niklas/amduat-api
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity
amduat-api/ops/ENC-ASL-AUTH-HOST.md
Carl Niklas Rydberg 4cba1f45eb Move host/rescue docs to ops tier
2026-01-17 09:04:19 +01:00

226 lines
4.9 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

Perfect! Heres a draft specification for **ENC-ASL-AUTH-HOST v0.1**, the **on-disk layout and encoding** for the authority host. This complements ASL-AUTH-HOST by formalizing **how artifacts, blocks, logs, snapshots, and certificates are stored**.
---
# ENC-ASL-AUTH-HOST v0.1 — On-Disk Layout
## 1. Purpose
Defines the **physical and logical layout** of an ASL authority hosts storage.
Ensures:
* Deterministic artifact placement
* Snapshot-aware storage
* Offline-first operation
* Compatibility with ASL-HOST, PERs, and SOPS bundles
---
## 2. Root Layout
```
/asl-auth-host/
├─ /domains/
│ ├─ <domain-id>/
│ │ ├─ /store/
│ │ ├─ /log/
│ │ ├─ /snapshots/
│ │ ├─ /certs/
│ │ ├─ /policies/
│ │ └─ /dam/
├─ /tools/
│ └─ <binary-tools> # deterministic, versioned rescue/auth tools
├─ /env-claims/
│ └─ <snapshot-hash>.claim
└─ /sops-bundles/
└─ <bundle-id>.sops
```
---
## 3. Domains Directory
**`/domains/<domain-id>/`** contains all **domain-specific storage and authority artifacts**.
### 3.1 Store
```
/domains/<domain-id>/store/
├─ blocks/
│ ├─ <block-id>.bin # raw artifact bytes
│ └─ <block-id>.meta # metadata: size, type_tag, sealed_flag
├─ indices/
│ ├─ segment-<n>.idx # ASL-STORE index segments
│ └─ bloom-<n>.bf # optional bloom filters
```
* Each block is **immutable once sealed**
* Segment indices point to block IDs and offsets
* Encoding follows **ASL-STORE-INDEX + ENC-ASL-STORE(-INDEX)** rules
---
### 3.2 Log
```
/domains/<domain-id>/log/
├─ log-<seq>.aol # append-only log files
```
* Each log record contains:
* Artifact additions
* DAM signatures
* Snapshot seals
* Tombstone records
* Deterministic replay reconstructs **CURRENT** state
---
### 3.3 Snapshots
```
/domains/<domain-id>/snapshots/
├─ snapshot-<id>.meta
├─ snapshot-<id>.blocks # optional reference map
```
* Snapshot metadata includes:
* Logseq boundary
* Sealed segments
* Block references
* Environment claim artifact reference
* Snapshots are **immutable**
---
### 3.4 Certificates
```
/domains/<domain-id>/certs/
├─ root.pub # root public key
├─ root.priv.enc # encrypted private key
├─ dam-signer.pub # optional signing key for DAMs
├─ dam-signer.priv.enc
```
* All private keys are encrypted and **never leave offline host**
* Public keys are referenced in DAM artifacts
---
### 3.5 Policies
```
/domains/<domain-id>/policies/
├─ policy-<hash>.json
```
* Policy hash stored as artifact
* Policies include:
* Domain admission rules
* Courtesy leases
* GC / retention rules
---
### 3.6 Domain Admission Manifests (DAM)
```
/domains/<domain-id>/dam/
├─ dam-<seq>.json.sig # signed DAM artifact
```
* Each DAM artifact contains:
* Domain ID
* Root key fingerprint
* Policy hash
* Courtesy lease info (optional)
* Signed by root key
---
## 4. Tools
```
/tools/
├─ asl-auth-host # main authority binary
├─ asl-rescue # SystemRescue patched tools
└─ sops # for offline bundle creation
```
* Versioned, deterministic, immutable binaries
* Executables stored as ASL artifacts if desired
---
## 5. Environment Claims
```
/env-claims/
├─ <snapshot-id>.claim
```
* Contains:
* OS image hash
* Boot environment info
* Installed tool hashes
* ASL-HOST store checksum at snapshot
* Stored as artifact and optionally signed by root key
---
## 6. SOPS Bundles
```
/sops-bundles/
├─ <bundle-id>.sops
```
* Encrypted container for DAMs, PER receipts, and optionally policies
* Can be delivered to new nodes for **admission or rescue**
* Includes checksums for integrity
---
## 7. Encoding Conventions
1. **Blocks**: `<block-id>.bin` (raw bytes), accompanied by `<block-id>.meta`
2. **Indices**: segment-based index; segment files immutable after seal
3. **Log**: append-only, each entry:
* `logseq | artifact_key | block_ref | type_tag | operation | signature`
4. **Snapshots**: snapshot ID derived from hash of CURRENT log + block refs
5. **Certificates**: PEM or ASL-artifact wrapped keys
6. **SOPS Bundles**: standard encrypted JSON/YAML with embedded checksums
---
## 8. Security Notes
* Private keys must **never be exposed** or included in SOPS bundles unencrypted
* Blocks in store may be encrypted with **per-domain keys**
* Environment claims ensure **proof of offline execution**
* DAMs must be signed to be trusted
---
This layout allows the **authority host** to:
* Bootstrap personal or group domains
* Accept rescued artifacts
* Produce deterministic PERs and snapshots
* Create SOPS bundles for new nodes
* Operate fully offline
---
If you want, I can **draw a full diagram showing the ENC-ASL-AUTH-HOST tree, block-flow, snapshot integration, and PER generation**, so its easier to visualize the data flow during rescue or admission.
Do you want me to make that diagram next?
Reference in a new issue View git blame Copy permalink