Add clean and data-driven dossier editions

2025-12-22 02:05:03 +00:00 · 2025-12-22 02:05:03 +00:00 · 8c1c448f28
commit 8c1c448f28
parent 0e77226d29
3 changed files with 417 additions and 13 deletions
--- a/DANNY_STOCKER_INFRAFABRIC_DOSSIER.md
+++ b/DANNY_STOCKER_INFRAFABRIC_DOSSIER.md
@ -31,9 +31,9 @@ This dossier documents the **InfraFabric microlab**: a functioning single-shard

 | Core claim | Proof (artifacts) | Limitation (scope / boundary) |
 |---|---|---|
-| **A) Traceability is safety.** High‑stakes agents cannot be trusted without a verifiable history of what happened (request → retrieval → decision → output). | **IF.TTT + evidence bundles**: the IF.emotion trace protocol ships a portable tarball + manifest + verifier steps that a third party can run.<br/>Start here: [IF.emotion trace protocol (v3.3, styled) — end‑to‑end verification appendix](https://infrafabric.io/static/hosted/IF_EMOTION_DEBUGGING_TRACE_WHITEPAPER_v3.3_STYLED.md). | **Microlab / single shard.** Proven in a single-host environment. Completeness is bounded by explicit witness boundaries; PQ is anchored at registry time (not necessarily on every hot-path artifact). No public append‑only transparency log yet. |
-| **B) Governance requires plurality.** A single model acting as “the judge” is brittle; adversarial viewpoints and escalation are required. | **IF.BIAS → IF.GUARD**: risk preflight sizes councils and escalates; councils preserve dissent and veto paths; decisions are traced. Pointers: IF.BIAS, IF.GUARD, IF.5W sections. | **Cost / latency tradeoffs.** Multi-seat governance is reserved for higher-stakes decisions; low-stakes paths use smaller councils or fast-track gates. |
-| **C) Context is the best firewall.** Static filters fail; security must distinguish “reference” vs “leak” and “discussion” vs “exfiltration”. | **IF.ARMOUR + IF.YOLOGUARD**: epistemic/anomaly detection primitives and secret/relationship screening patterns (architecture + docs). | **Domain specificity.** Calibrated for concrete security surfaces (secrets/PII/prompt injection); generalizing to broader “harmful intent” is an open research vector. |
+| **A) Traceability is safety.** High‑stakes agents cannot be trusted without a verifiable history of what happened (request → retrieval → decision → output). | **IF.TTT + evidence bundle + verifier**<br/>- Paper: [IF.emotion trace protocol (v3.3, styled)](https://infrafabric.io/static/hosted/IF_EMOTION_DEBUGGING_TRACE_WHITEPAPER_v3.3_STYLED.md)<br/>- Verifier: `https://infrafabric.io/static/hosted/iftrace.py`<br/>- Reference bundle: `emo_trace_payload_016cca78-6f9d-4ffe-aec0-99792d383ca1.tar.gz` | **Microlab / single shard.** Proven in a single-host environment. Completeness is bounded by explicit witness boundaries; PQ is anchored at registry time (not necessarily on every hot-path artifact). No public append‑only transparency log yet. |
+| **B) Governance requires plurality.** A single model acting as “the judge” is brittle; adversarial viewpoints and escalation are required. | **IF.BIAS → IF.GUARD**<br/>- IF.BIAS: risk preflight sizes councils and escalates<br/>- IF.GUARD: councils preserve dissent and veto paths<br/>- IF.5W: structured inquiry briefs for councils | **Cost / latency tradeoffs.** Multi-seat governance is reserved for higher-stakes decisions; low-stakes paths use smaller councils or fast-track gates. |
+| **C) Context is the best firewall.** Static filters fail; security must distinguish “reference” vs “leak” and “discussion” vs “exfiltration”. | **IF.ARMOUR + IF.YOLOGUARD**<br/>- IF.ARMOUR: epistemic coherence checks (detective layer)<br/>- IF.YOLOGUARD: secret/relationship screening primitives | **Domain specificity.** Calibrated for concrete security surfaces (secrets/PII/prompt injection); generalizing to broader “harmful intent” is an open research vector. |

