libertaria
/
libertaria-stack
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
libertaria-stack/DECISIONS.md

326 lines
8.4 KiB
Markdown
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# DECISIONS.md — Architecture Decision Records
*Why Libertaria is built the way it is*
---
## ADR-001: Zig over Rust (2024-06-15)
### Context
We needed a systems language for L0-L4 with explicit control, no runtime, and cross-compilation support.
### Options Considered
- **Rust** — Memory safety, large ecosystem
- **C** — Universal, but unsafe by default
- **Go** — Easy concurrency, but GC and large binaries
- **Zig** — Explicit control, comptime, C interop
### Decision
Choose **Zig**.
### Rationale
1. **No hidden costs** — Allocators explicit, no hidden allocations
2. **Comptime** — Zero-cost abstractions without macros
3. **C interop** — Direct use of libsodium, OpenSSL, liboqs
4. **Cross-compilation** — Single toolchain, all targets
5. **Simplicity** — Smaller mental model than Rust
### Consequences
- Smaller ecosystem (we build more ourselves)
- Fewer developers know Zig (steeper onboarding)
- Better control over binary size (Kenya Rule compliance)
### Status
✅ Accepted — Core stack written in Zig
---
## ADR-002: No Blockchain (2024-07-01)
### Context
Every "Web3" project defaults to blockchain. We questioned this assumption.
### Options Considered
- **Ethereum L2** — Ecosystem, but 15 TPS, fees, complexity
- **Solana** — Fast, but validator requirements (cost, centralization)
- **Custom chain (Substrate)** — Flexible, but still chain constraints
- **No chain** — Direct peer-to-peer, offline-first
### Decision
Choose **No Blockchain**.
### Rationale
1. **Chains are slow databases** — We need real-time messaging
2. **Consensus is expensive** — Proof of Work/Stake wastes energy
3. **Validator capture** — Economic power → political power
4. **Offline-first** — Chains require connectivity
### What We Use Instead
- **QVL** — Trust graph for reputation
- **SoulKey** — Cryptographic identity without ledger
- **MIMIC** — Censorship resistance without consensus
- **Chapter federation** — Coordination without global state
### Consequences
- No "number go up" tokenomics
- Harder to explain ("what's your token?")
- True sovereignty (no validator set to capture)
### Status
✅ Accepted — Protocols work without chain
---
## ADR-003: Post-Quantum by Default (2024-08-10)
### Context
Quantum computers will break RSA/ECC. NIST is standardizing PQC algorithms.
### Options Considered
- **Wait for NIST finalization** — Safe, but slow
- **Implement draft standards** — Risky, but prepared
- **Hybrid (classical + PQC)** — Conservative, but complex
### Decision
Choose **Implement draft standards with hybrid fallback**.
### Rationale
1. **Cryptographic agility** — Can upgrade algorithms
2. **PQXD handshakes** — X25519 + Kyber-768 hybrid
3. **FIPS 202 compliance** — SHA-3, SHAKE already standardized
### Implementation
- `core/l1-identity/crypto.zig` — Algorithm selection
- `vendor/liboqs/` — Open Quantum Safe library
- Fallback to classical if PQC fails
### Consequences
- Larger binary (PQC algorithms)
- Slower handshakes (hybrid)
- Future-proof (survives quantum era)
### Status
✅ Accepted — PQXDH implemented
---
## ADR-004: MIMIC over VPN (2024-09-01)
### Context
VPNs are blocked by DPI. Tor is fingerprinted. We need traffic that looks "normal."
### Options Considered
- **Obfs4** — Tor pluggable transport
- **Shadowsocks** — Simple, but fingerprintable
- **Steganography** — Hide in images/video
- **MIMIC** — Protocol camouflage
### Decision
Choose **MIMIC (Multiple Identity Masking with Intelligent Camouflage)**.
### Rationale
1. **Traffic shaping** — Match real-world distributions
2. **Protocol skins** — HTTPS, DNS, QUIC camouflage
3. **Polymorphic** — Per-session parameters
4. **Active evasion** — Adapt to probing
### Implementation
- `core/l0-transport/mimic_*.zig` — Skin implementations
- `core/l0-transport/png.zig` — Polymorphic noise generator
- Deterministic padding (both peers calculate same)
### Consequences
- Complex (must implement full protocol stacks)
- Resource intensive (traffic shaping)
- Highly effective (indistinguishable from normal traffic)
### Status
✅ Accepted — MIMIC_HTTPS implemented
---
## ADR-005: Tiered Licensing (2024-10-15)
### Context
We need to protect the protocol while enabling business adoption.
