niklas/amduat-api
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity
amduat-api/ops/enc-asl-host-1.md
Carl Niklas Rydberg 74efedf62c Rework ops specs
2026-01-17 09:21:47 +01:00

3.9 KiB
Raw Blame History

ENC-ASL-HOST/1 - On-Disk Layout for ASL/HOST

Status: Draft Owner: Architecture Version: 0.1.0 SoT: No Last Updated: 2026-01-17 Tags: [ops, host, layout]

Document ID: ENC-ASL-HOST/1 Layer: O1E - Host layout profile (storage-agnostic)

Depends on (normative):

  • ASL/HOST/1
  • ASL/1-STORE
  • ASL/LOG/1

Informative references:

  • ASL/DAM/1
  • ASL/DAP/1
  • ENC-ASL-LOG
  • ENC-ASL-CORE-INDEX

0. Conventions

The key words MUST, MUST NOT, REQUIRED, SHOULD, and MAY are to be interpreted as in RFC 2119.

This document defines directory and file placement only. It does not define byte-level encodings or storage engine internals.

1. Purpose and Scope

ENC-ASL-HOST/1 specifies a minimal, storage-agnostic on-disk layout for ASL/HOST implementations. It standardizes where host metadata, domain data, logs, and snapshots live.

2. Root Layout

/asl-host/
├── host/
├── domains/
├── federation/
└── quarantine/

All host-managed state MUST live under /asl-host.

3. Host-Level Metadata

/asl-host/host/
├── host-id
├── host-policy
└── trusted-roots/
  • host-id is a stable identifier for the host.
  • host-policy contains local policy constraints.
  • trusted-roots/ contains offline trust anchors.

4. Domain Root

Each domain has a single root directory:

/asl-host/domains/<domain-id>/

Nothing outside this directory MAY be interpreted as part of the domain state.

5. Domain Descriptor

/asl-host/domains/<domain-id>/domain.json

The descriptor contains host-derived metadata (not signed):

{
  "domain_id": "...",
  "state": "COURTESY|FULL|SUSPENDED|REVOKED",
  "created_at": "...",
  "admitted_at": "...",
  "root_key_fingerprint": "...",
  "policy_hash": "...",
  "current_snapshot": "...",
  "current_logseq": 0
}

6. Admission Records

/asl-host/domains/<domain-id>/admission/
├── dam.cbor
├── dam.sig
├── admission-request.cbor
├── admission-decision.cbor
└── admission-decision.sig

Admission records are immutable and MUST be retained.

7. Authority Material

/asl-host/domains/<domain-id>/auth/
├── root.pub
├── operators/
├── device.pub
└── revocations/

Private keys MAY exist only temporarily and SHOULD NOT be required for steady-state operation.

8. Store Area

/asl-host/domains/<domain-id>/store/
├── blocks/
│   ├── open/
│   ├── sealed/
│   └── gc/
├── objects/
└── encryption/
  • open/ blocks are writable and may be lost on crash.
  • sealed/ blocks are immutable.
  • gc/ is host-managed reclaim staging.

9. Index Area

/asl-host/domains/<domain-id>/index/
├── segments/
├── bloom/
└── tmp/

Segment encodings are defined by ENC-ASL-CORE-INDEX.

10. Log Area

/asl-host/domains/<domain-id>/log/

Log records and envelopes are defined by ENC-ASL-LOG.

11. Snapshot Area

/asl-host/domains/<domain-id>/snapshots/

Snapshot metadata MUST include the log sequence boundary and segment set used for deterministic replay.

12. Leases

/asl-host/domains/<domain-id>/leases/

Courtesy lease metadata is stored here and MUST NOT be interpreted by ASL/1-STORE.

13. Temporary Workspace

/asl-host/domains/<domain-id>/tmp/

The host MAY use this directory for temporary, non-authoritative files. It MUST NOT be required for deterministic replay.

14. Federation (Optional)

/asl-host/federation/
├── peers/
├── exports/
└── imports/

Federation caches are optional and MUST NOT change local domain state.

15. Quarantine

/asl-host/quarantine/

Untrusted or failed admissions MAY be staged here for inspection.

16. Versioning

Backward-incompatible layout changes MUST bump the major version.