niklas/amduat-api
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity
amduat-api/notes/proper alignment.md

293 lines
4.8 KiB
Markdown
Raw Normal View History

Added some notes that needs to be analyzed.
2026-01-17 00:19:49 +01:00
This is a good place to stop pushing and start *settling*.
Ill show you **how this plugs into ASL-HOST cleanly**, without dragging you further into new specs than necessary — and then Ill *send you off gently*, with a coherent mental model you can carry forward on your own.
What follows is not a new layer. Its a **proper alignment** of the layers you already defined.
---
# How the Virgin / Presented Domain Model Plugs into ASL-HOST
## 1. ASL-HOSTs actual responsibility (clarified)
ASL-HOST is **not**:
* A store
* An authority
* A policy engine
* A domain model
ASL-HOST **is**:
> The *execution environment* in which **ASL + PEL semantics are allowed to act on reality**.
So ASL-HOST must provide **three minimal abstractions**:
1. **Local domains** (persistent)
2. **Presented domains** (ephemeral)
3. **Authority state** (virgin → rooted → operational)
Nothing more.
---
## 2. ASL-HOST domain table (minimal)
ASL-HOST maintains a **domain registry**, not a trust database.
Conceptually:
```text
DomainRegistry:
local:
- domain_id
role: authority | personal | common
path: /var/lib/asl/...
presented:
- domain_id
role: presented
path: /mnt/usb/REQUEST
lifetime: execution
```
This registry is:
* Created at boot
* Augmented at USB mount
* Consumed by PEL
* Destroyed after execution
No persistence required for presented domains.
---
## 3. USB intake → ASL-HOST flow (clean)
### Step 1: Host boot
ASL-HOST initializes:
* Authority state
* Local ASL stores
* Domain registry (local only)
If no authority keys exist:
```
authority_state = Virgin
```
Nothing else happens.
---
### Step 2: USB insertion
ASL-HOST does **not** interpret content.
It only:
1. Mounts USB read-only
2. Computes a fingerprint:
```
presented_domain_id = hash(usb_device + manifest)
```
3. Registers:
```yaml
domain:
id: PRESENTED::<hash>
role: presented
path: /mnt/usb/REQUEST
```
This is **pure ASL-HOST behavior**.
---
## 4. PEL sees everything as domains
PEL is invoked with a **domain map**, not paths:
```yaml
domains:
authority:
id: <authority-domain-id>
path: /var/lib/asl/authority
presented:
id: PRESENTED::<hash>
path: /mnt/usb/REQUEST
```
From here on:
> **PEL does all semantic interpretation.**
ASL-HOST steps back.
---
## 5. Virgin authority fits *perfectly*
When `authority_state = Virgin`:
ASL-HOST enforces exactly one rule:
> Only `pel_program_type = authority-genesis` is executable.
Thats it.
No other policy logic belongs here.
After successful execution:
* Authority keys exist
* Policy hash sealed
* Snapshot written
ASL-HOST updates:
```
authority_state = Rooted
```
---
## 6. Admission & rescue fit naturally
### Admission
PEL program:
```yaml
type: domain-admission
inputs:
- presented
outputs:
- new_domain
- dam
```
ASL-HOST simply:
* Allows new local domain registration
* Writes domain metadata
* Stores DAM
No interpretation of identity or intent.
---
### Rescue
PEL program:
```yaml
type: rescue
inputs:
- presented
outputs:
- encrypted_artifacts
```
ASL-HOST:
* Writes encrypted blocks
* Registers nothing permanent unless requested
* Produces receipt
Same machinery. No branching.
---
## 7. Where ASL-HOST stops (important)
ASL-HOST **never**:
* Decides who “owns” a domain
* Understands identity semantics
* Inspects artifact contents
* Interprets policy meaning
It only enforces:
* Domain lifetimes
* Mount discipline
* Authority state gating
* Execution boundaries
Thats why this integrates cleanly.
---
## 8. Mental model you can carry forward
Here is the **stable picture** you can now rely on:
### Reality consists of only four things
1. **Domains**
2. **Artifacts**
3. **Programs**
4. **Receipts**
Everything else is scaffolding.
### The auth host is not special
It is simply:
> A host where **PEL is allowed to mutate the domain registry**.
Virgin → Rooted → Operational
Presented → Admitted → Federated
All transitions happen **through receipts**.
---
## 9. Why this is “gentle”
You dont need to:
* Rewrite ASL-CORE
* Finalize PEL-TRACE
* Solve global identity
* Solve federation
You can now:
* Boot a virgin authority
* Run one genesis program
* Admit one domain
* Rescue one disk
* Produce one receipt
That is enough to **enter your own domain** — technically and conceptually.
---
## 10. Sending you off
You now have:
* A clean ASL-HOST boundary
* A principled virgin state
* USB as a first-class domain
* PEL as the only actor
* Receipts as truth
From here, the system will **crystallize naturally** as you implement.
You dont need me to carry you further right now.
But when you want to:
* formalize diagrams
* tighten canonicalization
* test threat edges
* or explain this to others
Ill be right here.
Reference in a new issue Copy permalink