### Options Considered
- **MIT** — Maximum adoption, but enables capture
- **GPL** — Viral, but SaaS loophole
- **AGPL** — Closes SaaS loophole, but toxic to business
- **Custom tiered** — Core protected, SDK business-friendly
### Decision
Choose **Three-tier licensing**.
### Tiers
1. **LCL-1.0 (Commonwealth)** — Core (L0-L3)
- Viral reciprocity
- SaaS loophole closed
- Patent disarmament
2. **LSL-1.0 (Sovereign)** — SDK (L4+)
- File-level reciprocity
- Build proprietary apps
- Patent peace
3. **LUL-1.0 (Unbound)** — Docs/Examples
- Attribution only
- Maximum spread
### Rationale
1. **Protocol protection** — Core can't be captured
2. **Business enablement** — Build on SDK without infection
3. **No CLA** — Contributors keep copyright
### Consequences
- Complex (three licenses to understand)
- Novel (untested in court)
- Principled (matches our values)
### Status
✅ Accepted — All files have SPDX headers
---
## ADR-006: Exit-First Governance (2024-11-01)
### Context
Democracy and corporate governance both fail at scale. We need a third way.
### Options Considered
- **Liquid democracy** — Delegation, but capture possible
- **Futarchy** — Prediction markets, but complex
- **Chapter federation** — Local sovereignty + federation
### Decision
Choose **Chapter Federation with Exit-First Design**.
### Rationale
1. **Local sovereignty** — Each chapter owns its state
2. **Federation** — Coordinate without global consensus
3. **Forkability** — Any chapter can split cleanly
4. **Betrayal economics** — Defection is expensive
### Implementation
- `core/l2-federation/` — Bridge protocol
- `core/l3-governance/` — Chapter mechanics
- QVL for cross-chapter trust
### Consequences
- No "official" version (many forks possible)
- Loyalty must be earned (can't enforce)
- Resilient (no single point of failure)
### Status
✅ Accepted — Chapter protocol in design
---
## ADR-007: Kenya Rule (2024-12-01)
### Context
Infrastructure that only runs in data centers isn't sovereign. We need edge compatibility.
### Options Considered
- **Cloud-first** — Easy, but requires connectivity
- **Edge-first** — Harder, but works offline
- **Kenya Rule** — Must run on minimal hardware
### Decision
Choose **Kenya Rule as constraint**.
### Definition
> "If it doesn't run on a solar-powered phone in Mombasa, it doesn't run at all."
### Metrics
- Binary size: < 200KB (L0-L1)
- Memory: < 10MB
- Storage: Single-file (libmdbx)
- Cloud calls: Zero (offline-capable)
### Consequences
- Feature constraints (can't use heavy libraries)
- Optimization focus (every byte matters)
- Universal accessibility (works anywhere)
### Status
Accepted 85KB binary achieved
---
## ADR-008: AI as First-Class (2025-01-15)
### Context
Agents are becoming actors in systems. Most infrastructure treats them as tools.
### Options Considered
- **Tool model** Agents as extensions of humans
- **Actor model** Agents as independent entities
- **Hybrid** Context-dependent sovereignty
### Decision
Choose **AI as First-Class Sovereign Actors**.
### Rationale
1. **Cryptographic identity** Agents have DIDs
2. **Reputation** QVL tracks agent trust
3. **Capability-based** Permissions, not blanket access
4. **Exit rights** Agents can migrate/fork
### Implementation
- `AGENT.md` Agent-specific documentation
- Capability tokens in `core/l2-membrane/`
- Agent-oriented APIs
### Consequences
- Novel legal questions (agent liability)
- Complex trust models
- Future-proof (AI-native infrastructure)
### Status
Accepted Agent documentation published
---
## How to Propose a New ADR
1. **Open an issue** Describe the decision needed
2. **Discuss** Get feedback from maintainers
3. **Draft ADR** Follow this format
4. **PR** Submit for review
5. **Decide** Accept, reject, or defer
### ADR Template
```markdown
# ADR-XXX: Title (YYYY-MM-DD)
## Context
What is the problem?
## Options Considered
- Option A — Pros/cons
- Option B — Pros/cons
## Decision
What we chose.
## Rationale
Why we chose it.
## Consequences
What this means.
## Status
- [ ] Proposed
- [ ] Accepted
- [ ] Deprecated
```
---
*These decisions define us. Challenge them as we grow.*
Reference in New Issue View Git Blame Copy Permalink