MALT is a verifiable mutable structure layer for content-addressed data.
It lets applications update and resolve authenticated relationships among immutable objects without rewriting unrelated payload blocks.
This repository is the MALT core specification implementation. It owns the verifier-facing semantics, ProofList behavior, root/query/result contracts, wire formats, reference runtime, and core benchmark/evaluation framework. The managed product gateway lives outside this repository.
Documentation · Architecture · Threat Model · Compatibility · Evaluation · MIPs · Roadmap · Security · Contributing
MALT targets authenticated structured data: data whose relationships can be normalized into graph-shaped nodes and relations. Example workloads include verifiable local-first files, persistent agent memory, mutable manifests, and tamper-evident audit trails over Filecoin, IPFS, S3, local CAS, or another object store.
MALT authenticates those structural relationships through list/map semantics, roots, and verifier-facing ProofLists. Immutable payload bytes can still live naturally in ordinary CAS blocks and keep ordinary CIDs; MALT binds structure to those payload objects without making the daemon, cache, or materialized index state trusted.
Status: Experimental reference implementation. Runnable end to end, not production-ready.
Traditional Merkle-DAG traversal authenticates structure by embedding child links in parent content. A local structural change can force rootward object rewrites because the relationship and the object identity are coupled.
MALT separates those concerns:
- graph-shaped structure is authenticated by independent structure roots
- list/map semantics define typed read and write operations
- reads return verifier-facing
ProofListevidence - immutable payload content can remain ordinary CAS data
- local structure updates advance structure roots without rewriting unrelated payload objects
The claim is not that updates are free. The claim is that MALT replaces implicit ancestor-rewrite cost with explicit, verifiable structure maintenance.
This repository owns:
- MALT core semantics and verifier-facing contracts
- root CID, ProofList, and wire-format documentation
- reference CLI, daemon, HTTP server, and local/mock CAS surfaces
- component benchmarks, conformance tests, and end-to-end evaluation harnesses
- implementation-bound MIPs and evaluator schemas
This repository does not own production managed-gateway behavior:
- tenant isolation, identity providers, API keys, or authorization policy
- root publication, latest-head, freshness, or multi-writer product policy
- S3/Filecoin/IPFS production backend orchestration
- quota, billing, pinning, garbage collection, abuse control, or operations
Those deployment and product concerns belong in the separate
DeWebProtocol/gateway repository or private deployment overlays.
flowchart TB
app["Applications / CLI / Go client"] --> api["Reference daemon / eval gateway HTTP API"]
api --> rw["Resolver / Writer"]
rw --> semantics["Authenticated list / map semantics"]
semantics --> proofs["ProofList and commitment backends"]
semantics --> arctable["ArcTable materialization"]
rw --> cas["Immutable payloads in external CAS"]
Applications interact with resolver and writer surfaces. List/map semantics own the authenticated structure. ArcTable is materialized runtime state, not a trust root. Payloads remain immutable CAS objects, and proofs are verifier-facing.
MALT is an experimental reference implementation. It is runnable end to end, but its public APIs, ProofList schemas, wire formats, and deployment policies may change. It is not production-ready.
Current in-tree capabilities:
- root-centric
maltCLI for local daemon lifecycle, add, resolve, and verify - reference/evaluation gateway surface for explicit-root HTTP reads and writes
- proof-bearing HTTP reads for file bytes, directory JSON, and byte ranges
- pure MALT UnixFS-style layout built from map/list semantics and CAS-backed immutable payloads
- stateless commitment backends for semantic proof primitives
- ArcTable-backed structure materialization with overwrite and versioned modes
malt-evalworkloads for read queries, write traces, CAS models, proof overhead, and storage overhead
Current experimental boundaries:
- no managed global head publication service
- no multi-writer merge or freshness protocol
- no tenant, quota, pinning, or garbage-collection policy
- no production managed gateway or hosted service semantics
- no stable public API compatibility guarantee yet
- response-body binding for large-file byte ranges is still a ProofList-schema design item
Agents can update named memory, artifacts, checkpoints, and audit records while clients verify that resolved objects belong to an accepted structure root.
Applications can model files and directories using authenticated map/list semantics while retaining immutable content-addressed payload blocks.
MALT can authenticate evolving manifests, registries, and ordered records without embedding every mutable relationship into payload object identity.
MALT is storage-backend independent. Filecoin, IPFS, S3, and local CAS systems provide payload storage; MALT provides authenticated mutable structure, resolution, and verification above those payload objects. MALT is not a replacement for Filecoin, IPFS, Kubo, S3, or a general-purpose object store.