 ### Rosetta Stone (Closest Analog, not “equals”)

@ -322,13 +322,13 @@ This is the connective tissue for the corpus: each paper points to the next laye

 ```mermaid
 flowchart TD
-  MASTER["Master Whitepaper\nINFRAFABRIC_MASTER_WHITEPAPER"] --> TTT["IF_TTT_THE_SKELETON_OF_EVERYTHING"]
+  MASTER["Master Whitepaper<br/>INFRAFABRIC_MASTER_WHITEPAPER"] --> TTT["IF_TTT_THE_SKELETON_OF_EVERYTHING"]
  MASTER --> GUARD["IF_GUARD_COUNCIL_FRAMEWORK"]
  MASTER --> PACKET["IF_PACKET_TRANSPORT_FRAMEWORK"]
  GUARD --> FIVEW["IF_5W_STRUCTURED_INQUIRY_FRAMEWORK"]
  TTT --> STORY["IF_STORY_NARRATIVE_LOGGING"]
  TTT --> EMOTION["IF_EMOTION_WHITEPAPER"]
-  EMOTION --> EMOOPS["emo-social runtime\n(trace_log + RAG)"]
+  EMOTION --> EMOOPS["emo-social runtime<br/>(trace_log + RAG)"]
  PACKET --> SWARM["IF_SWARM-S2-COMMS"]

 ```
@ -379,8 +379,7 @@ Next steps (TTT hardening): enforce “cite only retrieved chunks” in response
 _Source: `Danny Stocker - CV - InfraFabric.pdf`_

 **Contact**
- Email: danny.stocker@gmail.com
- Phone: +(33) 6 52 48 90 17
+- Email: ds@infrafabric.io
 - Web: https://digital-lab.ca/dannystocker

 **Headline**
@ -439,6 +438,10 @@ InfraFabric is the operating system that turns AI from a chatbot into a reliable

 ## Index

+- Submission editions (recommended first read):
+  - [Submission Edition (Clean)](DANNY_STOCKER_INFRAFABRIC_DOSSIER_SUBMISSION_EDITION.md)
+  - [Data‑Driven Technical Report (Microlab)](DANNY_STOCKER_INFRAFABRIC_DOSSIER_DATA_DRIVEN_EDITION.md)
+
 - [00. The Bridge: Submission Pack (Reviewer Orientation)](#bridge-submission-pack)

 ### External audit artifacts (public, reviewer-friendly)
@ -446,6 +449,7 @@ InfraFabric is the operating system that turns AI from a chatbot into a reliable
 These artifacts are published in a dedicated repo and mirrored to a static directory for reliable downloads (avoids intermittent Forgejo “raw” quirks).

 - Public static mirror (preferred): `https://infrafabric.io/static/hosted/`
+- Dossier viewer (renders markdown + anchors): `https://infrafabric.io/static/hosted/dossier_site/index.html`
 - Source repo: `https://git.infrafabric.io/danny/hosted`

 Key artifacts:
@ -3445,7 +3449,7 @@ Special thanks to:

 **License:** Creative Commons Attribution 4.0 International (CC BY 4.0)
 **Code:** Available at https://git.infrafabric.io/dannystocker
-**Contact:** InfraFabric Project (danny.stocker@gmail.com)
+**Contact:** InfraFabric Project (ds@infrafabric.io)

 ---

@ -6854,7 +6858,7 @@ The InfraFabric project is open research—all methodologies, frameworks, and va

 **License:** Creative Commons Attribution 4.0 International (CC BY 4.0)
 **Code & Data:** Available at https://git.infrafabric.io/dannystocker
-**Contact:** Danny Stocker (danny.stocker@gmail.com)
+**Contact:** Danny Stocker (ds@infrafabric.io)
 **arXiv Category:** cs.AI, cs.SE, cs.HC

