Verifrax · verifrax-systems · Mar 19, 2026 · Mar 19, 2026
@@ -15,6 +15,7 @@ Current bootstrap-chain status:
 - **ARTIFACT-0001:** VERIFIED
 - **ARTIFACT-0002:** VERIFIED
 - **ARTIFACT-0003:** VERIFIED
+- **ARTIFACT-0004:** RECORDED
 
 Bootstrap-chain status file:
 
@@ -29,8 +30,9 @@ That means the currently indexed public boundary is:
 1. repository integrity evidence for the initial protocol object
 2. authority readiness evidence for AUCTORISEAL
 3. authority issuance presence and re-execution evidence
-4. semantic cross-implementation execution evidence
-5. package publication evidence for `@verifrax/auctoriseal`, including the current v0.1.2 publication surface
+4. first recorded CORPIFORM authority-governed execution receipt evidence
+5. semantic cross-implementation execution evidence
+6. package publication evidence for `@verifrax/auctoriseal`, including the current v0.1.2 publication surface
 
 ---
 
@@ -55,6 +57,7 @@ Read the artifact directories if you want to inspect the declared subject, claim
 - `artifact-0001/`
 - `artifact-0002/`
 - `artifact-0003/`
+- `artifact-0004/`
 
 These directories define what each artifact claims and what files were collected in support of that claim.
 
@@ -187,6 +190,31 @@ Supporting examples:
 - `artifact-0003/seal-0001-presence.txt`
 - `artifact-0003/issued-object-search.txt`
 
+
+### `artifact-0004/`
+
+Purpose:
+
+- first recorded CORPIFORM authority-governed execution receipt evidence
+
+Use this when checking:
+
+- whether CORPIFORM emitted a success receipt on corrected authority-binding semantics
+- whether consumed command, consumed seal, and emitted receipt are identifier-consistent
+- whether VERIFRAX preserves the first recorded end-to-end execution receipt as immutable evidence
+
+Primary file:
+
+- `artifact-0004/artifact-0004.json`
+
+Supporting examples:
+
+- `artifact-0004/context.md`
+- `artifact-0004/receipt.json`
+- `artifact-0004/receipt.sha256`
+- `artifact-0004/receipt.canonical.sha256`
+- `artifact-0004/EXECUTION_STATUS.txt`
+
 ### `artifact-0003-reexecution/`
 
 Purpose:

