docs(P3.5+P4.1+W.1): canonical JSON spec, countersignature ADR, witness ADR
ATTESTO-CANONICAL-JSON-001 freezes the byte-level rules every hash and signature depends on (normalization table, no-whitespace serialization, FIX-11 number policy, domain framing) and names golden-vectors/sdk-parity/ as the normative conformance corpus with a 6-step checklist for new implementations; hashed into the release manifest and linked from all three SDK READMEs + the crypto review checklist. ADR-0006 (client countersignatures) specifies the full P4.1 scheme — signed bytes under attesto.v2.client-event over commitments, kid registry with rotation-safe resolution at occurred_at, replay analysis, binding claim wording — status proposed; no code until approved (P4 rule). ADR-0009 (independent witness network) records the W.1 design: verbatim purpose line, privacy-preserving framing rule, hashes-only observation, opt-in pseudonymous stream digests, the four CI-enforced separation rules (zero SDK coupling, never a transitive dep, never auto-enroll, never background on install), backend surface spec, v1 observational-only scope, and the claims-guarded evolution note kept ADR-internal. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
This commit is contained in:
@@ -74,6 +74,9 @@ Attesto stores source-system time separately from backend ingest time.
|
||||
`time.Now().UTC()` when omitted, but production integrations should pass the
|
||||
real upstream event timestamp whenever the source system provides one.
|
||||
|
||||
|
||||
Canonicalization is specified normatively in [ATTESTO-CANONICAL-JSON-001](../../docs/protocol/ATTESTO-CANONICAL-JSON-001.md); the parity corpus `golden-vectors/sdk-parity/` is its conformance set.
|
||||
|
||||
## Committed payload number rule
|
||||
|
||||
When events are committed to a Proofstream, payload and metadata numbers must
|
||||
|
||||
Reference in New Issue
Block a user