 ---
@ -31072,12 +31076,12 @@ IF.bus mirrors this architecture for AI agent coordination and financial service

 ```mermaid
 flowchart TD
-  BUS["IF.bus motherboard v2.0"] --> CHIPS["Core chips\nIF.guard • IF.witness • IF.yologuard • IF.emotion"]
-  BUS --> LANES["Bus lanes\nDDS • Redis pub/sub"]
-  BUS --> SLOTS["Expansion slots\nif.api adapters (9)"]
+  BUS["IF.bus motherboard v2.0"] --> CHIPS["Core chips<br/>IF.guard • IF.witness • IF.yologuard • IF.emotion"]
+  BUS --> LANES["Bus lanes<br/>DDS • Redis pub/sub"]
+  BUS --> SLOTS["Expansion slots<br/>if.api adapters (9)"]
  BUS --> FIRMWARE["IF.ground firmware"]
  BUS --> POWER["IF.connect power"]
-  SLOTS --> SLOT9["African fintech slot\n4 adapters"]
+  SLOTS --> SLOT9["African fintech slot<br/>4 adapters"]
  CHIPS --> TTT["IF.TTT | Distributed Ledger traceability"]

 ```
--- a/DANNY_STOCKER_INFRAFABRIC_DOSSIER_DATA_DRIVEN_EDITION.md
+++ b/DANNY_STOCKER_INFRAFABRIC_DOSSIER_DATA_DRIVEN_EDITION.md
@ -0,0 +1,193 @@
+# InfraFabric Dossier — Data‑Driven Technical Report (Microlab) v1.0
+
+**Subject:** Measured characteristics of the IF.TTT trace pipeline (microlab)  
+**Protocol:** IF.TTT.dossier.metrics  
+**Status:** TECHNICAL REPORT (BORING ON PURPOSE)  
+**Date:** 2025-12-22  
+**Citation:** `if://doc/INFRAFABRIC_DOSSIER_DATA_DRIVEN/v1.0`  
+**Author:** Danny Stocker (`ds@infrafabric.io`)  
+**Web:** https://infrafabric.io  
+
+This edition intentionally avoids narrative framing. It reports what can be measured, what cannot, and what is planned.
+
+**Canonical (static mirror):** `https://infrafabric.io/static/hosted/DANNY_STOCKER_INFRAFABRIC_DOSSIER_DATA_DRIVEN_EDITION.md`  
+**Repo source:** `https://git.infrafabric.io/danny/hosted/src/branch/main/DANNY_STOCKER_INFRAFABRIC_DOSSIER_DATA_DRIVEN_EDITION.md`  
+**SHA256 (sidecar):** `https://infrafabric.io/static/hosted/DANNY_STOCKER_INFRAFABRIC_DOSSIER_DATA_DRIVEN_EDITION.md.sha256`  
+**Verify:** `curl -fsSLO 'https://infrafabric.io/static/hosted/DANNY_STOCKER_INFRAFABRIC_DOSSIER_DATA_DRIVEN_EDITION.md' -fsSLO 'https://infrafabric.io/static/hosted/DANNY_STOCKER_INFRAFABRIC_DOSSIER_DATA_DRIVEN_EDITION.md.sha256' && sha256sum -c DANNY_STOCKER_INFRAFABRIC_DOSSIER_DATA_DRIVEN_EDITION.md.sha256`
+
+---
+
+## 1) Scope
+
+This report covers:
+
+- the IF.emotion evidence bundle format (tar.gz + manifest)
+- measured latencies recorded in trace events (`auth_ms`, `rag_ms`, `llm_ms`) for a small sample of published bundles
+- storage footprint of published bundles
+
+This report does **not** claim:
+
+- production scalability
+- clinical validity
+- “truth” of model outputs (only provenance of what the system did)
+
+---
+
+## 2) Data Sources (Public, Verifiable)
+
+All artifacts referenced here are publicly downloadable and hash-verifiable.
+
+Static mirror (preferred): `https://infrafabric.io/static/hosted/`  
+Source repo: `https://git.infrafabric.io/danny/hosted`
+
+### 2.1 Evidence bundles used in this report
+
+| Trace | Bundle | SHA256 sidecar |
+|---|---|---|
+| `016cca78-6f9d-4ffe-aec0-99792d383ca1` | `https://infrafabric.io/static/hosted/emo_trace_payload_016cca78-6f9d-4ffe-aec0-99792d383ca1.tar.gz` | `https://infrafabric.io/static/hosted/emo_trace_payload_016cca78-6f9d-4ffe-aec0-99792d383ca1.tar.gz.sha256` |