@@ -0,0 +1,10 @@
+STATUS: RECORDED
+REASON: artifact-0004 preserves the consumed command object, consumed authority object, emitted receipt, and receipt integrity digests
+CORPIFORM_COMMIT: f257493
+CORPIFORM_BRANCH: main
+RECEIPT_ID: EE07B689-F1BF-4518-B49C-C973CB178029
+COMMAND_ID: cmd-valid-001
+AUTHORITY_SEAL_ID: seal-valid-001
+EXECUTION_OUTCOME: EXECUTED
+BOUNDARY: preserved authority object is a consumed fixture authority surface recorded in evidence; this artifact does not claim production public issuance
+NEXT_REQUIRED_WORK: register artifact-0004 in evidence/README.md and bootstrap-chain-status/CHAIN_STATUS.txt
@@ -0,0 +1,78 @@
+{
+  "artifact_id": "artifact-0004",
+  "title": "CORPIFORM Authority-Governed Execution Receipt Validation",
+  "subject": {
+    "subject": "CORPIFORM authority-governed execution receipt",
+    "subject_ref": "github.com/Verifrax/CORPIFORM",
+    "receipt_id": "EE07B689-F1BF-4518-B49C-C973CB178029",
+    "command_id": "cmd-valid-001",
+    "authority_seal_id": "seal-valid-001",
+    "commit": "f257493",
+    "branch": "main",
+    "event": "receipt authority identity binding correction and first recorded governed execution receipt"
+  },
+  "claim_set": [
+    "CORPIFORM main at commit f257493 emits a success receipt that binds the consumed authority_seal_id",
+    "the recorded receipt preserves command_id cmd-valid-001 and authority_seal_id seal-valid-001",
+    "the consumed command, consumed seal, and emitted receipt are identifier-consistent",
+    "VERIFRAX preserves the execution receipt and its integrity digests as immutable evidence"
+  ],
+  "evidence_objects": [
+    {
+      "path": "evidence/artifact-0004/command.json",
+      "sha256": "9857083f2f91ad9b4b0d26c7fb9f3193b54a9c07d9002f31bf591cf118740414",
+      "role": "consumed command object"
+    },
+    {
+      "path": "evidence/artifact-0004/seal.json",
+      "sha256": "f0fca33166af3854a2ce5c1a27ae80091927902a70a8b47baf386963f30cb03e",
+      "role": "consumed authority object"
+    },
+    {
+      "path": "evidence/artifact-0004/receipt.json",
+      "sha256": "344392fb7630aafaf3cc9a974a6c02e938cccdc09266b7f1cf8874452f855c48",
+      "role": "emitted CORPIFORM receipt"
+    },
+    {
+      "path": "evidence/artifact-0004/receipt.sha256",
+      "sha256": "9dc0166fb49ddd77aa74c4bd06324062c701d17cc99bad4dce710c782f97612c",
+      "role": "raw receipt file digest record"
+    },
+    {
+      "path": "evidence/artifact-0004/receipt.canonical.sha256",
+      "sha256": "bb2e5d6eb4cba080b0b2680c2ede84194bbcd502a128493b084630f3b12a62c8",
+      "role": "canonical receipt object digest record"
+    },
+    {
+      "path": "evidence/artifact-0004/context.md",
+      "sha256": "08a7034ddb65d6bd995c18e338371da58ac7e5fc1ad5f881e167a345cb67d992",
+      "role": "artifact interpretation and boundary document"
+    }
+  ],
+  "supporting_evidence": {
+    "context_document": "evidence/artifact-0004/context.md",
+    "raw_receipt_digest": "evidence/artifact-0004/receipt.sha256",
+    "canonical_receipt_digest": "evidence/artifact-0004/receipt.canonical.sha256"
+  },
+  "observed_results": {
+    "receipt_status": "PRESENT",
+    "command_status": "PRESENT",
+    "seal_status": "PRESENT",
+    "raw_receipt_sha256": "344392fb7630aafaf3cc9a974a6c02e938cccdc09266b7f1cf8874452f855c48",
+    "canonical_receipt_sha256": "2ec13a623cd9fca11601f1df8b186007e74ecab316354d296660511453cff456",
+    "execution_outcome": "EXECUTED",
+    "claim_boundary_note": "artifact records a governed execution under the consumed fixture authority object preserved in evidence"
+  },
+  "execution_evidence": {
+    "receipt_fields": {
+      "receipt_id": "EE07B689-F1BF-4518-B49C-C973CB178029",
+      "command_id": "cmd-valid-001",
+      "authority_seal_id": "seal-valid-001",
+      "timestamp": "2026-03-19T12:39:16Z",
+      "outcome": "EXECUTED"
+    },
+    "cross_object_consistency": true
+  },
+  "verdict": "RECORDED",
+  "verdict_note": "VERIFRAX now records the first identifier-consistent CORPIFORM authority-governed execution receipt on corrected mainline receipt semantics"
+}
@@ -0,0 +1,13 @@
+{
+  "command_id": "cmd-valid-001",
+  "body": "mail",
+  "action": "MAIL_DISPATCH",
+  "adapter": "smtp",
+  "parameters": {
+    "to": "recipient@example.test",
+    "from": "sender@example.test",
+    "subject": "Test Message",
