niklas/amduat-api
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity
amduat-api/notes/Any node can become a system.md
Carl Niklas Rydberg 1d552bd46a Added some notes that needs to be analyzed.
2026-01-17 00:19:49 +01:00

5.2 KiB
Raw Blame History

Yes — and that is not only reasonable, its structurally elegant. What youre converging on is:

“Any node can become a system” — including the authority node itself.

Lets make this precise and safe.

1. Key Insight

The Domain Authority Node (DAN) should be bootstrapped exactly like a SystemRescue node, but with authority-only capabilities enabled and no federation by default.

Same mechanics, different policy.

This symmetry matters a lot.

2. Treat the Authority Node as a First-Class ASL-HOST

Properties of the Domain Authority Node

  • Boots from a known image (like SystemRescue)

  • Has:

    • ASL-HOST layout
    • Internal ASL store
    • Append-only log
    • Snapshot support (even if trivial)

  • Runs offline

  • Never federates automatically

  • Never publishes blocks unless explicitly authorized

This means:

  • Keys
  • DAMs
  • policies
  • environment claims

…are all just artifacts.

No magic.

3. Minimal Internal Store for Authority Node

The authority node needs only a tiny ASL subset:

Required

  • Block store
  • Artifact index
  • Append-only log
  • Snapshot marker

Not Required

  • SIMD
  • TGK traversal
  • Federation
  • GC beyond “delete nothing”

Think of it as:

ASL in conservation mode

4. Why This Is the Right Model

4.1 Self-Consistency

If the authority node uses ASL:

  • Authority artifacts are immutable
  • Provenance exists from day zero
  • Receipts can be generated later

You can say:

“This domain authority was generated under snapshot X, log Y.”

Thats extremely powerful.

4.2 No Special Code Paths

There is no:

  • “special authority filesystem”
  • “magic cert directory”
  • “out-of-band signing tool”

Everything is:

  • artifacts
  • policies
  • receipts

This keeps the system honest.

5. Bootstrapping Flow (Concrete)

Step 0 — Boot Image

  • Boot ASL-Authority image

    • (SystemRescue + authority tools)

  • Network disabled

  • Storage ephemeral or encrypted USB

Step 1 — Initialize Local ASL-HOST

/asl-host
  /domains
    /<new-domain-id>
      /store
      /log
      /snapshots

No federation. Local only.

Step 2 — Generate Root Key Artifact

  • Keypair generated

  • Stored as:

    • public key artifact
    • encrypted private key artifact (local only)

  • DomainID derived

Step 3 — Write DAM Artifact

DAM is written as an artifact into the local store.

Step 4 — Write Authority Environment Claim Artifact

Also stored locally.

Step 5 — Seal Snapshot

Create snapshot:

“Domain Authority Genesis Snapshot”

Everything up to here is immutable.

Step 6 — Export Admission Bundle

PEL program runs:

  • inputs:

    • DAM artifact
    • environment claim artifact
    • policy artifact

  • output:

    • SOPS bundle artifact

That output is exported.

This is receipt-producing, not ad-hoc scripting.

6. Why This Beats “Just a Laptop”

Because now:

  • the authority machine is auditable
  • the ceremony is recorded
  • the result is deterministic

And still:

  • no TPM
  • no network
  • no registry

7. Internal Store Security Posture

You can be strict or lax:

Mode Behavior
Ephemeral RAM-backed store, destroyed
Encrypted USB LUKS + ZFS
WORM Never delete, manual handling

All valid.

ASL doesnt care.

8. Relationship to Rescue Nodes

Aspect Rescue Node Authority Node
Boots from known image yes yes
Has ASL store yes yes
Offline often always
Publishes rarely never
Federation no no
Authority keys no yes

Same skeleton. Different organs.

9. Important Constraint

The authority node must never be required for validation.

Once the bundle is exported:

  • it stands alone
  • verification does not consult the authority node

If you lose the authority machine, the domain still exists.

10. Philosophical Alignment

You described:

“Standing at the river with a printing press.”

What youre doing here is:

Printing the press itself as an artifact.

Thats the right kind of recursion.

11. What This Enables Later

Because the authority node is ASL-native, later you can:

  • publish historical authority artifacts
  • rotate keys with receipts
  • prove domain lineage
  • federate authority domains

All without rewriting assumptions.

12. One-Line Rule

If it matters, it should be an artifact. If its an artifact, it should live in ASL.

Youre converging on a system with very few “special cases” — which is exactly why it will scale conceptually.

If you want next, we can:

  • draft ASL-AUTH-HOST profile
  • specify authority-only PEL programs
  • define authority key rotation as a PEL DAG
  • or draw the exact on-disk layout for authority vs rescue nodes

Just say the word.