Architecture Overview

dregg is a sovereign capability runtime. Agents own cells, execute transitions locally, and prove validity with STARKs. The federation is a notary: it orders, detects double-spends, and anchors 32-byte commitments. It never sees cell contents.

The Unified Fabric

All state lives on a single DAG -- the blocklace. Nodes participate in one or more reference groups. Within each group, the Cordial Miners protocol computes a total ordering via the tau function (3-round leaderless BFT finality). Cross-group communication uses interest-based dissemination with cryptographic cross-references, not bridges.

Constitutional Consensus governs group membership democratically. The h-rule determines supermajority thresholds; equivocation is detected and penalized on-DAG.

The Effect VM

Every turn is proven by the Effect VM -- a single STARK circuit with 371 AIR columns and 24 effects:

State: SetField, CreateCell, IncrementNonce, SetPermissions, SetVerificationKey
Transfer: Transfer (computrons between cells)
Capabilities: GrantCapability, RevokeCapability, RevokeDelegation, SpawnWithDelegation
Events: EmitEvent
Privacy: NoteSpend, NoteCreate (shielded notes with Pedersen commitments)
Sealing: CreateSealPair, Seal, Unseal (E-rights pattern)
Messaging: Introduce (three-party), PipelinedSend, CreateObligation
Bridge: BridgeMint, BridgeLock, BridgeFinalize, BridgeCancel

The DSL (#[dregg_caveat] / #[dregg_effect]) compiles constraints to 8 backends from a single source: Rust, AIR, Datalog, Kimchi, Midnight ZKIR, Plonky3, SP1, and native STARK.

CapTP (Capability Transfer Protocol)

Capabilities flow between cells via CapTP sessions:

Sturdy refs -- durable dregg:// URIs with swiss numbers. Survive disconnection.
Live refs -- ephemeral handles within an active session.
Strands -- logical communication channels within a session, identified by StrandId.
Handoff -- offline three-party introduction with Ed25519-signed certificates.
Distributed GC -- unreachable capabilities are reclaimed across sessions.

Sessions run over QUIC with Plumtree gossip and Dandelion++ for unlinkable relay. Cordial dissemination provides reactive push with frontier exchange.

Storage

Programmable queues -- validated input buffers with custom acceptance predicates.
Inboxes -- store-and-forward message delivery (relay operators host these).
Blinded storage -- content-addressed data where the node cannot read contents.
KZG commitments -- polynomial commitments for efficient data availability proofs.
Space banks -- quota accounting; rent economics bound storage growth.

Persistence uses redb (ACID, WAL, crash-safe). Checkpoints every N blocks enable fast-sync for new nodes.

Intent Solving

The generalized intent solver finds multi-party settlements involving heterogeneous items -- assets, capabilities, services, storage, and namespace entries -- in a single ring trade:

Each participant declares offers and wants (typed ExchangeItem values).
Edge A->B exists if A's offers satisfy some or all of B's wants.
Cycle detection finds rings where every participant is satisfied.
Settlement is atomic: escrow-commit-reveal with STARK proofs of fulfillment.

No global pricing -- satisfaction is structural and boolean. DFA routing shards intents by namespace zone. Cross-zone rings use bridge intents.

Trust Model

CRYPTOGRAPHIC (no trust required):
  - State transition validity (STARK proof)
  - Capability chain validity (IVC fold proof, O(1) verification)
  - Double-spend prevention (nullifier set, Merkle inclusion)
  - Handoff integrity (Ed25519 signature on certificate)
  - Privacy (Pedersen commitments, stealth addresses, shielded notes)

EXECUTOR-TRUSTED (trust the federation for):
  - Ordering (tau function over the blocklace -- BFT, not cryptographic)
  - Liveness (group must have 2f+1 honest nodes online)
  - Discovery (intent gossip relay -- can censor, cannot forge)
  - Checkpoint anchoring (periodic roots attested by quorum signature)

SELF-SOVEREIGN (trust nobody):
  - Peer-to-peer mode: Alice proves directly to Bob, federation never contacted
  - Offline operation: turn execution is local, proof is local
  - State custody: you hold your cells, only commitments are public

For cryptographic details see Cryptographic Foundations. For the capability semantics (cells, turns, c-lists) see Object-Capability Model. For consensus specifics see Consensus.