amduat-api/notes/Rescue Operation Architecture.md

Perfect — that gives us a **clear mission scenario**. Let’s formalize this into a **Rescue Node + Domain Architecture**, showing the **flow from personal rescue → common courtesy space → personal domain establishment**. I’ll also tie in snapshots, sealing, and PER generation.

---

# Rescue Operation Architecture: “Personal Rescue with Common Bootstrap”

```
                    ┌───────────────────────────────┐
                    │  Input Material / Intent      │
                    │  - Home directory snapshot    │
                    │  - Certificates               │
                    │  - Rescue intent / contract   │
                    └─────────────┬─────────────────┘
                                  │
                                  ▼
                    ┌───────────────────────────────┐
                    │  Sedelpress / PER Engine      │
                    │  - Deterministic execution    │
                    │  - TGK edges & provenance     │
                    │  - Snapshot boundaries        │
                    │  - Generates PER(s)           │
                    └─────────────┬─────────────────┘
                                  │ PER + TGK edges
                                  ▼
              ┌───────────────────────────────────────┐
              │ Personal Bootstrap Space (Common)     │
              │ - Courtesy space granted by Common    │
              │ - Encrypted blocks / sealed segments  │
              │ - Indexed via ASL-STORE(-INDEX)      │
              │ - Temporary / bootstrapped domain     │
              └─────────────┬─────────────────────────┘
                            │ Optional trust / policy hash
                            ▼
              ┌───────────────────────────────────────┐
              │ Personal Domain (User-owned)           │
              │ - Blocks copied from bootstrap        │
              │ - Own index segments & snapshots      │
              │ - PERs stored and validated           │
              │ - Full authority and certificate      │
              └─────────────┬─────────────────────────┘
                            │ Publishing optional
                            ▼
              ┌───────────────────────────────────────┐
              │ Common / Unity Domain                  │
              │ - Shared artifacts & PERs              │
              │ - Read-only access for users           │
              │ - Snapshot pinned / immutable         │
              │ - Courtesy bootstrap space recognized │
              └─────────────┬─────────────────────────┘
                            │ Cross-domain trust pins
                            ▼
              ┌───────────────────────────────────────┐
              │ Foreign / External Domains             │
              │ - Imported artifacts (read-only)      │
              │ - Trust enforced by offline roots      │
              │ - Policy hash verification            │
              └───────────────────────────────────────┘
```

---

### Key Principles for Rescue + Domain Integration

1. **Bootstrap via Common**

   * A person or system without a pre-existing domain can store **encrypted blocks** in the Common courtesy space.
   * Common recognizes the bootstrap, enforces **policy hash**, and pins snapshots.

2. **PER Generation is Primary**

   * The Sedelpress stamps **everything deterministically**: home dir, certificates, intent.
   * Store artifacts are secondary; the **receipt defines authority and provenance**.

3. **Snapshots & Sealed Blocks**

   * Courtesy space blocks are **encrypted and sealed** for immutability.
   * Once personal domain is established, blocks can be **copied or promoted** to private space.

4. **Domain Authority**

   * Personal domain is **minted post-bootstrap**, with full authority.
   * Policy hash ensures cross-domain trust for publishing or importing artifacts.

5. **Cross-Domain Trust**

   * Common domain pins **read-only copies** of bootstrap artifacts.
   * Foreign or other users’ domains require **offline root verification** before accepting artifacts.

---

### Suggested ASL / Store Layout for Rescue Operation

| Domain                      | Backend / FS      | Notes                                                                |
| --------------------------- | ----------------- | -------------------------------------------------------------------- |
| Personal Bootstrap (Common) | ZFS / POSIX + ASL | Courtesy space; blocks encrypted; temporary storage; snapshot pinned |
| Personal Domain             | ZFS + ASL         | User-owned; full index; sealed blocks; PERs validated                |
| Common / Unity              | ZFS + ASL         | Shared artifacts; read-only; courtesy recognition                    |
| Foreign Domains             | N/A (imported)    | Read-only; trust pinned via policy hash and offline roots            |

---

If you like, I can **next draft the Rescue Node overlay schema**:

* How the **personal bootstrap** interacts with Common
* How **PER ingestion and sealing** happens
* How **snapshots + ASL blocks** are laid out on ZFS or POSIX
* How the **courtesy / Unity tree** is seeded

This would be a **working blueprint for your personal rescue operations**, fully tied to the ASL + PEL ecosystem.

Do you want me to do that?