{"version":"0.3.1","spec":"CTEF (Composable Trust Evidence Format)","provider":"did:web:hivetrust.onrender.com","consortium_seat":{"rank":5,"members":["AgentGraph","AgentID","APS","Nobulex","HiveTrust"],"freeze_commit":"https://github.com/a2aproject/A2A/discussions/1734","freeze_utc":"2026-04-25T01:48:00Z","byte_match_run":"2026-04-30"},"patent":{"applications":["64/049,200","64/049,201","64/049,202","64/049,203","64/049,204","64/049,205","64/049,206","64/049,207","64/049,208","64/049,209","64/049,210","64/049,211","64/049,212","64/049,213","64/049,214","64/049,215","64/049,216","64/049,217","64/049,218","64/049,219","64/049,220","64/049,221","64/049,222","64/049,223","64/049,224","64/049,225","64/049,226"],"priority_date":"2026-04-24","holder":"Stephen A. Rotzin / TheHiveryIQ"},"contract":{"canonicalization":"RFC 8785 (JSON Canonicalization Scheme)","canonicalization_rules":["Keys sorted by Unicode code point.","Non-ASCII above U+001F emitted as literal UTF-8 bytes (not \\uXXXX escapes).","null values preserved at every depth.","Integer-valued floats normalized to integers (ECMA-262 §7.1.12.1)."],"hash_algorithm":"SHA-256","delegation_chain_root":"hex(sha256(canonicalize_jcs_strict(delegation_chain)))","reference_implementation":"src/routes/cte.js canonicalizeJcs() (hivetrust.onrender.com)"},"claim_model":{"claim_type":{"closed_set":["identity","transport","authority","continuity"],"required_on_envelope":true,"note":"Outer discriminator for the claim-layer semantics. Added in v0.3.1. A claim carrying fields outside its declared category MUST be rejected with INVALID_CLAIM_SCOPE before semantic evaluation."},"composition_rules":{"identity":"Key binding — same DID across claims, same resolution path.","transport":"Identity-key binding — the identity signs the transport key.","authority":"Monotonic narrowing — effective scope is the intersection of every scope in the chain.","continuity":"Rotation-attestation chain — history-stability under rotation."}},"error_codes":{"INVALID_CLAIM_SCOPE":{"triggers_on":"Claim carries fields outside its declared claim_type (e.g. identity-categorized claim carrying authority-layer delegation).","ordering":"Structural failure precedes semantic evaluation. Fail-closed is mandatory before any layer-specific logic runs.","test_vector":"scope_violation_vector (below)"},"INVALID_COMPOSITION":{"triggers_on":"Well-typed claims at each layer cannot be combined under the composition rule (e.g. disjoint authority scopes).","ordering":"Structural failure precedes semantic evaluation.","test_vector":"composition_failure_vector (below)"}},"reserved_values":{"claim_type.envelope":{"status":"reserved","committed_in":"v0.3.2 or v0.3.1 errata","composition_rule_variants":[{"name":"zero_knowledge_membership","use_when":"The envelope identity itself must stay private from the verifier.","shape":"ZK proof of membership in the attestation-registry snapshot, content-addressed over the snapshot root."},{"name":"signed_snapshot_attestation","use_when":"The envelope is public; only the member list is sensitive.","shape":"Issuer signature over {subject, registry_root, asserted_membership: true}."}],"note":"Fifth-layer regulatory-envelope attestation (Hive Civilization / HiveTrust contribution). Implementations pick by privacy requirement: ZK for private envelope identity, signed-snapshot when only the member list needs unlinkability. APS (aeoess/agent-passport-system) has committed to adopting the same claim_type value in adapter mappings when it lands."},"evidence_basis.evidence_type.payment_execution":{"status":"reserved","committed_in":"v0.3.2 or v0.3.1 errata","note":"Payment-execution receipt as an independent signal type (HiveCompute x402 contribution). Answers \"consideration was exchanged\" — distinct from \"task result matches spec\" (SAR). Expected fields: eip3009_authorization_hash, base_tx_hash, wallet_did, amount_usdc, issued_at."