niklas/amduat-api
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity
amduat-api/ops/Rescue Node Blueprint v0-1.md
Carl Niklas Rydberg 4cba1f45eb Move host/rescue docs to ops tier
2026-01-17 09:04:19 +01:00

164 lines
8.5 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

Perfect — this is exactly the “first-person, first-rescue” scenario. Ill extend the blueprint to reflect **a freshly minted SystemRescue user entering the ecosystem** with old personal data, no prior certificates, and the intention of building both a **personal domain** and seeding the **common / Unity tree**. Ill tie together **PER generation, ASL blocks, snapshots, and trust setup** from scratch.
---
# Rescue Node Blueprint v0.1 — Fresh Entry Scenario
```
┌───────────────────────────────┐
│ Legacy Input Material │
│ - Home directory snapshot │
│ - App config / old data │
│ - Intent / contracts │
└─────────────┬─────────────────┘
┌───────────────────────────────┐
│ Sedelpress / PER Engine │
│ - Deterministic execution │
│ - TGK edges & provenance │
│ - Snapshot boundaries │
│ - Generates initial PER(s) │
│ - Logs intent + provenance │
└─────────────┬─────────────────┘
│ PER + TGK edges
┌───────────────────────────────────────────────┐
│ Bootstrap in Common / Courtesy Space │
│ - Encrypted personal blocks │
│ - ASL-STORE(-INDEX) organizes blocks & logs │
│ - Snapshot pinned for reproducibility │
│ - Acts as temporary “personal domain seed” │
└─────────────┬─────────────────────────────────┘
│ Optional trust / policy hash
┌───────────────────────────────────────────────┐
│ Personal Domain (New) │
│ - Blocks copied from courtesy space │
│ - Own index segments, snapshots │
│ - PERs validated and linked to TGK edges │
│ - Certificates minted (ASL-AUTH) │
│ - Domain Authority Manifest created │
│ - Optional publication to Common later │
└─────────────┬─────────────────────────────────┘
│ Optional publication
┌───────────────────────────────────────────────┐
│ Common / Unity Domain │
│ - Shared artifacts / PERs │
│ - Read-only pinned snapshots │
│ - Courtesy recognition of new user │
│ - Aggregates multiple bootstrap submissions │
└─────────────┬─────────────────────────────────┘
│ Cross-domain trust pins
┌───────────────────────────────────────────────┐
│ Foreign / Other Domains │
│ - Imported artifacts read-only │
│ - Trust via offline roots & policy hash │
│ - Deterministic snapshots reconstructed │
└───────────────────────────────────────────────┘
```
---
## Key Concepts and Steps
### 1. Legacy Material Intake
* Old personal data is treated as **raw artifact input**.
* **Sedelpress** ingests everything deterministically, creating **PER(s) for provenance**.
* Intent and contract are encoded alongside data, defining what must be certified.
### 2. PER Generation
* **First-class operation**: PERs precede storage.
* TGK edges capture lineage and relationships.
* Snapshots of input material are **recorded for deterministic reconstruction**.
### 3. Bootstrap Personal Domain via Common
* **Encrypted blocks** are stored in the Common courtesy space.
* Blocks are **sealed and indexed** (ASL-STORE / ASL-STORE-INDEX).
* Common **pins snapshots** to ensure reproducibility.
* This bootstrap **does not require prior certificates** — Common allows “newcomer courtesy.”
### 4. Personal Domain Minting
* After bootstrap, blocks are copied into the new **personal domain**.
* **Certificates (ASL-AUTH)** are minted, forming your **authority root**.
* Domain Authority Manifest (DAM) is created with:
* Your domain ID
* Seeded artifacts / PERs
* Trust anchors (offline roots)
* PERs are now linked, validated, and can be optionally published to Common.
### 5. Common / Unity Tree
* Aggregates shared PERs and artifacts from multiple users.
* Maintains **read-only pinned snapshots**.
* Facilitates **cross-user consistency and cooperation**.
* Your encrypted bootstrap blocks remain private until you choose to publish.
### 6. Cross-Domain Trust
* Optional import/export of artifacts to other domains:
* **Read-only import**: deterministic reconstruction.
* **Policy hash** ensures correctness.
* **Offline roots** verify trust for foreign domains.
---
## Suggested ASL / Filesystem Layout
| Domain / Layer | Backend / FS | Notes |
| ------------------------- | --------------------- | ----------------------------------------------------------- |
| Legacy Material Intake | POSIX / tmp overlay | Raw input snapshots |
| Sedelpress / PER Engine | Memory + temp storage | Deterministic execution; generates TGK edges |
| Bootstrap Personal Domain | ZFS / ASL-STORE | Courtesy encrypted blocks; pinned snapshot; temporary index |
| Personal Domain (New) | ZFS / ASL-STORE | Full index, sealed blocks, PERs, certificates |
| Common / Unity Domain | ZFS / ASL-STORE | Shared artifacts / PERs; read-only; pinned snapshots |
| Foreign / Other Domains | N/A / imported | Read-only; trust via offline roots & policy hash |
---
### Notes on Certificates / ASL-AUTH
* **Initial certificate minting** occurs **after bootstrap**.
* Offline root keys are generated on a **secure Debian machine** (offline).
* **Personal Domain Authority** is tied to offline roots.
* PERs in bootstrap space can later be **retrospectively certified** once personal domain is minted.
---
### Snapshot & Sealing Flow
1. **Legacy snapshot** → PER generation
2. **Seal blocks** in courtesy space
3. **Pin snapshots** in bootstrap space
4. **Copy to personal domain** → seal and index
5. **Create DAM + Certificates** → retrospective trust assignment
6. Optional publication → **Common / Unity tree**
---
This **blueprint supports:**
* Fresh user / rescue node onboarding
* Deterministic provenance from legacy material
* Personal domain creation without prior certificates
* Courtesy bootstrap in Common for temporary storage
* Safe integration with Common / Unity tree and foreign domains
* PER-first philosophy ensuring traceability and auditability
---
If you want, I can **draw a “layered architecture diagram”**, showing **Sedelpress, ASL blocks, snapshots, PERs, and the hierarchy of domains**, highlighting **bootstrap, personal, common, and foreign layers**.
It would be a **visual rescue map**, perfect for planning the initial node setup.
Do you want me to do that next?
Reference in a new issue View git blame Copy permalink