Skip to content

Commit 3ca9210

Browse files
V45 Gate 7: Define Interface Disclosure Authority
Specifies interface authority across /deposit, /read, /packs, API/MCP, ChatGPT App, Bitcode Chat, public docs, and landing pages. Defines source-safe disclosure boundaries from pre-settlement through preview, quote, payment observation, finality, BTD rights transfer, and repository delivery, with check:v45-gate7 coverage.
1 parent 1b333a3 commit 3ca9210

3 files changed

Lines changed: 237 additions & 0 deletions

File tree

BITCODE_SPEC_V45_NOTES.md

Lines changed: 68 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -480,6 +480,74 @@ consolidation before implementation parity auditing, parity auditing before
480480
grouped implementation closure, and V44 as the active canon pointer until V45
481481
promotion.
482482

483+
## V45 protocol atom 6: interface authority and disclosure boundaries
484+
485+
Audit classification: V44 names `/packs`, `/read`, `/deposit`, API/MCP,
486+
ChatGPT App, Bitcode Chat, public docs, and landing pages as interface
487+
surfaces, and it strongly protects source-safe disclosure before settlement.
488+
The remaining protocol gap is exact interface authority: which statements each
489+
surface may make, which actions each surface may initiate, and what may be
490+
shown before settlement, after preview, after quote, after payment observation,
491+
after finality, after BTD rights transfer, and after repository delivery.
492+
493+
Protocol-law statement:
494+
495+
All Bitcode interfaces are protocol windows into the same AssetPack, BTD, BTC,
496+
proof, ledger, database, storage, and delivery state. No interface is an
497+
independent source of protocol law. A user-visible statement is valid only when
498+
it is source-safe for that party, names the current protocol state, and can be
499+
traced to the required proof root, ledger/database readback, storage root,
500+
workflow receipt, or generated canonical specification.
501+
502+
Canonical interface authority is:
503+
504+
| Surface | Authority | Forbidden claim or action |
505+
| --- | --- | --- |
506+
| `/deposit` | Depositor supply formation: connect source, synthesize deposit AssetPack options, review source-owner measurements, approve or reject Depository admission, and view source-safe earning potential. | claiming final BTD size, reader ownership, final BTC proceeds, or public source visibility before a paid Need-Fit settlement exists |
507+
| `/read` | Reader demand procurement: request a Read, review or resynthesize the Need, request Finding Fits, review source-safe Need-Fit preview, accept quote, pay, and receive entitled repository delivery. | exposing unpaid AssetPack source, treating observed payment as final, bypassing organization/wallet authority, or delivering before BTD rights transfer |
508+
| `/packs` | Searchable master-detail projection of network activity, AssetPack states, quotes, repairs, proof roots, delivery receipts, and compensation statements. | becoming the source of truth without ledger/database/storage readback or showing private source to non-entitled parties |
509+
| API/MCP | Machine interface for the same workflows, read models, proofs, and repair commands exposed under explicit policy and capability boundaries. | returning more data than the corresponding human interface is entitled to see or mutating state without the same proof obligations |
510+
| ChatGPT App | Conversational interface for guided Bitcode actions, summaries, confirmations, and state inspection. | presenting conversational text as final settlement, rights transfer, source unlock, or canonical law without authoritative readback |
511+
| Bitcode Chat | Product conversation overlay for assistance, explanations, workflow navigation, telemetry summarization, and operator-facing repair guidance. | leaking raw prompts, raw provider responses, protected source, wallet private material, or unpaid source-bearing pack content |
512+
| Public docs and landing pages | Explanatory surface for protocol claims, public product positioning, and non-transactional education. | representing live transaction state, buyer entitlement, seller proceeds, or private network facts without a linked authoritative surface |