+| `0642c357-7f8d-4eb5-9643-1992e7ee14a9` | `https://infrafabric.io/static/hosted/emo_trace_payload_0642c357-7f8d-4eb5-9643-1992e7ee14a9.tar.gz` | `https://infrafabric.io/static/hosted/emo_trace_payload_0642c357-7f8d-4eb5-9643-1992e7ee14a9.tar.gz.sha256` |
+| `09aad3e1-f420-451e-a189-e86f68073dc0` | `https://infrafabric.io/static/hosted/emo_trace_payload_09aad3e1-f420-451e-a189-e86f68073dc0.tar.gz` | `https://infrafabric.io/static/hosted/emo_trace_payload_09aad3e1-f420-451e-a189-e86f68073dc0.tar.gz.sha256` |
+| `96700e8e-6a83-445e-86f7-06905c500146` | `https://infrafabric.io/static/hosted/emo_trace_payload_96700e8e-6a83-445e-86f7-06905c500146.tar.gz` | `https://infrafabric.io/static/hosted/emo_trace_payload_96700e8e-6a83-445e-86f7-06905c500146.tar.gz.sha256` |
+
+### 2.2 Verification command (bundle transport integrity)
+
+```bash
+curl -fsSLO '<BUNDLE_URL>' -fsSLO '<BUNDLE_URL>.sha256' && sha256sum -c '<BUNDLE_FILENAME>.sha256'
+```
+
+### 2.3 Verifier tool
+
+- Static: `https://infrafabric.io/static/hosted/iftrace.py`
+- Repo: `https://git.infrafabric.io/danny/hosted/raw/branch/main/iftrace.py`
+
+Run:
+
+```bash
+python3 iftrace.py verify '<BUNDLE_FILENAME>.tar.gz'
+```
+
+---
+
+## 3) Measurement Method (How Numbers Are Obtained)
+
+For each bundle:
+
+1. extract `payload/trace_events.jsonl`
+2. read per-event `event.data`:
+   - `request_received.data.auth_ms`
+   - `retrieval_done.data.rag_ms` (when present)
+   - `model_done.data.llm_ms` (when present)
+3. treat these values as **self-reported microlab timings** (they are not externally attested)
+
+Key point: even if the numbers are not “audited”, the bundle makes them *replayable* and makes the presence/absence of events *auditable*.
+
+---
+
+## 4) Architecture Boundary (Where Guarantees Begin)
+
+```mermaid
+flowchart TB
+  U[User] -->|HTTPS| E[Edge]
+  E --> B[Backend Witness Boundary]
+
+  B --> R[Retrieval]
+  B --> P[Prompt]
+  B --> M[Model]
+  B --> X[Postprocess]
+
+  B --> T1["REQ_SEEN ledger<br/>(hourly JSONL)"]
+  B --> T2["Trace events<br/>(hash chain JSONL)"]
+  B --> T3["Signed summary<br/>(output hash + head attestation)"]
+
+  T1 --> H["Signed Merkle head<br/>(per hour)"]
+  T2 --> S["Trace head<br/>(event_hash)"]
+
+  H --> BUNDLE["Evidence bundle<br/>(tar.gz + manifest)"]
+  S --> BUNDLE
+  T3 --> BUNDLE
+
+  BUNDLE --> MIRROR["Static mirror<br/>(public download)"]
+```
+
+Interpretation: integrity begins at the backend witness boundary; completeness is meaningful at and after that boundary until edge witnessing exists.
+
+---
+
+## 5) Observed Sample Metrics (N=4 Bundles)
+
+### 5.1 Bundle sizes (storage footprint)
+
+| Trace | Outcome | Bundle size |
+|---|---|---:|
+| `016cca78-6f9d-4ffe-aec0-99792d383ca1` | full trace (retrieval + model) | 82,010 bytes |
+| `0642c357-7f8d-4eb5-9643-1992e7ee14a9` | full trace (retrieval + model) | 5,515 bytes |
+| `09aad3e1-f420-451e-a189-e86f68073dc0` | full trace (retrieval + model) | 71,817 bytes |
+| `96700e8e-6a83-445e-86f7-06905c500146` | guard short-circuit (no retrieval/model) | 82,410 bytes |
+
+Notes:
+
+- N is small; treat these as indicative examples, not stable distributions.
