# ENC-ASL-HOST/1 - On-Disk Layout for ASL/HOST Status: Draft Owner: Architecture Version: 0.1.0 SoT: No Last Updated: 2026-01-17 Tags: [ops, host, layout] **Document ID:** `ENC-ASL-HOST/1` **Layer:** O1E - Host layout profile (storage-agnostic) **Depends on (normative):** * `ASL/HOST/1` * `ASL/1-STORE` * `ASL/LOG/1` **Informative references:** * `ASL/DAM/1` * `ASL/DAP/1` * `ENC-ASL-LOG` * `ENC-ASL-CORE-INDEX` --- ## 0. Conventions The key words **MUST**, **MUST NOT**, **REQUIRED**, **SHOULD**, and **MAY** are to be interpreted as in RFC 2119. This document defines directory and file placement only. It does not define byte-level encodings or storage engine internals. --- ## 1. Purpose and Scope ENC-ASL-HOST/1 specifies a minimal, storage-agnostic on-disk layout for ASL/HOST implementations. It standardizes where host metadata, domain data, logs, and snapshots live. --- ## 2. Root Layout ``` /asl-host/ ├── host/ ├── domains/ ├── federation/ └── quarantine/ ``` All host-managed state MUST live under `/asl-host`. --- ## 3. Host-Level Metadata ``` /asl-host/host/ ├── host-id ├── host-policy └── trusted-roots/ ``` * `host-id` is a stable identifier for the host. * `host-policy` contains local policy constraints. * `trusted-roots/` contains offline trust anchors. --- ## 4. Domain Root Each domain has a single root directory: ``` /asl-host/domains// ``` Nothing outside this directory MAY be interpreted as part of the domain state. --- ## 5. Domain Descriptor ``` /asl-host/domains//domain.json ``` The descriptor contains host-derived metadata (not signed): ``` { "domain_id": "...", "state": "COURTESY|FULL|SUSPENDED|REVOKED", "created_at": "...", "admitted_at": "...", "root_key_fingerprint": "...", "policy_hash": "...", "current_snapshot": "...", "current_logseq": 0 } ``` --- ## 6. Admission Records ``` /asl-host/domains//admission/ ├── dam.cbor ├── dam.sig ├── admission-request.cbor ├── admission-decision.cbor └── admission-decision.sig ``` Admission records are immutable and MUST be retained. --- ## 7. Authority Material ``` /asl-host/domains//auth/ ├── root.pub ├── operators/ ├── device.pub └── revocations/ ``` Private keys MAY exist only temporarily and SHOULD NOT be required for steady-state operation. --- ## 8. Store Area ``` /asl-host/domains//store/ ├── blocks/ │ ├── open/ │ ├── sealed/ │ └── gc/ ├── objects/ └── encryption/ ``` * `open/` blocks are writable and may be lost on crash. * `sealed/` blocks are immutable. * `gc/` is host-managed reclaim staging. --- ## 9. Index Area ``` /asl-host/domains//index/ ├── segments/ ├── bloom/ └── tmp/ ``` Segment encodings are defined by `ENC-ASL-CORE-INDEX`. --- ## 10. Log Area ``` /asl-host/domains//log/ ``` Log records and envelopes are defined by `ENC-ASL-LOG`. --- ## 11. Snapshot Area ``` /asl-host/domains//snapshots/ ``` Snapshot metadata MUST include the log sequence boundary and segment set used for deterministic replay. --- ## 12. Leases ``` /asl-host/domains//leases/ ``` Courtesy lease metadata is stored here and MUST NOT be interpreted by ASL/1-STORE. --- ## 13. Temporary Workspace ``` /asl-host/domains//tmp/ ``` The host MAY use this directory for temporary, non-authoritative files. It MUST NOT be required for deterministic replay. --- ## 14. Federation (Optional) ``` /asl-host/federation/ ├── peers/ ├── exports/ └── imports/ ``` Federation caches are optional and MUST NOT change local domain state. --- ## 15. Quarantine ``` /asl-host/quarantine/ ``` Untrusted or failed admissions MAY be staged here for inspection. --- ## 16. Versioning Backward-incompatible layout changes MUST bump the major version.