Etude: Boundary Objects

Core Notes

Boundary objects compress multi-party truth into a transportable artifact: logs, deltas, proofs.

boundary = { view, constraints, replay }

A log is a boundary: it mediates between local state and global convergence.

Applied Thread

Applied: attach constraints to each boundary object; reject payloads that cannot be replayed deterministically.

trace: Def → Check(replay) → Counterexample(ambiguous) → Repair(tagging)

Typology

Artifacts

Logs, certificates, manifests, proofs, hashes, attestations.

Actors

Operators, validators, clients, auditors, automated agents.

Edges

Key exchange, signature validation, replication, audit trails.

Boundary objects are not neutral: they embed a viewpoint and a rule of admissibility.

Non-Trivial Theorems

These are operational invariants worth protecting.

Theorem 1: If replay(B) diverges across observers, B is not a boundary object.\n Theorem 2: If constraints(B) are not checkable locally, B is unverifiable.\n Theorem 3: If B is mutable without an append-only trail, B is not audit-grade.

Ritual Trace (DNS → TLS → Proxy)

DNS

Set A records to the front door. The boundary object is the zone entry.

A(name) → IP(front door)

ACME

CA challenges via HTTP-01; proof lives at /.well-known/acme-challenge/.

CA: GET token → proxy serves token → cert issued

Proxy

Front door routes by Host header; upstreams remain HTTP.

Host → route → upstream:port

Boundary Matrix

Artifact	Constraint	Replay	Verifier
SSH key	Signature verifies against pk	Auth trace	sshd
DNS A	Zone ownership	Resolver cache	recursive DNS
Cert	Chain to CA	Handshake	client TLS
Log	Append-only	Audit replay	auditor

Failure Modes

Common fractures where boundary objects fail the ritual.

Drift: zone points elsewhere → ACME fails\n Mismatch: host key changes → SSH halts\n Mutation: log rewritten → audit invalid\n Ambiguity: proxy routes overlap → undefined ownership

Each failure is a broken promise about replayability.

Boundary Kit (Operational)

Inputs: {state, constraints, signatures}\n Process: normalize → verify → append\n Outputs: {artifact, audit trail, repair note}\n Ritual: check -> replay -> counterexample -> repair

Keep a repair note attached to every object that required mutation or override.

Field Notes

Boundary objects show up as the glue between infrastructure and meaning.

- A proxy config is a boundary: it encodes responsibility for a name.
- A mesh key is a boundary: it encodes identity across hosts.
- A health log is a boundary: it encodes liveness for witnesses.

Glossary

Replay: the act of verifying an artifact by re-running its rules.

Constraint: a rule that narrows valid interpretations.

Boundary: a portable artifact that stabilizes multi-party truth.