Compute artifacts

Storage is
a signed history.

Every meaningful event in Omega — a deployment, a VM snapshot, a framebuffer capture, a structured trace — is written to a content-addressed store, signed by the brane it came from. Reproduce a session, file a bug, replay an exploit. The compute_artifact log is the canonical memory of the substrate.

[content-id]

BLAKE3 · multihash

[signature]

Ed25519 · brane-keyed

[backends]

local · S3 · IPFS · Sigil

[encryption]

age-x25519 · per-tenant

At a glance

The properties
that matter.

BLAKE3

content addressing

Every artifact is keyed by its hash. Dedup is automatic; references are tamper-evident.

Ed25519

every artifact signed

The brane signs what it wrote. The substrate signs that it received it. Two signatures.

storage backends

Local FS, S3-compatible, IPFS, and Sigil (signed-storage chain). Pick per-tenant.

age

tenant encryption

Tenant-scoped X25519 keys. The substrate operator never sees plaintext.

In the manifest

How you
describe it.

storage.zgraph.toml

[brane.replay]
substrate   = "habitat"
capability  = "standard"
image       = "omega/replay-rack:2.0"

// per-brane storage policy

In operation

What it
looks like running.

$ω storage artifacts --brane replay --kind snapshot.vm

cid kind size age b3:9af2... snapshot.vm 4.1MiB 12s b3:7e15... snapshot.vm 4.0MiB 1m02s b3:c8ad... snapshot.vm 4.2MiB 2m17s b3:3bf1... snapshot.vm 4.0MiB 3m34s

$ω storage get b3:9af2 → snap.bin

✓ verified ed25519:RJ4P (brane.replay) ✓ verified ed25519:T8nQ (substrate.gaia-04) ✓ wrote 4.1MiB → snap.bin

addressing

BLAKE3 · multihash · CID-1

signing

brane key + substrate key (two-signature)

encryption

age-x25519 · per-tenant key in OAS DID

retention

manifest-declared · GC enforced

anchor

optional Sigil chain anchor for external audit

By design

What this
surface does.

Content-addressed by default

Every artifact is named by its hash. Dedup is free, references are tamper-evident, and "the artifact has changed" is a contradiction.

CAS

Two signatures per object

The brane signs what it wrote; the substrate signs that it received it. Either signature alone is suspect; both together are proof of provenance.

SIGNED

snapshots · screenshots · traces

Compute artifacts cover the three shapes that matter: VM-level snapshots (resume the world), framebuffer captures (see the screen), span traces (read the path).

ARTIFACTS

Same store, four backends

Local FS for dev, S3 for production, IPFS for distribution, Sigil for audit anchors. The brane sees one storage API.

PORTABLE

← Networking Scaling →

Storage isa signed history.

The propertiesthat matter.

How youdescribe it.

What itlooks like running.

What thissurface does.