Tyler King
98aa2b0ec7
Add protobuf message definitions for the four-layer attestation architecture defined in SAT-SPEC-0002. Package: substrate.attestation.v2 Files: - common.proto: QmReceipt (hash-chained Ed25519-signed receipts) - platform.proto: PlatformClaim, TpmQuoteBinding (L1 hardware identity) - software.proto: SoftwareClaim, BuildProvenance (L2 image provenance) - governance.proto: GovernanceClaim, AccordReference, DelegationReference (L3) - session.proto: SessionClaim, ActorContext, PostureEvidence, PostureLevel (L4) - sat.proto: SatBundle (composite, optional claim fields for has_*() codegen) Also adds buf.yaml for lint/breaking-change checks. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
1.2 KiB
1.2 KiB
attestation/v2 — SAT-SPEC-0002 Protobuf Definitions
Protobuf message definitions for the Substrate Attestation Token v2 (SAT-SPEC-0002), the four-layer attestation architecture for Substrate nodes.
Package
substrate.attestation.v2
Files
| File | Layer | Messages |
|---|---|---|
sat.proto |
— | SatBundle (top-level composite) |
platform.proto |
L1 Platform | PlatformClaim, TpmQuoteBinding |
software.proto |
L2 Software | SoftwareClaim, BuildProvenance |
governance.proto |
L3 Governance | GovernanceClaim, AccordReference, DelegationReference |
session.proto |
L4 Session | SessionClaim, ActorContext, PostureEvidence, PostureLevel (enum) |
common.proto |
— | QmReceipt |
Layer Architecture
L4 Session ← actor identity + posture evaluation
L3 Governance ← accords, delegations, ceremonies
L2 Software ← image provenance + QM build receipt
L1 Platform ← TPM measurements + hardware identity
Each layer's claim hash binds to the layers below it (hash chaining).
The composite sat_hash in SatBundle covers all present layers.
Spec
Canonical specification: substrate/docs/specs/SAT-SPEC-0002.md