vaultsovereign/vm-core
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
7a01aebbc0f7c5a5ec029be7357999b98c4fa7fb
vm-core/docs/VAULTMESH-STANDARDS-INDEX.md
Vault Sovereign 110d644e10 Initialize repository snapshot
2025-12-27 00:10:32 +00:00

202 lines
6.3 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# VaultMesh Standards Index
> Canonical index of normative and supporting artifacts for the VaultMesh
> ProofBundle and ledger evidence model.
This document provides a single entry point for regulators, auditors, and
integration partners who need to understand which documents and tools are
**normative** (MUST be followed) and which are **supporting** (helpful
for implementation and interpretation).
---
## 1. Scope
This index currently covers the **ProofBundle** family of artifacts:
- The way VaultMesh packages evidence for a single document access
- The cryptographic verification model for that evidence
- The offline tooling used by regulators to validate bundles
Future VaultMesh standards (e.g. Treasury, Mesh Federation) SHOULD be
added to this index as they are formalized.
---
## 2. Normative Artifacts
These artifacts define the behavior and structure that MUST be followed
for ProofBundle implementations and verifiers.
### 2.1 ProofBundle Specification
- **Title:** VaultMesh ProofBundle Specification
- **File:** `docs/VAULTMESH-PROOFBUNDLE-SPEC.md`
- **Version:** `1.1.0`
- **Status:** Normative
Defines:
- JSON schema for ProofBundle exports (`bundle_id`, `schema_version`,
`document`, `actor`, `portal`, `chain`, `guardian_anchor`,
`proofchain`, `meta`)
- Use of BLAKE3 for `root_hash` and `previous_hash`
- Hash-chain semantics and verification rules
- Threat model & non-goals
- AI Act Annex IX compliance crosswalk
- Versioning and extensibility rules
**Implementers MUST** treat this SPEC as the source of truth for what a
valid ProofBundle is and how it is verified.
### 2.2 ProofBundle Offline Verifier
- **Title:** VaultMesh ProofBundle Verifier
- **File:** `burocrat/app/tools/vm_verify_proofbundle.py`
- **Status:** Normative reference implementation
Implements:
- Canonical JSON encoding (`sort_keys=True`, compact separators)
- BLAKE3 verification of each receipt's `root_hash`
- Hash-chain verification via `previous_hash`
- Consistency checks against `chain.ok`, `chain.length`,
`chain.start`, `chain.end`
- Exit codes:
- `0` valid bundle
- `1` structural / hash-chain failure
- `2` I/O or parse error
**Regulators MAY** use this tool directly or as a reference when
building their own independent verifier.
---
## 3. Supporting Artifacts
These artifacts are not strictly required for correctness, but they
explain how to use the normative pieces in practice.
### 3.1 ProofBundle Playbook
- **Title:** How to Verify a VaultMesh ProofBundle
- **File:** `docs/VAULTMESH-PROOFBUNDLE-PLAYBOOK.md`
- **Version:** `1.0`
- **Status:** Informative
Audience: compliance officers, lawyers, auditors, procurement teams.
Provides:
- Plain-language explanation of what a ProofBundle proves
- Prerequisites (Python, `blake3` package)
- 3-step verification walkthrough
- Example output (valid vs tampered bundle)
- Operational guidance (no VaultMesh access required)
### 3.2 HTML ProofBundle Viewer
- **Title:** ProofBundle HTML Viewer
- **File:** `burocrat/app/src/views/proofbundle.ejs`
- **Status:** Informative
Provides:
- Human-readable rendering of a ProofBundle
- Chain visualization and anchor details
- Print-to-PDF option for dossier filing
- Footer note pointing to the offline verifier
This viewer **MUST NOT** be considered a substitute for cryptographic
verification; it is a convenience layer on top of the normative JSON +
verifier.
### 3.3 ProofBundle Conformance Test Pack
- **Title:** ProofBundle Conformance Test Pack
- **Path:** `testvectors/proofbundle/`
- **Version:** `1.0`
- **Status:** Informative
Provides:
- `proofbundle-valid.json` Known-good bundle (exit 0)
- `proofbundle-tampered-body.json` Modified body, hash mismatch (exit 1)
- `proofbundle-tampered-root.json` Wrong root_hash (exit 1)
- `proofbundle-broken-chain.json` Broken previous_hash linkage (exit 1)
- `README.md` Standalone usage instructions
Implementers SHOULD verify their verifier passes all test vectors before
claiming conformance.
---
## 4. Current Version Matrix
| Component | File | Version |
|----------------------|------------------------------------------------|----------|
| ProofBundle SPEC | `docs/VAULTMESH-PROOFBUNDLE-SPEC.md` | `1.1.0` |
| ProofBundle Playbook | `docs/VAULTMESH-PROOFBUNDLE-PLAYBOOK.md` | `1.0` |
| Offline Verifier | `burocrat/app/tools/vm_verify_proofbundle.py` | `1.1.0*` |
| Conformance Test Pack | `testvectors/proofbundle/` | `1.0` |
| HTML Viewer | `burocrat/app/src/views/proofbundle.ejs` | n/a |
\* The verifier tracks the SPEC's `schema_version`. For
`schema_version = "1.1.0"` bundles, this script is considered the
reference.
---
## 5. Citing ProofBundle
ProofBundle can be cited in assessments, audit reports, and compliance
documentation using the following reference:
> This assessment relies on VaultMesh ProofBundle, specified in
> **"VAULTMESH-PROOFBUNDLE-SPEC v1.1.0"**, with verification performed
> using the reference tool `vm_verify_proofbundle.py v1.1.0` and validated
> against the **VaultMesh ProofBundle Conformance Test Pack v1.0**.
The git tag `proofbundle-v1.1.0` in the VaultMesh repository marks the
reference implementation state for this version.
---
## 6. Implementation Notes
- **Producers of ProofBundles:**
- MUST include `schema_version` in every bundle and follow the
rules in the SPEC.
- SHOULD keep this index updated when bumping versions or adding
new normative documents.
- **Verifiers:**
- MUST reject unknown major versions (e.g. `2.x.x`) by default.
- MAY accept minor extensions (`1.2.x`) if all required fields
validate according to the `1.1.0` SPEC.
---
## 7. Roadmap for Future Standards
Future VaultMesh standards that SHOULD be added here:
| Standard | Scroll | Status |
|----------|--------|--------|
| Treasury Receipt SPEC | Treasury | Planned |
| Mesh Federation SPEC | Mesh | Planned |
| Identity & Capability SPEC | Identity | Planned |
| Guardian Anchoring & External ProofChain SPEC | Guardian | Planned |
Each new standard SHOULD define:
1. A normative SPEC document under `docs/`
2. A reference implementation (Rust and/or Python)
3. Optional Playbook for non-technical stakeholders
4. Clear versioning and deprecation rules
---
_VaultMesh Standards Index_
_Sovereign Infrastructure for the Digital Age_
Reference in New Issue View Git Blame Copy Permalink