+    "body": "This is a test email dispatched under valid authority."
+  },
+  "authority_seal_id": "seal-valid-001"
+}
@@ -0,0 +1,195 @@
+# Artifact-0004 — Authority-Governed CORPIFORM Execution Proof
+
+## Purpose
+
+Artifact-0004 records the first VERIFRAX evidence object that binds an authority-governed CORPIFORM execution to its emitted receipt as one immutable verification line.
+
+Artifacts 0001–0003 established repository integrity, bootstrap continuity, component surfaces, and earlier execution-chain status. They did not yet bind a concrete CORPIFORM execution artifact produced under a consumed authority object and preserved inside VERIFRAX evidence.
+
+Artifact-0004 closes that gap by recording, in one place:
+
+- the consumed command object
+- the consumed authority seal object
+- the emitted CORPIFORM receipt
+- raw and canonical receipt digests
+- the exact CORPIFORM runtime commit on `main` that corrected receipt authority identity binding
+
+This artifact therefore advances the stack from component existence to recorded orchestration behavior.
+
+## Scope of Claim
+
+This artifact makes a bounded claim.
+
+It does claim that:
+
+- CORPIFORM `main` at commit `f257493` executed command `cmd-valid-001`
+- the execution consumed authority object `seal-valid-001`
+- the emitted receipt binds the same `command_id` and `authority_seal_id`
+- the resulting receipt was preserved in VERIFRAX as immutable evidence
+
+It does not claim that:
+
+- the recorded authority seal is a production cryptographic authority proof
+- AUCTORISEAL main currently publishes this exact fixture seal as a canonical public authority object
+- this single execution proves full production readiness of the complete stack
+
+Those stronger claims are outside the evidence presently frozen in this artifact.
+
+## Authority Input
+
+The consumed authority object recorded in this artifact is `evidence/artifact-0004/seal.json`.
+
+The recorded fields are:
+
+- `issuer`: `root.primary`
+- `authority_seal_id`: `seal-valid-001`
+- `custodian`: `test-custodian`
+- `scope.body`: `mail`
+- `scope.action`: `MAIL_DISPATCH`
+- `scope.adapter`: `smtp`
+- `valid_from`: `2025-01-01T00:00:00Z`
+- `valid_until`: `2030-01-01T00:00:00Z`
+- `single_use`: `true`
+
+The consumed command object recorded in this artifact is `evidence/artifact-0004/command.json`.
+
+The recorded fields are:
+
+- `command_id`: `cmd-valid-001`
+- `body`: `mail`
+- `action`: `MAIL_DISPATCH`
+- `adapter`: `smtp`
+- `authority_seal_id`: `seal-valid-001`
+
+The command and seal are structurally aligned. The command references the same authority seal identifier recorded in the consumed seal object.
+
+## Execution Environment
+
+The execution referenced by this artifact was produced by CORPIFORM on `main` at commit:
+
+- `f257493` — `Align CORPIFORM receipt emission with authority seal identity (#34)`
+
+That commit is the first canonical CORPIFORM mainline state in which success receipts bind:
+
+- `authority_seal_id`
+
+rather than a null authority field caused by reading `.seal_id`.
+
+The recorded runtime context bound into the receipt is:
+
+- `system`: `CORPIFORM`
+- `system_fingerprint`: `test-fingerprint`
+- `build_hash`: `test-build-hash`
+- `version`: `v0.test`
+- `body`: `mail`
+- `action`: `MAIL_DISPATCH`
+- `adapter`: `smtp`
+- `timestamp`: `2026-03-19T12:39:16Z`
+- `outcome`: `EXECUTED`
+
+## Receipt Object
+
+The emitted receipt preserved by VERIFRAX is:
+
+- `evidence/artifact-0004/receipt.json`
+
+Its recorded fields are:
+
+- `receipt_id`: `EE07B689-F1BF-4518-B49C-C973CB178029`
+- `system`: `CORPIFORM`
+- `system_fingerprint`: `test-fingerprint`
+- `build_hash`: `test-build-hash`
+- `version`: `v0.test`
+- `command_id`: `cmd-valid-001`
+- `authority_seal_id`: `seal-valid-001`
+- `body`: `mail`
+- `action`: `MAIL_DISPATCH`
+- `adapter`: `smtp`
+- `timestamp`: `2026-03-19T12:39:16Z`
+- `outcome`: `EXECUTED`
+
+The receipt therefore preserves the same execution identity and authority identity as the consumed command and seal objects.
+
+## Integrity Surface
+
+Artifact-0004 preserves two receipt digests, because they answer different verification questions.
+
+### Raw file digest
+
+The raw byte-level digest of the stored receipt file is recorded in:
+
+- `evidence/artifact-0004/receipt.sha256`
+
+Value:
+
+- `344392fb7630aafaf3cc9a974a6c02e938cccdc09266b7f1cf8874452f855c48`
+
+This digest verifies the exact bytes stored in VERIFRAX.
