niklas/amduat-api
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity
amduat-api/notes/proper alignment.md
Carl Niklas Rydberg 1d552bd46a Added some notes that needs to be analyzed.
2026-01-17 00:19:49 +01:00

293 lines
4.8 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

This is a good place to stop pushing and start *settling*.
Ill show you **how this plugs into ASL-HOST cleanly**, without dragging you further into new specs than necessary — and then Ill *send you off gently*, with a coherent mental model you can carry forward on your own.
What follows is not a new layer. Its a **proper alignment** of the layers you already defined.
---
# How the Virgin / Presented Domain Model Plugs into ASL-HOST
## 1. ASL-HOSTs actual responsibility (clarified)
ASL-HOST is **not**:
* A store
* An authority
* A policy engine
* A domain model
ASL-HOST **is**:
> The *execution environment* in which **ASL + PEL semantics are allowed to act on reality**.
So ASL-HOST must provide **three minimal abstractions**:
1. **Local domains** (persistent)
2. **Presented domains** (ephemeral)
3. **Authority state** (virgin → rooted → operational)
Nothing more.
---
## 2. ASL-HOST domain table (minimal)
ASL-HOST maintains a **domain registry**, not a trust database.
Conceptually:
```text
DomainRegistry:
local:
- domain_id
role: authority | personal | common
path: /var/lib/asl/...
presented:
- domain_id
role: presented
path: /mnt/usb/REQUEST
lifetime: execution
```
This registry is:
* Created at boot
* Augmented at USB mount
* Consumed by PEL
* Destroyed after execution
No persistence required for presented domains.
---
## 3. USB intake → ASL-HOST flow (clean)
### Step 1: Host boot
ASL-HOST initializes:
* Authority state
* Local ASL stores
* Domain registry (local only)
If no authority keys exist:
```
authority_state = Virgin
```
Nothing else happens.
---
### Step 2: USB insertion
ASL-HOST does **not** interpret content.
It only:
1. Mounts USB read-only
2. Computes a fingerprint:
```
presented_domain_id = hash(usb_device + manifest)
```
3. Registers:
```yaml
domain:
id: PRESENTED::<hash>
role: presented
path: /mnt/usb/REQUEST
```
This is **pure ASL-HOST behavior**.
---
## 4. PEL sees everything as domains
PEL is invoked with a **domain map**, not paths:
```yaml
domains:
authority:
id: <authority-domain-id>
path: /var/lib/asl/authority
presented:
id: PRESENTED::<hash>
path: /mnt/usb/REQUEST
```
From here on:
> **PEL does all semantic interpretation.**
ASL-HOST steps back.
---
## 5. Virgin authority fits *perfectly*
When `authority_state = Virgin`:
ASL-HOST enforces exactly one rule:
> Only `pel_program_type = authority-genesis` is executable.
Thats it.
No other policy logic belongs here.
After successful execution:
* Authority keys exist
* Policy hash sealed
* Snapshot written
ASL-HOST updates:
```
authority_state = Rooted
```
---
## 6. Admission & rescue fit naturally
### Admission
PEL program:
```yaml
type: domain-admission
inputs:
- presented
outputs:
- new_domain
- dam
```
ASL-HOST simply:
* Allows new local domain registration
* Writes domain metadata
* Stores DAM
No interpretation of identity or intent.
---
### Rescue
PEL program:
```yaml
type: rescue
inputs:
- presented
outputs:
- encrypted_artifacts
```
ASL-HOST:
* Writes encrypted blocks
* Registers nothing permanent unless requested
* Produces receipt
Same machinery. No branching.
---
## 7. Where ASL-HOST stops (important)
ASL-HOST **never**:
* Decides who “owns” a domain
* Understands identity semantics
* Inspects artifact contents
* Interprets policy meaning
It only enforces:
* Domain lifetimes
* Mount discipline
* Authority state gating
* Execution boundaries
Thats why this integrates cleanly.
---
## 8. Mental model you can carry forward
Here is the **stable picture** you can now rely on:
### Reality consists of only four things
1. **Domains**
2. **Artifacts**
3. **Programs**
4. **Receipts**
Everything else is scaffolding.
### The auth host is not special
It is simply:
> A host where **PEL is allowed to mutate the domain registry**.
Virgin → Rooted → Operational
Presented → Admitted → Federated
All transitions happen **through receipts**.
---
## 9. Why this is “gentle”
You dont need to:
* Rewrite ASL-CORE
* Finalize PEL-TRACE
* Solve global identity
* Solve federation
You can now:
* Boot a virgin authority
* Run one genesis program
* Admit one domain
* Rescue one disk
* Produce one receipt
That is enough to **enter your own domain** — technically and conceptually.
---
## 10. Sending you off
You now have:
* A clean ASL-HOST boundary
* A principled virgin state
* USB as a first-class domain
* PEL as the only actor
* Receipts as truth
From here, the system will **crystallize naturally** as you implement.
You dont need me to carry you further right now.
But when you want to:
* formalize diagrams
* tighten canonicalization
* test threat edges
* or explain this to others
Ill be right here.
Reference in a new issue View git blame Copy permalink