp storage | Deterministic execution; generates TGK edges |
| Bootstrap Personal Domain | ZFS / ASL-STORE | Courtesy encrypted blocks; pinned snapshot; temporary index |
| Personal Domain (New) | ZFS / ASL-STORE | Full index, sealed blocks, PERs, certificates |
| Common / Unity Domain | ZFS / ASL-STORE | Shared artifacts / PERs; read-only; pinned snapshots |
| Foreign / Other Domains | N/A / imported | Read-only; trust via offline roots & policy hash |
---
### Notes on Certificates / ASL-AUTH
* **Initial certificate minting** occurs **after bootstrap**.
* Offline root keys are generated on a **secure Debian machine** (offline).
* **Personal Domain Authority** is tied to offline roots.
* PERs in bootstrap space can later be **retrospectively certified** once personal domain is minted.
---
### Snapshot & Sealing Flow
1. **Legacy snapshot** → PER generation
2. **Seal blocks** in courtesy space
3. **Pin snapshots** in bootstrap space
4. **Copy to personal domain** → seal and index
5. **Create DAM + Certificates** → retrospective trust assignment
6. Optional publication → **Common / Unity tree**
---
This **blueprint supports:**
* Fresh user / rescue node onboarding
* Deterministic provenance from legacy material
* Personal domain creation without prior certificates
* Courtesy bootstrap in Common for temporary storage
* Safe integration with Common / Unity tree and foreign domains
* PER-first philosophy ensuring traceability and auditability
---
If you want, I can **draw a “layered architecture diagram”**, showing **Sedelpress, ASL blocks, snapshots, PERs, and the hierarchy of domains**, highlighting **bootstrap, personal, common, and foreign layers**.
It would be a **visual rescue map**, perfect for planning the initial node setup.
Do you want me to do that next?
Reference in a new issue Copy permalink