amduat-api/tier1/asl-system-1.md

# ASL/SYSTEM/1 — Unified ASL + TGK + PEL System View

Status: Draft
Owner: Architecture
Version: 0.1.0
SoT: No
Last Updated: 2025-01-17
Tags: [deterministic, federation, pel, tgk, index]

**Document ID:** `ASL/SYSTEM/1`
**Layer:** L2 — Cross-cutting system view (no new encodings)

**Depends on (normative):**

* `ASL/1-CORE`
* `ASL/1-CORE-INDEX`
* `ASL-STORE-INDEX`
* `ASL/LOG/1`
* `ENC-ASL-CORE-INDEX`

**Informative references:**

* `ASL/INDEX-ACCEL/1`
* `TGK/1` — Trace Graph Kernel semantics
* PEL draft specs (program DAG, execution receipts)
* `ASL/FEDERATION/1` — core federation semantics
* `ASL/FEDERATION-REPLAY/1` — cross-node deterministic replay
* `ASL/DAP/1` — domain admission
* `ASL/POLICY-HASH/1` — policy binding

---

## 0. Conventions

The key words **MUST**, **MUST NOT**, **REQUIRED**, **SHOULD**, and **MAY** are
to be interpreted as in RFC 2119.

ASL/SYSTEM/1 is an integration view. It does not define new encodings or
storage formats; those remain in the underlying layer specs.

---

## 1. Purpose & Scope

This document aligns the cross-cutting semantics of:

* ASL index and log behavior
* PEL deterministic execution
* TGK edge semantics and traversal
* Federation visibility and replay

It ensures a single, consistent model for determinism, snapshot bounds, and
domain visibility.

Non-goals:

* New on-disk encodings
* New execution operators
* Domain policy or governance rules

---

## 2. Core Objects (Unified View)

* **Artifact**: immutable byte value (ASL/1-CORE).
* **PER**: PEL Execution Receipt stored as an artifact.
* **TGK Edge**: immutable edge record linking artifacts and/or PERs.
* **Snapshot + Log Prefix**: boundary for deterministic visibility and replay.
* **Domain Visibility**: internal vs published visibility embedded in index
  records (ENC-ASL-CORE-INDEX).

All of these objects are addressed and stored via the same index semantics.

---

## 3. Determinism & Snapshot Boundaries

For a fixed `(SnapshotID, LogPrefix)`:

* Index lookup is deterministic (ASL/1-CORE-INDEX).
* TGK traversal is deterministic when bounded by the same snapshot/log prefix.
* PEL execution is deterministic when its inputs are bounded by the same
  snapshot/log prefix.

PEL MUST read only snapshot-scoped artifacts and receipts. It MUST NOT depend
on storage layout, block packing, or non-snapshot metadata.

PEL outputs (artifacts and PERs) become visible only through normal index
admission and log ordering.

---

## 4. One PEL Principle (Resolution)

There is exactly one PEL: a deterministic, snapshot-bound, authority-aware
derivation language mapping artifacts to artifacts.

Distinctions such as "PEL-S" vs "PEL-P" are not separate languages. They are
policy decisions about how outputs are treated:

* **Promotion** (truth vs view) is a domain policy decision.
* **Publication** (internal vs published) is a visibility decision encoded in
  index metadata.
* **Retention** (store, cache, discard, recompute) is a store policy decision.

Implementations MUST NOT fork PEL semantics into separate dialects. Any
classification of outputs MUST be expressed via policy, publication flags, or
receipt annotations, not by changing the execution language.

---

## 5. PEL, PERs, and TGK Integration

* PEL programs consume artifacts and/or PERs.
* PEL execution produces artifacts and a PER describing the run.
* TGK edges may reference artifacts, PERs, or projections derived from them.

TGK remains a semantic graph layer; it does not alter PEL determinism and does
not bypass the index.

---

## 6. Federation Alignment

Federation operates over the same immutable artifacts, PERs, and TGK edges.
Cross-domain visibility is governed by index metadata:

* `domain_id` identifies the owning domain.
* `visibility` marks internal vs published.
* `cross_domain_source` preserves provenance for imported artifacts.

Deterministic replay across nodes MUST respect:

* Snapshot boundaries
* Log order
* Domain visibility rules

Federation does not change PEL semantics. It propagates artifacts and receipts
that were already deterministically produced.

