niklas/amduat-api
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity
amduat-api/ops/legacy/Rescue Operation Architecture.md
Carl Niklas Rydberg 74efedf62c Rework ops specs
2026-01-17 09:21:47 +01:00

113 lines
6.2 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

Perfect — that gives us a **clear mission scenario**. Lets formalize this into a **Rescue Node + Domain Architecture**, showing the **flow from personal rescue → common courtesy space → personal domain establishment**. Ill also tie in snapshots, sealing, and PER generation.
---
# Rescue Operation Architecture: “Personal Rescue with Common Bootstrap”
```
┌───────────────────────────────┐
│ Input Material / Intent │
│ - Home directory snapshot │
│ - Certificates │
│ - Rescue intent / contract │
└─────────────┬─────────────────┘
┌───────────────────────────────┐
│ Sedelpress / PER Engine │
│ - Deterministic execution │
│ - TGK edges & provenance │
│ - Snapshot boundaries │
│ - Generates PER(s) │
└─────────────┬─────────────────┘
│ PER + TGK edges
┌───────────────────────────────────────┐
│ Personal Bootstrap Space (Common) │
│ - Courtesy space granted by Common │
│ - Encrypted blocks / sealed segments │
│ - Indexed via ASL-STORE(-INDEX) │
│ - Temporary / bootstrapped domain │
└─────────────┬─────────────────────────┘
│ Optional trust / policy hash
┌───────────────────────────────────────┐
│ Personal Domain (User-owned) │
│ - Blocks copied from bootstrap │
│ - Own index segments & snapshots │
│ - PERs stored and validated │
│ - Full authority and certificate │
└─────────────┬─────────────────────────┘
│ Publishing optional
┌───────────────────────────────────────┐
│ Common / Unity Domain │
│ - Shared artifacts & PERs │
│ - Read-only access for users │
│ - Snapshot pinned / immutable │
│ - Courtesy bootstrap space recognized │
└─────────────┬─────────────────────────┘
│ Cross-domain trust pins
┌───────────────────────────────────────┐
│ Foreign / External Domains │
│ - Imported artifacts (read-only) │
│ - Trust enforced by offline roots │
│ - Policy hash verification │
└───────────────────────────────────────┘
```
---
### Key Principles for Rescue + Domain Integration
1. **Bootstrap via Common**
* A person or system without a pre-existing domain can store **encrypted blocks** in the Common courtesy space.
* Common recognizes the bootstrap, enforces **policy hash**, and pins snapshots.
2. **PER Generation is Primary**
* The Sedelpress stamps **everything deterministically**: home dir, certificates, intent.
* Store artifacts are secondary; the **receipt defines authority and provenance**.
3. **Snapshots & Sealed Blocks**
* Courtesy space blocks are **encrypted and sealed** for immutability.
* Once personal domain is established, blocks can be **copied or promoted** to private space.
4. **Domain Authority**
* Personal domain is **minted post-bootstrap**, with full authority.
* Policy hash ensures cross-domain trust for publishing or importing artifacts.
5. **Cross-Domain Trust**
* Common domain pins **read-only copies** of bootstrap artifacts.
* Foreign or other users domains require **offline root verification** before accepting artifacts.
---
### Suggested ASL / Store Layout for Rescue Operation
| Domain | Backend / FS | Notes |
| --------------------------- | ----------------- | -------------------------------------------------------------------- |
| Personal Bootstrap (Common) | ZFS / POSIX + ASL | Courtesy space; blocks encrypted; temporary storage; snapshot pinned |
| Personal Domain | ZFS + ASL | User-owned; full index; sealed blocks; PERs validated |
| Common / Unity | ZFS + ASL | Shared artifacts; read-only; courtesy recognition |
| Foreign Domains | N/A (imported) | Read-only; trust pinned via policy hash and offline roots |
---
If you like, I can **next draft the Rescue Node overlay schema**:
* How the **personal bootstrap** interacts with Common
* How **PER ingestion and sealing** happens
* How **snapshots + ASL blocks** are laid out on ZFS or POSIX
* How the **courtesy / Unity tree** is seeded
This would be a **working blueprint for your personal rescue operations**, fully tied to the ASL + PEL ecosystem.
Do you want me to do that?
Reference in a new issue View git blame Copy permalink