}},"envelope_vector":{"note":"Example CTEF v0.3.1 TrustAttestation envelope (claim_type=authority) with delegation_chain_root composition per §4.6. A partner verifier MUST reproduce canonical_bytes_utf8 and canonical_sha256 exactly; divergence indicates a canonicalizer drift that would break bilateral composition.","input_object":{"@context":["https://www.w3.org/ns/credentials/v2","https://agentgraph.co/ns/trust-evidence/v1"],"type":"TrustAttestation","version":"0.3.1","claim_type":"authority","provider":{"id":"did:web:agentgraph.co","name":"AgentGraph Trust Scanner","category":"static_analysis","version":"0.3.1"},"subject":{"did":"did:key:z6MkhaXgBZDvotDkL5257faiztiGiC2QtKLGpbnnEGta2doK","repo":"example-org/example-repo","ref":"main"},"attestation":{"type":"SecurityAttestation","confidence":0.82,"payload":{"trust_score":66,"grade":"B","findings":{"critical":0,"high":2,"medium":5,"total":7}}},"delegation":{"delegation_chain_root":"4f3d8defea1e82c1705c35d97ee4db046c6313ba83855a7d0de04a44f04c834a","delegation_depth":2,"canonicalization":"RFC-8785"},"issued_at":"2026-04-23T00:00:00Z","expires_at":"2026-04-23T01:00:00Z"},"canonical_bytes_utf8":"{\"@context\":[\"https://www.w3.org/ns/credentials/v2\",\"https://agentgraph.co/ns/trust-evidence/v1\"],\"attestation\":{\"confidence\":0.82,\"payload\":{\"findings\":{\"critical\":0,\"high\":2,\"medium\":5,\"total\":7},\"grade\":\"B\",\"trust_score\":66},\"type\":\"SecurityAttestation\"},\"claim_type\":\"authority\",\"delegation\":{\"canonicalization\":\"RFC-8785\",\"delegation_chain_root\":\"4f3d8defea1e82c1705c35d97ee4db046c6313ba83855a7d0de04a44f04c834a\",\"delegation_depth\":2},\"expires_at\":\"2026-04-23T01:00:00Z\",\"issued_at\":\"2026-04-23T00:00:00Z\",\"provider\":{\"category\":\"static_analysis\",\"id\":\"did:web:agentgraph.co\",\"name\":\"AgentGraph Trust Scanner\",\"version\":\"0.3.1\"},\"subject\":{\"did\":\"did:key:z6MkhaXgBZDvotDkL5257faiztiGiC2QtKLGpbnnEGta2doK\",\"ref\":\"main\",\"repo\":\"example-org/example-repo\"},\"type\":\"TrustAttestation\",\"version\":\"0.3.1\"}","canonical_sha256":"9e7b5031e46de38b5f90e895113a3f24f42a4128d8d99856a2d71e529b0f0d5c","expected_result":"pass"},"verdict_vector":{"note":"Example CTEF v0.3.1 EnforcementVerdict with the 5-dimension claim-model surface per §6.3. A partner that consumes HiveTrust verdicts should verify canonical_sha256 matches what they compute locally.","input_object":{"type":"EnforcementVerdict","version":"0.3.1","gateway":{"id":"did:web:agentgraph.co#gateway","name":"AgentGraph Trust Gateway","version":"0.3.1"},"claim":{"action":{"type":"mutation:platform_access","target":"did:key:z6MkhaXgBZDvotDkL5257faiztiGiC2QtKLGpbnnEGta2doK","scope":"urn:agentgraph:platform:feed:write"},"evidence_basis":{"bundle_hash":"sha256:9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08","delegation_chain_root":"4f3d8defea1e82c1705c35d97ee4db046c6313ba83855a7d0de04a44f04c834a"},"admissibility_result":"conditional_allow","validity_window":{"not_before":"2026-04-23T00:00:00Z","not_after":"2026-04-23T01:00:00Z","binding_mode":"authority_within_window_evidence_after"},"forwardability":{"mode":"local","forwardable_to":[],"delegation_path":null}},"issued_at":"2026-04-23T00:00:00Z","expires_at":"2026-04-23T01:00:00Z"},"canonical_bytes_utf8":"{\"claim\":{\"action\":{\"scope\":\"urn:agentgraph:platform:feed:write\",\"target\":\"did:key:z6MkhaXgBZDvotDkL5257faiztiGiC2QtKLGpbnnEGta2doK\",\"type\":\"mutation:platform_access\"},\"admissibility_result\":\"conditional_allow\",\"evidence_basis\":{\"bundle_hash\":\"sha256:9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08\",\"delegation_chain_root\":\"4f3d8defea1e82c1705c35d97ee4db046c6313ba83855a7d0de04a44f04c834a\"},\"forwardability\":{\"delegation_path\":null,\"forwardable_to\":[],\"mode\":\"local\"},\"validity_window\":{\"binding_mode\":\"authority_within_window_evidence_after\",\"not_after\":\"2026-04-23T01:00:00Z\",\"not_before\":\"2026-04-23T00:00:00Z\"}},\"expires_at\":\"2026-04-23T01:00:00Z\",\"gateway\":{\"id\":\"did:web:agentgraph.co#gateway\",\"name\":\"AgentGraph Trust Gateway\",\"version\":\"0.3.1\"},\"issued_at\":\"2026-04-23T00:00:00Z\",\"type\":\"EnforcementVerdict\",\"version\":\"0.3.1\"}","canonical_sha256":"feb42dca4214fc46207138d676ec727d7b3d0caa1eda8c0390d2d6f6fbc28913","expected_result":"pass"},"scope_violation_vector":{"note":"Negative-path