diff --git a/evidence/README.md b/evidence/README.md index aeef220..65209b6 100644 --- a/evidence/README.md +++ b/evidence/README.md @@ -15,6 +15,7 @@ Current bootstrap-chain status: - **ARTIFACT-0001:** VERIFIED - **ARTIFACT-0002:** VERIFIED - **ARTIFACT-0003:** VERIFIED +- **ARTIFACT-0004:** RECORDED Bootstrap-chain status file: @@ -29,8 +30,9 @@ That means the currently indexed public boundary is: 1. repository integrity evidence for the initial protocol object 2. authority readiness evidence for AUCTORISEAL 3. authority issuance presence and re-execution evidence -4. semantic cross-implementation execution evidence -5. package publication evidence for `@verifrax/auctoriseal`, including the current v0.1.2 publication surface +4. first recorded CORPIFORM authority-governed execution receipt evidence +5. semantic cross-implementation execution evidence +6. package publication evidence for `@verifrax/auctoriseal`, including the current v0.1.2 publication surface --- @@ -55,6 +57,7 @@ Read the artifact directories if you want to inspect the declared subject, claim - `artifact-0001/` - `artifact-0002/` - `artifact-0003/` +- `artifact-0004/` These directories define what each artifact claims and what files were collected in support of that claim. @@ -187,6 +190,31 @@ Supporting examples: - `artifact-0003/seal-0001-presence.txt` - `artifact-0003/issued-object-search.txt` + +### `artifact-0004/` + +Purpose: + +- first recorded CORPIFORM authority-governed execution receipt evidence + +Use this when checking: + +- whether CORPIFORM emitted a success receipt on corrected authority-binding semantics +- whether consumed command, consumed seal, and emitted receipt are identifier-consistent +- whether VERIFRAX preserves the first recorded end-to-end execution receipt as immutable evidence + +Primary file: + +- `artifact-0004/artifact-0004.json` + +Supporting examples: + +- `artifact-0004/context.md` +- `artifact-0004/receipt.json` +- `artifact-0004/receipt.sha256` +- `artifact-0004/receipt.canonical.sha256` +- `artifact-0004/EXECUTION_STATUS.txt` + ### `artifact-0003-reexecution/` Purpose: diff --git a/evidence/artifact-0004/EXECUTION_STATUS.txt b/evidence/artifact-0004/EXECUTION_STATUS.txt new file mode 100644 index 0000000..d3de478 --- /dev/null +++ b/evidence/artifact-0004/EXECUTION_STATUS.txt @@ -0,0 +1,10 @@ +STATUS: RECORDED +REASON: artifact-0004 preserves the consumed command object, consumed authority object, emitted receipt, and receipt integrity digests +CORPIFORM_COMMIT: f257493 +CORPIFORM_BRANCH: main +RECEIPT_ID: EE07B689-F1BF-4518-B49C-C973CB178029 +COMMAND_ID: cmd-valid-001 +AUTHORITY_SEAL_ID: seal-valid-001 +EXECUTION_OUTCOME: EXECUTED +BOUNDARY: preserved authority object is a consumed fixture authority surface recorded in evidence; this artifact does not claim production public issuance +NEXT_REQUIRED_WORK: register artifact-0004 in evidence/README.md and bootstrap-chain-status/CHAIN_STATUS.txt diff --git a/evidence/artifact-0004/artifact-0004.json b/evidence/artifact-0004/artifact-0004.json new file mode 100644 index 0000000..a10500f --- /dev/null +++ b/evidence/artifact-0004/artifact-0004.json @@ -0,0 +1,78 @@ +{ + "artifact_id": "artifact-0004", + "title": "CORPIFORM Authority-Governed Execution Receipt Validation", + "subject": { + "subject": "CORPIFORM authority-governed execution receipt", + "subject_ref": "github.com/Verifrax/CORPIFORM", + "receipt_id": "EE07B689-F1BF-4518-B49C-C973CB178029", + "command_id": "cmd-valid-001", + "authority_seal_id": "seal-valid-001", + "commit": "f257493", + "branch": "main", + "event": "receipt