513+
514+
Canonical disclosure boundary is:
515+
516+
| Boundary | User-visible statements allowed | User-visible statements forbidden |
517+
| --- | --- | --- |
518+
| `before-settlement` | source-safe state labels, public protocol explanation, party-owned source to that party, deposit measurements, Need text, candidate counts, proof roots, estimates, and repair blockers | unpaid AssetPack source, raw protected source, secrets, raw prompts, raw provider responses, final rights, final BTD ownership, or final BTC settlement |
519+
| `after-preview` | source-safe Need-Fit measurements, selected Fit set identities when source-safe, rankings, quality/confidence, BTD range or potential, preview proof roots, and why the preview may be worth buying | source-bearing implementation contents, private candidate source, contributor secrets, or assertions that the Reader already owns the AssetPack |
520+
| `after-quote` | deterministic BTC quote, quote expiry, wallet/network, BTD volume/range posture, authorization requirements, quote root, and explicit non-final status | payment-final, rights-transferred, source-unlocked, delivered, or contributor-compensated statements |
521+
| `after-payment-observation` | observed txid, network, amount, payer/payee, quote match or mismatch, mempool/provider evidence, and pending finality/repair posture | treating observation as confirmed finality, unlocking source, transferring BTD rights, or routing contributor compensation |
522+
| `after-finality` | confirmation/finality receipt, finalized payment evidence, settlement readback progress, and remaining rights-transfer or repair requirements | exposing source before settlement readback and BTD rights transfer or claiming delivery before repository delivery receipt |
523+
| `after-btd-rights-transfer` | entitled Reader boundary, source unlock authorization, rights receipt, BTD range ownership, and delivery preparation state | making the source public, granting non-payer access, or claiming contributor compensation before source-to-shares allocation |
524+
| `after-repository-delivery` | delivery PR/commit receipt, entitled repository visibility, delivered AssetPack root, reconciliation state, and source-safe contributor compensation statements | exposing source outside the entitled repository or masking unsettled repair, compensation, or ledger/database mismatch states |
525+
526+
Interface disclosure law:
527+
528+
- Every interface must fail closed to the narrowest source-safe state when proof
529+
roots, ledger/database readback, storage roots, wallet authority, or delivery
530+
receipts are missing.
531+
- Human and machine interfaces must use the same entitlement boundary. API/MCP,
532+
ChatGPT App, and Bitcode Chat may not reveal data that `/read`, `/deposit`,
533+
or `/packs` would withhold from the same actor in the same state.
534+
- Public docs and landing pages may explain the protocol and commercial
535+
experience, but they are not transaction state, settlement evidence, source
536+
entitlement, or compensation evidence.
537+
- Conversational interfaces may guide and summarize, but all final claims about
538+
quote, payment, BTD rights, source unlock, delivery, and compensation must be
539+
backed by authoritative state readback.
540+
- Interface copy may be concise and elegant, but it must never collapse preview,
541+
quote, observed payment, finality, rights transfer, delivery, and
542+
compensation into a single "done" state.
543+
544+
Acceptance for this atom: later V45 formal specification and implementation
545+
work may refine wording and UI shapes, but it must preserve one protocol law
546+
across all surfaces, source-safe user-visible statements before paid
547+
entitlement, explicit non-final language for preview/quote/payment
548+
observation, authoritative readback for final settlement and rights transfer,
549+
and repository delivery visibility only for the entitled Reader boundary.
550+
483551
## Non-goals during V45 opening
484552

