Good — this is the right integration point. What follows is a **clean, minimal integration of DAP + DAM + Courtesy Leases into ASL-HOST**, without leaking authority into ASL-CORE or policy into ASL-STORE. Think of **ASL-HOST as the membrane** where *authority, storage, and execution meet but do not mix*. --- # ASL-HOST v0.1 (Integrated with Admission & Authority) --- ## 1. Purpose of ASL-HOST **ASL-HOST defines the responsibilities of a node that hosts ASL domains.** It is responsible for: * Domain lifecycle * Admission and recognition * Block and log materialization * Snapshot discipline * Resource enforcement * Separation of authority from storage semantics It explicitly does **not** define: * Artifact encoding (ASL-CORE) * Index layout (ENC-ASL-STORE) * PER or TGK semantics (PEL / TGK layers) * Cryptographic algorithms (delegated to ASL-AUTH) --- ## 2. ASL-HOST Position in the Stack ``` +-------------------------+ | ASL-AUTH | ← identity, keys, policy +-------------------------+ | ASL-HOST | ← THIS SPEC +-------------------------+ | ASL-STORE / INDEX | ← blocks, logs, snapshots +-------------------------+ | ASL-CORE / PEL / TGK | ← semantics & execution +-------------------------+ | Filesystem / ZFS / POSIX| +-------------------------+ ``` ASL-HOST is where **domains become real**. --- ## 3. Domain Lifecycle in ASL-HOST ### 3.1 Domain States ```text UNRECOGNIZED ADMITTED (COURTESY) ADMITTED (FULL) SUSPENDED REVOKED ``` ASL-HOST tracks domain state explicitly. --- ### 3.2 Domain Creation (Local) A domain MAY be created locally without admission: ```text asl-host domain create ``` This creates: * DomainID * Empty storage namespace * Empty log * No external recognition This domain is **self-contained only**. --- ## 4. Domain Admission Integration (DAP) ### 4.1 Admission Request Handling ASL-HOST MUST provide: ```c AdmissionResult asl_host_admit(DAM, signature, request); ``` Responsibilities: * Validate DAM schema * Verify signature * Check policy compatibility * Decide admission outcome ASL-HOST does **not** inspect artifacts. --- ### 4.2 Admission Outcome Effects | Outcome | ASL-HOST Behavior | | ---------------- | --------------------------------------- | | ACCEPTED | Enable publishing, indexing, federation | | ACCEPTED_LIMITED | Enable courtesy-only storage | | DEFERRED | Domain exists but blocked | | REJECTED | Domain remains isolated | --- ## 5. Courtesy Leases in ASL-HOST ### 5.1 Courtesy Lease Attachment A courtesy lease is **attached to a domain in ASL-HOST**, not to ASL-STORE. ```text Domain { domain_id admission_state courtesy_lease? } ``` --- ### 5.2 Enforcement Responsibilities ASL-HOST MUST enforce: * Storage limits * Snapshot count * Lease expiry * Encryption-only constraint (if specified) ASL-STORE must **not** be aware of courtesy semantics. --- ### 5.3 Courtesy Lease Expiry On expiry, ASL-HOST MAY: * unpin snapshots * block new writes * mark domain as SUSPENDED ASL-STORE is not required to preserve data. --- ## 6. StoreHandle Integration ### 6.1 StoreHandle Is Scoped to a Domain ASL-HOST provides: ```c StoreHandle *asl_host_open_domain(domain_id); ``` The StoreHandle is: * domain-scoped * snapshot-aware * admission-aware --- ### 6.2 Admission-Gated Capabilities Capabilities exposed via StoreHandle depend on admission state: | Capability | Courtesy | Full | | ---------------- | -------- | ---- | | allocate_block | yes | yes | | seal_block | yes | yes | | append_log | yes | yes | | publish_snapshot | no | yes | | federate_log | no | yes | ASL-CORE and PEL never see this distinction. --- ## 7. Snapshots and CURRENT (ASL-HOST Role) ASL-HOST defines: * Snapshot creation * Snapshot pinning * Snapshot association with log position ASL-HOST guarantees: ```text CURRENT = snapshot + replay(log) ``` This is **host-level truth**, not an ASL-CORE concern. --- ## 8. Block Ownership and Movement ### 8.1 Block Ownership Every block belongs to exactly one domain. Block ownership is enforced by: * filesystem layout * StoreHandle scoping * ASL-HOST policy --- ### 8.2 Block Migration Between Domains Block migration is an **ASL-HOST operation**: ```text asl-host migrate-block --from A --to B ``` Rules: * Source block must be sealed * Destination domain must accept the block * Policy compatibility enforced * Provenance preserved --- ## 9. Federation Boundary ASL-HOST is the **only layer allowed to federate**. It decides: * which logs may be exported * which snapshots may be published * which foreign roots are trusted ASL-STORE and ASL-CORE remain oblivious. --- ## 10. Revocation and Suspension ASL-HOST MAY: * suspend a domain (stop new writes) * revoke federation * invalidate admission Already-sealed artifacts remain immutable. --- ## 11. SystemRescue Mapping (Concrete) Your patched SystemRescue image now hosts: * ASL-HOST runtime * Local domains (personal, courtesy, common) * Admission client * Offline authority material On boot, SystemRescue may: 1. Create a local domain 2. Load DAM + keys 3. Submit admission request 4. Receive courtesy lease 5. Begin sealed ingestion 6. Snapshot and wait You are *literally standing ready*. --- ## 12. Why This Integration Is Clean ✔ ASL-CORE untouched ✔ ASL-STORE unaware of authority ✔ Authority never touches block bytes ✔ Admission precedes trust ✔ Rescue and sovereign modes unified --- ## 13. Mental Model (One Sentence) > **ASL-HOST is the constitutional layer that turns storage into a domain, and a domain into a participant.** --- If you want next, we can: * define **ASL-HOST on-disk layout** * specify **revocation propagation** * map **PEL execution to admission state** * or walk a **full rescue → admission → federation scenario end-to-end** Just point the direction.