niklas/amduat-api
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity
amduat-api/tier1/asl-federation-replay-1.md
Carl Niklas Rydberg 95e030d562 Refine federation replay and authority specs
2026-01-17 08:58:56 +01:00

4.6 KiB
Raw Blame History

ASL/FEDERATION-REPLAY/1 -- Cross-Node Deterministic Replay

Status: Draft Owner: Architecture Version: 0.1.0 SoT: No Last Updated: 2025-01-17 Tags: [federation, replay, determinism, tgk, pel]

Document ID: ASL/FEDERATION-REPLAY/1 Layer: L2 -- Federation replay semantics (no transport)

Depends on (normative):

  • ASL/FEDERATION/1
  • ASL/LOG/1
  • ASL/1-CORE-INDEX
  • TGK/1

Informative references:

  • ASL/SYSTEM/1 -- unified system view
  • ENC-ASL-CORE-INDEX -- domain metadata
  • ASL/DAP/1 -- admission gating
  • ASL/POLICY-HASH/1 -- policy compatibility

0. Conventions

The key words MUST, MUST NOT, REQUIRED, SHOULD, and MAY are to be interpreted as in RFC 2119.

ASL/FEDERATION-REPLAY/1 defines deterministic replay rules for federated propagation. It does not define network protocols or encodings.

1. Purpose

This document defines how artifacts, PERs, and TGK edges are propagated and replayed across federation nodes while preserving deterministic reconstruction.

2. Core Inputs

  • ArtifactKey: canonical identifier for artifacts and PERs
  • SnapshotID: snapshot boundary for replay
  • logseq: append-only ordering within a domain
  • Canonical Edge Key: TGK edge identity

3. Replay Record Requirements

Each propagated record MUST be replayable without external context. Records MUST carry:

  • domain_id (source domain)
  • record_type (artifact, PER, TGK edge, tombstone)
  • logseq (source-domain ordering)
  • snapshot_id and log_prefix bounds for which the record is visible
  • Canonical identity (ArtifactKey or Canonical Edge Key)
  • Visibility metadata (internal/published, cross-domain source when applicable)

Records MAY include optional integrity fields (hashes, signatures), but replay MUST remain deterministic without them.

4. Propagation Rules

4.1 Artifacts and PERs

  • Artifacts and PERs are propagated with their ArtifactKey and logseq.
  • Only artifacts visible under a published snapshot MAY be propagated.
  • Duplicate ArtifactKeys MUST be de-duplicated by identity.
  • Imported entries MUST preserve origin metadata (domain identity and visibility).

4.2 TGK Edges

  • TGK edges are propagated with their canonical edge identity and logseq.
  • Edge propagation MUST preserve the same snapshot/log visibility constraints as artifacts.

5. Deterministic Replay Ordering

Replay order MUST be deterministic across nodes:

  1. Sort by logseq ascending
  2. Tie-break by canonical identity (ArtifactKey or Canonical Edge Key)

This ordering MUST be applied identically by all receivers.

6. Snapshot Bounds

  • Replay MUST be bounded by {SnapshotID, LogPrefix}.
  • Records with logseq greater than the replay prefix MUST be ignored.
  • Replay MUST use the source domain's {SnapshotID, LogPrefix} as the bound for imported state.

7. Federation View Construction

Receivers construct a federation view by combining:

  1. Local domain state at {SnapshotID, LogPrefix}.
  2. Admitted foreign published state bounded by the source domain's {SnapshotID, LogPrefix}.

Admission and policy compatibility MUST be enforced before any foreign state is admitted.

8. Tombstones and Shadowing

  • Tombstones MUST be replayed in log order and apply only within their source domain.
  • A tombstone from domain A MUST NOT shadow artifacts from domain B.
  • Shadowing is resolved per-domain using ASL/LOG/1 order and ASL/1-CORE-INDEX semantics.

9. Conflict Handling

  1. ArtifactKey collision

    • If bytes match existing artifact: discard duplicate.
    • If bytes differ: reject and flag conflict.

  2. TGK edge conflicts

    • Multiple edges with the same canonical identity are resolved by log order and tombstone rules.

  3. PER conflicts

    • PERs with identical inputs and program identity but divergent outputs MUST be rejected.

10. Replay State and Idempotency

Replay MUST be idempotent:

  • Re-applying the same record set MUST NOT change the resulting state.
  • Receivers SHOULD track {domain_id, logseq} high-water marks per peer.
  • Checkpointing MUST be aligned to {SnapshotID, LogPrefix} boundaries.

11. Provenance and Audit

Receivers SHOULD maintain:

  • Last applied logseq per peer
  • Snapshot provenance tables for applied records

This supports deterministic audit and replay verification.

12. Non-Goals

  • Transport protocol selection
  • Streaming formats
  • Compression or batching

13. Summary

ASL/FEDERATION-REPLAY/1 defines a deterministic replay ordering and conflict rules to ensure federation is reproducible across nodes and snapshots.