Tyler King
98aa2b0ec7
Add protobuf message definitions for the four-layer attestation architecture defined in SAT-SPEC-0002. Package: substrate.attestation.v2 Files: - common.proto: QmReceipt (hash-chained Ed25519-signed receipts) - platform.proto: PlatformClaim, TpmQuoteBinding (L1 hardware identity) - software.proto: SoftwareClaim, BuildProvenance (L2 image provenance) - governance.proto: GovernanceClaim, AccordReference, DelegationReference (L3) - session.proto: SessionClaim, ActorContext, PostureEvidence, PostureLevel (L4) - sat.proto: SatBundle (composite, optional claim fields for has_*() codegen) Also adds buf.yaml for lint/breaking-change checks. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
20 lines
1.1 KiB
Protocol Buffer
20 lines
1.1 KiB
Protocol Buffer
syntax = "proto3";
|
|
|
|
package substrate.attestation.v2;
|
|
|
|
// ─── QM Receipt ─────────────────────────────────────────────────────
|
|
//
|
|
// The Quartermaster receipt is the fundamental trust primitive for
|
|
// non-hardware claims. Every QM receipt is hash-chained, self-contained,
|
|
// and verifiable with the QM's Ed25519 public key.
|
|
|
|
message QmReceipt {
|
|
string receipt_id = 1; // Unique identifier (UUIDv7)
|
|
bytes claim_hash = 2; // SHA-256 hash of the notarized claim
|
|
repeated bytes referenced_hashes = 3; // Previous layer claim hashes (binding chain)
|
|
string issuer = 4; // QM instance identity (SPIFFE ID)
|
|
string timestamp = 5; // ISO 8601, QM clock (authoritative)
|
|
uint64 chain_position = 6; // Position in the QM's hash chain (monotonic)
|
|
optional string previous_receipt = 7; // Receipt ID of previous chain entry
|
|
bytes signature = 8; // Ed25519 signature
|
|
}
|