303e8c6306
All 117 inter-node links now use [[file:node-name.org][title]] format which renders as clickable hyperlinks in both Emacs (C-c C-o) and web-based org renderers (Gitea, GitHub). Each node retains its :ID: UUID property for Emacs org-roam database features (backlinks, capturing, node-find). Prev format: [[id:uuid][title]] — Emacs only, dead text on web New format: [[file:name.org][title]] — works everywhere
1.7 KiB
1.7 KiB
Upgrade and Distribution Lifecycle
Once instances diverge in both code and knowledge, naive git pull breaks things. Passepartout's architecture already has the primitives for safe upgrades:
- Ontology versioning: every fact stores the ontology version at assertion. On upgrade, facts with old versions are flagged for re-verification.
- Degradation, not crash: if an upgrade breaks the fact store, the system degrades to the pre-macro state (hash-table fallback, text-scan fallback). Still works — just proves less.
- Reversible upgrades (Phase 0 undo): every upgrade produces a Merkle snapshot before applying.
- Delta distribution: upgrades delivered as diffs against the current ontology version. Migration script runs automatically.
The upgrade is verified by the upgraded system before committing. The distributor ships the new gate vector; ACL2 reports which rules are compatible and which need review. The operator reviews only the incompatible subset.
Business model for upgrades:
- Code upgrades: free (AGPL)
- Migration scripts: subscription. The verified migration path from current ontology version to new one.
- Domain knowledge package upgrades: subscription. When HIPAA updates, the healthcare package updates.
- Verification appliance firmware: bundled with hardware. Signed and verified against hardware root of trust.
See also: Infrastructure lock-in, Verification appliance, Domain gate packages