485553
- Do not implement V45 gate behavior before the V45 intent discussion is

package.json

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -392,6 +392,7 @@
392392
"check:v45-gate4": "node scripts/check-v45-gate4-btd-scalar-volume-state-machine.mjs",
393393
"check:v45-gate5": "node scripts/check-v45-gate5-btc-settlement-state-machine.mjs",
394394
"check:v45-gate6": "node scripts/check-v45-gate6-spec-consolidation-sequencing.mjs",
395+
"check:v45-gate7": "node scripts/check-v45-gate7-interface-authority-disclosure-boundaries.mjs",
395396
"generate:v38-inference-surface-inventory": "node scripts/generate-v38-inference-surface-inventory.mjs",
396397
"check:v38-inference-surface-inventory": "node scripts/generate-v38-inference-surface-inventory.mjs --check",
397398
"check:v38-gate2": "node scripts/check-v38-gate2-inference-surface-inventory.mjs",
Lines changed: 168 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,168 @@
1+
#!/usr/bin/env node
2+
3+
import { execFileSync } from 'node:child_process';
4+
import { existsSync, readFileSync } from 'node:fs';
5+
import path from 'node:path';
6+
import { fileURLToPath } from 'node:url';
7+
8+
const __filename = fileURLToPath(import.meta.url);
9+
const __dirname = path.dirname(__filename);
10+
const defaultRepoRoot = path.resolve(__dirname, '..');
11+
12+
function read(root, relativePath) {
13+
return readFileSync(path.join(root, relativePath), 'utf8');
14+
}
15+
16+
function exists(root, relativePath) {
17+
return existsSync(path.join(root, relativePath));
18+
}
19+
20+
function git(root, args) {
21+
return execFileSync('git', args, { cwd: root, encoding: 'utf8' }).trim();
22+
}
23+
24+
function assertCheck(failures, condition, message) {
25+
if (!condition) failures.push(message);
26+
}
27+
28+
function normalize(content) {
29+
return content.replace(/\s+/gu, ' ').trim();
30+
}
31+
32+
function parseArgs(argv) {
33+
const args = { repoRoot: defaultRepoRoot, skipBranchCheck: false };
34+
for (let index = 0; index < argv.length; index += 1) {
35+
const arg = argv[index];
36+
if (arg === '--repo-root') args.repoRoot = path.resolve(argv[++index]);
37+
else if (arg === '--skip-branch-check') args.skipBranchCheck = true;
38+
else if (arg === '--help' || arg === '-h') args.help = true;
39+
else throw new Error(`Unknown argument ${arg}`);
40+
}
41+
return args;
42+
}
43+
44+
function printHelp() {
45+
process.stdout.write(
46+
[
47+
'Usage: node scripts/check-v45-gate7-interface-authority-disclosure-boundaries.mjs [--skip-branch-check] [--repo-root <path>]',
48+
'',
49+
'Checks the V45 interface authority and source-safe disclosure boundary atom.',
50+
].join('\n'),
51+
);
52+
process.stdout.write('\n');
53+
}
54+
55+
function main() {
56+
const args = parseArgs(process.argv.slice(2));
57+
if (args.help) {
58+
printHelp();
59+
return;
60+
}
61+
62+
const root = args.repoRoot;
63+
const failures = [];
64+
const pointer = read(root, 'BITCODE_SPEC.txt').trim();
65+
66+
assertCheck(failures, pointer === 'V44', `BITCODE_SPEC.txt must remain V44 during V45 atom work. Observed ${pointer || 'empty'}.`);
67+
68+
if (!args.skipBranchCheck) {
69+
const branch = git(root, ['branch', '--show-current']);
70+
assertCheck(
71+
failures,
72+
branch === 'version/v45' || /^v45\/gate-\d+-[a-z0-9][a-z0-9-]*$/u.test(branch),
73+
`V45 work must occur on version/v45 or v45/gate-N-* branches. Observed ${branch || 'detached HEAD'}.`,
74+
);
75+
}
76+
77+
for (const relativePath of [
78+
'BITCODE_SPEC_V45_NOTES.md',
79+
'BITCODE_SPEC_V44.md',
80+
'BITCODE_SPEC.txt',
81+
'package.json',
82+
'scripts/check-v45-gate6-spec-consolidation-sequencing.mjs',
83+
]) {
84+
assertCheck(failures, exists(root, relativePath), `Missing required V45 Gate 7 file: ${relativePath}`);
85+
}
86+
87+
const notes = read(root, 'BITCODE_SPEC_V45_NOTES.md');
88+
const normalizedNotes = normalize(notes);
89+
const packageJson = read(root, 'package.json');
90+
91+
for (const phrase of [
92+
'V45 protocol atom 6: interface authority and disclosure boundaries',
93+