+- The short-circuit bundle being large indicates that “blocked paths” can still carry substantial evidence payloads (depending on included artifacts).
+
+### 5.2 Latency fields recorded in trace events
+
+| Trace | `auth_ms` | `rag_ms` | `llm_ms` | `retrieved_count` | Notes |
+|---|---:|---:|---:|---:|---|
+| `016cca78-6f9d-4ffe-aec0-99792d383ca1` | 3 | 1107 | 10550 | 1 | request → retrieval → model |
+| `0642c357-7f8d-4eb5-9643-1992e7ee14a9` | 4 | 383 | 12287 | 2 | request → retrieval → model |
+| `09aad3e1-f420-451e-a189-e86f68073dc0` | 4 | 1377 | 17879 | 2 | request → retrieval → model |
+| `96700e8e-6a83-445e-86f7-06905c500146` | 5 | (n/a) | (n/a) | (n/a) | guard short-circuit reason: `self_harm_signal` |
+
+Derived from the sample (successful traces only; N=3):
+
+- `rag_ms`: min 383, median 1107, max 1377
+- `llm_ms`: min 10550, median 12287, max 17879
+
+---
+
+## 6) What This Sample Demonstrates
+
+From the published bundles, an external reviewer can verify (cryptographically / structurally):
+
+- the chain-of-custody wiring exists (hash chain + signed summary + inclusion proof)
+- “short-circuit” decisions are still witnessed and included in the trace log (a critical property for dispute resolution)
+
+An external reviewer cannot verify (from the bundle alone):
+
+- the correctness of the output in the outside world
+- the completeness of events *before* the backend witness boundary (edge drops / load balancer denials)
+- the integrity of local keys (key custody, rotation, compromise response)
+
+---
+
+## 7) Engineering Roadmap (Metrics-Driven)
+
+This roadmap is written as measurable deliverables.
+
+### 7.1 Key management hardening
+
+- Add explicit key separation: `IF_REQ_SEEN_HMAC_KEY` must not fall back to signing secret.
+- Document key rotation procedure and compromise response.
+- Optional: HSM/TPM signing for production deployments.
+
+### 7.2 Edge witnessing (completeness boundary expansion)
+
+- Implement edge request attempt ledger (cryptographic, not just web logs).
+- Publish a “completeness SLO” (e.g., signed head anchored every N minutes or every N requests).
+
+### 7.3 Time and truncation defenses
+
+- Add monotonic counters (per trace and per ledger hour).
+- Anchor chain heads periodically to reduce tail truncation risk window.
+
+### 7.4 Scale testing harness
+
+- Replay harness that runs the verifier across 1000+ generated traces (including failures) and publishes summary metrics.
+
+---
+
+## 8) Companion Documents
+
+- Full dossier (uncut): `DANNY_STOCKER_INFRAFABRIC_DOSSIER.md`
+- IF.emotion trace protocol (detailed, with walkthrough): `https://infrafabric.io/static/hosted/IF_EMOTION_DEBUGGING_TRACE_WHITEPAPER_v3.3_STYLED.md`
+- Evidence bundles directory: `https://infrafabric.io/static/hosted/`
--- a/DANNY_STOCKER_INFRAFABRIC_DOSSIER_SUBMISSION_EDITION.md
+++ b/DANNY_STOCKER_INFRAFABRIC_DOSSIER_SUBMISSION_EDITION.md
@ -0,0 +1,207 @@
+# InfraFabric Dossier — Submission Edition (Clean) v1.0
+
+**Subject:** Safety-first agent runtime with verifiable provenance (microlab)  
+**Protocol:** IF.TTT.dossier.submission  
+**Status:** SUBMISSION EDITION (CLEAN)  
+**Date:** 2025-12-22  
+**Citation:** `if://doc/INFRAFABRIC_DOSSIER_SUBMISSION/v1.0`  
+**Author:** Danny Stocker (`ds@infrafabric.io`)  
+**Web:** https://infrafabric.io  
