# ASL/FEDERATION/1 -- Core Federation Semantics Status: Draft Owner: Architecture Version: 0.1.0 SoT: No Last Updated: 2025-01-17 Tags: [federation, domains, visibility, determinism] **Document ID:** `ASL/FEDERATION/1` **Layer:** L2 -- Federation semantics (no transport, no encodings) **Depends on (normative):** * `ASL/1-CORE` * `ASL/1-CORE-INDEX` * `ASL/LOG/1` * `ASL-STORE-INDEX` **Informative references:** * `ENC-ASL-CORE-INDEX` -- domain/visibility fields (`tier1/enc-asl-core-index.md`) * `ASL/SYSTEM/1` -- unified system view * `ASL/FEDERATION-REPLAY/1` -- cross-node deterministic replay * `ASL/DAM/1` -- Domain Authority Manifest * `ASL/POLICY-HASH/1` -- policy hash --- ## 0. Conventions The key words **MUST**, **MUST NOT**, **REQUIRED**, **SHOULD**, and **MAY** are to be interpreted as in RFC 2119. ASL/FEDERATION/1 defines **semantic rules** for multi-domain visibility and cross-domain references. It does not define transport, replication, or encodings. --- ## 1. Purpose ASL/FEDERATION/1 defines the **multi-domain model** for ASL-based systems: * Domain isolation and visibility rules * Published vs internal state * Cross-domain reference constraints * Snapshot identity and deterministic reconstruction --- ## 2. Core Concepts | Term | Definition | | -------------------- | ---------- | | Domain | Logical namespace with its own ASL store, log, and snapshot lineage. | | Internal state | Artifacts/snapshots visible only within the domain. | | Published state | Artifacts/snapshots visible to other domains. | | Federated snapshot | Snapshot with visibility state that may be imported by other domains. | | Cross-domain reference | Reference to a published artifact from another domain. | | Federation view | A deterministic view constructed by combining local internal state with admitted published state from other domains. | --- ## 3. Domain Semantics 1. **Domain isolation** * Each domain has its own store, index, and log. * Internal state is invisible outside the domain. 2. **Published state** * Published artifacts and snapshots are visible to other domains. * Published artifacts MUST satisfy ASL immutability and snapshot safety rules. 3. **Cross-domain references** * Only published artifacts MAY be referenced by other domains. * Cross-domain references are read-only and immutable. * The consuming domain indexes imported artifacts using normal ASL index semantics. * Imported entries MUST preserve origin metadata (domain identity and visibility) for deterministic replay. --- ## 4. Snapshot Identity * Snapshot IDs are unique per domain. * Federated snapshot identity is `(DomainID, SnapshotID)`. * A federated snapshot MAY include cross-domain references only to published artifacts. * Replay of federated state MUST be bounded by the source domain's `{SnapshotID, LogPrefix}`. --- ## 5. Visibility Rules | Object | Internal Domain | Other Domains | | ----------------------------------- | --------------- | ------------------- | | Internal artifact | visible | hidden | | Published artifact | visible | visible (read-only) | | Internal snapshot | visible | hidden | | Published snapshot | visible | visible | | Block supporting published artifact | visible | visible | | Block supporting internal artifact | visible | hidden | * Index entries follow the same visibility rules. * Determinism is defined per-domain and per-snapshot view. --- ## 6. Federation View Construction To construct a federation view for a domain: 1. Start with the local domain's internal + published state at `{SnapshotID, LogPrefix}`. 2. For each admitted foreign domain, include only published state that is: * Visible under that domain's `{SnapshotID, LogPrefix}`, and * Allowed by the receiving domain's admission and policy rules. 3. Apply normal ASL index shadowing and tombstone rules within each domain's log order. Federation MUST NOT bypass ASL/LOG/1 ordering or ASL/1-CORE-INDEX semantics. --- ## 7. Cross-Domain Operations 1. **Import published artifacts** * A domain MAY import a published artifact from another domain. * Imported artifacts MUST be treated as immutable. * Import MUST be gated by admission and policy compatibility (see `ASL/DAP/1` and `ASL/POLICY-HASH/1`). 2. **Export published artifacts** * Internal artifacts MAY be promoted to published state. * Promotion MUST be snapshot-bound and log-ordered. * Publication MUST respect the domain's policy hash and DAM roles. 3. **Federation log propagation** * Each domain maintains its own append-only log. * Federation MAY replicate published log-visible state. --- ## 8. Provenance and Traceability * Execution receipts MAY include cross-domain inputs. * Provenance MUST preserve origin domain and snapshot identity. * Deterministic replay MUST be possible given `{Snapshot, LogPrefix}` for each domain. --- ## 9. Normative Invariants 1. **Determinism:** Reconstructing CURRENT in a domain yields the same visible state given the same snapshot and log prefix. 2. **Immutability:** Published artifacts and snapshots are immutable. 3. **Domain isolation:** Internal artifacts and snapshots are never visible to other domains. 4. **Federation safety:** Cross-domain references are read-only. 5. **Snapshot integrity:** Federated snapshots reference only published artifacts. --- ## 10. Integration with Other Layers | Layer | Role in Federation | | ------------------ | ------------------ | | ASL/1-CORE | Artifact immutability and identity | | ASL/1-CORE-INDEX | Semantic mapping and shadowing | | ASL-STORE-INDEX | Sealing, retention, snapshot pinning | | ASL/LOG/1 | Log-ordered visibility | | ENC-ASL-CORE-INDEX | Domain/visibility metadata in records | --- ## 11. Non-Goals * Transport protocols * Network replication * Witness signatures * Domain admission and trust policy Middle layer (informative): the daemon/service boundary around core logic that owns network transport, admission workflows, and operational policy. --- ## 12. Summary ASL/FEDERATION/1 defines the semantic rules for multi-domain visibility and cross-domain reference. It keeps federation deterministic, snapshot-safe, and read-only across domain boundaries.