vector (v0.3.1). Envelope declares claim_type='identity' but carries authority-layer delegation fields. A conformant verifier MUST reject with INVALID_CLAIM_SCOPE before semantic evaluation.","input_object":{"@context":["https://www.w3.org/ns/credentials/v2","https://agentgraph.co/ns/trust-evidence/v1"],"type":"TrustAttestation","version":"0.3.1","claim_type":"identity","provider":{"id":"did:web:agentgraph.co","name":"AgentGraph Trust Scanner","category":"static_analysis","version":"0.3.1"},"subject":{"did":"did:key:z6MkhaXgBZDvotDkL5257faiztiGiC2QtKLGpbnnEGta2doK"},"attestation":{"type":"IdentityAttestation","confidence":0.9,"payload":{"key_status":"active"}},"delegation":{"delegation_chain_root":"4f3d8defea1e82c1705c35d97ee4db046c6313ba83855a7d0de04a44f04c834a","delegation_depth":2,"canonicalization":"RFC-8785"},"issued_at":"2026-04-23T00:00:00Z","expires_at":"2026-04-23T01:00:00Z"},"canonical_bytes_utf8":"{\"@context\":[\"https://www.w3.org/ns/credentials/v2\",\"https://agentgraph.co/ns/trust-evidence/v1\"],\"attestation\":{\"confidence\":0.9,\"payload\":{\"key_status\":\"active\"},\"type\":\"IdentityAttestation\"},\"claim_type\":\"identity\",\"delegation\":{\"canonicalization\":\"RFC-8785\",\"delegation_chain_root\":\"4f3d8defea1e82c1705c35d97ee4db046c6313ba83855a7d0de04a44f04c834a\",\"delegation_depth\":2},\"expires_at\":\"2026-04-23T01:00:00Z\",\"issued_at\":\"2026-04-23T00:00:00Z\",\"provider\":{\"category\":\"static_analysis\",\"id\":\"did:web:agentgraph.co\",\"name\":\"AgentGraph Trust Scanner\",\"version\":\"0.3.1\"},\"subject\":{\"did\":\"did:key:z6MkhaXgBZDvotDkL5257faiztiGiC2QtKLGpbnnEGta2doK\"},\"type\":\"TrustAttestation\",\"version\":\"0.3.1\"}","canonical_sha256":"e584f1cd0885dc938da5fc23ce7e528715a0086e5464c9ed0f3c1c82b364026f","expected_result":"fail-closed","expected_error_code":"INVALID_CLAIM_SCOPE"},"composition_failure_vector":{"note":"Negative-path vector (v0.3.1). Two authority-layer delegation chains with disjoint scopes (feed:write vs marketplace:buy). Monotonic narrowing produces an empty intersection → INVALID_COMPOSITION.","input_object":{"@context":["https://www.w3.org/ns/credentials/v2","https://agentgraph.co/ns/trust-evidence/v1"],"type":"TrustAttestation","version":"0.3.1","claim_type":"authority","provider":{"id":"did:web:agentgraph.co","name":"AgentGraph Trust Scanner","category":"static_analysis","version":"0.3.1"},"subject":{"did":"did:key:z6MkhaXgBZDvotDkL5257faiztiGiC2QtKLGpbnnEGta2doK"},"attestation":{"type":"AuthorityComposition","confidence":0.7,"payload":{"composition_type":"multi_chain"}},"delegation":{"chains":[{"delegation_chain_root":"4f3d8defea1e82c1705c35d97ee4db046c6313ba83855a7d0de04a44f04c834a","scope":"urn:agentgraph:platform:feed:write"},{"delegation_chain_root":"b11a72b09b8184e3cc4620e0d5fe0926f6fecfb8cd35c2ef364c5761647c43b4","scope":"urn:agentgraph:platform:marketplace:buy"}],"canonicalization":"RFC-8785"},"issued_at":"2026-04-23T00:00:00Z","expires_at":"2026-04-23T01:00:00Z"},"canonical_bytes_utf8":"{\"@context\":[\"https://www.w3.org/ns/credentials/v2\",\"https://agentgraph.co/ns/trust-evidence/v1\"],\"attestation\":{\"confidence\":0.7,\"payload\":{\"composition_type\":\"multi_chain\"},\"type\":\"AuthorityComposition\"},\"claim_type\":\"authority\",\"delegation\":{\"canonicalization\":\"RFC-8785\",\"chains\":[{\"delegation_chain_root\":\"4f3d8defea1e82c1705c35d97ee4db046c6313ba83855a7d0de04a44f04c834a\",\"scope\":\"urn:agentgraph:platform:feed:write\"},{\"delegation_chain_root\":\"b11a72b09b8184e3cc4620e0d5fe0926f6fecfb8cd35c2ef364c5761647c43b4\",\"scope\":\"urn:agentgraph:platform:marketplace:buy\"}]},\"expires_at\":\"2026-04-23T01:00:00Z\",\"issued_at\":\"2026-04-23T00:00:00Z\",\"provider\":{\"category\":\"static_analysis\",\"id\":\"did:web:agentgraph.co\",\"name\":\"AgentGraph Trust Scanner\",\"version\":\"0.3.1\"},\"subject\":{\"did\":\"did:key:z6MkhaXgBZDvotDkL5257faiztiGiC2QtKLGpbnnEGta2doK\"},\"type\":\"TrustAttestation\",\"version\":\"0.3.1\"}","canonical_sha256":"f9cd10bc4e8bf34ce3aa6a0e5df0d27989e54ff41c4333c69ae3ecfaf8de0cb5","expected_result":"fail-closed","expected_error_code":"INVALID_COMPOSITION"}}