Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

File Types

This repository uses these first-class file identities:

  • .str for Strata source.
  • .mta for Mantle Target Artifacts.
  • .component-composition.json for Strata-owned checked-subset component-composition validation artifacts generated under target/strata/ by default.
  • .authority-effect.json for Strata-owned checked authority/effect fact artifacts generated under target/strata/ by default.
  • .authority-policy.json for Strata-owned typed authority policy decision artifacts generated under target/strata/ by default from admitted authority/effect facts.
  • .deployment-composition.json for explicit runtime composition binding artifacts generated under target/strata/ by default when a checked composition artifact is bound to a matching .mta.
  • .authority-effect-binding.json for explicit Mantle runtime authority/effect binding artifacts generated under target/strata/ by default when checked authority/effect facts are bound to a matching .mta.

.str

.str files are Strata source files. They are the user-authored program surface and should be UTF-8 text with LF line endings.

A root .str file may import sibling source units with import module_name;. Those imports are resolved by Strata before checking and lowering. They do not make .mta files import-aware, and Mantle does not load .str files or resolve Strata imports at runtime.

Expected MIME type:

text/x-strata

.component-composition.json

.component-composition.json files are Strata checked-subset component-composition validation artifacts. They are generated by strata composition build <path.str> and validated by strata composition admit <path.json>. They are not .mta, not Mantle runtime inputs, not runtime composition bindings, and not executable dispatch data.

The artifact self-identifies internally with schema_id=strata.checked_component_composition, schema_version_major=1, schema_version_minor=0, artifact_kind=checked_component_composition, hash_alg=fnv1a64-diagnostic, and source_language=strata. It records source provenance, a composition ID, component instances with import/export port obligations, empty arrays for binding classes the current source subset cannot express, port bindings, binding admission results, unsatisfied imports, cross-component authority-flow edges, nullable policy/diagnostic hash slots, an empty extensions map, and a global admission result. Admitted artifacts must bind every declared component import exactly once, have empty unsatisfied_imports, no rejected binding results, and no rejection evidence. Rejected artifacts must carry bounded rejection evidence and must list any unbound declared import once. strata composition admit also requires source_fingerprint to be the canonical 16-character lowercase hexadecimal value for the declared source_fingerprint_algorithm. It may inspect rejected artifacts, but as a checked-subset validation gate it exits non-zero unless the artifact is globally admitted.

Source names in the JSON are metadata for diagnostics, provenance, and review. Executable meaning is carried by typed component-instance IDs, port-binding IDs, component IDs, port IDs, protocol IDs, and validated authority descriptors. A hand-edited artifact may rename metadata labels without changing typed admission, but one that drops typed IDs, strips binding evidence, duplicates an import binding, references unknown instances, makes an authority descriptor inconsistent with its typed ID, uses an unsupported schema, or marks unsatisfied imports as admitted fails closed. The admission command validates the artifact schema and internal typed-ID consistency; it is not a source re-check or tamperproof attestation for a coherently rewritten JSON file.

.authority-effect.json

.authority-effect.json files are Strata-owned checked authority/effect fact artifacts. They are generated by strata authority-effects build <path.str> and validated by strata authority-effects admit <path.json>. They are not .mta, not Mantle runtime inputs, not policy grants, and not executable dispatch data.

The artifact self-identifies internally with schema_id=strata.checked_authority_effects, schema_version_major=1, schema_version_minor=0, artifact_kind=checked_authority_effects, hash_alg=fnv1a64-diagnostic, and source_language=strata. It records source provenance, each checked process by typed process ID, per-process state/message counts, checked protocol/port/component table counts, process-local authority IDs with exact authority descriptors, typed spawn-site IDs, supervisor-child spawn proof facts for lexical supervisor spawn sites, typed transition IDs with exact message, current-state, and declared-effect IDs, typed component authority surfaces with declared import-port counts, nullable policy/diagnostic hash slots, an empty policy_inputs array, an empty extensions map, and admission_result=admitted.

Source names and labels in the JSON are metadata for diagnostics, provenance, and review. Runtime-affecting meaning is carried by typed process IDs, authority IDs, spawn-site IDs, transition IDs, component IDs, port IDs, protocol IDs, and exact effect IDs. Admission rejects malformed schema identity, unsupported versions, noncanonical typed-ID ordering, duplicate exact effects, unknown referenced process/authority/message/state/protocol/port/component IDs, lexical supervisor-child spawn facts without matching supervisor/child backlinks, declared table-count/import-count mismatches, inconsistent component/port authority descriptors, noncanonical source fingerprints, non-empty unsupported policy inputs, and non-empty extensions. It validates the checked fact artifact shape; it does not re-check source and does not make hand-edited JSON a trust or integrity attestation. The fnv1a64-diagnostic fingerprint is provenance correlation metadata, not a cryptographic authenticity proof.