Admission and policy compatibility gate foreign state: only admitted domains and
policy-compatible published state may be included in a federation view.

---

## 7. Index Alignment

The index is the shared substrate:

* Artifacts, PERs, and TGK edges are all indexed via the same lookup semantics.
* Sharding, SIMD, and filters (ASL/INDEX-ACCEL/1) are advisory and MUST NOT
  change correctness.
* Tombstones and shadowing remain the only visibility overrides.

---

## 8. Glossary and Terminology Alignment (Informative)

To prevent drift across layers, the following terms map as:

* **EdgeBody** (`TGK/1-CORE`) — logical edge content (`from[]`, `to[]`, `payload`, `type`).
* **EdgeArtifact** (`TGK/1-CORE`) — ASL Artifact whose payload encodes an EdgeBody.
* **EdgeRef** (`TGK/1-CORE`) — ASL Reference to an EdgeArtifact.
* **TGK index record** (`TGK/1`, `ASL/1-CORE-INDEX`) — index entry that makes an EdgeRef visible under snapshot/log rules; contains no edge payload.
* **TGK traversal result** (`TGK/1`) — snapshot/log-bounded set of visible edges (EdgeRefs) and/or node references derived from indexed EdgeArtifacts.

---

## 9. Summary

ASL/SYSTEM/1 provides a single, consistent view:

* One PEL, with policy-based output treatment
* TGK and PEL both bounded by snapshot + log determinism
* Federation mediated by index-level domain metadata
* Index semantics remain the core substrate for all objects
Add TGK/1 spec and align TGK references 2026-01-17 07:32:14 +01:00			`# ASL/SYSTEM/1 — Unified ASL + TGK + PEL System View`

			`Status: Draft`
			`Owner: Architecture`
			`Version: 0.1.0`
			`SoT: No`
			`Last Updated: 2025-01-17`
			`Tags: [deterministic, federation, pel, tgk, index]`

			Document ID: `ASL/SYSTEM/1`
			`Layer: L2 — Cross-cutting system view (no new encodings)`

			`Depends on (normative):`

			* `ASL/1-CORE`
			* `ASL/1-CORE-INDEX`
			* `ASL-STORE-INDEX`
			* `ASL/LOG/1`
			* `ENC-ASL-CORE-INDEX`

			`Informative references:`

			* `ASL/INDEX-ACCEL/1`
			* `TGK/1` — Trace Graph Kernel semantics
			`* PEL draft specs (program DAG, execution receipts)`
Refine federation replay and authority specs 2026-01-17 08:58:56 +01:00			* `ASL/FEDERATION/1` — core federation semantics
			* `ASL/FEDERATION-REPLAY/1` — cross-node deterministic replay
			* `ASL/DAP/1` — domain admission
			* `ASL/POLICY-HASH/1` — policy binding
Add TGK/1 spec and align TGK references 2026-01-17 07:32:14 +01:00
			`---`

			`## 0. Conventions`

			`The key words MUST, MUST NOT, REQUIRED, SHOULD, and MAY are`
			`to be interpreted as in RFC 2119.`

			`ASL/SYSTEM/1 is an integration view. It does not define new encodings or`
			`storage formats; those remain in the underlying layer specs.`

			`---`

			`## 1. Purpose & Scope`

			`This document aligns the cross-cutting semantics of:`

			`* ASL index and log behavior`
			`* PEL deterministic execution`
			`* TGK edge semantics and traversal`
			`* Federation visibility and replay`

			`It ensures a single, consistent model for determinism, snapshot bounds, and`
			`domain visibility.`

			`Non-goals:`

			`* New on-disk encodings`
			`* New execution operators`
			`* Domain policy or governance rules`

			`---`

			`## 2. Core Objects (Unified View)`

			`* Artifact: immutable byte value (ASL/1-CORE).`
			`* PER: PEL Execution Receipt stored as an artifact.`
			`* TGK Edge: immutable edge record linking artifacts and/or PERs.`
			`* Snapshot + Log Prefix: boundary for deterministic visibility and replay.`
			`* Domain Visibility: internal vs published visibility embedded in index`
			`records (ENC-ASL-CORE-INDEX).`

			`All of these objects are addressed and stored via the same index semantics.`

			`---`

			`## 3. Determinism & Snapshot Boundaries`

			For a fixed `(SnapshotID, LogPrefix)`:

