LIVRE OS is organized into layers.

Each layer has a single primary responsibility and communicates with the others through well-defined interfaces.

1. Client / Identity Agent Layer

Where it runs: user device (phone, laptop, hardware key, browser extension).

Responsibilities

• Present UX for identity management (create, update, recover).
• Hold or control device keys (control keys, session keys).
• Interact with the Vault for encryption/decryption and proof requests.
• Approve operations (sign intents, authorize proof generation).
• Cache non-sensitive metadata (descriptors, policy info, templates).

2. Identity Kernel (Solivre)

Where it runs: secure backend services + optionally embedded on-device.

Responsibilities

• Maintain the Identity Model:
  • identity commitment
  • key model & lifecycle
  • descriptor & attribute schema
  • identity policies
• Validate all identity-level state transitions:
  • create identity
  • update attributes
  • rotate keys
  • revoke / recover
• Coordinate with Vault + Proof Engine to ensure consistency.

Inputs

• Signed requests from client / agent.
• Policy configuration from admins/governance.

Outputs