From 185a44c4f9c85d4a372c72cb3ee5578be5509184 Mon Sep 17 00:00:00 2001 From: "C. Guy Yarvin" Date: Tue, 25 Oct 2016 17:35:48 -0700 Subject: [PATCH] Stash commit. --- arvo/zuse.hoon | 511 ++++++++++++++++++++++++++++++------------------- 1 file changed, 318 insertions(+), 193 deletions(-) diff --git a/arvo/zuse.hoon b/arvo/zuse.hoon index e16f40ee1..f44e39c95 100644 --- a/arvo/zuse.hoon +++ b/arvo/zuse.hoon @@ -1,16 +1,275 @@ !: :: /van/zuse :: :: !%reference -:: :: %zuse: standard library. +:: +:: %zuse contains models (data structures) and engines +:: (functions/classes) shared across arvo's eight major +:: vanes (kernel modules). these are: +:: +:: - %ames: networking +:: - %behn: scheduling +:: - %clay: storage +:: - %dill: console +:: - %eyre: web +:: - %ford: build +:: - %gall: application +:: - %jael: security :: +:: every model or engine in %zuse is attached to some +:: vane, but any vane can use it (in its namespace), +:: as can any user-level code that uses `%zuse`. :: ~% %zuse +> ~ => :: :::: -:::: # models :: data structures +:::: # models :: data structures :: :::: |% :: :: +:::: ## ames^models :: networking + :: :::: +++ ames + |% + ++ foo %bar + -- +:: :: +:::: ## behn^models :: scheduling + :: :::: +++ behn + |% + ++ foo %bar + -- +:: :: +:::: ## clay^models :: storage + :: :::: +++ clay + |% + ++ foo %bar + -- +:: :: +:::: ## dill^models :: console + :: :::: +++ dill + |% + ++ foo %bar + -- +:: :: +:::: ## eyre^models :: web + :: :::: +++ eyre + |% + ++ foo %bar + -- +:: :: +:::: ## ford^models :: build + :: :::: +++ ford + |% + ++ foo %bar + -- +:: :: +:::: ## gall^models :: application + :: :::: +++ gall + |% + ++ foo %bar + -- +:: :: +:::: ## jael^models :: security + :: :::: +++ jael ^? + |% +:: :: +:::: ### public^jael^models :: certificates + :: :::: + :: the urbit meta-certificate (++will) is a sequence + :: of certificates (++cert). each cert in a will + :: revokes and replaces the previous cert. the + :: version number of a ship is a ++life. + :: + :: the deed contains an ++arms, a definition + :: of cosmetic identity; a semi-trusted parent, + :: which signs the initial certificate and provides + :: routing services; and a dirty bit. if the dirty + :: bit is set, the new life of this ship may have + :: lost information that the old life had. + :: + ++ arms (map chip (pair @ta @t)) :: stated identity + ++ bull :: cert metadata + $: dad/ship :: parent + dob/? :: & clean, | dirty + nym/arms :: identity strings + == :: + ++ cert (tale deed) :: signed deed + ++ chip :: standard identity + $? $giv :: given name + $sur :: surname + $had :: fictitious name + $mid :: middle name + == :: + ++ deed :: certificate deed + $: doc/bull :: metadata + pub/pass :: public key + == :: + ++ farm (map ship will) :: pki dump set + ++ life @ud :: ship version + ++ mind {who/ship lyf/life} :: key identifier + ++ name (pair @ta @t) :: ascii / unicode + ++ oath @ :: signature + ++ tale :: urbit-signed * + |* typ/mold :: payload mold + $: dat/typ :: data + syg/(map ship (pair life oath)) :: signatures + == :: + ++ will (map life cert) :: meta-certificate +:: :: +:::: ### promise^jael^models :: rights and promises + :: :::: + :: %jael tracks promises (++rite) from ship to ship. + :: a rite may be any right, badge, asset, secret, etc. + :: un-shared secret or private asset is stored as a + :: rite from self to self. + :: + :: each rite is really a class of rights, and often + :: has its own internal set or map structure. + :: + :: present kinds of rite: + :: + :: %apple: application secret for a web api. + :: %block: the promisee is banned. + :: %email: email tied to promissee's ship. + :: %final: ship/ticket pair, ready to launch. + :: %fungi: fungible, countable asset. + :: %guest: permission to adopt foreign child. + :: %hotel: block