-
Notifications
You must be signed in to change notification settings - Fork 16
01 Introduction and Goals
Prism is a system for authoring Rust applications whose executables run at zero cost on the application user’s hardware and produce sealed outputs that the user can independently verify without the application author’s infrastructure being involved at runtime.
This wiki specifies Prism normatively. The system Prism is realized by three Rust crates:
-
uor-foundation— substrate. Provides the type-declaration vocabulary (including the shape proc-macros via an internal sub-crate, a Cargo packaging detail not exposed in the wiki); the four UOR-domain sealed types (Datum,Triad,Derivation,FreeRank); the trace and certificate wire-format types as data definitions; the mint primitives that are the cross-crate construction surface for the four UOR-domain types. -
prism— Prism runtime. Provides the pipeline runtime; the three Prism-mechanism sealed types (Validated,Grounded,Certified); the operation-declaration vocabulary; a standard library of pre-declared types. Closed underuor-foundation's vocabulary. Re-exportsuor-foundation's type-declaration vocabulary so application authors import onlyprism. Enforces the UORassembly contract through bilateral compile-time type-system checks, againstuor-foundationand against any application crate that depends onprism. -
prism-verify— replay surface. A thin façade re-exportingprism'scertify_from_traceandCertified, anduor-foundation's wire-format type definitions. Validates traces produced when conforming code executes, by re-deriving certificates without invoking the original deciders.
An application author imports prism into a Rust crate. The result of
that import is a crate that is, by construction, a Prism implementation:
its compiled executable carries the architectural properties this wiki
specifies.
Prism MUST allow an application author to express a domain workload as Rust source code and produce an executable that:
-
runs on the application user’s hardware with no Prism runtime layer interpreting any part of it;
-
produces sealed outputs, namely values of
Validated,Grounded,Certified,Triad,Derivation,FreeRank, andDatum, which no consumer code can construct except by traversing the principal data path (the three Prism-mechanism types —Validated,Grounded,Certified— are sealed inprism; the four UOR-domain types —Datum,Triad,Derivation,FreeRank— are sealed inuor-foundationand reachable across crates only throughuor-foundation's mint primitives); -
emits, alongside every produced
Grounded<T>, aTracesufficient for the application user to re-derive the sameCertified<GroundingCertificate>by invokingprism-verifyagainst the trace and the matchingHasherselection; -
fails to compile if the source code violates the UORassembly contract.
Prism MUST allow the application user to verify a received output without:
-
invoking the deciders the application author used to produce it;
-
invoking any cryptographic hash function (the fingerprint is data carried by the trace, computed once at mint time);
-
communicating with the application author at execution or verification time;
-
relying on infrastructure operated by the application author.
The application author MUST NOT be required to operate any service for the application to function correctly on the user’s hardware, for the user to verify the application’s outputs, or for the user to receive the application’s executable. Distribution from author to user occurs through a channel of the author’s choosing, on which Prism is silent.
The quality goals below are normative architectural commitments. Each is specified in detail in section 10 (Quality Requirements).
| Priority | Quality Goal | Brief |
|---|---|---|
| 1 | Zero-cost runtime | The executable produced from prism-conformant source MUST contain no Prism runtime layer beyond prism's own pipeline runtime. All trait dispatch, validation, and contract enforcement is resolved by the Rust toolchain at compile time. |
| 2 | Author-infrastructure-free operation | The application MUST function correctly on the user’s hardware without any service operated by the application author being available at runtime or verification time. |
| 3 | Local verification | The user MUST be able to verify a received output entirely on their own hardware, with no calls to the author, no cryptographic hashing at verification time, and no invocation of the author’s deciders. |
| 4 | Bilateral compile-time enforcement of UORassembly | Source code that violates the UORassembly contract MUST fail to compile, whether the violation is in uor-foundation, in prism, or in the application author’s crate. |
| 5 | Replay equivalence | Given a Trace and the matching Hasher, the verifier MUST re-derive the same Certified<GroundingCertificate> the application author originally produced. |
| Role | Concern |
|---|---|
| Application author | Authors a Rust crate importing prism. Distributes the resulting executable. Receives, from Prism, a system that enforces the architectural discipline at compile time so the author does not need to design or operate that discipline. |
| Application user | Obtains the application author’s executable from a distribution channel, runs it on local hardware. Receives, from Prism, an executable that runs at full hardware speed without external dependencies and outputs that can be verified locally. |
The Rust toolchain (cargo, rustc) is an external system Prism
delegates compilation to; it appears as an actor in section 3’s Level 1
system context but is not a stakeholder. The distinction is that
stakeholders have concerns Prism’s architecture must address; the
toolchain has a contract Prism conforms to.
The architectural commitments above produce a system in which neither the application author nor any third party operates infrastructure on which the application’s runtime correctness, the user’s verification, or the executable’s distribution depends. This property is normative within the boundary of Prism. Patterns that become available downstream of this property — decentralized distribution, offline operation, peer-to-peer verification, sovereign computation — are properties of applications and ecosystems built on Prism, not of Prism itself, and this wiki specifies the boundary property without specifying the patterns that may exploit it.
Generated from sources at UOR-Framework.wiki. Do not edit pages directly via the GitHub web UI — edits are overwritten by the next build. See README for the authoring workflow.