.deployment-composition.json

.deployment-composition.json files are explicit runtime composition binding artifacts. They are generated by strata composition bind-runtime <component-composition.json> <artifact.mta> --output <path.json> after the checked composition artifact admits and the .mta has been built from matching source. They self-identify with schema_id=mantle.runtime_composition_binding, schema_version_major=1, schema_version_minor=0, artifact_kind=runtime_composition_binding, source_language=strata, matching .mta format/schema/module/source-hash fields, the exact strata.checked_component_composition checked-composition schema, matching checked-composition version/composition ID fields, canonical component-instance-to-runtime-process correlations, canonical port binding IDs, singleton deployment_id=0 correlation namespace, admission_result=admitted, and an empty extensions map.

This binding artifact is not Strata source, not .mta, not a package manifest, and not executable dispatch data. It is the only file Mantle accepts for runtime composition correlation, and only when supplied explicitly with mantle run <artifact.mta> --composition-binding <deployment-composition.json>. Mantle does not read .component-composition.json, does not infer composition identity from source names, and does not verify Strata composition safety itself. If no binding is supplied, Mantle emits no deployment, composition, or component-instance trace correlation fields.

Mantle validates runtime bindings fail-closed before execution: malformed schema or version fields, non-admitted bindings, mismatched checked-composition schema, mismatched source fingerprint or .mta identity, mismatched component instance or port-binding IDs, duplicate component instance IDs, duplicate process correlations, and forged non-empty unsupported fields are rejected before ArtifactLoaded or host-visible runtime side effects. Labels and source names remain diagnostics/provenance metadata; typed IDs and loaded runtime process IDs carry meaning.

.authority-policy.json

.authority-policy.json files are Strata-owned typed authority policy decision artifacts. They are generated by strata authority-effects policy build <authority-effect.json> and validated by strata authority-effects policy admit <authority-policy.json> <authority-effect.json>. They are not .mta, not raw runtime input, not a policy DSL, and not source re-check evidence.

The artifact self-identifies with schema_id=strata.authority_policy_decisions, schema_version_major=1, schema_version_minor=0, artifact_kind=authority_policy_decisions, matching source identity fields, matching checked authority/effect schema identity/version, admission_result=admitted, and an empty extensions map. Its decisions array is a closed, canonical table over the checked process-authority set. Each entry carries only typed decision_id, process_id, authority_id, an exact descriptor, and a decision of admit or deny.

Admission fails closed when the policy is malformed, missing a checked authority, has duplicate or out-of-order typed IDs, references unknown process/authority IDs, mismatches a descriptor, carries source-label spoofing fields, mismatches the checked facts’ source identity, uses unsupported decisions, or has non-empty extensions. Source names and debug labels are not accepted as authority lookup keys.

.authority-effect-binding.json

.authority-effect-binding.json files are explicit Mantle runtime authority/effect binding artifacts. They are generated by strata authority-effects bind-runtime <authority-effect.json> <authority-policy.json> <artifact.mta> --output <path.json> after the checked authority/effect artifact and authority policy artifact admit and the .mta has been built from matching source. They self-identify with schema_id=mantle.runtime_authority_effect_binding, schema_version_major=1, schema_version_minor=0, artifact_kind=runtime_authority_effect_binding, singleton deployment_id=0, matching .mta format/schema/module/source-hash fields, the matching checked authority/effect schema identity/version, matching authority policy schema identity/version, canonical typed process authority, spawn-site, transition-effect, component-surface facts, canonical typed policy_decisions, admission_result=admitted, and an empty extensions map.

This binding artifact is not Strata source, not .mta, not a source report, and not executable dispatch data. It is the only authority/effect sidecar Mantle accepts, and only when supplied explicitly with mantle run <artifact.mta> --authority-effect-binding <authority-effect-binding.json>. Mantle validates the binding against the loaded .mta before ArtifactLoaded or host-visible runtime side effects. Forged source fingerprints, mismatched .mta identity, altered authority descriptors, altered spawn-site facts, altered exact-effect facts, missing or conflicting policy decisions, unsupported policy values, source-label injection, noncanonical typed IDs, and non-empty unsupported fields fail closed.

The binding intentionally strips Strata source labels and debug names from runtime-authoritative structures. Policy dispatch is by typed process and authority IDs only: admitted decisions can accept or deny dynamic spawn authority and boundary port-connect authority while preserving typed trace evidence. Mantle does not read .authority-effect.json or .authority-policy.json directly at runtime and does not infer authority from source labels, debug names, report text, or command-line widening flags.

.mta

.mta files are Mantle Target Artifacts. They are executable inputs to Mantle, not Strata source and not proof or evidence artifacts.