of unissued children. + :: %jewel: urbit private keys. + :: %login: user's login passcode. + :: %pword: password for a website/api. + :: %token: user access token for a web api. + :: %urban: symmetric key for urbit networking. + :: + :: %fungi keys can be anything, but don't reuse + :: currency codes. codes for urbit invitations: + :: %ugl == galaxy, %usr == star, %upl == planet + :: + ++ bill (pair @da @) :: expiring value + ++ bump :: rights change + $: mor/safe :: add rights + les/safe :: lose rights + == :: + ++ dorm (pair ship bloq) :: issuing group + ++ pile (tree (pair @ @)) :: efficient ship set + ++ rite :: urbit commitment + $% {$apple p/(map site @)} :: web api key + {$block $~} :: banned + {$email p/(set @ta)} :: email addresses + {$final p/(map ship @pG)} :: ticketed ships + {$fungi p/(map term @ud)} :: fungibles + {$guest $~} :: refugee visa + {$hotel p/(map dorm pile)} :: reserved block + {$jewel p/(map life ring)} :: private keyring + {$login p/(set @pG)} :: login secret + {$pword p/(map site (map @t @t))} :: web passwd by user + {$token p/(map site (map @t @t))} :: app tokens by user + {$urban p/(map hand bill)} :: urbit symmetric keys + == :: + ++ site (list @ta) :: [%com %yahoo %www ~] + ++ safe (tree rite) :: rights set +:: :: +:::: ### move^jael^models :: i/o + :: :::: + :: %jael has two general kinds of task: changes + :: and change subscriptions. + :: + :: change tasks are designed to match high-level + :: operations - for instance, we have %burn, %mint, + :: and %move, not just a single delta operation. + :: more of these operations will probably be added, + :: and invariants enforced at transaction end. + :: + :: subscriptions are also user-focused - for instance, + :: %vein sends all the information needed to maintain + :: the secure channel, both rights and certificates. + :: the security-critical tasks (%veil, %vein, %vine) + :: should probably be bound to a whitelisted duct set. + :: (all secrets are redacted from %vest gifts.) + :: + :: %jael only talks to %ames and %behn. we send messages + :: through %ames and use %behn timers. + :: + ++ action :: balance change + %+ pair ship :: partner + %+ each bump :: &/liability change + bump :: |/asset change + :: :: + ++ balance :: balance sheet + %+ pair :: + (map ship safe) :: liabilities + (map ship safe) :: assets + :: :: + ++ change :: urbit change + $% $: $fact :: certificate change + rex/ship :: owner + vie/(unit (unit ship)) :: made/heard from + lyf/life :: deed added/modified + gan/growth :: info gained + == :: + $: $rite :: rights change + rex/ship :: issuer + pal/ship :: issued to + del/bump :: change + == == :: + :: :: + ++ channel :: secure channel + $: out/(unit (pair hand bill)) :: outbound key + inn/(map hand bill) :: inbound keys + cur/(unit life) :: their version + sax/(list ship) :: their ancestry + pub/will :: their public keys + == :: + ++ gift :: out result <-$ + $? {$veil p/channel} :: secure channel + {$vest p/tally} :: balance update + {$vein p/life q/(map life ring)} :: private keys + {$vine p/(list change)} :: all raw changes + == :: + ++ growth :: unit of learning + $% {$sign p/mind q/@} :: add/update signature + {$step p/cert} :: add whole deed + == :: + ++ note :: out request $-> + $% {$b $wait p/@da} :: wait until + {$x $mess p/ship q/path r/*} :: send message + == :: + ++ remote :: remote notification + %+ each safe :: &/addition + safe :: |/replacement + :: :: + ++ sign :: in result $<- + $% {$b $wake $~} :: wakeup + {$x $rest p/coop} :: message result + == :: + ++ tally :: balance update + %+ each balance :: complete + action :: change + :: + ++ task :: in request ->$ + $% {$burn p/ship q/safe} :: destroy rights + {$hail p/ship q/remote} :: remote update + {$init p/@pG q/arms} :: initialize urbit + {$meet p/(unit (unit