diff --git a/CHANGELOG.md b/CHANGELOG.md index 49d399a..8b45152 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -9,6 +9,7 @@ The format follows [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). Thi ## [Unreleased] ### Added +- Digital-soul contract family — identity (`IdentitySpine`, `DigitalSoulIdentity`) and reputation (`ReputationDimension`, `SacredCapitalLedger`, `PortableReputationClaim`) plus the one-way on-device bridge (`AscensionReading`), with canonical examples, a privacy-boundary + directionality validator (`tools/validate_digital_soul_examples.py`, wired into `make validate`), ADR-0013, and a contract-additions note. The canonical spine is locked to the 64-gate yi-globe with all other traditions as one-way projections; reputation binds to the reasoning-evidence fabric via `ReasoningReceipt`/`ReasoningReplayPlan` (no parallel receipt); `DigitalSoulIdentity.proofOfSelfRef` optionally anchors the constitutional soul to the verified-identity plane (`ProofOfSelfToken`). - SourceOS interaction substrate top-level index and README discovery links for `SourceOSInteractionEvent`, generated TypeScript/Python artifacts, and the Noetica → Superconscious → AgentPlane → AgentTerm reference flow. - Runtime observability and capability governance contracts: `CapabilityLedger`, `BrowserAutomationReceipt`, `GitWorkspaceState`, `OrphanEventReceipt`, and `RuntimeInstallReceipt` with canonical examples, validation wiring (`tools/validate_runtime_observability_examples.py`), a contract catalog, and ADR-0012. - Reasoning run contracts: `ReasoningRun`, `ReasoningEvent`, `ReasoningReceipt`, `ReasoningReplayPlan`, and `ReasoningBenchmark` with canonical examples and a contract-additions note for the Superconscious reference loop. diff --git a/Makefile b/Makefile index ec4d070..64e203f 100644 --- a/Makefile +++ b/Makefile @@ -1,6 +1,6 @@ -.PHONY: validate validate-control-plane-examples validate-nlboot-examples validate-lattice-data-governai-examples validate-ops-history-examples validate-runtime-observability-examples validate-lifecycle-boundary-examples validate-svf-contracts validate-sync-cycle-receipts +.PHONY: validate validate-control-plane-examples validate-nlboot-examples validate-lattice-data-governai-examples validate-ops-history-examples validate-runtime-observability-examples validate-lifecycle-boundary-examples validate-svf-contracts validate-sync-cycle-receipts validate-digital-soul-examples -validate: validate-control-plane-examples validate-nlboot-examples validate-lattice-data-governai-examples validate-ops-history-examples validate-runtime-observability-examples validate-lifecycle-boundary-examples validate-svf-contracts validate-sync-cycle-receipts +validate: validate-control-plane-examples validate-nlboot-examples validate-lattice-data-governai-examples validate-ops-history-examples validate-runtime-observability-examples validate-lifecycle-boundary-examples validate-svf-contracts validate-sync-cycle-receipts validate-digital-soul-examples @echo "OK: validate" validate-control-plane-examples: @@ -33,3 +33,7 @@ validate-svf-contracts: validate-sync-cycle-receipts: python3 -m pip install --user jsonschema >/dev/null python3 tools/validate_sync_cycle_receipts.py + +validate-digital-soul-examples: + python3 -m pip install --user jsonschema >/dev/null + python3 tools/validate_digital_soul_examples.py diff --git a/docs/adr/0013-digital-soul-identity-reputation.md b/docs/adr/0013-digital-soul-identity-reputation.md new file mode 100644 index 0000000..c7f0a50 --- /dev/null +++ b/docs/adr/0013-digital-soul-identity-reputation.md @@ -0,0 +1,72 @@ +# ADR-0013: Digital soul — identity and reputation planes + +Status: Accepted +Date: 2026-06-29 + +## Context + +The platform is adding a "digital soul" capability: a per-person identity model +drawn from a syncretic correspondence map (yi-globe, sefirot, zodiac, enneagram, +chakra, the twelve senses) plus a reputation model in the Neighbourhoods + Sacred +Capital lineage (distributed, portable, privacy-preserving). The source is a visual +map, not a written spec, so the contracts had to make the implicit architecture +explicit and safe. + +Two distinct identity senses already exist in the estate and must not be conflated: + +- **Verified identity** — `ProofOfSelfToken` / Identity Is Prime: *am I a real, + deduplicated subject?* (proof and entity-resolution plane). +- **Constitutional identity** — the digital soul: *who am I inwardly?* (given, + symbolic plane). + +## Decisions + +1. **Lock the spine.** The canonical inner object is the 64-gate yi-globe + (`IdentitySpine.canonicalSpine = "yi-globe-64gate"`, exactly 64 gates). Every + other tradition is a registered **one-way projection** (`oneWay: true`, + `sourceOfTruth: false`, `symbolic: true`) — presentation only, never writable, + never a measured or physically derived value. This honors the settled + matter/form premise without faked numeric derivations. + +2. **Two planes, opposite truth-makers.** Identity is *given* and asserted + (`DigitalSoulIdentity`, private, default disclosure none). Reputation is *earned* + and witnessed (`ReputationDimension`, `SacredCapitalLedger`, + `PortableReputationClaim`). Reputation's truth-maker is the existing + reasoning-evidence fabric — attestations reference `ReasoningReceipt` / + `ReasoningReplayPlan`; no parallel receipt type is introduced. + +3. **Privacy boundary by construction.** No reputation contract has any field able + to carry a given identity input (birthdate / faith / personality). The boundary + cannot be crossed by mistake; it is also machine-checked + (`tools/validate_digital_soul_examples.py`). + +4. **One on-device, one-way bridge.** `AscensionReading` reads the holder's own + works-receipts back onto private inner axes ("ascension"). It is normatively + on-device and `networkServiceProhibited`: no party but the holder may compute or + store inner state. Inner state reaches the outside world only via a deliberate, + holder-minted `PortableReputationClaim`. This forecloses a "spiritual credit + score". + +5. **Portable meaning, not a global score.** `ReputationDimension.latticeBinding` + expresses a community's subjective dimension in the shared spine vocabulary, so + capital is legible across neighbourhoods when bound and opaque when not. + `SacredCapitalLedger.noGlobalScore = true`; aggregation is only within a + (neighbourhood, dimension) or via a declared binding. + +6. **Cross-plane anchoring is optional and pseudonymous.** + `DigitalSoulIdentity.proofOfSelfRef` may anchor the constitutional soul to a + `ProofOfSelfToken` so reputation is sybil-resistant. The anchor is pseudonymous + and carries no given-identity data. Identity Is Prime remains the proof/evidence + layer (see `identity-is-prime-reference/docs/70_PLATFORM_IDENTITY_CONTRACT_ADAPTER`); + the digital soul is a separate constitutional layer that may reference it. + +## Consequences + +- Conformant new schemas under `schemas/` with canonical examples, a validator wired + into `make validate`, and a contract-additions note. +- The full per-tradition correspondence tables (gate → sign/sefira/enneatype/…) are + deliberately **not** committed here: they are frontier-authored canon to be added + as separate, sourced projection data files and validated independently, rather than + fabricated inline. +- Home is `sourceos-spec` (the canonical typed-contracts repo), not + `identity-is-prime-reference` (a mathematical reference implementation). diff --git a/docs/contract-additions/digital-soul-identity-reputation.md b/docs/contract-additions/digital-soul-identity-reputation.md new file mode 100644 index 0000000..c8c3f8e --- /dev/null +++ b/docs/contract-additions/digital-soul-identity-reputation.md @@ -0,0 +1,104 @@ +# Contract additions — digital soul: identity & reputation + +Adds the two-layer "digital soul" contract family: a private, given **identity** +layer and an earned, portable, privacy-preserving **reputation** layer +(Neighbourhoods + Sacred Capital lineage). Reputation binds to the existing +reasoning-evidence fabric — community attestations reference `ReasoningReceipt` +records of works; no parallel receipt type is introduced. + +## Why (the three forks this closes) + +1. **Lock the spine.** `IdentitySpine` commits the canonical inner object to the + 64-gate yi-globe. Every other tradition (zodiac, sefirot, enneagram, chakra, + the twelve senses) is a registered one-way **projection** — presentation only, + never a writable source of truth, never a measured/derived physical value. +2. **The dimension-schema join.** `ReputationDimension.latticeBinding` expresses a + community's Sensemaker dimension in the spine's shared vocabulary (a gate or an + inner axis). This is what turns Sacred Capital from portable *data* into portable + *meaning*: bound dimensions are legible across neighbourhoods; unbound ones stay + opaque. There is never a global score. +3. **The private reading.** `AscensionReading` is the single one-way bridge from + reputation to identity: it reads the holder's own works-receipts back through the + spine to move private gate-state along its inner axes ("ascension"). It is + normatively **on-device** and **network-prohibited** — no party but the holder may + compute or store the holder's inner state. This forecloses a "spiritual credit score". + +## Contracts + +| Schema | Layer | Purpose | +|---|---|---| +| `IdentitySpine` | identity (public-shared) | canonical 64-gate lattice + inner axes + one-way projections | +| `DigitalSoulIdentity` | identity (agent-held-private) | per-subject given inputs + gate-state; default disclosure none | +| `AscensionReading` | bridge (agent-held-private) | on-device works→inner-axes reading; replayable | +| `ReputationDimension` | reputation | community-authored context-local dimension + optional spine binding | +| `SacredCapitalLedger` | reputation (agent-held-portable) | evidence-backed capital per (neighbourhood, dimension); no global score | +| `PortableReputationClaim` | reputation | holder-minted, signed, selective disclosure; optional witnessed ascension | + +## URN identifiers + +| Type | URN prefix | +|---|---| +| `IdentitySpine` | `urn:srcos:identity-spine:` | +| `DigitalSoulIdentity` | `urn:srcos:digital-soul:` | +| `AscensionReading` | `urn:srcos:ascension-reading:` | +| `ReputationDimension` | `urn:srcos:reputation-dimension:` | +| `SacredCapitalLedger` | `urn:srcos:sacred-capital:` | +| `PortableReputationClaim` | `urn:srcos:reputation-claim:` | + +## Binding to the evidence fabric + +Reputation is evidence-backed by reuse, not by a new receipt type: + +- works/acts in the knowledge commons are recorded as `ReasoningReceipt` + (`urn:srcos:reasoning-receipt:`) on the existing v2 reasoning-evidence fabric; +- `ReputationDimension.computedOver` scores those receipts/`ReasoningEvent` types; +- `SacredCapitalLedger.entries[].evidenceRefs` and + `PortableReputationClaim.