The extension is intentionally language-neutral. Strata can emit .mta; other frontends can emit .mta too. Mantle must decide whether an artifact is admissible from its internal header and validation data, not from the filename.

Minimum artifact identity fields:

format=mantle-target-artifact
schema_version=6
source_language=strata
target_requirements.source_language=strata
target_requirements.feature_count=...
target_requirements.feature.0=bounded_mailbox

The schema version identifies the admitted .mta encoding shape. It is not a Strata language release, a migration counter, or a stability guarantee. In the current greenfield implementation, 6 is the single admitted artifact schema baseline. Unsupported schema versions are rejected; artifact producers must emit the admitted schema.

The target_requirements.* block is a typed frontend-to-runtime binding surface. Strata emits it from checked IR and lowering facts; Mantle admits it only when the artifact format and schema version match the admitted artifact baseline, source_language is valid metadata and matches target_requirements.source_language, and every required runtime feature is supported by the current Mantle runtime feature declaration. The current Mantle runtime declaration treats source language as opaque artifact metadata rather than an executable dispatch key or language whitelist. Requirement entries are canonical runtime feature IDs such as local_execution, bounded_mailbox, local_send, local_spawn, typed_boundary_tables, and component_composition_metadata. They are not source names and are never executable dispatch strings.

Executable references, type identity, and state transitions inside .mta use validated table IDs and typed transition forms. Process transition records are encoded by transition index and carry a message ID field, an optional current_state ID guard, an optional exact typed payload guard, and exact effect usage for their actions. Validation requires each message to have either a transition base with no current-state guard or one transition base for every admitted current-state ID. Within each message/current-state base, validation admits either one payload-unguarded transition or a payload-specific set where every transition carries an exact typed payload guard. Payload-specific sets enumerate admitted concrete payload cases; they do not encode source-payload algebra. Runtime selection indexes the admitted transition table by typed message ID, typed current state ID when a state guard is present, and exact typed payload identity when a payload guard is present.

Artifact type identity is carried by a Mantle type table. Process state_type_id, message_type_id, message payload_type_id, payload template type_id, state value type_id, and received-payload send-target target_payload_type_id fields refer to that table by numeric TypeId. Type labels are metadata only; Mantle does not parse source type strings such as process-reference spellings to decide runtime behavior.

State value tables carry a type ID, typed value identity, ordered value label, and optional typed payload metadata for each admitted state. The label must match the rendering of the typed value, preserving record field and map entry order from the admitted value. Mantle admission and runtime next-state resolution use the type ID and value identity. State-match payload templates use the admitted current state’s typed payload metadata. Preserved order is visible in labels and traces, but runtime projection uses admitted typed IDs: record fields use record-field IDs into the admitted record shape, and map projections use typed static keys. Labels remain trace and diagnostic metadata, not runtime dispatch keys.

Process references are encoded as per-process reference tables. A spawn action binds a process-reference ID to a runtime process instance for the transition. A send action targets either a process-reference ID or a received typed process-reference payload plus a message ID. Reference debug names remain metadata; runtime delivery uses admitted IDs and runtime process instance IDs.

Local spawn authority is encoded as per-process authority tables and spawn-site tables. A spawn action references a spawn-site ID, which references an authority ID with a typed Spawn descriptor for the same target process. Authority names remain metadata; admission and runtime checks use typed IDs and descriptors.

Protocol, port, component, and composition boundary data is encoded as typed tables. Component imports and composition bindings use port and component-instance IDs; names remain metadata for diagnostics and traces. Mantle validates complete composition binding and protocol compatibility before runtime execution, but it does not resolve Strata component names, import names, or source strings at runtime.

Local supervisor children are encoded as per-process supervisor plans with typed supervisor IDs, child IDs, child modes, restart intensity, and lexical supervisor-child spawn-site classifications. A lexical child spawn site carries supervisor and child IDs instead of a dynamic authority ID.

Message variants may carry an optional payload type ID. Send actions may carry an immutable payload value template, and Mantle delivers the evaluated value in a runtime message envelope. Process-reference payloads carry the admitted target process ID and runtime process ID. Message dispatch uses admitted typed IDs and, for payload-specific transitions, admitted typed payload identity, not payload text, source strings, or debug labels.

Each transition’s action_count is bounded during decode before allocation. Validation also caps the aggregate action count across all transitions for a process as an admitted process resource budget.

Names are retained for diagnostics, traces, and metadata. Mantle execution must load and run resolved IDs rather than dispatching by source text.

Generated .mta files should normally remain under target/. Checked-in .mta files are allowed only as explicitly labeled fixtures or specimens and must not be used as a substitute for a successful strata build and mantle run.

Expected MIME type:

application/vnd.mantle.target-artifact