ship)) q/farm} :: integrate pki from + {$mint p/ship q/safe} :: create rights + {$move p/ship q/ship r/safe} :: transfer from/to + {$next p/bull} :: update private key + {$nuke $~} :: cancel tracker from + {$veil p/ship} :: view secret channel + {$vein $~} :: view signing keys + {$vest $~} :: view public balance + {$vine $~} :: view secret history + {$west p/ship q/path r/*} :: remote request + == :: + -- +:: :: :::: ## differ^models :: hunt-mcilroy diff :: :::: ++ differ @@ -49,10 +308,66 @@ -- -- :: :::: -:::: # engines :: engines +:::: # engines :: engines :: :::: |% :: :: +:::: # ames^engines :: networking + :: :::: +++ ames + |% + ++ foo %bar + -- +:: :: +:::: # behn^engines :: scheduling + :: :::: +++ behn + |% + ++ foo %bar + -- +:: :: +:::: # clay^engines :: storage + :: :::: +++ clay + |% + ++ foo %bar + -- +:: :: +:::: # dill^engines :: console + :: :::: +++ dill + |% + ++ foo %bar + -- +:: :: +:::: # eyre^engines :: web + :: :::: +++ eyre + |% + ++ foo %bar + -- +:: :: +:::: # ford^engines :: build + :: :::: +++ ford + |% + ++ foo %bar + -- +:: :: +:::: # gall^engines :: application + :: :::: +++ gall + |% + ++ foo %bar + -- +:: :: +:::: # jael^engines :: security + :: :::: +++ jaelooo + |% + ++ foo %bar + -- +:: :: :::: ## differ^engines :: hunt-mcilroy diff :: :::: ++ differ @@ -4167,196 +4482,6 @@ :::: :: ++ jael -:: :: -:::: ## jael.public :: certificates - :: :::: - ^? |% - :: the urbit meta-certificate (++will) is a sequence - :: of certificates (++cert). each cert in a will - :: revokes and replaces the previous cert. the - :: version number of a ship is a ++life. - :: - :: the deed contains an ++arms, a definition - :: of cosmetic identity; a semi-trusted parent, - :: which signs the initial certificate and provides - :: routing services; and a dirty bit. if the dirty - :: bit is set, the new life of this ship may have - :: lost information that the old life had. - :::: - ++ arms (map chip (pair @ta @t)) :: stated identity - ++ bull :: cert metadata - $: dad/ship :: parent - dob/? :: & clean, | dirty - nym/arms :: identity strings - == :: - ++ cert (tale deed) :: signed deed - ++ chip :: standard identity - $? $giv :: given name - $sur :: surname - $had :: fictitious name - $mid :: middle name - == :: - ++ deed :: certificate deed - $: doc/bull :: metadata - pub/pass :: public key - == :: - ++ farm (map ship will) :: pki dump set - ++ life @ud :: ship version - ++ mind {who/ship lyf/life} :: key identifier - ++ name (pair @ta @t) :: ascii / unicode - ++ oath @ :: signature - ++ tale :: urbit-signed * - |* typ/mold :: payload mold - $: dat/typ :: data - syg/(map ship (pair life oath)) :: signatures - == :: - ++ will (map life cert) :: meta-certificate -:: :::: -:::: ## jael.promise :: rights and promises - :: :::: - :: %jael tracks promises (++rite) from ship to ship. - :: a rite may be any right, badge, asset, secret, etc. - :: un-shared secret or private asset is stored as a - :: rite from self to self. - :: - :: each rite is really a class of rights, and often - :: has its own internal set or map structure. - :: - :: present kinds of rite: - :: - :: %apple: application secret for a web api. - :: %block: the promisee is banned. - :: %email: email tied to promissee's ship. - :: %final: ship/ticket pair, ready to launch. - :: %fungi: fungible, countable asset. - :: %guest: permission to adopt foreign child. - :: %hotel: block of unissued children. - :: %jewel: urbit private keys. - :: %login: user's login passcode. - :: %pword: password for a website/api. - :: %token: user access token for a web api. - :: %urban: symmetric key for urbit networking. - :: - :: %fungi keys can be anything, but don't reuse - :: currency codes. codes for urbit invitations: - :: %ugl == galaxy, %usr == star, %upl == planet - :::: - ++ bill (pair @da @) :: expiring value - ++ bump :: rights change - $: mor/safe :: add rights - les/safe :: lose rights - == :: - ++ dorm (pair ship bloq) :: issuing group - ++ pile (tree (pair @ @)) :: efficient ship set - ++ rite :: urbit commitment - $% {$apple p/(map site @)} :: web api key - {$block $~} :: banned - {$email p/(set @ta)} :: email addresses - {$final p/(map ship @pG)} :: ticketed ships - {$fungi p/(map term @ud)} :: fungibles - {$guest $~} :: refugee visa - {$hotel p/(map dorm pile)} :: reserved block - {$jewel p/(map life ring)} :: private keyring - {$login p/(set @pG)} :: login secret - {$pword p/(map site (map @t @t))} :: web passwd by user - {$token p/(map site (map @t @t))} :: app tokens by user - {$urban p/(map hand bill)} :: urbit symmetric keys - == :: - ++ site (list @ta) :: [%com %yahoo %www ~] - ++ safe (tree rite) :: rights set -:: :::: -:::: ## 0.c :: i/o - :: :::: - :: %jael has two general kinds of task: changes - :: and change subscriptions. - :: - :: change tasks are designed to match high-level - :: operations - for instance, we have %burn, %mint, - :: and %move, not just a single delta operation. - :: more of these operations will probably be added, - :: and invariants enforced at transaction end. - :: - :: subscriptions are also user-focused - for instance, - :: %vein sends all the information needed to maintain - :: the secure channel, both rights and certificates. - :: the security-critical tasks (%veil, %vein, %vine) - :: should probably be bound to a whitelisted duct set. - :: (all secrets are redacted from %vest gifts.) - :: - :: %jael only talks to %ames and %behn. we send messages - :: through %ames and use %behn timers. - :::: - ++ action :: balance change - %+ pair ship :: partner - %+ each bump :: &/liability change - bump :: |/asset change - :: :: - ++ balance :: balance sheet - %+ pair :: - (map ship safe) :: liabilities - (map ship safe) :: assets - :: :: - ++ change :: urbit change - $% $: $fact :: certificate change - rex/ship :: owner - vie/(unit (unit ship)) :: made/heard from - lyf/life :: deed added/modified - gan/growth :: info gained - == :: - $: $rite :: rights change - rex/ship :: issuer - pal/ship :: issued to - del/bump :: change - == == :: - :: :: - ++ channel :: secure channel - $: out/(unit (pair hand bill)) :: outbound key - inn/(map hand bill) :: inbound keys - cur/(unit life) :: their version - sax/(list ship) :: their ancestry - pub/will :: their public keys - == :: - ++ gift :: out result <-$ - $? {$veil p/channel} :: secure channel - {$vest p/tally} :: balance update - {$vein p/life q/(map life ring)} :: private keys - {$vine p/(list change)} :: all raw changes - == :: - ++ growth :: unit of learning - $% {$sign p/mind q/@} :: add/update signature - {$step p/cert} :: add whole deed - == :: - ++ note :: out request $-> - $% {$b $wait p/@da} :: wait until - {$x $mess p/ship q/path r/*} :: send message - == :: - ++ remote :: remote notification - %+ each safe :: &/addition - safe :: |/replacement - :: :: - ++ sign :: in result $<- - $% {$b $wake $~} :: wakeup - {$x $rest p/coop} :: message result - == :: - ++ tally :: balance update - %+ each balance :: complete - action :: change - :: - ++ task :: in request ->$ - $% {$burn p/ship q/safe} :: destroy rights - {$hail p/ship q/remote} :: remote update - {$init p/@pG q/arms} :: initialize urbit - {$meet p/(unit (unit ship)) q/farm} :: integrate pki from - {$mint p/ship q/safe} :: create rights - {$move p/ship q/ship r/safe} :: transfer from/to - {$next p/bull} :: update private key - {$nuke $~} :: cancel tracker from - {$veil p/ship} :: view secret channel - {$vein $~} :: view signing keys - {$vest $~} :: view public balance - {$vine $~} :: view secret history - {$west p/ship q/path r/*} :: remote request - == :: -- :: :::: %arvo