*.evidenceRefs` point at those receipts; +- `AscensionReading.replayPlanRef` may bind to a `ReasoningReplayPlan` so a reading + is replayable like any reasoning run. + +## Cross-plane anchoring (verified vs constitutional identity) + +Two identity senses coexist and stay separate: + +- **Verified identity** — `ProofOfSelfToken` (`urn:srcos:proof-of-self:`) / Identity + Is Prime: a real, deduplicated, pseudonymous subject. +- **Constitutional identity** — `DigitalSoulIdentity`: who the person is inwardly. + +`DigitalSoulIdentity.proofOfSelfRef` optionally anchors the soul to a +`ProofOfSelfToken`, which makes reputation sybil-resistant (capital accrues to a +verified subject) while leaking no given inputs — the anchor is pseudonymous. +Identity Is Prime remains the proof/evidence layer (see +`identity-is-prime-reference/docs/70_PLATFORM_IDENTITY_CONTRACT_ADAPTER`); the digital +soul references it but does not absorb it. + +## Enforced invariants (machine-checked) + +`tools/validate_digital_soul_examples.py` (wired into `make validate` via +`validate-digital-soul-examples`) checks, beyond JSON Schema: + +- **Privacy boundary** — no reputation document may contain any given-identity key + (`birthdate` / `faith` / `personality*` / `givenInputs`). The boundary holds by + construction: the reputation schemas provide no field able to carry them. +- **Directionality** — `AscensionReading` must be on-device, `networkServiceProhibited`, + and declare works→inner-axes `allowed` / identity-inputs→reputation `forbidden`. +- **Evidence backing** — capital entries and claimed dimensions must each reference + at least one works-receipt; no document asserts a global score. +- **Spine integrity** — exactly 64 unique gates. + +## Validate + +```bash +make validate-digital-soul-examples +``` + +## CHANGELOG entry (ready to merge into [Unreleased] → Added) + +- Digital-soul contract family — identity (`IdentitySpine`, `DigitalSoulIdentity`) + and reputation (`ReputationDimension`, `SacredCapitalLedger`, + `PortableReputationClaim`) plus the one-way on-device bridge (`AscensionReading`), + with canonical examples and a privacy-boundary + directionality validator + (`tools/validate_digital_soul_examples.py`). Reputation binds to the + reasoning-evidence fabric via `ReasoningReceipt`/`ReasoningReplayPlan`; the + canonical spine is locked to the 64-gate yi-globe with all other traditions as + one-way projections. diff --git a/docs/security/semantic-evidence-chain.md b/docs/security/semantic-evidence-chain.md new file mode 100644 index 0000000..3c27c5e --- /dev/null +++ b/docs/security/semantic-evidence-chain.md @@ -0,0 +1,102 @@ +# Semantic Evidence Chain (SEC) + +Status: draft +Scope: a directed, weighted analytic view onto the reasoning-evidence fabric (ReasoningRun / ReasoningEvent / ReasoningReceipt) that feeds image-gen red-team and blue-team detection playbooks, containment, and forensic capture. + +## Scope discipline + +SEC formalizes only falsifiable graph and evidence semantics. The "ghost space" topology and geometry framing that motivated this contract is **metaphor only** and is explicitly out of scope. This spec defines no physical quantities, no E8 or Hopf projections, no tensor fields, and no derived geometry. Every number in an SEC is an observed or estimated analytic over fabric events, never a computed physics result. + +## Thesis + +A reasoning or detection process is a walk through states of awareness. Each state is grounded in a recorded reasoning-evidence event. The transitions between states carry evidence: how clearly the transition is supported, how much uncertainty it removed, and how much time it cost. Reading those transitions as a directed weighted graph lets us score how a system arrived at awareness, where it branched into competing hypotheses, where it looped, and where competing paths converged on a single verdict. + +SEC is that graph. It is a **derived view**, not a new evidence store. It binds every node and edge back to the canonical fabric so that any SEC claim is traceable to a `ReasoningEvent` and ultimately to a `ReasoningReceipt`. + +## Data model + +`SEC = (N, E, W)` + +- **N — nodes**: awareness/detection states. Each node binds to exactly one `ReasoningEvent` via `eventRef`. `kind` is `awareness` (cognitive/reasoning state) or `detection` (security observation state). A node never upgrades trust above its bound event. +- **E — directed edges**: state transitions, tail `from` to head `to`. `transition` is one of `advance` (linear), `branch` (divergence, >1 outgoing), `loop` (entanglement, returns to an ancestor), `converge` (inbound at a node with >1 distinct-path predecessor). An edge MAY bind an `eventRef` evidencing the transition itself. +- **W — weight vector** (per edge): `{ clarity, entropyReduction, temporalCost }`. + - `clarity` ∈ [0,1] — confidence the transition is well-evidenced, from bound-event trust level and corroboration count. + - `entropyReduction` ≥ 0 — reduction in candidate-state uncertainty, in bits, over the run's hypothesis set. Information-theoretic analytic, not physics. + - `temporalCost` ≥ 0 — elapsed cost in milliseconds, from bound-event timestamps. + +Full awareness is a **convergence path**: a directed path that reaches a converge node, scored by cumulative W. + +Schema: `schemas/SemanticEvidenceChain.json`. Example: `examples/semantic_evidence_chain.json`. + +## Binding to the reasoning-evidence fabric + +SEC is a conformant projection, not a parallel store: + +| SEC field | Fabric binding | +|---|---| +| `SEC.runRef` | `ReasoningRun.id` (`urn:srcos:reasoning-run:`) | +| `SEC.receiptRef` | `ReasoningReceipt.id` (`urn:srcos:receipt:reasoning:`) | +| `node.eventRef`, `edge.eventRef` | `ReasoningEvent.id` (`urn:srcos:reasoning-event:`) | +| `node.trustLevel` | mirrors `ReasoningEvent.trustLevel` | +| `SEC.traceLevel` | the most restricted bound `ReasoningEvent.traceLevel` | + +Rules: + +1. An SEC MUST NOT exist without a parent `ReasoningRun`. +2. Every node and every weighted edge MUST be reconstructable from bound fabric events; SEC stores no evidence the fabric does not already hold. +3. SEC honors the fabric's safe-trace boundary: it never requires raw private reasoning content, only event summaries, trust levels, trace levels, and timestamps. +4. `SEC.analysis` is an advisory cache. It is always recomputable from `nodes` + `edges`; a consumer MUST be able to discard and recompute it. + +## Operations + +All operations are pure functions over `(N, E, W)`. + +1. **build-chain(run)** — project a `ReasoningRun` and its `ReasoningEvent` set into `(N, E)`. One node per event; one edge per recorded state transition. Compute each edge's W from bound-event trust level (clarity), hypothesis-set delta (entropyReduction), and timestamp delta (temporalCost). Set `traceLevel` to the most restricted bound event. +2. **score-path(path)** — fold W along an ordered node path: `clarity` = product of edge clarities, `entropyReduction` = sum, `temporalCost` = sum. Returns a cumulative weight vector. +3. **detect-divergence(SEC)** — return nodes with >1 outgoing `branch` edge. Each is a competing-hypothesis fork. +4. **detect-loop(SEC)** — return cycles reachable via `loop` edges (entanglements): a state that re-enters an ancestor. Used to flag non-terminating reasoning and repeated detection re-triggering. +5. **find-convergence(SEC)** — find converge nodes (>1 distinct-path predecessor); among inbound paths select the one maximizing `clarity × entropyReduction` while bounding `temporalCost`. The winning ordered path is the full-awareness path; its score-path output is `analysis.cumulativeWeight`. + +## Mapping to the Linux image-gen red/blue playbooks + +The image-gen pipeline (imagelab / image-builder) emits reasoning-evidence events during build, scan, and review. SEC turns those events into actionable security graphs across three lanes; `analysis.playbookLane` records the selected lane. + +- **Detection coverage (blue-team).** `detect-divergence` surfaces every competing explanation a detector entertained for a suspicious image artifact (e.g. an unexpected post-install layer mutating a shell startup file). Branches that never reach a converge node are **uncovered hypotheses** — coverage gaps to add detectors for. `find-convergence` yields the confirmed verdict path with its cumulative clarity. +- **Containment.** A converge node carrying high cumulative `clarity` and a `detection` verdict is the trigger to quarantine. SEC pairs naturally with `SecurityVerdictState` (the converge node's verdict) and `QuarantineReceipt` (the containment action), both referenced by the bound run's evidence pointers. +- **Forensic capture.** The full SEC, with its hash-linked binding to `ReasoningEvent` and the sealing `ReasoningReceipt.traceHash`, is the forensic artifact: a replayable, append-only account of how awareness of the threat was reached, including dead-end branches and any loops (re-triggered detections). +- **Red-team.** Run SEC over an adversarial build. A short convergence path with low `entropyReduction` means the injected artifact was caught quickly with little investigation; a long path with many `branch` divergences and `loop` entanglements means the attack induced expensive, uncertain reasoning — a detector-quality signal to harden. + +### Threat-detection mapping + +- A `loop` cycle = repeated re-triggering or oscillating hypotheses → detector instability. +- A `branch` with no downstream converge = an explanation the system could neither confirm nor rule out → blind spot. +- A converge node with low cumulative `clarity` = a verdict reached on weak evidence → escalate to review, do not auto-contain. +- Rising aggregate `temporalCost` to convergence across runs = detection latency regression. + +## Required audit events + +- `sec.chain.built` +- `sec.path.scored` +- `sec.divergence.detected` +- `sec.loop.detected` +- `sec.convergence.found` +- `sec.verdict.bound` (SEC convergence linked to a `SecurityVerdictState`) +- `sec.containment.triggered` (SEC convergence linked to a `QuarantineReceipt`) + +## Dangerous anti-patterns + +- Treating an SEC node as evidence in its own right rather than a view onto a `ReasoningEvent`. +- Storing reasoning content in SEC that the fabric does not hold (parallel evidence store). +- Upgrading a node's trust level above its bound event. +- Auto-containing on a converge node without checking cumulative `clarity`. +- Reading the chain's geometry as a physical or topological measurement. + +## Acceptance criteria + +1. Every SEC has a `runRef` to an existing `ReasoningRun`. +2. Every