+
+### Canonical JSON digest
+
+The canonical JSON digest of the receipt object, computed with sorted keys and compact separators, is recorded in:
+
+- `evidence/artifact-0004/receipt.canonical.sha256`
+
+Value:
+
+- `2ec13a623cd9fca11601f1df8b186007e74ecab316354d296660511453cff456`
+
+This digest verifies the receipt as a normalized JSON object independent of whitespace formatting.
+
+Both digests are intentionally preserved. One proves file immutability. The other proves object identity.
+
+## Cross-Object Consistency
+
+Artifact-0004 establishes the following mechanically checkable bindings:
+
+- `command.json.command_id` = `receipt.json.command_id` = `cmd-valid-001`
+- `seal.json.authority_seal_id` = `command.json.authority_seal_id` = `receipt.json.authority_seal_id` = `seal-valid-001`
+- `seal.json.scope.body` = `command.json.body` = `receipt.json.body` = `mail`
+- `seal.json.scope.action` = `command.json.action` = `receipt.json.action` = `MAIL_DISPATCH`
+- `seal.json.scope.adapter` = `command.json.adapter` = `receipt.json.adapter` = `smtp`
+
+These bindings are the core reason this artifact matters. The receipt is not merely adjacent to the authority object. It is identifier-consistent with the consumed authority and command.
+
+## Single-Use Boundary
+
+The consumed seal object records:
+
+- `single_use: true`
+
+This artifact records the first successful execution receipt tied to that consumed authority identifier.
+
+What Artifact-0004 proves directly is that a successful receipt now exists for that single-use authority path.
+
+What it does not itself prove is a separately recorded replay refusal event. That stronger replay proof belongs in a future dedicated evidence object unless separately preserved with execution traces and refusal artifacts.
+
+## Significance
+
+Artifact-0004 is the first VERIFRAX evidence object that records the orchestrated relation:
+
+- authority object consumed by CORPIFORM
+- execution completed by CORPIFORM
+- receipt emitted by CORPIFORM
+- evidence frozen by VERIFRAX
+
+That is the first real closure of the intended stack shape:
+
+- AUCTORISEAL as authority model
+- CORPIFORM as execution body
+- VERIFRAX as immutable verification record
+
+The closure is still bounded by fixture reality. The preserved authority object is a consumed fixture authority surface, not a demonstrated public production issuance surface. That boundary is a strength, not a weakness, because the artifact claims only what the evidence proves.
+
+## Evidence Inventory
+
+Artifact-0004 consists of:
+
+- `command.json`
+- `seal.json`
+- `receipt.json`
+- `receipt.sha256`
+- `receipt.canonical.sha256`
+- `context.md`
+
+Together these files define the complete immutable verification unit for this first authority-governed CORPIFORM execution record.
@@ -0,0 +1 @@
+2ec13a623cd9fca11601f1df8b186007e74ecab316354d296660511453cff456
@@ -0,0 +1,15 @@
+{
+  "receipt_id": "EE07B689-F1BF-4518-B49C-C973CB178029",
+  "system": "CORPIFORM",
+  "system_fingerprint": "test-fingerprint",
+  "build_hash": "test-build-hash",
+  "version": "v0.test",
+  "command_id": "cmd-valid-001",
+  "authority_seal_id": "seal-valid-001",
+  "body": "mail",
+  "action": "MAIL_DISPATCH",
+  "adapter": "smtp",
+  "timestamp": "2026-03-19T12:39:16Z",
+  "outcome": "EXECUTED",
+  "signature": "c8WbjyJJow+6TOsrtt7UkQH68guOYkvzyGXPbi3igz30RdNoE12lRIAZ2jxJ38u37G5SVGEdtg5WekKHofwEjMxbZNHbKlbnAewsgh3konNQ79rfH2kexPgBNbINYjpVRKME4MUKosD9o5bMr6Mkjb8YUIdARQIbwVovx97m2EVvTvqes90MjnIkzR7nydopSt5+J5IvQyoIPY3tQA863UGsBYZiIdX3uZcxqGp91up1KmQdfrltVR9LAfhAEE71UmuNXfk4zSYjFJ/D7ZX0MaheNsVr4WfmXy32YMgRNsjPRDNeENUR0TW+pYJCCmU+5lEYdO2T+nwWb2uWWJuEsw=="
+}
@@ -0,0 +1 @@
+344392fb7630aafaf3cc9a974a6c02e938cccdc09266b7f1cf8874452f855c48
@@ -0,0 +1,14 @@
+{
+  "issuer": "root.primary",
+  "authority_seal_id": "seal-valid-001",
+  "custodian": "test-custodian",
+  "scope": {
+    "body": "mail",
+    "action": "MAIL_DISPATCH",
+    "adapter": "smtp"
+  },
+  "valid_from": "2025-01-01T00:00:00Z",
+  "valid_until": "2030-01-01T00:00:00Z",
+  "single_use": true,
+  "signature": "TEST_SIGNATURE_NOT_CRYPTOGRAPHICALLY_VALID"
+}
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		2ec13a623cd9fca11601f1df8b186007e74ecab316354d296660511453cff456
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		344392fb7630aafaf3cc9a974a6c02e938cccdc09266b7f1cf8874452f855c48