+
+> The model’s answer is ephemeral. The trace is the product. If you can’t prove what happened, you are not running an AI system — you are running a scripted reality show.
+
+**Canonical (static mirror):** `https://infrafabric.io/static/hosted/DANNY_STOCKER_INFRAFABRIC_DOSSIER_SUBMISSION_EDITION.md`  
+**Repo source:** `https://git.infrafabric.io/danny/hosted/src/branch/main/DANNY_STOCKER_INFRAFABRIC_DOSSIER_SUBMISSION_EDITION.md`  
+**SHA256 (sidecar):** `https://infrafabric.io/static/hosted/DANNY_STOCKER_INFRAFABRIC_DOSSIER_SUBMISSION_EDITION.md.sha256`  
+**Verify:** `curl -fsSLO 'https://infrafabric.io/static/hosted/DANNY_STOCKER_INFRAFABRIC_DOSSIER_SUBMISSION_EDITION.md' -fsSLO 'https://infrafabric.io/static/hosted/DANNY_STOCKER_INFRAFABRIC_DOSSIER_SUBMISSION_EDITION.md.sha256' && sha256sum -c DANNY_STOCKER_INFRAFABRIC_DOSSIER_SUBMISSION_EDITION.md.sha256`
+
+**Read this if you have 15 minutes:** start at “Independent Verification (One Trace)”, run the commands, then skim “Boundaries & Limitations”.  
+**Read this if you have 60 minutes:** add “Architecture” + “Threat Model”.  
+**For full lab notes / uncut corpus:** see `DANNY_STOCKER_INFRAFABRIC_DOSSIER.md` (≈1.5MB).
+
+---
+
+## 1) Technical Disclosure (AI-Native Implementation)
+
+This project follows an Operator-as-Architect workflow: I define constraints, interfaces, and verification hooks; LLMs generate implementation code under supervision. The system is therefore evaluated as:
+
+- **Architecture + specifications:** authored by me (the claims in this submission reference verification paths).
+- **Code implementation:** LLM-assisted and treated as *untrusted until audited*; the trace protocol is designed to make that audit possible.
+
+---
+
+## 2) What This Is (And What It Is Not)
+
+**This is:** a working microlab proving that agentic systems can ship **portable, third‑party verifiable evidence bundles** for disputed behaviors (request → retrieval → decision → output).  
+**This is not:** a claim that outputs are “true”, a claim of clinical efficacy, or a claim of production scale.
+
+---
+
+## 3) Core Claims, Proofs, Boundaries
+
+| Core claim | Proof (artifact) | Boundary / limitation |
+|---|---|---|
+| **A) Traceability is a safety primitive.** High‑stakes agent actions require verifiable provenance. | IF.emotion trace protocol + evidence bundle + verifier (see §5). | **Microlab / single shard.** Guarantees begin at the backend witness boundary; edge completeness is future work. |
+| **B) Governance needs structured dissent.** One-model “judge” patterns are brittle. | IF.BIAS (risk preflight) + IF.GUARD (council with required dissent seat) traced via IF.TTT. | **Cost/latency.** Multi-seat governance is reserved for higher-stakes decisions; low-stakes paths stay fast. |
+| **C) Context is a security control.** Static filters fail; provenance + coherence checks reduce unsafe drift. | IF.ARMOUR (coherence/detective layer) + IF.YOLOGUARD (secret/relationship screening) integrated into the pipeline. | **Domain calibration.** Strongest for concrete surfaces (secrets/PII/prompt injection); general harmful-intent is open research. |
+
+---
+
+## 4) Prior Art (Where This Fits)
+
