niklas/amduat-api
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity
amduat-api/ops/ASL-HOST v0-1.md
Carl Niklas Rydberg 4cba1f45eb Move host/rescue docs to ops tier
2026-01-17 09:04:19 +01:00

5.1 KiB
Raw Blame History

Heres a clean v0.1 draft for ASL-HOST, scoped to what we discussed — minimal, environment-focused, without touching semantics or storage encoding. This is the runtime/host interface layer that bridges ASL-STORE(-INDEX) to a real system.

ASL-HOST v0.1 Host/Runtime Interface for ASL Stores

1. Purpose

ASL-HOST specifies the runtime contract between an ASL store and the host environment. It defines what the host must provide for an ASL store to operate correctly, without imposing:

  • Storage semantics
  • Encoding
  • Policy
  • Security beyond minimal integrity guarantees

It supports POSIX filesystems, ZFS, object stores, or other backing layers.

2. Core Concepts

Concept Definition
StoreHandle Opaque reference to a host-provided store instance
StoreLocation Host-defined location where a store exists (path, URI, mount point, etc.)
AppendUnit Minimum atomic write unit for the append-only log
SnapshotID Opaque identifier of a host-provided snapshot
HostClock Monotonic counter or timestamp source
HostIdentity Unique machine or user identity for signing or domain minting

3. Store Instantiation

3.1 Store Creation

  • CreateStore(location: StoreLocation) → StoreHandle

  • Must guarantee crash-consistent initialization.

  • Location may be:

    • POSIX path
    • ZFS dataset
    • Object store bucket

  • StoreHandle is opaque, only valid while the store exists on host.

3.2 Store Open

  • OpenStore(location: StoreLocation) → StoreHandle
  • Host must provide durable, consistent view.
  • Opening an existing store must not corrupt previous data.

3.3 Store Close

  • CloseStore(store: StoreHandle)
  • Ensures all writes are persisted to durable media.
  • Optional: triggers host-specific flush or checkpoint.

4. Atomic Append / Log Operations

  • Host must provide atomic append semantics.

  • Minimum guarantees:

    • Sequential ordering (logseq monotonicity)
    • Crash consistency (partial writes are not visible)

  • AppendUnit:

    • Defined by host; could be page-size or object-size
    • ASL-STORE must tolerate hosts granularity

5. Snapshot Management

  • Optional but recommended.

  • Host provides:

    • CreateSnapshot(store: StoreHandle) → SnapshotID
    • MountSnapshot(store: StoreHandle, id: SnapshotID) → StoreHandle

  • Guarantees:

    • Snapshot captures a consistent view of sealed blocks
    • Mounting snapshot produces read-only store handle

  • Host may use:

    • ZFS snapshot
    • POSIX filesystem copy-on-write overlay
    • Object store versioning

6. Durability & Crash Semantics

  • Host must ensure:

    • Writes are durable after append or flush
    • Crash recovery restores store to last durable state
    • Open, unsealed blocks may be lost without breaking invariants

  • StoreHandle and append-only log are atomic units visible to ASL-STORE

7. Minimal Identity & Logging

  • Host must provide:

    • HostClock() → monotonic timestamp / counter
    • HostIdentity() → machine or user ID for signing / domain minting
    • Optional log for debugging or auditing

8. Error Semantics

  • Operations may return:

    • STORE_OK
    • STORE_EXISTS
    • STORE_NOT_FOUND
    • STORE_IO_ERROR
    • STORE_CONCURRENT_MODIFICATION

  • ASL-STORE must handle errors deterministically

9. Security Considerations

  • ASL-HOST does not enforce cryptography.

  • Host may provide optional:

    • Encryption at rest
    • Access control
    • Secure snapshot mechanisms

  • Certificates and trust are handled in ASL-AUTH, separate layer

10. Example Implementations

Backend How ASL-HOST maps
POSIX filesystem StoreLocation = path; append = write+fsync; snapshot = overlayfs copy
ZFS dataset StoreLocation = dataset; append = zfs sync; snapshot = zfs snapshot
Object store StoreLocation = bucket/namespace; append = object PUT; snapshot = versioned bucket

11. Versioning

  • Spec version: 0.1
  • Backward incompatible changes must bump major version.
  • Minimal compliance: implement store creation/open/close and append guarantees.

12. Summary

ASL-HOST v0.1:

  • Defines runtime contract between ASL store and host
  • Provides store handles, atomic append, snapshots, identity
  • Layered cleanly above ASL-STORE(-INDEX), below system or OS
  • Keeps semantics, encoding, and trust separate

If you like, I can draft ASL-AUTH v0.1 next, and then show how SystemRescue could instantiate ASL-HOST with POSIX/ZFS to seed a personal domain. That would give a complete view for your rescue scenario.

Do you want me to do that next?