niklas/amduat-api
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity
amduat-api/ops/enc-asl-host-1.md
Carl Niklas Rydberg 74efedf62c Rework ops specs
2026-01-17 09:21:47 +01:00

240 lines
3.9 KiB
Markdown
Raw Blame History

# ENC-ASL-HOST/1 - On-Disk Layout for ASL/HOST
Status: Draft
Owner: Architecture
Version: 0.1.0
SoT: No
Last Updated: 2026-01-17
Tags: [ops, host, layout]
**Document ID:** `ENC-ASL-HOST/1`
**Layer:** O1E - Host layout profile (storage-agnostic)
**Depends on (normative):**
* `ASL/HOST/1`
* `ASL/1-STORE`
* `ASL/LOG/1`
**Informative references:**
* `ASL/DAM/1`
* `ASL/DAP/1`
* `ENC-ASL-LOG`
* `ENC-ASL-CORE-INDEX`
---
## 0. Conventions
The key words **MUST**, **MUST NOT**, **REQUIRED**, **SHOULD**, and **MAY** are to be
interpreted as in RFC 2119.
This document defines directory and file placement only. It does not define
byte-level encodings or storage engine internals.
---
## 1. Purpose and Scope
ENC-ASL-HOST/1 specifies a minimal, storage-agnostic on-disk layout for
ASL/HOST implementations. It standardizes where host metadata, domain data,
logs, and snapshots live.
---
## 2. Root Layout
```
/asl-host/
├── host/
├── domains/
├── federation/
└── quarantine/
```
All host-managed state MUST live under `/asl-host`.
---
## 3. Host-Level Metadata
```
/asl-host/host/
├── host-id
├── host-policy
└── trusted-roots/
```
* `host-id` is a stable identifier for the host.
* `host-policy` contains local policy constraints.
* `trusted-roots/` contains offline trust anchors.
---
## 4. Domain Root
Each domain has a single root directory:
```
/asl-host/domains/<domain-id>/
```
Nothing outside this directory MAY be interpreted as part of the domain state.
---
## 5. Domain Descriptor
```
/asl-host/domains/<domain-id>/domain.json
```
The descriptor contains host-derived metadata (not signed):
```
{
"domain_id": "...",
"state": "COURTESY|FULL|SUSPENDED|REVOKED",
"created_at": "...",
"admitted_at": "...",
"root_key_fingerprint": "...",
"policy_hash": "...",
"current_snapshot": "...",
"current_logseq": 0
}
```
---
## 6. Admission Records
```
/asl-host/domains/<domain-id>/admission/
├── dam.cbor
├── dam.sig
├── admission-request.cbor
├── admission-decision.cbor
└── admission-decision.sig
```
Admission records are immutable and MUST be retained.
---
## 7. Authority Material
```
/asl-host/domains/<domain-id>/auth/
├── root.pub
├── operators/
├── device.pub
└── revocations/
```
Private keys MAY exist only temporarily and SHOULD NOT be required for
steady-state operation.
---
## 8. Store Area
```
/asl-host/domains/<domain-id>/store/
├── blocks/
│ ├── open/
│ ├── sealed/
│ └── gc/
├── objects/
└── encryption/
```
* `open/` blocks are writable and may be lost on crash.
* `sealed/` blocks are immutable.
* `gc/` is host-managed reclaim staging.
---
## 9. Index Area
```
/asl-host/domains/<domain-id>/index/
├── segments/
├── bloom/
└── tmp/
```
Segment encodings are defined by `ENC-ASL-CORE-INDEX`.
---
## 10. Log Area
```
/asl-host/domains/<domain-id>/log/
```
Log records and envelopes are defined by `ENC-ASL-LOG`.
---
## 11. Snapshot Area
```
/asl-host/domains/<domain-id>/snapshots/
```
Snapshot metadata MUST include the log sequence boundary and segment set used
for deterministic replay.
---
## 12. Leases
```
/asl-host/domains/<domain-id>/leases/
```
Courtesy lease metadata is stored here and MUST NOT be interpreted by
ASL/1-STORE.
---
## 13. Temporary Workspace
```
/asl-host/domains/<domain-id>/tmp/
```
The host MAY use this directory for temporary, non-authoritative files.
It MUST NOT be required for deterministic replay.
---
## 14. Federation (Optional)
```
/asl-host/federation/
├── peers/
├── exports/
└── imports/
```
Federation caches are optional and MUST NOT change local domain state.
---
## 15. Quarantine
```
/asl-host/quarantine/
```
Untrusted or failed admissions MAY be staged here for inspection.
---
## 16. Versioning
Backward-incompatible layout changes MUST bump the major version.
Reference in a new issue View git blame Copy permalink