authority identity binding correction and first recorded governed execution receipt" + }, + "claim_set": [ + "CORPIFORM main at commit f257493 emits a success receipt that binds the consumed authority_seal_id", + "the recorded receipt preserves command_id cmd-valid-001 and authority_seal_id seal-valid-001", + "the consumed command, consumed seal, and emitted receipt are identifier-consistent", + "VERIFRAX preserves the execution receipt and its integrity digests as immutable evidence" + ], + "evidence_objects": [ + { + "path": "evidence/artifact-0004/command.json", + "sha256": "9857083f2f91ad9b4b0d26c7fb9f3193b54a9c07d9002f31bf591cf118740414", + "role": "consumed command object" + }, + { + "path": "evidence/artifact-0004/seal.json", + "sha256": "f0fca33166af3854a2ce5c1a27ae80091927902a70a8b47baf386963f30cb03e", + "role": "consumed authority object" + }, + { + "path": "evidence/artifact-0004/receipt.json", + "sha256": "344392fb7630aafaf3cc9a974a6c02e938cccdc09266b7f1cf8874452f855c48", + "role": "emitted CORPIFORM receipt" + }, + { + "path": "evidence/artifact-0004/receipt.sha256", + "sha256": "9dc0166fb49ddd77aa74c4bd06324062c701d17cc99bad4dce710c782f97612c", + "role": "raw receipt file digest record" + }, + { + "path": "evidence/artifact-0004/receipt.canonical.sha256", + "sha256": "bb2e5d6eb4cba080b0b2680c2ede84194bbcd502a128493b084630f3b12a62c8", + "role": "canonical receipt object digest record" + }, + { + "path": "evidence/artifact-0004/context.md", + "sha256": "08a7034ddb65d6bd995c18e338371da58ac7e5fc1ad5f881e167a345cb67d992", + "role": "artifact interpretation and boundary document" + } + ], + "supporting_evidence": { + "context_document": "evidence/artifact-0004/context.md", + "raw_receipt_digest": "evidence/artifact-0004/receipt.sha256", + "canonical_receipt_digest": "evidence/artifact-0004/receipt.canonical.sha256" + }, + "observed_results": { + "receipt_status": "PRESENT", + "command_status": "PRESENT", + "seal_status": "PRESENT", + "raw_receipt_sha256": "344392fb7630aafaf3cc9a974a6c02e938cccdc09266b7f1cf8874452f855c48", + "canonical_receipt_sha256": "2ec13a623cd9fca11601f1df8b186007e74ecab316354d296660511453cff456", + "execution_outcome": "EXECUTED", + "claim_boundary_note": "artifact records a governed execution under the consumed fixture authority object preserved in evidence" + }, + "execution_evidence": { + "receipt_fields": { + "receipt_id": "EE07B689-F1BF-4518-B49C-C973CB178029", + "command_id": "cmd-valid-001", + "authority_seal_id": "seal-valid-001", + "timestamp": "2026-03-19T12:39:16Z", + "outcome": "EXECUTED" + }, + "cross_object_consistency": true + }, + "verdict": "RECORDED", + "verdict_note": "VERIFRAX now records the first identifier-consistent CORPIFORM authority-governed execution receipt on corrected mainline receipt semantics" +} diff --git a/evidence/artifact-0004/command.json b/evidence/artifact-0004/command.json new file mode 100644 index 0000000..cd87ac8 --- /dev/null +++ b/evidence/artifact-0004/command.json @@ -0,0 +1,13 @@ +{ + "command_id": "cmd-valid-001", + "body": "mail", + "action": "MAIL_DISPATCH", + "adapter": "smtp", + "parameters": { + "to": "recipient@example.test", + "from": "sender@example.test", + "subject": "Test Message", + "body": "This is a test email dispatched under valid authority." + }, + "authority_seal_id": "seal-valid-001" +} diff --git a/evidence/artifact-0004/context.md b/evidence/artifact-0004/context.md new file mode 100644 index 0000000..5f629ce --- /dev/null +++ b/evidence/artifact-0004/context.md @@ -0,0 +1,195 @@ +# Artifact-0004 — Authority-Governed CORPIFORM Execution Proof + +## Purpose + +Artifact-0004 records the first VERIFRAX evidence object that binds an authority-governed CORPIFORM execution to its emitted receipt as one immutable verification line. + +Artifacts 0001–0003 established repository integrity, bootstrap continuity, component surfaces, and earlier execution-chain status. They did not yet bind a concrete CORPIFORM execution artifact produced under a consumed authority object and preserved inside VERIFRAX evidence. + +Artifact-0004 closes that gap by recording, in one place: + +- the consumed command object +- the consumed authority seal object +- the emitted CORPIFORM receipt +- raw and canonical receipt digests +- the exact CORPIFORM runtime commit on `main` that corrected receipt authority identity binding + +This artifact therefore advances the stack from component existence to recorded orchestration behavior. + +## Scope of Claim + +This artifact makes a bounded claim. + +It does claim that: + +- CORPIFORM `main` at commit `f257493` executed command `cmd-valid-001` +- the execution consumed authority object `seal-valid-001` +- the emitted receipt binds the same `command_id` and `authority_seal_id` +- the resulting receipt was preserved in VERIFRAX as immutable evidence + +It does not claim that: + +- the recorded authority seal is a production cryptographic authority proof +- AUCTORISEAL main currently publishes this exact fixture seal as a canonical public authority object +- this single execution proves full production readiness of the complete stack + +Those stronger claims are outside the evidence presently frozen in this artifact. + +## Authority Input + +The consumed authority object recorded in this artifact is `evidence/artifact-0004/seal.json`. + +The recorded fields are: + +- `issuer`: `root.primary` +- `authority_seal_id`: `seal-valid-001` +- `custodian`: `test-custodian` +- `scope.body`: `mail` +- `scope.action`: `MAIL_DISPATCH` +- `scope.adapter`: `smtp` +- `valid_from`: `2025-01-01T00:00:00Z` +- `valid_until`: `2030-01-01T00:00:00Z` +- `single_use`: `true` + +The consumed command object recorded in this artifact is `evidence/artifact-0004/command.json`. + +The recorded fields are: + +- `command_id`: `cmd-valid-001` +- `body`: `mail` +- `action`: `MAIL_DISPATCH` +- `adapter`: `smtp` +- `authority_seal_id`: `seal-valid-001` + +The command and seal are structurally aligned. The command references the same authority seal identifier recorded in the consumed seal object. + +## Execution Environment + +The execution referenced by this artifact was produced by CORPIFORM on `main` at commit: + +- `f257493` — `Align CORPIFORM receipt emission with authority seal identity (#34)` + +That commit is the first canonical CORPIFORM mainline state in which success receipts bind: + +- `authority_seal_id` + +rather than a null authority field caused by reading `.seal_id`. + +The recorded runtime context bound into the receipt is: + +- `system`: `CORPIFORM` +- `system_fingerprint`: `test-fingerprint` +- `build_hash`: `test-build-hash` +- `version`: `v0.test` +- `body`: `mail` +- `action`: `MAIL_DISPATCH` +- `adapter`: `smtp` +- `timestamp`: `2026-03-19T12:39:16Z` +- `outcome`: `EXECUTED` + +## Receipt Object + +The emitted receipt preserved by VERIFRAX is: + +- `evidence/artifact-0004/receipt.json` + +Its recorded fields are: + +- `receipt_id`: `EE07B689-F1BF-4518-B49C-C973CB178029` +- `system`: `CORPIFORM` +- `system_fingerprint`: `test-fingerprint` +- `build_hash`: `test-build-hash` +- `version`: `v0.test` +- `command_id`: `cmd-valid-001` +- `authority_seal_id`: `seal-valid-001` +- `body`: `mail` +- `action`: `MAIL_DISPATCH` +- `adapter`: `smtp` +- `timestamp`: `2026-03-19T12:39:16Z` +- `outcome`: `EXECUTED` + +The receipt therefore preserves the same execution identity and authority identity as the consumed command and seal objects. + +## Integrity Surface + +Artifact-0004 preserves two receipt digests, because they answer different verification questions. + +### Raw file digest + +The raw byte-level digest of the stored receipt file is recorded in: + +- `evidence/artifact-0004/receipt.sha256` + +Value: + +- `344392fb7630aafaf3cc9a974a6c02e938cccdc09266b7f1cf8874452f855c48` + +This digest verifies the exact bytes stored in VERIFRAX. + +### Canonical JSON digest + +The canonical JSON digest of the receipt object, computed with sorted keys and compact separators, is recorded in: + +- `evidence/artifact-0004/receipt.canonical.sha256` + +Value: + +- `2ec13a623cd9fca11601f1df8b186007e74ecab316354d296660511453cff456` + +This digest verifies the receipt as a normalized JSON object independent of whitespace formatting. + +Both digests are intentionally preserved. One proves file immutability. The other proves object identity. + +## Cross-Object Consistency + +Artifact-0004 establishes the following mechanically checkable bindings: + +- `command.json.command_id` = `receipt.json.command_id` = `cmd-valid-001` +- `seal.json.authority_seal_id` = `command.json.authority_seal_id` = `receipt.json.authority_seal_id` = `seal-valid-001` +- `seal.json.scope.body` = `command.json.body` = `receipt.json.body` = `mail` +- `seal.json.scope.action` = `command.json.action` = `receipt.json.action` = `MAIL_DISPATCH` +- `seal.json.scope.adapter` = `command.json.adapter` = `receipt.json.adapter` = `smtp` + +These bindings are the core reason this artifact matters. The receipt is not merely adjacent to the authority object. It is identifier-consistent with the consumed authority and command. + +## Single-Use Boundary + +The consumed seal object records: + +- `single_use: true` + +This artifact records the first successful execution receipt tied to that consumed authority identifier. + +What Artifact-0004 proves directly is that a successful receipt now exists for that single-use authority path. + +What it does not itself prove is a separately recorded replay refusal event. That stronger replay proof belongs in a future dedicated evidence object unless separately preserved with execution traces and refusal artifacts. + +## Significance + +Artifact-0004 is the first VERIFRAX evidence object that records the orchestrated relation: + +- authority object consumed by CORPIFORM +- execution completed by CORPIFORM +- receipt emitted by CORPIFORM +- evidence frozen by VERIFRAX + +That is the first real closure of the intended stack shape: + +- AUCTORISEAL as authority model +- CORPIFORM as execution body +- VERIFRAX as immutable verification record + +The closure is still bounded by fixture reality. The preserved authority object is a consumed fixture authority surface, not a demonstrated public production issuance surface. That boundary is a strength, not a weakness, because the artifact claims only what the evidence proves. + +## Evidence Inventory + +Artifact-0004 consists of: + +- `command.json` +- `seal.json` +- `receipt.json` +- `receipt.sha256` +- `receipt.canonical.sha256` +- `context.md` + +Together these files define the complete immutable verification unit for this