node and every weighted edge binds to a fabric event reconstructable from canonical schemas. +3. No SEC node has a trust level higher than its bound `ReasoningEvent`. +4. `analysis` is recomputable from `nodes` + `edges` and is never the sole source of any claim. +5. Every blue-team containment action triggered from an SEC references a `SecurityVerdictState` and a `QuarantineReceipt`. +6. Every divergence with no downstream convergence is reported as a detection-coverage gap. +7. No field in any SEC asserts a derived physical, topological, or geometric quantity. diff --git a/examples/ascension_reading.json b/examples/ascension_reading.json new file mode 100644 index 0000000..3b6a928 --- /dev/null +++ b/examples/ascension_reading.json @@ -0,0 +1,49 @@ +{ + "id": "urn:srcos:ascension-reading:abc123:2026-06-29", + "type": "AscensionReading", + "specVersion": "2.0.0", + "capturedAt": "2026-06-29T00:00:00Z", + "subjectRef": "subject:pseudo:abc123", + "computedOn": "holder-device", + "networkServiceProhibited": true, + "inputs": { + "spineRef": "urn:srcos:identity-spine:yi-globe:v1", + "worksReceiptRefs": [ + "urn:srcos:reasoning-receipt:work-1", + "urn:srcos:reasoning-receipt:work-2" + ] + }, + "steps": [ + { + "receiptRef": "urn:srcos:reasoning-receipt:work-1", + "gateRef": "gate_25", + "axisId": "shadowGift", + "fromValue": -1, + "toValue": 0, + "deterministic": true + }, + { + "receiptRef": "urn:srcos:reasoning-receipt:work-2", + "gateRef": "gate_25", + "axisId": "shadowGift", + "fromValue": 0, + "toValue": 1, + "deterministic": true + } + ], + "replayPlanRef": "urn:srcos:reasoning-replay-plan:abc123-asc-1", + "result": { + "netAscension": [ + { + "axisId": "shadowGift", + "delta": 2 + } + ] + }, + "directionality": { + "worksToInnerAxes": "allowed", + "identityInputsToReputation": "forbidden", + "innerToOutsideRequiresClaim": true + }, + "privacyClass": "agent-held-private" +} diff --git a/examples/digital_soul_identity.json b/examples/digital_soul_identity.json new file mode 100644 index 0000000..e14ff2b --- /dev/null +++ b/examples/digital_soul_identity.json @@ -0,0 +1,532 @@ +{ + "id": "urn:srcos:digital-soul:abc123:v1", + "type": "DigitalSoulIdentity", + "specVersion": "2.0.0", + "createdAt": "2026-06-29T00:00:00Z", + "subjectRef": "subject:pseudo:abc123", + "spineRef": "urn:srcos:identity-spine:yi-globe:v1", + "proofOfSelfRef": "urn:srcos:proof-of-self:abc123", + "givenInputs": { + "birthdate": "private:on-device-only", + "faith": "private:declared", + "personalityProfile": { + "instrument": "private:on-device-only" + } + }, + "gateState": [ + { + "gateRef": "gate_01", + "axisValues": { + "shadowGift": 0, + "blockedOpen": 1, + "ascendingDescending": 0 + } + }, + { + "gateRef": "gate_02", + "axisValues": { + "shadowGift": 0, + "blockedOpen": 1, + "ascendingDescending": 0 + } + }, + { + "gateRef": "gate_03", + "axisValues": { + "shadowGift": 0, + "blockedOpen": 1, + "ascendingDescending": 0 + } + }, + { + "gateRef": "gate_04", + "axisValues": { + "shadowGift": 0, + "blockedOpen": 1, + "ascendingDescending": 0 + } + }, + { + "gateRef": "gate_05", + "axisValues": { + "shadowGift": 0, + "blockedOpen": 1, + "ascendingDescending": 0 + } + }, + { + "gateRef": "gate_06", + "axisValues": { + "shadowGift": 0, + "blockedOpen": 1, + "ascendingDescending": 0 + } + }, + { + "gateRef": "gate_07", + "axisValues": { + "shadowGift": 0, + "blockedOpen": 1, + "ascendingDescending": 0 + } + }, + { + "gateRef": "gate_08", + "axisValues": { + "shadowGift": 0, + "blockedOpen": 1, + "ascendingDescending": 0 + } + }, + { + "gateRef": "gate_09", + "axisValues": { + "shadowGift": 0, + "blockedOpen": 1, + "ascendingDescending": 0 + } + }, + { + "gateRef": "gate_10", + "axisValues": { + "shadowGift": 0, + "blockedOpen": 1, + "ascendingDescending": 0 + } + }, + { + "gateRef": "gate_11", + "axisValues": { + "shadowGift": 0, + "blockedOpen": 1, + "ascendingDescending": 0 + } + }, + { + "gateRef": "gate_12", + "axisValues": { + "shadowGift": 0, + "blockedOpen": 1, + "ascendingDescending": 0 + } + }, + { + "gateRef": "gate_13", + "axisValues": { + "shadowGift": 0, + "blockedOpen": 1, + "ascendingDescending": 0 + } + }, + { + "gateRef": "gate_14", + "axisValues": { + "shadowGift": 0, + "blockedOpen": 1, + "ascendingDescending": 0 + } + }, + { + "gateRef": "gate_15", + "axisValues": { + "shadowGift": 0, + "blockedOpen": 1, + "ascendingDescending": 0 + } + }, + { + "gateRef": "gate_16", + "axisValues": { + "shadowGift": 0, + "blockedOpen": 1, + "ascendingDescending": 0 + } + }, + { + "gateRef": "gate_17", + "axisValues": { + "shadowGift": 0, + "blockedOpen": 1, + "ascendingDescending": 0 + } + }, + { + "gateRef": "gate_18", + "axisValues": { + "shadowGift": 0, + "blockedOpen": 1, + "ascendingDescending": 0 + } + }, + { + "gateRef": "gate_19", + "axisValues": { + "shadowGift": 0, + "blockedOpen": 1, + "ascendingDescending": 0 + } + }, + { + "gateRef": "gate_20", + "axisValues": { + "shadowGift": 0, + "blockedOpen": 1, + "ascendingDescending": 0 + } + }, + { + "gateRef": "gate_21", + "axisValues": { + "shadowGift": 0, + "blockedOpen": 1, + "ascendingDescending": 0 + } + }, + { + "gateRef": "gate_22", + "axisValues": { + "shadowGift": 0, + "blockedOpen": 1, + "ascendingDescending": 0 + } + }, + { + "gateRef": "gate_23", + "axisValues": { + "shadowGift": 0, + "blockedOpen": 1, + "ascendingDescending": 0 + } + }, + { + "gateRef": "gate_24", + "axisValues": { + "shadowGift": 0, + "blockedOpen": 1, + "ascendingDescending": 0 + } + }, + { + "gateRef": "gate_25", + "axisValues": { + "shadowGift": 0, + "blockedOpen": 1, + "ascendingDescending": 0 + } + }, + { + "gateRef": "gate_26", + "axisValues": { + "shadowGift": 0, + "blockedOpen": 1, + "ascendingDescending": 0 + } + }, + { + "gateRef": "gate_27", + "axisValues": { + "shadowGift": 0, + "blockedOpen": 1, + "ascendingDescending": 0 + } + }, + { + "gateRef": "gate_28", + "axisValues": { + "shadowGift": 0, + "blockedOpen": 1, + "ascendingDescending": 0 + } + }, + { + "gateRef": "gate_29", + "axisValues": { + "shadowGift": 0, + "blockedOpen": 1, + "ascendingDescending": 0 + } + }, + { + "gateRef": "gate_30", + "axisValues": { + "shadowGift": 0, + "blockedOpen": 1, + "ascendingDescending": 0 + } + }, + { + "gateRef": "gate_31", + "axisValues": { + "shadowGift": 0, + "blockedOpen": 1, + "ascendingDescending": 0 + } + }, + { + "gateRef": "gate_32", + "axisValues": { + "shadowGift": 0, + "blockedOpen": 1, + "ascendingDescending": 0 + } + }, + { + "gateRef": "gate_33", + "axisValues": { + "shadowGift": 0, + "blockedOpen": 1, + "ascendingDescending": 0 + } + }, + { + "gateRef": "gate_34", + "axisValues": { + "shadowGift": 0, + "blockedOpen": 1, + "ascendingDescending": 0 + } + }, + { + "gateRef": "gate_35", + "axisValues": { + "shadowGift": 0, + "blockedOpen": 1, + "ascendingDescending": 0 + } + }, + { + "gateRef": "gate_36", + "axisValues": { + "shadowGift": 0, + "blockedOpen": 1, + "ascendingDescending": 0 + } + }, + { + "gateRef": "gate_37", + "axisValues": { + "shadowGift": 0, + "blockedOpen": 1, + "ascendingDescending": 0 + } + }, + { + "gateRef": "gate_38", + "axisValues": { + "shadowGift": 0, + "blockedOpen": 1, + "ascendingDescending": 0 + } + }, + { + "gateRef": "gate_39", + "axisValues": { + "shadowGift": 0, + "blockedOpen": 1, + "ascendingDescending": 0 + } + }, + { + "gateRef": "gate_40", + "axisValues": { + "shadowGift": 0, + "blockedOpen": 1, + "ascendingDescending": 0 + } + }, + { + "gateRef": "gate_41", + "axisValues": { + "shadowGift": 0, + "blockedOpen": 1, + "ascendingDescending": 0 + } + }, + { + "gateRef": "gate_42", + "axisValues": { + "shadowGift": 0, + "blockedOpen": 1, + "ascendingDescending": 0 + } + }, + { + "gateRef": "gate_43", + "axisValues": { + "shadowGift": 0, + "blockedOpen": 1, + "ascendingDescending": 0 + } + }, + { + "gateRef": "gate_44", + "axisValues": { + "shadowGift": 0, + "blockedOpen": 1, + "ascendingDescending": 0 + } + }, + { + "gateRef": "gate_45", + "axisValues": { + "shadowGift": 0, + "blockedOpen": 1, + "ascendingDescending": 0 + } + }, + { + "gateRef": "gate_46", + "axisValues": { + "shadowGift": 0, + "blockedOpen": 1, + "ascendingDescending": 0 + } + }, + { + "gateRef": "gate_47", + "axisValues": { + "shadowGift": 0, + "blockedOpen": 1, + "ascendingDescending": 0 + } + }, + { + "gateRef": "gate_48", + "axisValues": { + "shadowGift": 0, + "blockedOpen": 1, + "ascendingDescending": 0 + } + }, + { + "gateRef": "gate_49", + "axisValues": { + "shadowGift": 0, + "blockedOpen": 1, + "ascendingDescending": 0 + } + }, + { + "gateRef": "gate_50", + "axisValues": { + "shadowGift": 0, + "blockedOpen": 1, + "ascendingDescending": 0 + } + }, + { + "gateRef": "gate_51", + "axisValues": { + "shadowGift": 0, + "blockedOpen": 1, + "ascendingDescending": 0 + } + }, + { + "gateRef": "gate_52", + "axisValues": { + "shadowGift": 0, + "blockedOpen": 1, + "ascendingDescending": 0 + } + }, + { + "gateRef": "gate_53", + "axisValues": { + "shadowGift": 0, + "blockedOpen": 1, + "ascendingDescending": 0 + } + }, + { + "gateRef": "gate_54", + "axisValues": { + "shadowGift": 0, + "blockedOpen": 1, + "ascendingDescending": 0 + } + }, + { + "gateRef": "gate_55", + "axisValues": { + "shadowGift": 0, + "blockedOpen": 1, + "ascendingDescending": 0 + } + }, + { + "gateRef": "gate_56", + "axisValues": { + "shadowGift": 0, + "blockedOpen": 1, + "ascendingDescending": 0 + } + }, + { + "gateRef": "gate_57", + "axisValues": { + "shadowGift": 0, + "blockedOpen": 1, + "ascendingDescending": 0 + } + }, + { + "gateRef": "gate_58", + "axisValues": { + "shadowGift": 0, + "blockedOpen": 1, + "ascendingDescending": 0 + } + }, + { + "gateRef": "gate_59", + "axisValues": { + "shadowGift": 0, + "blockedOpen": 1, + "ascendingDescending": 0 + } + }, + { + "gateRef": "gate_60", + "axisValues": { + "shadowGift": 0, + "blockedOpen": 1, + "ascendingDescending": 0 + } + }, + { + "gateRef": "gate_61", + "axisValues": { + "shadowGift": 0, + "blockedOpen": 1, + "ascendingDescending": 0 + } + }, + { + "gateRef": "gate_62", + "axisValues": { + "shadowGift": 0, + "blockedOpen": 1, + "ascendingDescending": 0 + } + }, + { + "gateRef": "gate_63", + "axisValues": { + "shadowGift": 0, + "blockedOpen": 1, + "ascendingDescending": 0 + } + }, + { + "gateRef": "gate_64", + "axisValues": { + "shadowGift": 0, + "blockedOpen": 1, + "ascendingDescending": 0 + } + } + ], + "privacyClass": "agent-held-private", + "disclosureDefault": "none" +} diff --git a/examples/identity_spine.json b/examples/identity_spine.json new file mode 100644 index 0000000..c71407f --- /dev/null +++ b/examples/identity_spine.json @@ -0,0 +1,580 @@ +{ + "id": "urn:srcos:identity-spine:yi-globe:v1", + "type": "IdentitySpine", + "specVersion": "2.0.0", + "createdAt": "2026-06-29T00:00:00Z", + "canonicalSpine": "yi-globe-64gate", + "spineVersion": "1.0.0", + "axes": [ + { + "axisId": "shadowGift", + "kind": "ordinal", + "stops": [ + "shadow", + "gift", + "siddhi" + ], + "range": { + "min": -1, + "max": 2 + } + }, + { + "axisId": "blockedOpen", + "kind": "ordinal", + "stops": [ + "blocked", + "open" + ], + "range": { + "min": 0, + "max": 1 + } + }, + { + "axisId": "ascendingDescending", + "kind": "signed", + "stops": [ + "descending", + "ascending" + ], + "range": { + "min": -1, + "max": 1 + } + } + ], + "gates": [ + { + "gateId": "gate_01", + "axisIds": [ + "shadowGift", + "blockedOpen", + "ascendingDescending" + ] + }, + { + "gateId": "gate_02", + "axisIds": [ + "shadowGift", + "blockedOpen", + "ascendingDescending" + ] + }, + { + "gateId": "gate_03", + "axisIds": [ + "shadowGift", + "blockedOpen", + "ascendingDescending" + ] + }, + { + "gateId": "gate_04", + "axisIds": [ + "shadowGift", + "blockedOpen", + "ascendingDescending" + ] + }, + { + "gateId": "gate_05", + "axisIds": [ + "shadowGift", + "blockedOpen", + "ascendingDescending" + ] + }, + { + "gateId": "gate_06", + "axisIds": [ + "shadowGift", + "blockedOpen", + "ascendingDescending" + ] + }, + { + "gateId": "gate_07", + "axisIds": [ + "shadowGift", + "blockedOpen", + "ascendingDescending" + ] + }, + { + "gateId": "gate_08", + "axisIds": [ + "shadowGift", + "blockedOpen", + "ascendingDescending" + ] + }, + { + "gateId": "gate_09", + "axisIds": [ + "shadowGift", + "blockedOpen", + "ascendingDescending" + ] + }, + { + "gateId": "gate_10", + "axisIds": [ + "shadowGift", + "blockedOpen", + "ascendingDescending" + ] + }, + { + "gateId": "gate_11", + "axisIds": [ + "shadowGift", + "blockedOpen", + "ascendingDescending" + ] + }, + { + "gateId": "gate_12", + "axisIds": [ + "shadowGift", + "blockedOpen", + "ascendingDescending" + ] + }, + { + "gateId": "gate_13", + "axisIds": [ + "shadowGift", + "blockedOpen", + "ascendingDescending" + ] + }, + { + "gateId": "gate_14", + "axisIds": [ + "shadowGift", + "blockedOpen", + "ascendingDescending" + ] + }, + { + "gateId": "gate_15", + "axisIds": [ + "shadowGift", + "blockedOpen", + "ascendingDescending" + ] + }, + { + "gateId": "gate_16", + "axisIds": [ + "shadowGift", + "blockedOpen", + "ascendingDescending" + ] + }, + { + "gateId": "gate_17", + "axisIds": [ + "shadowGift", + "blockedOpen", + "ascendingDescending" + ] + }, + { + "gateId": "gate_18", + "axisIds": [ + "shadowGift", + "blockedOpen", + "ascendingDescending" + ] + }, + { + "gateId": "gate_19", + "axisIds": [ + "shadowGift", + "blockedOpen", + "ascendingDescending" + ] + }, + { + "gateId": "gate_20", + "axisIds": [ + "shadowGift", + "blockedOpen", + "ascendingDescending" + ] + }, + { + "gateId": "gate_21", + "axisIds": [ + "shadowGift", + "blockedOpen", + "ascendingDescending" + ] + }, + { + "gateId": "gate_22", + "axisIds": [ + "shadowGift", + "blockedOpen", + "ascendingDescending" + ] + }, + { + "gateId": "gate_23", + "axisIds": [ + "shadowGift", + "blockedOpen", + "ascendingDescending" + ] + }, + { + "gateId": "gate_24", + "axisIds": [ + "shadowGift", + "blockedOpen", + "ascendingDescending" + ] + }, + { + "gateId": "gate_25", + "axisIds": [ + "shadowGift", + "blockedOpen", + "ascendingDescending" + ] + }, + { + "gateId": "gate_26", + "axisIds": [ + "shadowGift", + "blockedOpen", + "ascendingDescending" + ] + }, + { + "gateId": "gate_27", + "axisIds": [ + "shadowGift", + "blockedOpen", + "ascendingDescending" + ] + }, + { + "gateId": "gate_28", + "axisIds": [ + "shadowGift", + "blockedOpen", + "ascendingDescending" + ] + }, + { + "gateId": "gate_29", + "axisIds": [ + "shadowGift", + "blockedOpen", + "ascendingDescending" + ] + }, + { + "gateId": "gate_30", + "axisIds": [ + "shadowGift", + "blockedOpen", + "ascendingDescending" + ] + }, + { + "gateId": "gate_31", + "axisIds": [ + "shadowGift", + "blockedOpen", + "ascendingDescending" + ] + }, + { + "gateId": "gate_32", + "axisIds": [ + "shadowGift", + "blockedOpen", + "ascendingDescending" + ] + }, + { + "gateId": "gate_33", + "axisIds": [ + "shadowGift", + "blockedOpen", + "ascendingDescending" + ] + }, + { + "gateId": "gate_34", + "axisIds": [ + "shadowGift", + "blockedOpen", + "ascendingDescending" + ] + }, + { + "gateId": "gate_35", + "axisIds": [ + "shadowGift", + "blockedOpen", + "ascendingDescending" + ] + }, + { + "gateId": "gate_36", + "axisIds": [ + "shadowGift", + "blockedOpen", + "ascendingDescending" + ] + }, + { + "gateId": "gate_37", + "axisIds": [ + "shadowGift", + "blockedOpen", + "ascendingDescending" + ] + }, + { + "gateId": "gate_38", + "axisIds": [ + "shadowGift", + "blockedOpen", + "ascendingDescending" + ] + }, + { + "gateId": "gate_39", + "axisIds": [ + "shadowGift", + "blockedOpen", + "ascendingDescending" + ] + }, + { + "gateId": "gate_40", + "axisIds": [ + "shadowGift", + "blockedOpen", + "ascendingDescending" + ] + }, + { + "gateId": "gate_41", + "axisIds": [ + "shadowGift", + "blockedOpen", + "ascendingDescending" + ] + }, + { + "gateId": "gate_42", + "axisIds": [ + "shadowGift", + "blockedOpen", + "ascendingDescending" + ] + }, + { + "gateId": "gate_43", + "axisIds": [ + "shadowGift", + "blockedOpen", + "ascendingDescending" + ] + }, + { + "gateId": "gate_44", + "axisIds": [ + "shadowGift", + "blockedOpen", + "ascendingDescending" + ] + }, + { + "gateId": "gate_45", + "axisIds": [ + "shadowGift", + "blockedOpen", + "ascendingDescending" + ] + }, + { + "gateId": "gate_46", + "axisIds": [ + "shadowGift", + "blockedOpen", + "ascendingDescending" + ] + }, + { + "gateId": "gate_47", + "axisIds": [ + "shadowGift", + "blockedOpen", + "ascendingDescending" + ] + }, + { + "gateId": "gate_48", + "axisIds": [ + "shadowGift", + "blockedOpen", + "ascendingDescending" + ] + }, + { + "gateId": "gate_49", + "axisIds": [ + "shadowGift", + "blockedOpen", + "ascendingDescending" + ] + }, + { + "gateId": "gate_50", + "axisIds": [ + "shadowGift", + "blockedOpen", + "ascendingDescending" + ] + }, + { + "gateId": "gate_51", + "axisIds": [ + "shadowGift", + "blockedOpen", + "ascendingDescending" + ] + }, + { + "gateId": "gate_52", + "axisIds": [ + "shadowGift", + "blockedOpen", + "ascendingDescending" + ] + }, + { + "gateId": "gate_53", + "axisIds": [ + "shadowGift", + "blockedOpen", + "ascendingDescending" + ] + }, + { + "gateId": "gate_54", + "axisIds": [ + "shadowGift", + "blockedOpen", + "ascendingDescending" + ] + }, + { + "gateId": "gate_55", + "axisIds": [ + "shadowGift", + "blockedOpen", + "ascendingDescending" + ] + }, + { + "gateId": "gate_56", + "axisIds": [ + "shadowGift", + "blockedOpen", + "ascendingDescending" + ] + }, + { + "gateId": "gate_57", + "axisIds": [ + "shadowGift", + "blockedOpen", + "ascendingDescending" + ] + }, + { + "gateId": "gate_58", + "axisIds": [ + "shadowGift", + "blockedOpen", + "ascendingDescending" + ] + }, + { + "gateId": "gate_59", + "axisIds": [ + "shadowGift", + "blockedOpen", + "ascendingDescending" + ] + }, + { + "gateId": "gate_60", + "axisIds": [ + "shadowGift", + "blockedOpen", + "ascendingDescending" + ] + }, + { + "gateId": "gate_61", + "axisIds": [ + "shadowGift", + "blockedOpen", + "ascendingDescending" + ] + }, + { + "gateId": "gate_62", + "axisIds": [ + "shadowGift", + "blockedOpen", + "ascendingDescending" + ] + }, + { + "gateId": "gate_63", + "axisIds": [ + "shadowGift", + "blockedOpen", + "ascendingDescending" + ] + }, + { + "gateId": "gate_64", + "axisIds": [ + "shadowGift", + "blockedOpen", + "ascendingDescending" + ] + } + ], + "projections": [ + { + "traditionId": "zodiac", + "oneWay": true, + "sourceOfTruth": false, + "symbolic": true, + "view": [ + { + "gateRef": "gate_25", + "symbol": "Aries" + }, + { + "gateRef": "gate_46", + "symbol": "Virgo" + } + ] + } + ], + "privacyClass": "public-shared" +} diff --git a/examples/portable_reputation_claim.json b/examples/portable_reputation_claim.json new file mode 100644 index 0000000..948b63d --- /dev/null +++ b/examples/portable_reputation_claim.json @@ -0,0 +1,35 @@ +{ + "id": "urn:srcos:reputation-claim:abc123:hiring-1", + "type": "PortableReputationClaim", + "specVersion": "2.0.0", + "createdAt": "2026-06-29T00:00:00Z", + "holderRef": "subject:pseudo:abc123", + "issuedByNeighbourhood": "nh:math-commons", + "claimedDimensions": [ + { + "dimensionRef": "urn:srcos:reputation-dimension:math-commons:proof-rigor:v1", + "value": 4, + "evidenceRefs": [ + "urn:srcos:reasoning-receipt:work-1", + "urn:srcos:reasoning-receipt:work-2" + ] + } + ], + "ascensionClaim": { + "gateRef": "gate_25", + "axisId": "shadowGift", + "fromValue": -1, + "toValue": 1, + "evidenceRefs": [ + "urn:srcos:reasoning-receipt:work-1", + "urn:srcos:reasoning-receipt:work-2" + ] + }, + "disclosureScope": "audience:hiring-circle", + "holderMinted": true, + "signature": { + "alg": "ed25519", + "value": "base64:PLACEHOLDER", + "keyRef": "key:holder:abc123" + } +} diff --git a/examples/reputation_dimension.json b/examples/reputation_dimension.json new file mode 100644 index 0000000..5d8799d --- /dev/null +++ b/examples/reputation_dimension.json @@ -0,0 +1,38 @@ +{ + "id": "urn:srcos:reputation-dimension:math-commons:proof-rigor:v1", + "type": "ReputationDimension", + "specVersion": "2.0.0", + "createdAt": "2026-06-29T00:00:00Z", + "dimensionId": "proof-rigor", + "neighbourhoodId": "nh:math-commons", + "label": "Proof rigor", + "description": "Soundness and completeness of contributed proofs, as judged by the math commons.", + "range": { + "kind": "ordinal", + "min": 0, + "max": 5 + }, + "computedOver": { + "receiptKinds": [ + "reasoning-receipt" + ], + "eventTypes": [ + "reasoning.step.verified" + ] + }, + "subjective": true, + "latticeBinding": { + "spineRef": "urn:srcos:identity-spine:yi-globe:v1", + "target": { + "axisId": "shadowGift" + }, + "mapping": { + "kind": "monotone" + }, + "confidence": "authored" + }, + "portability": { + "travelsWithHolder": true, + "foreignReadableIf": "lattice-binding-present" + } +} diff --git a/examples/sacred_capital_ledger.json b/examples/sacred_capital_ledger.json new file mode 100644 index 0000000..27c7ec6 --- /dev/null +++ b/examples/sacred_capital_ledger.json @@ -0,0 +1,23 @@ +{ + "id": "urn:srcos:sacred-capital:abc123:v1", + "type": "SacredCapitalLedger", + "specVersion": "2.0.0", + "createdAt": "2026-06-29T00:00:00Z", + "holderRef": "subject:pseudo:abc123", + "entries": [ + { + "dimensionRef": "urn:srcos:reputation-dimension:math-commons:proof-rigor:v1", + "neighbourhoodId": "nh:math-commons", + "value": 4, + "evidenceRefs": [ + "urn:srcos:reasoning-receipt:work-1", + "urn:srcos:reasoning-receipt:work-2" + ], + "asOf": "2026-06-29T00:00:00Z" + } + ], + "aggregation": "within-dimension-or-via-lattice-binding-only", + "noGlobalScore": true, + "privacyClass": "agent-held-portable", + "disclosure": "selective" +} diff --git a/examples/semantic_evidence_chain.json b/examples/semantic_evidence_chain.json new file mode 100644 