amduat/tier1/asl-system-1.md

# ASL/SYSTEM/1 — Unified ASL + TGK + PEL System View

Status: Draft
Owner: Architecture
Version: 0.1.0
SoT: No
Last Updated: 2025-01-17
Linked Phase Pack: N/A
Tags: [deterministic, federation, pel, tgk, index]

<!-- Source: /amduat-api/tier1/asl-system-1.md | Canonical: /amduat/tier1/asl-system-1.md -->

**Document ID:** `ASL/SYSTEM/1`
**Layer:** L2 — Cross-cutting system view (no new encodings)

**Depends on (normative):**

* `ASL/1-CORE`
* `ASL/1-CORE-INDEX`
* `ASL/STORE-INDEX/1`
* `ASL/LOG/1`
* `ENC/ASL-CORE-INDEX/1`

**Informative references:**

* `ASL/INDEX-ACCEL/1`
* `TGK/1` — Trace Graph Kernel semantics
* PEL draft specs (program DAG, execution receipts)
* `ASL/FEDERATION/1` — core federation semantics
* `ASL/FEDERATION-REPLAY/1` — cross-node deterministic replay
* `ASL/DAP/1` — domain admission
* `ASL/POLICY-HASH/1` — policy binding

© 2025 Niklas Rydberg.

## License

Except where otherwise noted, this document (text and diagrams) is licensed under
the Creative Commons Attribution 4.0 International License (CC BY 4.0).

The identifier registries and mapping tables (e.g. TypeTag IDs, HashId
assignments, EdgeTypeId tables) are additionally made available under CC0 1.0
Universal (CC0) to enable unrestricted reuse in implementations and derivative
specifications.

Code examples in this document are provided under the Apache License 2.0 unless
explicitly stated otherwise. Test vectors, where present, are dedicated to the
public domain under CC0 1.0.

---

## 0. Conventions

The key words **MUST**, **MUST NOT**, **REQUIRED**, **SHOULD**, and **MAY** are
to be interpreted as in RFC 2119.

ASL/SYSTEM/1 is an integration view. It does not define new encodings or
storage formats; those remain in the underlying layer specs.

---

## 1. Purpose & Scope

This document aligns the cross-cutting semantics of:

* ASL index and log behavior
* PEL deterministic execution
* TGK edge semantics and traversal
* Federation visibility and replay

It ensures a single, consistent model for determinism, snapshot bounds, and
domain visibility.

Non-goals:

* New on-disk encodings
* New execution operators
* Domain policy or governance rules

Middle layer (informative): the daemon/service boundary around core logic that
owns network transport, admission workflows, and operational policy.

Implementation note (informative): core federation primitives live in
`include/amduat/fed/{registry,ingest,replay,view}.h`.

---

## 2. Core Objects (Unified View)

* **Artifact**: immutable byte value (ASL/1-CORE).
* **PER**: PEL Execution Receipt stored as an artifact.
* **TGK Edge**: immutable edge record linking artifacts and/or PERs.
* **Snapshot + Log Prefix**: boundary for deterministic visibility and replay.
* **Domain Visibility**: internal vs published visibility embedded in index
  records (ENC-ASL-CORE-INDEX).

All of these objects are addressed and stored via the same index semantics.

---

## 3. Determinism & Snapshot Boundaries

For a fixed `(SnapshotID, LogPosition)`:

* Index lookup is deterministic (ASL/1-CORE-INDEX).
* TGK traversal is deterministic when bounded by the same snapshot/log position.
* PEL execution is deterministic when its inputs are bounded by the same
  snapshot/log position.

PEL MUST read only snapshot-scoped artifacts and receipts. It MUST NOT depend
on storage layout, block packing, or non-snapshot metadata.

PEL outputs (artifacts and PERs) become visible only through normal index
admission and log ordering.

PEL MUST NOT depend on physical storage metadata. It MAY read only:

* snapshot identity
* execution configuration that is itself snapshot-scoped and immutable

---

## 4. One PEL Principle (Resolution)

There is exactly one PEL: a deterministic, snapshot-bound, authority-aware
derivation language mapping artifacts to artifacts.

Distinctions such as "PEL-S" vs "PEL-P" are not separate languages. They are
policy decisions about how outputs are treated:

* **Promotion** (truth vs view) is a domain policy decision.
* **Publication** (internal vs published) is a visibility decision encoded in
  index metadata.
* **Retention** (store, cache, discard, recompute) is a store policy decision.

Implementations MUST NOT fork PEL semantics into separate dialects. Any
classification of outputs MUST be expressed via policy, publication flags, or
receipt annotations, not by changing the execution language.

---

## 5. PEL, PERs, and TGK Integration

* PEL programs consume artifacts and/or PERs.
* PEL execution produces artifacts and a PER describing the run.
* TGK edges may reference artifacts, PERs, or projections derived from them.

---

## 5.1 PERs and Snapshot State (Clarification)

PERs are artifacts that bind deterministic execution to a specific snapshot
and log position. They do not introduce a separate storage layer:

* The sequential log and snapshot define CURRENT.
* A PER records that execution observed CURRENT at a specific log position.
* Replay uses the same snapshot + log position to reconstruct inputs.
* PERs are artifacts and MAY be used as inputs, but programs embedded in
  receipts MUST NOT be executed implicitly.

TGK remains a semantic graph layer; it does not alter PEL determinism and does
not bypass the index.

---

## 6. Federation Alignment

Federation operates over the same immutable artifacts, PERs, and TGK edges.
Cross-domain visibility is governed by index metadata:

* `domain_id` identifies the owning domain.
* `visibility` marks internal vs published.
* `cross_domain_source` preserves provenance for imported artifacts.

Deterministic replay across nodes MUST respect:

* Snapshot boundaries
* Log order
* Domain visibility rules

Federation does not change PEL semantics. It propagates artifacts and receipts
that were already deterministically produced.

Admission and policy compatibility gate foreign state: only admitted domains and
policy-compatible published state may be included in a federation view.

---

## 7. Index Alignment

The index is the shared substrate:

* Artifacts, PERs, and TGK edges are all indexed via the same lookup semantics.
* Sharding, SIMD, and filters (ASL/INDEX-ACCEL/1) are advisory and MUST NOT
  change correctness.
* Tombstones and shadowing remain the only visibility overrides.

---

## 8. Glossary and Terminology Alignment (Informative)

To prevent drift across layers, the following terms map as:

* **EdgeBody** (`TGK/1-CORE`) — logical edge content (`from[]`, `to[]`, `payload`, `type`).
* **EdgeArtifact** (`TGK/1-CORE`) — ASL Artifact whose payload encodes an EdgeBody.
* **EdgeRef** (`TGK/1-CORE`) — ASL Reference to an EdgeArtifact.
* **TGK index record** (`TGK/1`, `ASL/1-CORE-INDEX`) — index entry that makes an EdgeRef visible under snapshot/log rules; contains no edge payload.
* **TGK traversal result** (`TGK/1`) — snapshot/log-bounded set of visible edges (EdgeRefs) and/or node references derived from indexed EdgeArtifacts.

---

## 9. Summary

ASL/SYSTEM/1 provides a single, consistent view:

* One PEL, with policy-based output treatment
* TGK and PEL both bounded by snapshot + log determinism
* Federation mediated by index-level domain metadata
* Index semantics remain the core substrate for all objects