tking/guildhouse-proto
SHA256
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
guildhouse-proto/attestation/v2/session.proto
Tyler King 98aa2b0ec7 feat(attestation): add SAT-SPEC-0002 protobuf definitions 
Add protobuf message definitions for the four-layer attestation
architecture defined in SAT-SPEC-0002. Package: substrate.attestation.v2

Files:
- common.proto: QmReceipt (hash-chained Ed25519-signed receipts)
- platform.proto: PlatformClaim, TpmQuoteBinding (L1 hardware identity)
- software.proto: SoftwareClaim, BuildProvenance (L2 image provenance)
- governance.proto: GovernanceClaim, AccordReference, DelegationReference (L3)
- session.proto: SessionClaim, ActorContext, PostureEvidence, PostureLevel (L4)
- sat.proto: SatBundle (composite, optional claim fields for has_*() codegen)

Also adds buf.yaml for lint/breaking-change checks.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-28 09:12:59 -05:00

50 lines
1.6 KiB
Protocol Buffer
Raw Permalink Blame History

syntax = "proto3";
package substrate.attestation.v2;
// ─── Layer 4: Session Claim ─────────────────────────────────────────
//
// Per-session attestation binding actor identity to platform, software,
// and governance state. Posture is verifier-computed, not self-asserted.
message SessionClaim {
uint32 layer = 1; // MUST be 4
string session_id = 2; // UUIDv7
ActorContext actor = 3;
PostureEvidence posture_evidence = 4;
PostureLevel posture_level = 5;
string timestamp = 6; // ISO 8601
bytes nonce = 7;
bytes platform_claim_hash = 8;
bytes software_claim_hash = 9;
bytes governance_claim_hash = 10;
bytes claim_hash = 11;
}
message ActorContext {
string actor_id = 1; // OIDC sub or SPIFFE ID
string actor_type = 2; // "human" | "agent" | "system" | "node"
string auth_method = 3; // "oidc" | "oidc+entra" | "spiffe" | "service_account"
optional string delegated_by = 4;
optional string delegation_id = 5;
}
message PostureEvidence {
bool platform_attested = 1;
string platform_method = 2;
bool software_verified = 3;
string software_method = 4;
bool governance_bound = 5;
string governance_method = 6;
bool identity_verified = 7;
string identity_method = 8;
}
enum PostureLevel {
POSTURE_LEVEL_UNSPECIFIED = 0;
POSTURE_LEVEL_NONE = 1;
POSTURE_LEVEL_LOCAL = 2;
POSTURE_LEVEL_VERIFIED = 3;
POSTURE_LEVEL_GOVERNED = 4;
POSTURE_LEVEL_ATTESTED = 5;
}
Reference in a new issue View git blame Copy permalink