Prerequisites:
- Go 1.25.7 or newer
- Git
Build the three local binaries:
mkdir -p bin
go build -buildvcs=false -o bin/malt ./cmd/malt
go build -buildvcs=false -o bin/cas ./cmd/cas
go build -buildvcs=false -o bin/malt-eval ./cmd/eval/malt-evalInitialize the local runtime. The default configuration expects an external CAS
at 127.0.0.1:4318 and a daemon API at 127.0.0.1:4317. For local development
without a real IPFS node, start the standalone mock CAS server first:
bin/cas startThen initialize and start the daemon:
bin/malt init --non-interactive
bin/malt start
bin/malt statusAdd a file, resolve it, and verify the returned ProofList:
printf 'hello malt\n' >/tmp/malt-hello.txt
ROOT=$(bin/malt add /tmp/malt-hello.txt | awk '/Result root:/ {print $3}')
bin/malt resolve "$ROOT" malt-hello.txt >/tmp/malt-resolve.json
bin/malt verify --prooflist /tmp/malt-resolve.jsonThis example stores file bytes through the configured local CAS, produces a MALT structure root, resolves a path relative to that root, and verifies the returned target and ProofList against the trusted root.
Stop the managed daemon when finished:
bin/malt stopRun the full Go validation suite from the repository root:
go test ./...
go vet ./...Inspect the command surfaces:
bin/malt --help
bin/malt-eval --help
bin/malt-eval schemaRun the local smoke evaluation plan:
bin/malt-eval run --plan examples/eval-smoke-plan.json --run-id smokeThe evaluator writes disposable workspace state under output/<run_id> and
durable result artifacts under result/<run_id>. Those directories are ignored
by git.
MALT's current implementation is easiest to read through these layers:
| Layer | Role |
|---|---|
| Semantic layer | Abstract list/map read and write semantics |
| ArcTable | Namespace-scoped arcset persistence and materialization |
| Commitment backend | Stateless proof primitives over semantic representations |
| Resolver / writer ports | Read/proof path and semantic mutation path |
| Server API | Runtime surface for daemon HTTP routes |
| Application layout | Product data model above list/map semantics and immutable payload objects |
The verifier-facing shape is:
Read(root, query) -> result + ProofList
VerifyRead(root, query, result, ProofList) -> valid / invalid
ApplyMutation(baseRoot, semantic mutation) -> newRoot + writeReceipt
list describes stable-indexed child references. map describes authenticated
key-to-target relations and reserves @payload as the terminal materialization
binding for map semantic objects. Layouts translate source-domain data into
semantic mutations; they do not define the core semantics.
graph is not a separate semantic owner or node-interface hierarchy. In the
current runtime it is a small composition boundary that wires resolver and
writer ports over the list/map semantic APIs. Resolver traversal belongs to
graph/resolver; mutation application belongs to graph/writer.
For a deeper implementation walkthrough, see ARCHITECTURE.md.
cmd/malt/ reference runtime CLI
cmd/eval/ malt-eval workloads, schemas, and helpers
api/http/ daemon request/response DTOs
auth/ arcset, commitment, proof, list/map semantics
graph/ resolver and writer port definitions/adapters
layout/unixfs/ UnixFS-style layout over map/list semantics and CAS-backed payloads
runtime/ node, runtime graph composition, ArcTable, metrics
sdk/client/ Go daemon client facade
server/ reference daemon and eval-gateway HTTP server
storage/ CAS and KV storage libraries
wire/maltcid/ MALT map/list root CID codecs
docs/ implementation docs: policy, evaluation, specs, and MIPs
examples/ small runnable plans and examples
MALT's evaluation framework compares authenticated object layouts along four primary dimensions:
- path depth under fixed per-CAS-Get latency models
- verifier-facing proof size
- rewrite amplification under structural updates
- materialized-index and storage overhead
malt-eval supports both direct commands and a framework runner:
malt-eval reademits paper-facing read benchmark records for MALT and IPLD UnixFS baselines, including deep path lookup, small file read, and large file range read workloadsmalt-eval writereplays Git traces and emits write-amplification JSONLmalt-eval runexecutes JSON plans and writesmanifest.json, raw envelopes, and summary CSVs underresult/<run_id>malt-eval runplans can use theread_matrixsuite for fair resolve-path comparisons over the same logical paths materialized as flat MALT arcs, MerkleDAG, and HAMTmalt-eval schemalists or prints embedded JSON schemasmalt-eval summarizeregenerates summary CSVs from a result directorymalt-eval metricsinspects daemon evaluation metrics
See docs/evaluation/README.md for commands, result layout, and schema notes.
Published benchmark tables will be added once the paper evaluation configuration and raw artifacts are frozen.
The near-term roadmap is focused on stabilizing proof schemas, evaluator outputs, and the UnixFS-style layout boundary before claiming production readiness. See ROADMAP.md.
Contributions are welcome. Start with CONTRIBUTING.md, keep changes small, and include focused tests for behavior changes.
Please report security issues through the private process in SECURITY.md, not through public issues.
MALT is released under the MIT License.