+InfraFabric is not “inventing audit logs”. It adapts known integrity patterns to a different object:
+
+- **SLSA / SBOM / in-toto / Sigstore**: provenance for *software artifacts* → InfraFabric applies provenance discipline to *semantic decisions*, retrieval lineage, and agent actions.
+- **Certificate Transparency (CT)**: append-only Merkle logging → InfraFabric borrows “inclusion proof” thinking for bounded completeness (`REQ_SEEN`).
+- **Event sourcing / OpenTelemetry**: observability → InfraFabric adds a **verifier-oriented evidence bundle** that can be audited without trusting the operator.
+- **W3C PROV (conceptually)**: provenance graphs → InfraFabric focuses on portable, hash-addressed artifacts with explicit boundaries and replay hooks.
+
+The key differentiator is not “we log more”. It is: **we ship a dispute bundle that a hostile reviewer can verify.**
+
+---
+
+## 5) Independent Verification (One Trace, End-to-End)
+
+This is the minimal “receipt” test: download one evidence bundle, verify transport integrity, then verify the internal chain-of-custody.
+
+### 5.1 Public artifacts (preferred links)
+
+Static mirror (preferred for reviewers): `https://infrafabric.io/static/hosted/`  
+Source repo (canonical): `https://git.infrafabric.io/danny/hosted`
+
+Reference proof bundle:
+
+- Bundle (static): `https://infrafabric.io/static/hosted/emo_trace_payload_016cca78-6f9d-4ffe-aec0-99792d383ca1.tar.gz`
+- Bundle SHA256 (static): `https://infrafabric.io/static/hosted/emo_trace_payload_016cca78-6f9d-4ffe-aec0-99792d383ca1.tar.gz.sha256`
+- Bundle (repo): `https://git.infrafabric.io/danny/hosted/raw/branch/main/emo_trace_payload_016cca78-6f9d-4ffe-aec0-99792d383ca1.tar.gz`
+
+Verifier:
+
+- `iftrace.py` (static): `https://infrafabric.io/static/hosted/iftrace.py`
+- `iftrace.py` (repo): `https://git.infrafabric.io/danny/hosted/raw/branch/main/iftrace.py`
+
+### 5.2 Verify transport integrity (hash)
+
+```bash
+curl -fsSLO 'https://infrafabric.io/static/hosted/emo_trace_payload_016cca78-6f9d-4ffe-aec0-99792d383ca1.tar.gz' \
+  -fsSLO 'https://infrafabric.io/static/hosted/emo_trace_payload_016cca78-6f9d-4ffe-aec0-99792d383ca1.tar.gz.sha256'
+sha256sum -c 'emo_trace_payload_016cca78-6f9d-4ffe-aec0-99792d383ca1.tar.gz.sha256'
+```
+
+### 5.3 Verify internal chain-of-custody
+
+```bash
+curl -fsSLO 'https://infrafabric.io/static/hosted/iftrace.py'
+python3 iftrace.py verify 'emo_trace_payload_016cca78-6f9d-4ffe-aec0-99792d383ca1.tar.gz'
+```
+
+The verifier checks:
+
+- `trace_events.jsonl` forms a hash chain (`prev_hash` → `event_hash`)
+- `req_seen_inclusion_proof.json` verifies against the signed Merkle head (bounded completeness for that hour)
+- `ttt_signed_record.json` binds output hash + chain head and verifies signature
+- the bundle manifest hashes match the extracted artifacts
+
+### 5.4 What you should see
+
+You should be able to verify, from raw artifacts inside the tarball, at minimum:
+
+- `request_received` (auth/provider/model intent)
+- `retrieval_done` (retrieval ids + `rag_ms`)
+- `prompt_built` (prompt hash)
+- `model_done` (`llm_ms`, model/provider)
+- `trace_finalizing` (chain head)
+- `response.json` (the actual assistant output bytes whose hash is bound in the signed summary)
+
