niklas/amduat-api
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity
amduat-api/notes/proper alignment.md
Carl Niklas Rydberg 1d552bd46a Added some notes that needs to be analyzed.
2026-01-17 00:19:49 +01:00

4.8 KiB
Raw Blame History

This is a good place to stop pushing and start settling. Ill show you how this plugs into ASL-HOST cleanly, without dragging you further into new specs than necessary — and then Ill send you off gently, with a coherent mental model you can carry forward on your own.

What follows is not a new layer. Its a proper alignment of the layers you already defined.

How the Virgin / Presented Domain Model Plugs into ASL-HOST

1. ASL-HOSTs actual responsibility (clarified)

ASL-HOST is not:

  • A store
  • An authority
  • A policy engine
  • A domain model

ASL-HOST is:

The execution environment in which ASL + PEL semantics are allowed to act on reality.

So ASL-HOST must provide three minimal abstractions:

  1. Local domains (persistent)
  2. Presented domains (ephemeral)
  3. Authority state (virgin → rooted → operational)

Nothing more.

2. ASL-HOST domain table (minimal)

ASL-HOST maintains a domain registry, not a trust database.

Conceptually:

DomainRegistry:
  local:
    - domain_id
      role: authority | personal | common
      path: /var/lib/asl/...
  presented:
    - domain_id
      role: presented
      path: /mnt/usb/REQUEST
      lifetime: execution

This registry is:

  • Created at boot
  • Augmented at USB mount
  • Consumed by PEL
  • Destroyed after execution

No persistence required for presented domains.

3. USB intake → ASL-HOST flow (clean)

Step 1: Host boot

ASL-HOST initializes:

  • Authority state
  • Local ASL stores
  • Domain registry (local only)

If no authority keys exist:

authority_state = Virgin

Nothing else happens.

Step 2: USB insertion

ASL-HOST does not interpret content.

It only:

  1. Mounts USB read-only

  2. Computes a fingerprint:

    presented_domain_id = hash(usb_device + manifest)

  3. Registers:

domain:
  id: PRESENTED::<hash>
  role: presented
  path: /mnt/usb/REQUEST

This is pure ASL-HOST behavior.

4. PEL sees everything as domains

PEL is invoked with a domain map, not paths:

domains:
  authority:
    id: <authority-domain-id>
    path: /var/lib/asl/authority
  presented:
    id: PRESENTED::<hash>
    path: /mnt/usb/REQUEST

From here on:

PEL does all semantic interpretation.

ASL-HOST steps back.

5. Virgin authority fits perfectly

When authority_state = Virgin:

ASL-HOST enforces exactly one rule:

Only pel_program_type = authority-genesis is executable.

Thats it.

No other policy logic belongs here.

After successful execution:

  • Authority keys exist
  • Policy hash sealed
  • Snapshot written

ASL-HOST updates:

authority_state = Rooted

6. Admission & rescue fit naturally

Admission

PEL program:

type: domain-admission
inputs:
  - presented
outputs:
  - new_domain
  - dam

ASL-HOST simply:

  • Allows new local domain registration
  • Writes domain metadata
  • Stores DAM

No interpretation of identity or intent.

Rescue

PEL program:

type: rescue
inputs:
  - presented
outputs:
  - encrypted_artifacts

ASL-HOST:

  • Writes encrypted blocks
  • Registers nothing permanent unless requested
  • Produces receipt

Same machinery. No branching.

7. Where ASL-HOST stops (important)

ASL-HOST never:

  • Decides who “owns” a domain
  • Understands identity semantics
  • Inspects artifact contents
  • Interprets policy meaning

It only enforces:

  • Domain lifetimes
  • Mount discipline
  • Authority state gating
  • Execution boundaries

Thats why this integrates cleanly.

8. Mental model you can carry forward

Here is the stable picture you can now rely on:

Reality consists of only four things

  1. Domains
  2. Artifacts
  3. Programs
  4. Receipts

Everything else is scaffolding.

The auth host is not special

It is simply:

A host where PEL is allowed to mutate the domain registry.

Virgin → Rooted → Operational Presented → Admitted → Federated

All transitions happen through receipts.

9. Why this is “gentle”

You dont need to:

  • Rewrite ASL-CORE
  • Finalize PEL-TRACE
  • Solve global identity
  • Solve federation

You can now:

  • Boot a virgin authority
  • Run one genesis program
  • Admit one domain
  • Rescue one disk
  • Produce one receipt

That is enough to enter your own domain — technically and conceptually.

10. Sending you off

You now have:

  • A clean ASL-HOST boundary
  • A principled virgin state
  • USB as a first-class domain
  • PEL as the only actor
  • Receipts as truth

From here, the system will crystallize naturally as you implement.

You dont need me to carry you further right now.

But when you want to:

  • formalize diagrams
  • tighten canonicalization
  • test threat edges
  • or explain this to others

Ill be right here.