index 0000000..8041ac8 --- /dev/null +++ b/examples/semantic_evidence_chain.json @@ -0,0 +1,106 @@ +{ + "id": "urn:srcos:semantic-evidence-chain:imagegen-suspicious-layer-demo", + "type": "SemanticEvidenceChain", + "specVersion": "2.0.0", + "runRef": "urn:srcos:reasoning-run:imagegen-blue-team-demo", + "receiptRef": "urn:srcos:receipt:reasoning:imagegen-blue-team-demo", + "builtAt": "2026-06-29T00:00:00Z", + "traceLevel": "workspace-safe", + "nodes": [ + { + "nodeId": "n0", + "kind": "detection", + "eventRef": "urn:srcos:reasoning-event:imagegen-build-observed", + "trustLevel": "trusted-workspace-source", + "label": "Image build manifest observed." + }, + { + "nodeId": "n1", + "kind": "detection", + "eventRef": "urn:srcos:reasoning-event:imagegen-unexpected-layer", + "trustLevel": "untrusted-observation", + "label": "Unexpected post-install layer mutates a shell startup file." + }, + { + "nodeId": "n2", + "kind": "awareness", + "eventRef": "urn:srcos:reasoning-event:imagegen-hypothesis-supplychain", + "trustLevel": "semi-trusted-project-source", + "label": "Hypothesis: poisoned build dependency injected the layer." + }, + { + "nodeId": "n3", + "kind": "awareness", + "eventRef": "urn:srcos:reasoning-event:imagegen-hypothesis-misconfig", + "trustLevel": "semi-trusted-project-source", + "label": "Alternate hypothesis: benign misconfigured base image." + }, + { + "nodeId": "n4", + "kind": "detection", + "eventRef": "urn:srcos:reasoning-event:imagegen-dep-signature-mismatch", + "trustLevel": "trusted-workspace-source", + "label": "Dependency signature mismatch confirmed against registry integrity record." + }, + { + "nodeId": "n5", + "kind": "awareness", + "eventRef": "urn:srcos:reasoning-event:imagegen-verdict-supplychain", + "trustLevel": "trusted-workspace-source", + "label": "Convergent verdict: confirmed supply-chain injection; quarantine the layer." + } + ], + "edges": [ + { + "edgeId": "e0", + "from": "n0", + "to": "n1", + "transition": "advance", + "eventRef": "urn:srcos:reasoning-event:imagegen-layer-scan", + "weights": { "clarity": 0.92, "entropyReduction": 1.4, "temporalCost": 120 } + }, + { + "edgeId": "e1", + "from": "n1", + "to": "n2", + "transition": "branch", + "weights": { "clarity": 0.55, "entropyReduction": 0.8, "temporalCost": 60 } + }, + { + "edgeId": "e2", + "from": "n1", + "to": "n3", + "transition": "branch", + "weights": { "clarity": 0.45, "entropyReduction": 0.5, "temporalCost": 60 } + }, + { + "edgeId": "e3", + "from": "n2", + "to": "n4", + "transition": "advance", + "eventRef": "urn:srcos:reasoning-event:imagegen-signature-check", + "weights": { "clarity": 0.97, "entropyReduction": 2.1, "temporalCost": 340 } + }, + { + "edgeId": "e4", + "from": "n4", + "to": "n5", + "transition": "converge", + "weights": { "clarity": 0.95, "entropyReduction": 1.6, "temporalCost": 90 } + }, + { + "edgeId": "e5", + "from": "n3", + "to": "n5", + "transition": "converge", + "weights": { "clarity": 0.30, "entropyReduction": 0.2, "temporalCost": 80 } + } + ], + "analysis": { + "convergencePath": ["n0", "n1", "n2", "n4", "n5"], + "cumulativeWeight": { "clarity": 0.4663, "entropyReduction": 5.9, "temporalCost": 610 }, + "divergencePoints": ["n1"], + "loops": [], + "playbookLane": "blue-team" + } +} diff --git a/schemas/AscensionReading.json b/schemas/AscensionReading.json new file mode 100644 index 0000000..93b82d3 --- /dev/null +++ b/schemas/AscensionReading.json @@ -0,0 +1,81 @@ +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "$id": "https://schemas.srcos.ai/v2/AscensionReading.json", + "title": "AscensionReading", + "description": "The single, one-way bridge between reputation and identity. Reads the holder's own works-receipts (ReasoningReceipt records of acts/works in the knowledge commons) back through the IdentitySpine projections to move the holder's private gate-state along its inner axes — this movement is 'ascension'. It MUST be computed on the holder's own device/agent and MUST NOT be offered as a network service: no party other than the holder may compute or store the holder's inner-axis state. Direction is strictly one-way (works -> inner axes); identity inputs never flow into reputation; the inner reading reaches the outside world only when the holder deliberately mints a PortableReputationClaim. Each step is deterministic and replayable, optionally bound to a ReasoningReplayPlan.", + "type": "object", + "additionalProperties": false, + "required": ["id", "type", "specVersion", "capturedAt", "subjectRef", "computedOn", "networkServiceProhibited", "inputs", "directionality", "privacyClass"], + "properties": { + "id": { "type": "string", "pattern": "^urn:srcos:ascension-reading:", "description": "Stable URN identifier for this reading." }, + "type": { "const": "AscensionReading", "description": "Type discriminator; always 'AscensionReading'." }, + "specVersion": { "type": "string", "description": "Semantic version of the contract this document conforms to." }, + "capturedAt": { "type": "string", "format": "date-time", "description": "Timestamp when the reading was computed." }, + "subjectRef": { "type": "string", "description": "Pseudonymous, agent-centric reference to the holder. Must match the soul being read." }, + "computedOn": { "type": "string", "enum": ["holder-device", "holder-agent"], "description": "Where the reading ran. Must be a holder-controlled context." }, + "networkServiceProhibited": { "const": true, "description": "Normative guard: this computation may never be performed as a hosted/network service. Always true." }, + "inputs": { + "type": "object", + "additionalProperties": false, + "required": ["spineRef", "worksReceiptRefs"], + "description": "What the reading consumed.", + "properties": { + "spineRef": { "type": "string", "pattern": "^urn:srcos:identity-spine:" }, + "worksReceiptRefs": { + "type": "array", + "items": { "type": "string", "pattern": "^urn:srcos:reasoning-receipt:" }, + "description": "Receipts for the holder's own acts/works in the commons, drawn from the existing reasoning-evidence fabric." + } + } + }, + "steps": { + "type": "array", + "description": "Deterministic, replayable mapping of each work onto gate-axis movement.", + "items": { + "type": "object", + "additionalProperties": false, + "required": ["receiptRef", "gateRef", "axisId", "fromValue", "toValue", "deterministic"], + "properties": { + "receiptRef": { "type": "string", "pattern": "^urn:srcos:reasoning-receipt:" }, + "gateRef": { "type": "string", "pattern": "^gate_(0[1-9]|[1-5][0-9]|6[0-4])$" }, + "axisId": { "type": "string", "enum": ["shadowGift", "blockedOpen", "ascendingDescending"] }, + "fromValue": { "type": "number" }, + "toValue": { "type": "number" }, + "deterministic": { "const": true, "description": "The mapping is a pure function of the receipt and spine; replayable. Always true." } + } + } + }, + "replayPlanRef": { "type": "string", "pattern": "^urn:srcos:reasoning-replay-plan:", "description": "Optional binding to a ReasoningReplayPlan so the reading is replayable like any reasoning run." }, + "result": { + "type": "object", + "additionalProperties": false, + "description": "Net private movement per axis. Private; never auto-emitted.", + "properties": { + "netAscension": { + "type": "array", + "items": { + "type": "object", + "additionalProperties": false, + "required": ["axisId", "delta"], + "properties": { + "axisId": { "type": "string", "enum": ["shadowGift", "blockedOpen", "ascendingDescending"] }, + "delta": { "type": "number" } + } + } + } + } + }, + "directionality": { + "type": "object", + "additionalProperties": false, + "required": ["worksToInnerAxes", "identityInputsToReputation", "innerToOutsideRequiresClaim"], + "description": "The normative direction constraints, encoded so conformance can be machine-checked.", + "properties": { + "worksToInnerAxes": { "const": "allowed", "description": "Works may move inner axes. Always 'allowed'." }, + "identityInputsToReputation": { "const": "forbidden", "description": "Identity inputs may never flow into reputation. Always 'forbidden'." }, + "innerToOutsideRequiresClaim": { "const": true, "description": "Inner state reaches the outside only via a holder-minted PortableReputationClaim. Always true." } + } + }, + "privacyClass": { "type": "string", "enum": ["agent-held-private"], "description": "The reading and its result are private to the holder." } + } +} diff --git a/schemas/DigitalSoulIdentity.json b/schemas/DigitalSoulIdentity.json new file mode 100644 index 0000000..9bb1c48 --- /dev/null +++ b/schemas/DigitalSoulIdentity.json @@ -0,0 +1,55 @@ +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "$id": "https://schemas.srcos.ai/v2/DigitalSoulIdentity.json", + "title": "DigitalSoulIdentity", + "description": "A person's private, agent-held digital soul: the given identity layer. Compiles given inputs (birthdate, faith, personality) onto the canonical IdentitySpine and holds the per-subject inner-axis state of each gate. This document is PRIVATE and agent-held; its default disclosure is none. The given inputs MUST NEVER be copied into any reputation document (ReputationDimension, SacredCapitalLedger, PortableReputationClaim) — those schemas deliberately provide no field able to carry them, so the privacy boundary is enforced by construction.", + "type": "object", + "additionalProperties": false, + "required": ["id", "type", "specVersion", "createdAt", "subjectRef", "spineRef", "privacyClass", "disclosureDefault"], + "properties": { + "id": { "type": "string", "pattern": "^urn:srcos:digital-soul:", "description": "Stable URN identifier for this per-subject soul object." }, + "type": { "const": "DigitalSoulIdentity", "description": "Type discriminator; always 'DigitalSoulIdentity'." }, + "specVersion": { "type": "string", "description": "Semantic version of the contract this document conforms to." }, + "createdAt": { "type": "string", "format": "date-time", "description": "Timestamp when this soul object was created." }, + "subjectRef": { "type": "string", "description": "Pseudonymous, agent-centric reference to the subject. Holds no real-world identifier." }, + "spineRef": { "type": "string", "pattern": "^urn:srcos:identity-spine:", "description": "The IdentitySpine this soul is projected onto." }, + "proofOfSelfRef": { "type": "string", "pattern": "^urn:srcos:proof-of-self:", "description": "Optional anchor to the verified-identity plane (ProofOfSelfToken). Binds this constitutional soul to a verified, pseudonymous subject so reputation can be sybil-resistant — without exposing given inputs. The anchor is pseudonymous and carries no given-identity data." }, + "givenInputs": { + "type": "object", + "additionalProperties": false, + "description": "The GIVEN, PRIVATE inputs that compile the soul. Never earned, never