first authority-governed CORPIFORM execution record. diff --git a/evidence/artifact-0004/receipt.canonical.sha256 b/evidence/artifact-0004/receipt.canonical.sha256 new file mode 100644 index 0000000..6b976e9 --- /dev/null +++ b/evidence/artifact-0004/receipt.canonical.sha256 @@ -0,0 +1 @@ +2ec13a623cd9fca11601f1df8b186007e74ecab316354d296660511453cff456 diff --git a/evidence/artifact-0004/receipt.json b/evidence/artifact-0004/receipt.json new file mode 100644 index 0000000..f0d2c86 --- /dev/null +++ b/evidence/artifact-0004/receipt.json @@ -0,0 +1,15 @@ +{ + "receipt_id": "EE07B689-F1BF-4518-B49C-C973CB178029", + "system": "CORPIFORM", + "system_fingerprint": "test-fingerprint", + "build_hash": "test-build-hash", + "version": "v0.test", + "command_id": "cmd-valid-001", + "authority_seal_id": "seal-valid-001", + "body": "mail", + "action": "MAIL_DISPATCH", + "adapter": "smtp", + "timestamp": "2026-03-19T12:39:16Z", + "outcome": "EXECUTED", + "signature": "c8WbjyJJow+6TOsrtt7UkQH68guOYkvzyGXPbi3igz30RdNoE12lRIAZ2jxJ38u37G5SVGEdtg5WekKHofwEjMxbZNHbKlbnAewsgh3konNQ79rfH2kexPgBNbINYjpVRKME4MUKosD9o5bMr6Mkjb8YUIdARQIbwVovx97m2EVvTvqes90MjnIkzR7nydopSt5+J5IvQyoIPY3tQA863UGsBYZiIdX3uZcxqGp91up1KmQdfrltVR9LAfhAEE71UmuNXfk4zSYjFJ/D7ZX0MaheNsVr4WfmXy32YMgRNsjPRDNeENUR0TW+pYJCCmU+5lEYdO2T+nwWb2uWWJuEsw==" +} diff --git a/evidence/artifact-0004/receipt.sha256 b/evidence/artifact-0004/receipt.sha256 new file mode 100644 index 0000000..ecacf36 --- /dev/null +++ b/evidence/artifact-0004/receipt.sha256 @@ -0,0 +1 @@ +344392fb7630aafaf3cc9a974a6c02e938cccdc09266b7f1cf8874452f855c48 diff --git a/evidence/artifact-0004/seal.json b/evidence/artifact-0004/seal.json new file mode 100644 index 0000000..e7a237e --- /dev/null +++ b/evidence/artifact-0004/seal.json @@ -0,0 +1,14 @@ +{ + "issuer": "root.primary", + "authority_seal_id": "seal-valid-001", + "custodian": "test-custodian", + "scope": { + "body": "mail", + "action": "MAIL_DISPATCH", + "adapter": "smtp" + }, + "valid_from": "2025-01-01T00:00:00Z", + "valid_until": "2030-01-01T00:00:00Z", + "single_use": true, + "signature": "TEST_SIGNATURE_NOT_CRYPTOGRAPHICALLY_VALID" +} diff --git a/evidence/bootstrap-chain-status/CHAIN_STATUS.txt b/evidence/bootstrap-chain-status/CHAIN_STATUS.txt index 303d263..08a7d86 100644 --- a/evidence/bootstrap-chain-status/CHAIN_STATUS.txt +++ b/evidence/bootstrap-chain-status/CHAIN_STATUS.txt @@ -3,5 +3,7 @@ ARTIFACT-0002: VERIFIED ARTIFACT-0002-NOTE: authority ledger and genesis seal are now present in declared evidence; node and rust semantic evaluators produced VERIFIED outputs ARTIFACT-0003: VERIFIED ARTIFACT-0003-NOTE: published genesis seal and authoritative ledger are present; node and rust semantic evaluators produced canonically identical VERIFIED outputs -CURRENT_BOUNDARY: bootstrap chain is semantically resolved and canonically indexed for artifacts 0001-0003 -NEXT_REQUIRED_WORK: release and package publication remain outside bootstrap-chain publication +ARTIFACT-0004: RECORDED +ARTIFACT-0004-NOTE: CORPIFORM main at f257493 emitted receipt EE07B689-F1BF-4518-B49C-C973CB178029 with command_id cmd-valid-001 and authority_seal_id seal-valid-001; VERIFRAX preserves command, seal, receipt, and integrity digests as immutable evidence +CURRENT_BOUNDARY: bootstrap chain is semantically resolved for artifacts 0001-0003 and extended by a recorded CORPIFORM authority-governed execution receipt in artifact-0004 +NEXT_REQUIRED_WORK: publish and record a canonical public CORPIFORM package surface after this recorded execution boundary