-
Notifications
You must be signed in to change notification settings - Fork 0
Court Grade Admissibility
Version: 1.3 | PR: #184
Court-grade admissibility is the hardening layer that makes sealed governance artifacts verifiable by third parties without live system access. It composes six independent capabilities into a single seal_and_prove pipeline.
| Level | Name | What It Proves |
|---|---|---|
| L0 | Audit Clean | Structural integrity — all required keys present, schema valid |
| L1 | Deterministic | Same inputs + clock = same commit_hash every time |
| L2 | Signed | Cryptographic authenticity — HMAC-SHA256 or Ed25519 |
| L3 | Logged | Tamper-evident record — hash-chained transparency log |
| L4 | Committed | Merkle-bound — four independent commitment roots |
| L5 | Witnessed | Multi-party attestation — threshold signatures from distinct keys |
| L6 | Hardware-Backed | Key attestation — at least one hardware/external signer |
The seal_and_prove.py orchestrator executes in order:
flowchart TD
A[Find Decision] --> B[Build Sealed Run]
B --> C[Embed Merkle Commitments]
C --> D[Write Sealed + Manifest]
D --> E[Sign Primary Signature]
E --> F{Witness Keys?}
F -- yes --> G[Append Witness Sigs]
F -- no --> H[Append to Transparency Log]
G --> H
H --> I[Determinism Audit]
I --> J[Replay Self-Check]
J --> K{Pack Dir?}
K -- yes --> L[Assemble Pack]
K -- no --> M[Done]
L --> M
One command:
python src/tools/reconstruct/seal_and_prove.py \
--decision-id DEC-001 \
--clock 2026-02-21T00:00:00Z \
--sign-algo hmac \
--sign-key-id ds-dev-2026-02 \
--sign-key "$DEEPSIGMA_SIGNING_KEY" \
--pack-dir /tmp/admissibility-packFour independent Merkle trees bind inputs, prompts, schemas, and policies:
graph TD
subgraph Inputs Tree
I1[CSV 1 hash] --> IR[inputs_root]
I2[CSV 2 hash] --> IR
I3[CSV N hash] --> IR
end
subgraph Prompts Tree
P1[prompt 1 hash] --> PR[prompts_root]
P2[prompt N hash] --> PR
end
subgraph Schemas Tree
S1[schema 1 hash] --> SR[schemas_root]
S2[schema N hash] --> SR
end
subgraph Policies Tree
PO1[policy hash] --> POR[policies_root]
end
IR --> SC[inputs_commitments]
PR --> SC
SR --> SC
POR --> SC
SC --> SEALED[Sealed Run]
Key property: roots are derived from the same leaf hashes in hash_scope, so replay can recompute and verify without accessing original files.
Append-only NDJSON file (artifacts/transparency_log/log.ndjson). Each entry chains to the previous via prev_entry_hash, creating a tamper-evident linked list:
Entry 1: prev=null, hash=abc...
Entry 2: prev=abc..., hash=def...
Entry 3: prev=def..., hash=ghi...
Tampering any entry invalidates all subsequent entries.
Signatures start as a single signature_block_v1, then evolve into a multisig_block_v1 when --append is used:
| Scenario | Format | Threshold |
|---|---|---|
| Single operator | sig_version: 1.0 |
1 |
| Operator + reviewer | multisig_version: 1.0 |
2 |
| Operator + reviewer + auditor | multisig_version: 1.0 |
3 |
Each signature carries signer_id, role, and signer_type (software/hardware/external).
The --external-signer-cmd flag delegates signing to an external process (YubiKey, HSM, KMS):
- Payload hash written to temp file
- Command invoked with temp file path as argument
- Base64 signature read from stdout
9 checks verify a sealed run is fully deterministic:
hash_scope.presenthash_scope.clock_fixedhash_scope.deterministic_flagexclusions.observed_atids.run_id_deterministicids.no_uuidtimestamps.committed_at_matches_clockcommitments.presentcanonical.json_valid
# Step 1: Replay (structure + hash + commitments)
python src/tools/reconstruct/replay_sealed_run.py --sealed <file>.json
# Step 2: Verify signature
python src/tools/reconstruct/replay_sealed_run.py --sealed <file>.json \
--verify-signature true --key <key>
# Step 3: Verify transparency log
python src/tools/reconstruct/replay_sealed_run.py --sealed <file>.json \
--verify-transparency true --transparency-log log.ndjson
# Step 4: Require multi-sig threshold
python src/tools/reconstruct/replay_sealed_run.py --sealed <file>.json \
--require-multisig 2 --key <key>
# Step 5: Determinism audit
python src/tools/reconstruct/determinism_audit.py --sealed <file>.json --strict| Schema | Purpose |
|---|---|
merkle_commitment_v1.json |
Four-root merkle commitment structure |
multisig_block_v1.json |
Threshold multi-signature envelope |
transparency_log_entry_v1.json |
Hash-chained log entry |
timestamp_block_v1.json |
Trusted timestamp (local + future RFC 3161) |
| Workflow | What it tests |
|---|---|
admissibility_gate.yml |
Full pipeline: seal_and_prove + transparency chain + replay + audit |
determinism_gate.yml |
Two-run idempotency + determinism audit |
signature_gate.yml |
Sign + verify + tamper detection |
- Sealing & Episodes — core sealing primitive
- Replay & Testing — adversarial replay harness
- Verifiers — postcondition checks
- Schemas — full schema index
- Mermaid Diagrams — visual diagrams
Σ OVERWATCH — Coherence Ops Platform • Current release: v2.1.0 • DeepSigma
- Start
- Core
- Schemas
- FEEDS + Exhaust
- Integrations
- Reference Layer
- Ops
- Excel-First
- EDGE + ABP
- Domain Modes
- Governance
- Meta