disclosed, never serialized into reputation. Present only inside this private document.", + "properties": { + "birthdate": { "type": "string", "description": "Private. Used only to compile spine placement on the holder's device." }, + "faith": { "type": "string", "description": "Private. Declared faith/belief tradition." }, + "personalityProfile": { "type": "object", "additionalProperties": true, "description": "Private. Result of a standard personality instrument." } + }, + "x-privacy": "never-disclose" + }, + "gateState": { + "type": "array", + "minItems": 64, + "maxItems": 64, + "description": "Current inner-axis coordinates for each of the 64 gates. Updated only by an on-device AscensionReading; append-only history may be retained out of band.", + "items": { + "type": "object", + "additionalProperties": false, + "required": ["gateRef", "axisValues"], + "properties": { + "gateRef": { "type": "string", "pattern": "^gate_(0[1-9]|[1-5][0-9]|6[0-4])$" }, + "axisValues": { + "type": "object", + "additionalProperties": false, + "description": "Coordinate on each inner axis the gate carries.", + "properties": { + "shadowGift": { "type": "number", "description": "Position on the shadow..gift..siddhi axis." }, + "blockedOpen": { "type": "number", "description": "Position on the blocked..open axis." }, + "ascendingDescending": { "type": "number", "description": "Signed developmental direction." } + } + } + } + } + }, + "privacyClass": { "type": "string", "enum": ["agent-held-private"], "description": "This document is held by the subject's own agent and is private." }, + "disclosureDefault": { "type": "string", "enum": ["none"], "description": "Nothing in this document is disclosed by default. Disclosure happens only by the holder minting a PortableReputationClaim." } + } +} diff --git a/schemas/IdentitySpine.json b/schemas/IdentitySpine.json new file mode 100644 index 0000000..fae9ab3 --- /dev/null +++ b/schemas/IdentitySpine.json @@ -0,0 +1,95 @@ +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "$id": "https://schemas.srcos.ai/v2/IdentitySpine.json", + "title": "IdentitySpine", + "description": "The canonical inner object of the digital soul: one lattice of 64 gates carrying three developmental inner axes. Every other tradition (zodiac, sefirot, enneagram, chakra, the twelve senses) is registered here only as a one-way PROJECTION (a presentation view) and is never a writable source of truth. The spine definition is a public, shared standard; a person's per-subject state lives in DigitalSoulIdentity and is private. Projections are symbolic mappings only and MUST NOT be presented as measured or physically derived values.", + "type": "object", + "additionalProperties": false, + "required": ["id", "type", "specVersion", "createdAt", "canonicalSpine", "spineVersion", "axes", "gates", "privacyClass"], + "properties": { + "id": { + "type": "string", + "pattern": "^urn:srcos:identity-spine:", + "description": "Stable URN identifier for this spine definition." + }, + "type": { "const": "IdentitySpine", "description": "Type discriminator; always 'IdentitySpine'." }, + "specVersion": { "type": "string", "description": "Semantic version of the contract this document conforms to." }, + "createdAt": { "type": "string", "format": "date-time", "description": "Timestamp when this spine definition was created." }, + "canonicalSpine": { + "type": "string", + "enum": ["yi-globe-64gate"], + "description": "The committed canonical inner object. Locked to the 64-gate yi-globe; an enum so future spines can be registered without breaking existing data." + }, + "spineVersion": { "type": "string", "description": "Version of the gate/axis layout, independent of contract specVersion." }, + "axes": { + "type": "array", + "minItems": 1, + "description": "Definitions of the developmental inner axes every gate carries.", + "items": { + "type": "object", + "additionalProperties": false, + "required": ["axisId", "kind"], + "properties": { + "axisId": { "type": "string", "enum": ["shadowGift", "blockedOpen", "ascendingDescending"], "description": "Stable axis identifier." }, + "kind": { "type": "string", "enum": ["ordinal", "signed"], "description": "ordinal = monotone progression (e.g. shadow..gift..siddhi); signed = directional vector (e.g. ascending/descending)." }, + "stops": { "type": "array", "items": { "type": "string" }, "description": "Ordered, human-readable labels for the axis positions (e.g. ['shadow','gift','siddhi'])." }, + "range": { + "type": "object", + "additionalProperties": false, + "properties": { "min": { "type": "number" }, "max": { "type": "number" } }, + "description": "Numeric range for the axis coordinate." + } + } + } + }, + "gates": { + "type": "array", + "minItems": 64, + "maxItems": 64, + "description": "The 64 gates of the lattice. Exactly 64.", + "items": { + "type": "object", + "additionalProperties": false, + "required": ["gateId", "axisIds"], + "properties": { + "gateId": { "type": "string", "pattern": "^gate_(0[1-9]|[1-5][0-9]|6[0-4])$", "description": "Stable gate identifier gate_01..gate_64." }, + "label": { "type": "string", "description": "Optional human-readable name of the gate's quality." }, + "axisIds": { "type": "array", "items": { "type": "string", "enum": ["shadowGift", "blockedOpen", "ascendingDescending"] }, "description": "Which inner axes this gate carries." } + } + } + }, + "projections": { + "type": "array", + "description": "One-way presentation views onto the spine. Projections render the spine into another tradition's vocabulary; they are never sources of truth and are never writable.", + "items": { + "type": "object", + "additionalProperties": false, + "required": ["traditionId", "oneWay", "sourceOfTruth"], + "properties": { + "traditionId": { "type": "string", "enum": ["zodiac", "sefirot", "enneagram", "chakra", "twelve-senses"], "description": "The tradition this view renders into." }, + "oneWay": { "const": true, "description": "Projections only read the spine outward; they never write back. Always true." }, + "sourceOfTruth": { "const": false, "description": "A projection is presentation only and is never authoritative. Always false." }, + "symbolic": { "const": true, "description": "The mapping is symbolic/cultural, not a measured or physically derived value. Always true." }, + "view": { + "type": "array", + "description": "Per-gate mapping into the tradition's symbol set.", + "items": { + "type": "object", + "additionalProperties": false, + "required": ["gateRef", "symbol"], + "properties": { + "gateRef": { "type": "string", "pattern": "^gate_(0[1-9]|[1-5][0-9]|6[0-4])$" }, + "symbol": { "type": "string", "description": "The tradition-local symbol this gate projects to (e.g. a zodiac sign, a sefira, an enneatype)." } + } + } + } + } + } + }, + "privacyClass": { + "type": "string", + "enum": ["public-shared"], + "description": "The spine DEFINITION is a public shared standard. Per-subject state (DigitalSoulIdentity) carries its own, stricter privacy class." + } + } +} diff --git a/schemas/PortableReputationClaim.json b/schemas/PortableReputationClaim.json new file mode 100644 index 0000000..471e18f --- /dev/null +++ b/schemas/PortableReputationClaim.json @@ -0,0 +1,58 @@ +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "$id": "https://schemas.srcos.ai/v2/PortableReputationClaim.json", + "title": "PortableReputationClaim", + "description": "The only thing that leaves a holder's custody, and only by the holder's deliberate act. A minimal, signed, selectively disclosed projection of chosen SacredCapitalLedger entries, optionally including a single witnessed 'ascension' claim about movement along an inner axis. A claim references works-evidence (receipts) and a neighbourhood issuer; it carries no field able to hold given identity inputs, so disclosing reputation can never leak who the holder was born as. Default behavior is that no claim is emitted; minting one is always an explicit, holder-initiated choice.", + "type": "object", + "additionalProperties": false, + "required": ["id", "type", "specVersion", "createdAt", "holderRef", "issuedByNeighbourhood", "claimedDimensions", "disclosureScope", "holderMinted", "signature"], + "properties": { + "id": { "type": "string", "pattern": "^urn:srcos:reputation-claim:", "description": "Stable URN identifier for this claim." }, + "type": { "const": "PortableReputationClaim", "description": "Type discriminator; always 'PortableReputationClaim'." }, + "specVersion": { "type": "string", "description": "Semantic version of the contract this document conforms to." }, + "createdAt": { "type": "string", "format": "date-time", "description": "Timestamp when the claim was minted." }, + "holderRef": { "type": "string", "description": "Pseudonymous, agent-centric reference to the holder making the claim." }, + "issuedByNeighbourhood": { "type": "string", "description": "The neighbourhood whose dimensions witness the claimed values." }, + "claimedDimensions": { + "type": "array", + "minItems": 1, + "description": "The subset of capital the holder chooses to disclose.", + "items": { + "type": "object", + "additionalProperties": false, + "required": ["dimensionRef", "value", "evidenceRefs"], + "properties": { + "dimensionRef": { "type": "string", "pattern": "^urn:srcos:reputation-dimension:" }, + "value": { "description": "Disclosed value on that dimension." }, + "evidenceRefs": { "type": "array", "minItems": 1, "items": { "type": "string", "pattern": "^urn:srcos:reasoning-receipt:" }, "description": "Works-receipts substantiating the disclosed value." } + } + } + }, + "ascensionClaim": { + "type": "object", + "additionalProperties": false, + "required": ["gateRef", "axisId", "fromValue", "toValue", "evidenceRefs"], + "description": "Optional, holder-minted witnessed ascension: a single disclosed movement along an inner axis, substantiated by community works-receipts. This is the only path by which inner state reaches the outside world.", + "properties": { + "gateRef": { "type": "string", "pattern": "^gate_(0[1-9]|[1-5][0-9]|6[0-4])$" }, + "axisId": { "type": "string", "enum": ["shadowGift", "blockedOpen", "ascendingDescending"] }, + "fromValue": { "type": "number" }, + "toValue": { "type": "number" }, + "evidenceRefs": { "type": "array", "minItems": 1, "items": { "type": "string", "pattern": "^urn:srcos:reasoning-receipt:" } } + } + }, + "disclosureScope": { "type": "string", "description": "Who/what the holder is disclosing this claim to (audience, app, or neighbourhood)." }, + "holderMinted": { "const": true, "description": "A claim is always minted deliberately by the holder, never auto-generated. Always true." }, + "signature": { + "type": "object", + "additionalProperties": false, + "required": ["alg", "value"], + "description": "Holder