+If any element is missing or fails verification, the system is explicitly “not proven”.
+
+---
+
+## 6) Architecture (Where Guarantees Begin)
+
+This diagram shows the system boundary that the protocol currently guarantees.
+
+```mermaid
+flowchart TB
+  U[User] -->|HTTPS| E[Edge]
+  E --> B[Backend Witness Boundary]
+
+  B --> R[Retrieval]
+  B --> P[Prompt]
+  B --> M[Model]
+  B --> X[Postprocess]
+
+  B --> T1["REQ_SEEN ledger<br/>(hourly JSONL)"]
+  B --> T2["Trace events<br/>(hash chain JSONL)"]
+  B --> T3["Signed summary<br/>(output hash + head attestation)"]
+
+  T1 --> H["Signed Merkle head<br/>(per hour)"]
+  T2 --> S["Trace head<br/>(event_hash)"]
+
+  H --> BUNDLE["Evidence bundle<br/>(tar.gz + manifest)"]
+  S --> BUNDLE
+  T3 --> BUNDLE
+
+  BUNDLE --> MIRROR["Static mirror<br/>(public download)"]
+  BUNDLE --> REG["Registry anchor<br/>(PQ-hybrid, when enabled)"]
+```
+
+Interpretation: integrity begins at the backend witness boundary; completeness is meaningful at and after that boundary until edge witnessing exists.
+
+---
+
+## 7) Threat Model (Why Standard Logs Fail)
+
+The trace protocol is built for an explicit adversary: **the dispute**.
+
+Primary failure modes it is designed to prevent:
+
+- “The logs say one thing, the user screenshot says another.” (repudiation)
+- “A retrieval set was poisoned, then the retrieval event was deleted.” (selective deletion)
+- “A decision was claimed to be reviewed, but there is no lineage.” (audit theater)
+
+Failure mode analysis (separate artifact):
+
+- `https://infrafabric.io/static/hosted/IF_TTT_FAILURE_MODE_ANALYSIS_v1.md`
+
+---
+
+## 8) Validation Status (Honest)
+
+- **External human testing:** anecdotal pre-testing only; not clinical validation.
+- **Scale:** unproven beyond microlab; numbers are not presented as global claims.
+- **Key management / attestations:** not audit-grade yet (explicit roadmap below).
+
+---
+
+## 9) Boundaries & Roadmap (What Must Be Built Next)
+
+This is the “reviewer red‑flags” list, answered directly.
+
+### 9.1 Key management (blocker for certification)
+
+Current: file-based Ed25519 keys sufficient for microlab evidence binding.  
+Required: key generation ceremony + rotation + compromise response; HSM/TPM-backed signing for high-stakes deployments.
+
+### 9.2 Completeness boundary (edge witnessing)
+
+Current: bounded completeness begins at backend witness boundary.  
+Required: edge-level request witnessing (or independent transparency log) to reduce “selective trace” risk.
+
+### 9.3 Code identity / execution integrity
+
+Current: bundle binds outputs and retrieval lineage.  
+Required: signed deploy attestations; reproducible build digest binding; optional remote attestation in higher-assurance environments.
+
+### 9.4 Clock integrity
+
+Current: timestamps are informative, not cryptographically trusted.  
+Required: monotonic counters + periodic anchoring; external timestamping strategy for forensic-grade timelines.
+
+---
+
+## 10) Where to Go Deeper
+
+- Full dossier (uncut): `DANNY_STOCKER_INFRAFABRIC_DOSSIER.md`
+- IF.emotion trace protocol (detailed): `https://infrafabric.io/static/hosted/IF_EMOTION_DEBUGGING_TRACE_WHITEPAPER_v3.3_STYLED.md`
+- Evidence bundles directory: `https://infrafabric.io/static/hosted/`