6.3 KiB
VaultMesh Standards Index
Canonical index of normative and supporting artifacts for the VaultMesh ProofBundle and ledger evidence model.
This document provides a single entry point for regulators, auditors, and integration partners who need to understand which documents and tools are normative (MUST be followed) and which are supporting (helpful for implementation and interpretation).
1. Scope
This index currently covers the ProofBundle family of artifacts:
- The way VaultMesh packages evidence for a single document access
- The cryptographic verification model for that evidence
- The offline tooling used by regulators to validate bundles
Future VaultMesh standards (e.g. Treasury, Mesh Federation) SHOULD be added to this index as they are formalized.
2. Normative Artifacts
These artifacts define the behavior and structure that MUST be followed for ProofBundle implementations and verifiers.
2.1 ProofBundle Specification
- Title: VaultMesh ProofBundle Specification
- File:
docs/VAULTMESH-PROOFBUNDLE-SPEC.md - Version:
1.1.0 - Status: Normative
Defines:
- JSON schema for ProofBundle exports (
bundle_id,schema_version,document,actor,portal,chain,guardian_anchor,proofchain,meta) - Use of BLAKE3 for
root_hashandprevious_hash - Hash-chain semantics and verification rules
- Threat model & non-goals
- AI Act Annex IX compliance crosswalk
- Versioning and extensibility rules
Implementers MUST treat this SPEC as the source of truth for what a valid ProofBundle is and how it is verified.
2.2 ProofBundle Offline Verifier
- Title: VaultMesh ProofBundle Verifier
- File:
burocrat/app/tools/vm_verify_proofbundle.py - Status: Normative reference implementation
Implements:
- Canonical JSON encoding (
sort_keys=True, compact separators) - BLAKE3 verification of each receipt's
root_hash - Hash-chain verification via
previous_hash - Consistency checks against
chain.ok,chain.length,chain.start,chain.end - Exit codes:
0– valid bundle1– structural / hash-chain failure2– I/O or parse error
Regulators MAY use this tool directly or as a reference when building their own independent verifier.
3. Supporting Artifacts
These artifacts are not strictly required for correctness, but they explain how to use the normative pieces in practice.
3.1 ProofBundle Playbook
- Title: How to Verify a VaultMesh ProofBundle
- File:
docs/VAULTMESH-PROOFBUNDLE-PLAYBOOK.md - Version:
1.0 - Status: Informative
Audience: compliance officers, lawyers, auditors, procurement teams.
Provides:
- Plain-language explanation of what a ProofBundle proves
- Prerequisites (Python,
blake3package) - 3-step verification walkthrough
- Example output (valid vs tampered bundle)
- Operational guidance (no VaultMesh access required)
3.2 HTML ProofBundle Viewer
- Title: ProofBundle HTML Viewer
- File:
burocrat/app/src/views/proofbundle.ejs - Status: Informative
Provides:
- Human-readable rendering of a ProofBundle
- Chain visualization and anchor details
- Print-to-PDF option for dossier filing
- Footer note pointing to the offline verifier
This viewer MUST NOT be considered a substitute for cryptographic verification; it is a convenience layer on top of the normative JSON + verifier.
3.3 ProofBundle Conformance Test Pack
- Title: ProofBundle Conformance Test Pack
- Path:
testvectors/proofbundle/ - Version:
1.0 - Status: Informative
Provides:
proofbundle-valid.json– Known-good bundle (exit 0)proofbundle-tampered-body.json– Modified body, hash mismatch (exit 1)proofbundle-tampered-root.json– Wrong root_hash (exit 1)proofbundle-broken-chain.json– Broken previous_hash linkage (exit 1)README.md– Standalone usage instructions
Implementers SHOULD verify their verifier passes all test vectors before claiming conformance.
4. Current Version Matrix
| Component | File | Version |
|---|---|---|
| ProofBundle SPEC | docs/VAULTMESH-PROOFBUNDLE-SPEC.md |
1.1.0 |
| ProofBundle Playbook | docs/VAULTMESH-PROOFBUNDLE-PLAYBOOK.md |
1.0 |
| Offline Verifier | burocrat/app/tools/vm_verify_proofbundle.py |
1.1.0* |
| Conformance Test Pack | testvectors/proofbundle/ |
1.0 |
| HTML Viewer | burocrat/app/src/views/proofbundle.ejs |
n/a |
* The verifier tracks the SPEC's schema_version. For
schema_version = "1.1.0" bundles, this script is considered the
reference.
5. Citing ProofBundle
ProofBundle can be cited in assessments, audit reports, and compliance documentation using the following reference:
This assessment relies on VaultMesh ProofBundle, specified in "VAULTMESH-PROOFBUNDLE-SPEC v1.1.0", with verification performed using the reference tool
vm_verify_proofbundle.py v1.1.0and validated against the VaultMesh ProofBundle Conformance Test Pack v1.0.
The git tag proofbundle-v1.1.0 in the VaultMesh repository marks the
reference implementation state for this version.
6. Implementation Notes
-
Producers of ProofBundles:
- MUST include
schema_versionin every bundle and follow the rules in the SPEC. - SHOULD keep this index updated when bumping versions or adding new normative documents.
- MUST include
-
Verifiers:
- MUST reject unknown major versions (e.g.
2.x.x) by default. - MAY accept minor extensions (
1.2.x) if all required fields validate according to the1.1.0SPEC.
- MUST reject unknown major versions (e.g.
7. Roadmap for Future Standards
Future VaultMesh standards that SHOULD be added here:
| Standard | Scroll | Status |
|---|---|---|
| Treasury Receipt SPEC | Treasury | Planned |
| Mesh Federation SPEC | Mesh | Planned |
| Identity & Capability SPEC | Identity | Planned |
| Guardian Anchoring & External ProofChain SPEC | Guardian | Planned |
Each new standard SHOULD define:
- A normative SPEC document under
docs/ - A reference implementation (Rust and/or Python)
- Optional Playbook for non-technical stakeholders
- Clear versioning and deprecation rules
VaultMesh Standards Index Sovereign Infrastructure for the Digital Age