Skip to content

feat(trust): add SOVP-v1 pre-execution infrastructure attestation type (§5.2.1, §5.2.2)#48

Open
litzki-systems wants to merge 1 commit into
ards-project:mainfrom
litzki-systems:feat/sovp-v1-attestation-type
Open

feat(trust): add SOVP-v1 pre-execution infrastructure attestation type (§5.2.1, §5.2.2)#48
litzki-systems wants to merge 1 commit into
ards-project:mainfrom
litzki-systems:feat/sovp-v1-attestation-type

Conversation

@litzki-systems

@litzki-systems litzki-systems commented Jun 24, 2026

Copy link
Copy Markdown

Summary

Adds SOVP-v1 as a documented attestation type in §5.2.1 and §5.2.2, complementing TRACE-v0.2 (runtime governance) and install-manifest (install-time consent).

The layer SOVP-v1 occupies

The four-layer stack that converged in this repo this week:

Layer Type Attests
L1 ARD catalog What the resource is and where to find it
L2 install-manifest (#43) Install-time consent, scopes, kill_switch
L3 SOVP-v1 Host measured and hardened before connection
L4 TRACE-v0.2 (#7) What the agent actually did at runtime

Each attests a distinct axis. As @imran-siddique confirmed: "What SOVP addresses is the infrastructure the enclave sits on: cluster hardening, network topology, sovereign compliance of the broader environment. Those are distinct axes, not overlapping ones."

Changes

  • §5.2: Extends digest field from String to structured object (alg + value) for content-addressable verification
  • §5.2.1: Adds registered attestation types table (SOC2-Type2, HIPAA-Audit, TRACE-v0.2, SOVP-v1)
  • §5.2.2: Adds full SOVP-v1 documentation: seven-property contract, example catalog entry, references

References

feat(trust): add SOVP-v1 pre-execution infrastructure attestation type
68f218b 
- Add SOVP-v1 to registered attestation types table in §5.2.1
- Add §5.2.2 with seven-property contract, example, and references
- Extend digest field to structured object with alg + value
- Cross-reference TRACE-v0.2 and install-manifest as complementary layers

Closes ards-project#41
@litzki-systems litzki-systems mentioned this pull request Jun 24, 2026
Open
@yepgent yepgent mentioned this pull request Jun 25, 2026
Open
@litzki-systems litzki-systems mentioned this pull request Jun 25, 2026
Open
yepgent added a commit to yepgent/ard-spec that referenced this pull request Jun 26, 2026
@yepgent @claude
docs(identity): add JCS/SOVP-v1 composition note to Appendix C.1
0e21e2a 
Per review feedback on ards-project#49 (litzki-systems): the detached JWS in §5.1.1
shares the RFC 8785 (JCS) canonicalization baseline with SOVP-v1's
attestation payload (ards-project#48, §5.2.1). Note the shared signing primitive as
a composition property — disjoint sections, no normative coupling.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rvguha rvguha Awaiting requested review from rvguha rvguha is a code owner
@mindpower mindpower Awaiting requested review from mindpower mindpower is a code owner
@evalstate evalstate Awaiting requested review from evalstate evalstate is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@litzki-systems