signature over the claim.", + "properties": { + "alg": { "type": "string", "description": "Signature algorithm." }, + "value": { "type": "string", "description": "Signature value." }, + "keyRef": { "type": "string", "description": "Reference to the holder key used." } + } + } + } +} diff --git a/schemas/ReputationDimension.json b/schemas/ReputationDimension.json new file mode 100644 index 0000000..b141401 --- /dev/null +++ b/schemas/ReputationDimension.json @@ -0,0 +1,78 @@ +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "$id": "https://schemas.srcos.ai/v2/ReputationDimension.json", + "title": "ReputationDimension", + "description": "A community-authored, context-local axis of reputation in the Neighbourhoods sense. Each neighbourhood defines its own dimensions and scores them over members' acts and works; dimensions are subjective by design and are never normalized into a single global score. The optional latticeBinding is the keystone of portability: when present, it expresses the dimension in the IdentitySpine's shared vocabulary (a gate or an inner axis), which makes capital earned under this dimension partially legible across neighbourhoods — portable MEANING, not just portable data. Without a binding the dimension remains opaque to foreign neighbourhoods. A dimension scores WORKS only and carries no field able to reference a subject's given identity inputs.", + "type": "object", + "additionalProperties": false, + "required": ["id", "type", "specVersion", "createdAt", "dimensionId", "neighbourhoodId", "range", "computedOver", "subjective", "portability"], + "properties": { + "id": { "type": "string", "pattern": "^urn:srcos:reputation-dimension:", "description": "Stable URN identifier for this dimension." }, + "type": { "const": "ReputationDimension", "description": "Type discriminator; always 'ReputationDimension'." }, + "specVersion": { "type": "string", "description": "Semantic version of the contract this document conforms to." }, + "createdAt": { "type": "string", "format": "date-time", "description": "Timestamp when the dimension was authored." }, + "dimensionId": { "type": "string", "description": "Neighbourhood-local dimension name; globally unique together with neighbourhoodId." }, + "neighbourhoodId": { "type": "string", "description": "The community that authored and computes this dimension." }, + "label": { "type": "string", "description": "Human-readable dimension name." }, + "description": { "type": "string", "description": "What this dimension measures, in the community's own terms." }, + "range": { + "type": "object", + "additionalProperties": false, + "required": ["kind"], + "description": "The measurement range. Subjective and community-defined.", + "properties": { + "kind": { "type": "string", "enum": ["ordinal", "interval", "enum"], "description": "Range type." }, + "min": { "type": "number" }, + "max": { "type": "number" }, + "values": { "type": "array", "items": { "type": "string" }, "description": "Allowed values when kind is 'enum'." } + } + }, + "computedOver": { + "type": "object", + "additionalProperties": false, + "description": "Which evidence the dimension scores. Points at works on the existing evidence fabric — WORKS only, never identity inputs.", + "properties": { + "receiptKinds": { "type": "array", "items": { "type": "string" }, "description": "Receipt kinds (e.g. reasoning-receipt) whose works count toward this dimension." }, + "eventTypes": { "type": "array", "items": { "type": "string" }, "description": "ReasoningEvent eventType values that contribute." } + } + }, + "subjective": { "const": true, "description": "Reputation is subjective and context-local. Never collapse dimensions across neighbourhoods into one score. Always true." }, + "latticeBinding": { + "type": "object", + "additionalProperties": false, + "required": ["spineRef", "target", "mapping", "confidence"], + "description": "Optional join into the IdentitySpine vocabulary. Its presence is what makes the dimension portable across neighbourhoods.", + "properties": { + "spineRef": { "type": "string", "pattern": "^urn:srcos:identity-spine:" }, + "target": { + "oneOf": [ + { "type": "object", "additionalProperties": false, "required": ["gateRef"], "properties": { "gateRef": { "type": "string", "pattern": "^gate_(0[1-9]|[1-5][0-9]|6[0-4])$" } } }, + { "type": "object", "additionalProperties": false, "required": ["axisId"], "properties": { "axisId": { "type": "string", "enum": ["shadowGift", "blockedOpen", "ascendingDescending"] } } } + ], + "description": "The gate or inner axis this dimension binds to." + }, + "mapping": { + "type": "object", + "additionalProperties": false, + "required": ["kind"], + "description": "How the dimension's range maps onto the spine target.", + "properties": { + "kind": { "type": "string", "enum": ["monotone", "labeled-stops"] }, + "stops": { "type": "array", "items": { "type": "object", "additionalProperties": false, "properties": { "from": {}, "to": { "type": "number" } } } } + } + }, + "confidence": { "type": "string", "enum": ["authored", "inferred"], "description": "Whether the binding was declared by the community or inferred." } + } + }, + "portability": { + "type": "object", + "additionalProperties": false, + "required": ["travelsWithHolder", "foreignReadableIf"], + "description": "Portability semantics.", + "properties": { + "travelsWithHolder": { "const": true, "description": "The dimension's values travel with the agent, not the app. Always true." }, + "foreignReadableIf": { "type": "string", "enum": ["lattice-binding-present"], "description": "A foreign neighbourhood may interpret this dimension only when a latticeBinding is present; otherwise it is opaque." } + } + } + } +} diff --git a/schemas/SacredCapitalLedger.json b/schemas/SacredCapitalLedger.json new file mode 100644 index 0000000..55c2ee8 --- /dev/null +++ b/schemas/SacredCapitalLedger.json @@ -0,0 +1,45 @@ +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "$id": "https://schemas.srcos.ai/v2/SacredCapitalLedger.json", + "title": "SacredCapitalLedger", + "description": "An agent-held, portable, multi-dimensional record of reputation as capital. Each entry is a value on a ReputationDimension, backed by evidence references to works-receipts on the existing reasoning-evidence fabric. There is deliberately NO global score: aggregation is permitted only within a single (neighbourhood, dimension), or across neighbourhoods solely through a declared latticeBinding on the dimensions involved. The ledger is held by the subject's own agent and travels with them; disclosure is always selective and happens only via a PortableReputationClaim. Entries reference works only and carry no field able to hold given identity inputs.", + "type": "object", + "additionalProperties": false, + "required": ["id", "type", "specVersion", "createdAt", "holderRef", "entries", "aggregation", "noGlobalScore", "privacyClass", "disclosure"], + "properties": { + "id": { "type": "string", "pattern": "^urn:srcos:sacred-capital:", "description": "Stable URN identifier for this ledger." }, + "type": { "const": "SacredCapitalLedger", "description": "Type discriminator; always 'SacredCapitalLedger'." }, + "specVersion": { "type": "string", "description": "Semantic version of the contract this document conforms to." }, + "createdAt": { "type": "string", "format": "date-time", "description": "Timestamp when the ledger was created or last materialized." }, + "holderRef": { "type": "string", "description": "Pseudonymous, agent-centric reference to the holder who owns this capital." }, + "entries": { + "type": "array", + "description": "Capital accrued per (neighbourhood, dimension), each backed by evidence on the fabric.", + "items": { + "type": "object", + "additionalProperties": false, + "required": ["dimensionRef", "neighbourhoodId", "value", "evidenceRefs", "asOf"], + "properties": { + "dimensionRef": { "type": "string", "pattern": "^urn:srcos:reputation-dimension:", "description": "The ReputationDimension this value is measured on." }, + "neighbourhoodId": { "type": "string", "description": "The community that computed this value." }, + "value": { "description": "The computed value, within the dimension's declared range (number or enum string)." }, + "evidenceRefs": { + "type": "array", + "minItems": 1, + "items": { "type": "string", "pattern": "^urn:srcos:reasoning-receipt:" }, + "description": "Works-receipts substantiating this value. Every capital entry is evidence-backed." + }, + "asOf": { "type": "string", "format": "date-time", "description": "When this value was last computed." } + } + } + }, + "aggregation": { + "type": "string", + "enum": ["within-dimension-or-via-lattice-binding-only"], + "description": "Aggregation rule. Capital may only be summed within a single (neighbourhood, dimension) or across dimensions that share a latticeBinding. Never globally." + }, + "noGlobalScore": { "const": true, "description": "There is no single global reputation number. Always true." }, + "privacyClass": { "type": "string", "enum": ["agent-held-portable"], "description": "Held by the holder's agent and portable across neighbourhoods." }, + "disclosure": { "type": "string", "enum": ["selective"], "description": "Disclosed only selectively, via a holder-minted PortableReputationClaim." } + } +} diff --git a/schemas/SemanticEvidenceChain.json b/schemas/SemanticEvidenceChain.json new file mode 100644 index 0000000..3f2d57a --- /dev/null +++ b/schemas/SemanticEvidenceChain.json @@ -0,0 +1,183 @@ +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "$id": "https://schemas.srcos.ai/v2/SemanticEvidenceChain.json", + "title": "SemanticEvidenceChain", + "description": "A Semantic Evidence Chain (SEC) is a directed, weighted view onto the reasoning-evidence fabric. Nodes are awareness/detection states, edges are state transitions, and edge weights carry clarity, entropy-reduction, and temporal-cost. SEC is a derived analytic projection: every node and edge binds back to ReasoningRun / ReasoningEvent / ReasoningReceipt records. SEC defines no independent evidence store and asserts no physical, topological, or geometric quantities; any such framing is motivating metaphor only and is out of scope for this contract.", + "type": "object", + "additionalProperties": false, + "required": [ + "id", + "type", + "specVersion", + "runRef", + "nodes", + "edges", + "builtAt" + ], + "properties": { + "id": { + "type": "string", + "pattern": "^urn:srcos:semantic-evidence-chain:" + }, + "type": { + "const": "SemanticEvidenceChain" + }, + "specVersion": { + "type": "string" + }, + "runRef": { + "type": "string", + "pattern": "^urn:srcos:reasoning-run:", + "description": "The governed reasoning run this chain is a view onto. SEC never exists without a parent