'The remaining protocol gap is exact interface authority',
94+
'before settlement, after preview, after quote, after payment observation, after finality, after BTD rights transfer, and after repository delivery',
95+
'All Bitcode interfaces are protocol windows into the same AssetPack, BTD, BTC, proof, ledger, database, storage, and delivery state',
96+
'No interface is an independent source of protocol law',
97+
'source-safe for that party',
98+
'traced to the required proof root, ledger/database readback, storage root, workflow receipt, or generated canonical specification',
99+
'Canonical interface authority is',
100+
'`/deposit`',
101+
'claiming final BTD size, reader ownership, final BTC proceeds, or public source visibility before a paid Need-Fit settlement exists',
102+
'`/read`',
103+
'exposing unpaid AssetPack source',
104+
'`/packs`',
105+
'Searchable master-detail projection of network activity',
106+
'API/MCP',
107+
'returning more data than the corresponding human interface is entitled to see',
108+
'ChatGPT App',
109+
'presenting conversational text as final settlement',
110+
'Bitcode Chat',
111+
'leaking raw prompts, raw provider responses, protected source, wallet private material, or unpaid source-bearing pack content',
112+
'Public docs and landing pages',
113+
'representing live transaction state, buyer entitlement, seller proceeds, or private network facts without a linked authoritative surface',
114+
'Canonical disclosure boundary is',
115+
'`before-settlement`',
116+
'unpaid AssetPack source, raw protected source, secrets, raw prompts, raw provider responses, final rights, final BTD ownership, or final BTC settlement',
117+
'`after-preview`',
118+
'source-safe Need-Fit measurements',
119+
'source-bearing implementation contents',
120+
'`after-quote`',
121+
'deterministic BTC quote, quote expiry, wallet/network, BTD volume/range posture',
122+
'`after-payment-observation`',
123+
'treating observation as confirmed finality',
124+
'`after-finality`',
125+
'exposing source before settlement readback and BTD rights transfer',
126+
'`after-btd-rights-transfer`',
127+
'entitled Reader boundary, source unlock authorization, rights receipt',
128+
'`after-repository-delivery`',
129+
'delivery PR/commit receipt, entitled repository visibility',
130+
'Interface disclosure law',
131+
'fail closed to the narrowest source-safe state',
132+
'Human and machine interfaces must use the same entitlement boundary',
133+
'Public docs and landing pages may explain the protocol and commercial experience',
134+
'Conversational interfaces may guide and summarize',
135+
'must never collapse preview, quote, observed payment, finality, rights transfer, delivery, and compensation into a single "done" state',
136+
'Acceptance for this atom',
137+
'one protocol law across all surfaces',
138+
'source-safe user-visible statements before paid entitlement',
139+
'explicit non-final language for preview/quote/payment observation',
140+
'authoritative readback for final settlement and rights transfer',
141+
'repository delivery visibility only for the entitled Reader boundary',
142+
]) {
143+
assertCheck(failures, normalizedNotes.includes(phrase), `V45 Gate 7 notes must include phrase: ${phrase}`);
144+
}
145+
146+
assertCheck(
147+
failures,
148+
packageJson.includes('"check:v45-gate7": "node scripts/check-v45-gate7-interface-authority-disclosure-boundaries.mjs"'),
149+
'package.json must expose check:v45-gate7.',
150+
);
151+
152+
if (failures.length > 0) {
153+
process.stderr.write('V45 Gate 7 interface authority and disclosure boundary check failed:\n');
154+
for (const failure of failures) process.stderr.write(`- ${failure}\n`);
155+
process.exitCode = 1;
156+
return;
157+
}
158+
159+
process.stdout.write('V45 Gate 7 interface authority and disclosure boundary check passed.\n');
160+
}
161+
162+
try {
163+
main();
164+
} catch (error) {
165+
const detail = error instanceof Error ? error.message : String(error);
166+
process.stderr.write(`${detail}\n`);
167+
process.exitCode = 1;
168+
}

0 commit comments

Comments
 (0)