			`* Index lookup is deterministic (ASL/1-CORE-INDEX).`
			`* TGK traversal is deterministic when bounded by the same snapshot/log prefix.`
			`* PEL execution is deterministic when its inputs are bounded by the same`
			`snapshot/log prefix.`

			`PEL MUST read only snapshot-scoped artifacts and receipts. It MUST NOT depend`
			`on storage layout, block packing, or non-snapshot metadata.`

			`PEL outputs (artifacts and PERs) become visible only through normal index`
			`admission and log ordering.`

			`---`

			`## 4. One PEL Principle (Resolution)`

			`There is exactly one PEL: a deterministic, snapshot-bound, authority-aware`
			`derivation language mapping artifacts to artifacts.`

			`Distinctions such as "PEL-S" vs "PEL-P" are not separate languages. They are`
			`policy decisions about how outputs are treated:`

			`* Promotion (truth vs view) is a domain policy decision.`
			`* Publication (internal vs published) is a visibility decision encoded in`
			`index metadata.`
			`* Retention (store, cache, discard, recompute) is a store policy decision.`

			`Implementations MUST NOT fork PEL semantics into separate dialects. Any`
			`classification of outputs MUST be expressed via policy, publication flags, or`
			`receipt annotations, not by changing the execution language.`

			`---`

			`## 5. PEL, PERs, and TGK Integration`

			`* PEL programs consume artifacts and/or PERs.`
			`* PEL execution produces artifacts and a PER describing the run.`
			`* TGK edges may reference artifacts, PERs, or projections derived from them.`

			`TGK remains a semantic graph layer; it does not alter PEL determinism and does`
			`not bypass the index.`

			`---`

			`## 6. Federation Alignment`

			`Federation operates over the same immutable artifacts, PERs, and TGK edges.`
			`Cross-domain visibility is governed by index metadata:`

			* `domain_id` identifies the owning domain.
			* `visibility` marks internal vs published.
			* `cross_domain_source` preserves provenance for imported artifacts.

			`Deterministic replay across nodes MUST respect:`

			`* Snapshot boundaries`
			`* Log order`
			`* Domain visibility rules`

			`Federation does not change PEL semantics. It propagates artifacts and receipts`
			`that were already deterministically produced.`

Refine federation replay and authority specs 2026-01-17 08:58:56 +01:00			`Admission and policy compatibility gate foreign state: only admitted domains and`
			`policy-compatible published state may be included in a federation view.`

Add TGK/1 spec and align TGK references 2026-01-17 07:32:14 +01:00			`---`

			`## 7. Index Alignment`

			`The index is the shared substrate:`

			`* Artifacts, PERs, and TGK edges are all indexed via the same lookup semantics.`
			`* Sharding, SIMD, and filters (ASL/INDEX-ACCEL/1) are advisory and MUST NOT`
			`change correctness.`
			`* Tombstones and shadowing remain the only visibility overrides.`

			`---`

Align TGK references and supersede legacy notes 2026-01-17 07:37:47 +01:00			`## 8. Glossary and Terminology Alignment (Informative)`

			`To prevent drift across layers, the following terms map as:`

			* EdgeBody (`TGK/1-CORE`) — logical edge content (`from[]`, `to[]`, `payload`, `type`).
			* EdgeArtifact (`TGK/1-CORE`) — ASL Artifact whose payload encodes an EdgeBody.
			* EdgeRef (`TGK/1-CORE`) — ASL Reference to an EdgeArtifact.
			* TGK index record (`TGK/1`, `ASL/1-CORE-INDEX`) — index entry that makes an EdgeRef visible under snapshot/log rules; contains no edge payload.
			* TGK traversal result (`TGK/1`) — snapshot/log-bounded set of visible edges (EdgeRefs) and/or node references derived from indexed EdgeArtifacts.

			`---`

			`## 9. Summary`
Add TGK/1 spec and align TGK references 2026-01-17 07:32:14 +01:00
			`ASL/SYSTEM/1 provides a single, consistent view:`

			`* One PEL, with policy-based output treatment`
			`* TGK and PEL both bounded by snapshot + log determinism`
			`* Federation mediated by index-level domain metadata`
			`* Index semantics remain the core substrate for all objects`