run." + }, + "receiptRef": { + "type": "string", + "pattern": "^urn:srcos:receipt:reasoning:", + "description": "Optional pointer to the ReasoningReceipt that closed the run, present once the run is sealed." + }, + "builtAt": { + "type": "string", + "format": "date-time" + }, + "traceLevel": { + "enum": ["public-safe", "workspace-safe", "operator-private", "restricted"], + "description": "Highest disclosure level required to view this chain; inherited from the most restricted bound ReasoningEvent." + }, + "nodes": { + "type": "array", + "minItems": 1, + "items": { "$ref": "#/$defs/secNode" } + }, + "edges": { + "type": "array", + "items": { "$ref": "#/$defs/secEdge" } + }, + "analysis": { + "$ref": "#/$defs/secAnalysis", + "description": "Optional cached output of SEC operations (score-path, detect-divergence, detect-loop, find-convergence). Always recomputable from nodes+edges; advisory only." + } + }, + "$defs": { + "secNode": { + "type": "object", + "additionalProperties": false, + "required": ["nodeId", "kind", "eventRef"], + "properties": { + "nodeId": { + "type": "string", + "description": "Chain-local node identifier, unique within this SEC." + }, + "kind": { + "enum": ["awareness", "detection"], + "description": "awareness = a cognitive/reasoning state node; detection = a security observation state node. Both are state nodes; the distinction selects the consuming playbook lane." + }, + "eventRef": { + "type": "string", + "pattern": "^urn:srcos:reasoning-event:", + "description": "The ReasoningEvent this node is a projection of. Binding is mandatory: no free-floating SEC nodes." + }, + "trustLevel": { + "enum": [ + "trusted-control-input", + "trusted-workspace-source", + "semi-trusted-project-source", + "untrusted-observation", + "restricted-material" + ], + "description": "Mirrors the bound ReasoningEvent.trustLevel. An SEC node never upgrades trust above its bound event." + }, + "label": { + "type": "string", + "description": "Human-readable summary of the awareness/detection state. SHOULD echo ReasoningEvent.summary." + } + } + }, + "secEdge": { + "type": "object", + "additionalProperties": false, + "required": ["edgeId", "from", "to", "transition", "weights"], + "properties": { + "edgeId": { + "type": "string", + "description": "Chain-local edge identifier, unique within this SEC." + }, + "from": { + "type": "string", + "description": "Source nodeId. Directed edge tail." + }, + "to": { + "type": "string", + "description": "Target nodeId. Directed edge head." + }, + "transition": { + "enum": ["advance", "branch", "loop", "converge"], + "description": "advance = linear state transition; branch = divergence point (>1 outgoing); loop = entanglement edge returning to an ancestor; converge = an inbound edge at a node with >1 predecessor on distinct paths." + }, + "eventRef": { + "type": "string", + "pattern": "^urn:srcos:reasoning-event:", + "description": "Optional ReasoningEvent that evidences the transition itself (e.g. a tool call or detection trigger)." + }, + "weights": { + "$ref": "#/$defs/weightVector" + } + } + }, + "weightVector": { + "type": "object", + "additionalProperties": false, + "required": ["clarity", "entropyReduction", "temporalCost"], + "description": "W = the evidence weight of a transition. All three components are unitless, observed/estimated analytics over fabric events. They are NOT derived physical quantities.", + "properties": { + "clarity": { + "type": "number", + "minimum": 0, + "maximum": 1, + "description": "Confidence that the transition is well-evidenced (0 = ambiguous, 1 = fully grounded). Derived from bound event trustLevel and corroboration count." + }, + "entropyReduction": { + "type": "number", + "minimum": 0, + "description": "Non-negative reduction in candidate-state uncertainty contributed by this transition, in bits. An information-theoretic analytic over the run's hypothesis set, not a physics quantity." + }, + "temporalCost": { + "type": "number", + "minimum": 0, + "description": "Elapsed cost of the transition in milliseconds, from bound event timestamps." + } + } + }, + "secAnalysis": { + "type": "object", + "additionalProperties": false, + "properties": { + "convergencePath": { + "type": "array", + "items": { "type": "string" }, + "description": "Ordered nodeId list of the selected convergence path (full-awareness path), if one is found." + }, + "cumulativeWeight": { + "$ref": "#/$defs/weightVector", + "description": "Aggregate W over the convergence path: clarity = product, entropyReduction = sum, temporalCost = sum." + }, + "divergencePoints": { + "type": "array", + "items": { "type": "string" }, + "description": "nodeIds with more than one outgoing branch edge." + }, + "loops": { + "type": "array", + "items": { + "type": "array", + "items": { "type": "string" } + }, + "description": "Detected loops (entanglements), each an ordered nodeId cycle." + }, + "playbookLane": { + "enum": ["red-team", "blue-team", "forensic", "none"], + "description": "Which image-gen security playbook lane this chain feeds, if any." + } + } + } + } +} diff --git a/tools/validate_digital_soul_examples.py b/tools/validate_digital_soul_examples.py new file mode 100644 index 0000000..0c02d8c --- /dev/null +++ b/tools/validate_digital_soul_examples.py @@ -0,0 +1,150 @@ +#!/usr/bin/env python3 +"""Validate digital-soul identity and reputation examples. + +Beyond JSON Schema, this validator enforces the invariants that make the +two-layer design safe: + + * unique ids and the expected URN prefix per contract; + * timestamp parseability; + * the PRIVACY BOUNDARY: no reputation document (ReputationDimension, + SacredCapitalLedger, PortableReputationClaim) may contain any given-identity + input key (birthdate / faith / personality*). Identity inputs live only in + DigitalSoulIdentity.givenInputs and must never appear on the reputation side; + * DIRECTIONALITY: AscensionReading must be on-device, network-prohibited, and + declare works->inner-axes allowed / identity-inputs->reputation forbidden; + * EVIDENCE BACKING: capital entries and claimed dimensions reference at least + one works-receipt urn. +""" + +from __future__ import annotations + +import json +import sys +from datetime import datetime +from pathlib import Path + +import jsonschema + +ROOT = Path(__file__).resolve().parents[1] + +PAIRS = [ + ("schemas/IdentitySpine.json", "examples/identity_spine.json"), + ("schemas/DigitalSoulIdentity.json", "examples/digital_soul_identity.json"), + ("schemas/AscensionReading.json", "examples/ascension_reading.json"), + ("schemas/ReputationDimension.json", "examples/reputation_dimension.json"), + ("schemas/SacredCapitalLedger.json", "examples/sacred_capital_ledger.json"), + ("schemas/PortableReputationClaim.json", "examples/portable_reputation_claim.json"), +] + +EXPECTED_IDS = { + "IdentitySpine": "urn:srcos:identity-spine:", + "DigitalSoulIdentity": "urn:srcos:digital-soul:", + "AscensionReading": "urn:srcos:ascension-reading:", + "ReputationDimension": "urn:srcos:reputation-dimension:", + "SacredCapitalLedger": "urn:srcos:sacred-capital:", + "PortableReputationClaim": "urn:srcos:reputation-claim:", +} + +REPUTATION_TYPES = {"ReputationDimension", "SacredCapitalLedger", "PortableReputationClaim"} +FORBIDDEN_ON_REPUTATION = ("birthdate", "faith", "personality", "personalityprofile", "giveninputs") +TIMESTAMP_KEYS = {"createdAt", "capturedAt", "asOf"} + + +def walk_keys(obj): + if isinstance(obj, dict): + for k, v in obj.items(): + yield k + yield from walk_keys(v) + elif isinstance(obj, list): + for v in obj: + yield from walk_keys(v) + + +def check_timestamps(obj): + if isinstance(obj, dict): + for k, v in obj.items(): + if k in TIMESTAMP_KEYS and isinstance(v, str): + datetime.fromisoformat(v.replace("Z", "+00:00")) + check_timestamps(v) + elif isinstance(obj, list): + for v in obj: + check_timestamps(v) + + +def main() -> int: + errors: list[str] = [] + seen_ids: set[str] = set() + + for schema_rel, ex_rel in PAIRS: + schema = json.loads((ROOT / schema_rel).read_text()) + doc = json.loads((ROOT / ex_rel).read_text()) + + try: + jsonschema.validate(doc, schema, cls=jsonschema.Draft202012Validator) + except jsonschema.ValidationError as e: + errors.append(f"{ex_rel}: schema invalid: {e.message} @ {list(e.absolute_path)}") + continue + + t = doc.get("type") + prefix = EXPECTED_IDS.get(t) + if prefix and not str(doc.get("id", "")).startswith(prefix): + errors.append(f"{ex_rel}: id '{doc.get('id')}' must start with '{prefix}'") + if doc.get("id") in seen_ids: + errors.append(f"{ex_rel}: duplicate id '{doc.get('id')}'") + seen_ids.add(doc.get("id")) + + try: + check_timestamps(doc) + except ValueError as e: + errors.append(f"{ex_rel}: unparseable timestamp: {e}") + + # PRIVACY BOUNDARY + if t in REPUTATION_TYPES: + for key in walk_keys(doc): + if key.lower() in FORBIDDEN_ON_REPUTATION: + errors.append(f"{ex_rel}: privacy-boundary violation: reputation doc carries identity key '{key}'") + + # DIRECTIONALITY + if t == "AscensionReading": + if doc.get("networkServiceProhibited") is not True: + errors.append(f"{ex_rel}: AscensionReading must set networkServiceProhibited=true") + if doc.get("computedOn") not in {"holder-device", "holder-agent"}: + errors.append(f"{ex_rel}: AscensionReading must be computed in a holder context") + d = doc.get("directionality", {}) + if d.get("identityInputsToReputation") != "forbidden": + errors.append(f"{ex_rel}: directionality.identityInputsToReputation must be 'forbidden'") + if d.get("worksToInnerAxes") != "allowed": + errors.append(f"{ex_rel}: directionality.worksToInnerAxes must be 'allowed'") + + # EVIDENCE BACKING + if t == "SacredCapitalLedger": + for i, entry in enumerate(doc.get("entries", [])): + if not entry.get("evidenceRefs"): + errors.append(f"{ex_rel}: entry[{i}] must reference at least one works-receipt") + if t == "PortableReputationClaim": + for i, cd in enumerate(doc.get("claimedDimensions", [])): + if not cd.get("evidenceRefs"): + errors.append(f"{ex_rel}: claimedDimensions[{i}] must reference at least one works-receipt") + if doc.get("noGlobalScore") is False: + errors.append(f"{ex_rel}: must not assert a global score") + + if not any(e.startswith(ex_rel) for e in errors): + print(f"OK {ex_rel}") + + # IdentitySpine: exactly 64 gates with unique ids + spine = json.loads((ROOT / "examples/identity_spine.json").read_text()) + gate_ids = [g["gateId"] for g in spine.get("gates", [])] + if len(gate_ids) != 64 or len(set(gate_ids)) != 64: + errors.append("identity_spine.json: spine must define exactly 64 unique gates") + + if errors: + print("\nVALIDATION FAILED:") + for e in errors: + print(f" - {e}") + return 1 + print("\nAll digital-soul examples valid (schema + invariants).") + return 0 + + +if __name__ == "__main__": + sys.exit(main())