# Portability: SYSTEM
# Last validated: 2026-05-17
# Next review: 2026-08-17
# Resources: [instance_identity table], [hub/dist.py], [tools/generators/distribution_system.py]

IDENTITY SYSTEM
===============

As of: 2026-05-17

The identity system ensures the integrity and identification of the BACH instance.
Functions are implemented in the distribution handler and accessible via CLI.

TABLE: instance_identity (Central Singleton)
----------------------------------------------
  - id: Primary Key (MUST be 1 - Singleton)
  - instance_id: Unique UUID of the installation
  - instance_name: Individual name (e.g. "BACH_Alpha")
  - version: Current BACH version (e.g. v1.1.83)
  - created_at: creation date
  - seal_status: integrity status ('intact' | 'broken')
  - kernel_hash: SHA256 of the system kernel files
  - last_verified: Last verification time
  - current_mode: operating mode (default: 'developer')
  - last_boot: Last boot time
  - boot_count: Number of boots (default: 0)

SEAL MECHANISM
------------------
  1. Boot check: The kernel hash is calculated for every startup
  2. Comparison: Does the hash match the DB?
  3. Status: If there is a deviation, the seal is “broken”
  4. Warning: A broken seal indicates manual intervention

CLI COMMANDS
------------
  bach --dist status         Show system status with seal info
  bach --dist verify         Check seal integrity
  bach --dist classify       Show dist_type distribution
  bach --dist snapshot NAME  Create snapshot
  bach --dist release NAME   Create release
  bach --dist list           List snapshots/releases

NOT IMPLEMENTED
-------------------
  bach --dist reseal         (DOES NOT EXIST - no reseal function)

There is no automatic repair if the seal is broken. You have to manually
set a new seal via distribution_system.py.

IMPLEMENTATION
--------------
  Handler: system/hub/dist.py (DistHandler)
  Backend: system/tools/generators/distribution_system.py
  Operations: status, verify, classify, snapshot, release, restore, install, list

CONTEXT
-------
Identity is part of the distribution system (formerly governance layer 5).
It ensures that the "memory" (DB) matches the "hardware" (file system).

SEE ALSO
----------
  docs/help/maintain.txt maintenance tools (no identity function)
  docs/help/distribution.txt Distribution & Releases
  docs/help/bach_info.txt System overview
