From a43cd1a8d7b7e1b36c4614d2d16a6170ce375d46 Mon Sep 17 00:00:00 2001
From: root <root@mtl-01.infrafabric.io>
Date: Sun, 28 Dec 2025 13:55:43 +0000
Subject: [PATCH] docs(ifttt): make receipts chronological

---
 IF_TTT_THE_SKELETON_OF_EVERYTHING_.md | 65 ++++++++++++++++++++++++---
 1 file changed, 60 insertions(+), 5 deletions(-)

diff --git a/IF_TTT_THE_SKELETON_OF_EVERYTHING_.md b/IF_TTT_THE_SKELETON_OF_EVERYTHING_.md
index b4c03eb..625dd34 100644
--- a/IF_TTT_THE_SKELETON_OF_EVERYTHING_.md
+++ b/IF_TTT_THE_SKELETON_OF_EVERYTHING_.md
@@ -7,10 +7,10 @@
 **Research Paper: Traceable, Transparent, Trustworthy AI Governance**
 
 **Author:** Danny Stocker, InfraFabric Research
-**Date:** December 2, 2025
-**Version:** 2.0 (Legal Voice Edition)
-**IF.citation:** `if://doc/ttt-skeleton-paper/v2.0`
-**Word Count:** ~15,000 words (1,343 lines)
+**Date:** December 28, 2025
+**Version:** 2.1 (Receipt-First Chronology + Public Receipts)
+**IF.citation:** `if://doc/ttt-skeleton-paper/v2.1`
+**Word Count:** ~15,000 words
 **Status:** Production Documentation
 
 ---
@@ -125,6 +125,59 @@ No trace, no trust. Simple as that.
 
 ---
 
+## 1.4 The IF.TTT Lifecycle (Chronological, Receipt-First)
+
+The rest of this paper explains *why* IF.TTT works (pillars, protocols, infrastructure). But IF.TTT succeeds or fails in a sequence.
+
+Below is the chronological chain-of-custody path that turns a document, decision, or output into something a skeptical reader can verify without credentials.
+
+### 1.4.1 The sequence (what happens, in order)
+
+**Required steps:**
+
+1. **Capture the source** (PDF or URL) and compute a stable fingerprint (`source_sha256`).
+2. **Generate the output** (report, dossier, decision) and compute its fingerprint (`output_sha256`).
+3. **Create a trace record** (`trace_id` UUID) binding `source_sha256` ⇄ `output_sha256`.
+4. **Publish the public receipts** under stable, no-login aliases:
+   - `/static/pack/<shareId>.md` (single-link bundle)
+   - `/static/dossier/<shareId>` (+ `/download`)
+   - `/static/trace/<shareId>` (receipt page)
+   - `/static/source/<sha256>.pdf` (source mirror)
+5. **Verification** is now possible by anyone:
+   - Hash the downloaded output → compare to `Output sha256` in the trace.
+   - Hash the downloaded source → compare to `Source sha256` in the trace.
+
+**Optional step (stronger receipts):**
+
+6. **Export a triage bundle** for offline verification (downloadable `.tar.gz`):
+   - `lightweight`: ids + hashes + URLs + trace (small receipt)
+   - `standard`: + dossier + day pack (reviewable bundle)
+   - `full`: + marketing + week pack (archive/audit pack)
+7. **Verify offline** using the public verifier (`iftrace.py`) against expected SHA256.
+
+### 1.4.2 A live example (the “first bite”)
+
+If IF.TTT is real, a skeptical reader should be able to “taste it” immediately: open a receipt, download an artifact, hash it, and see the numbers match.
+
+Example share surface (no login):
+
+- Pack (single link): https://infrafabric.io/static/pack/6qRgcR01kw_qNo63Dbs_ob9n.md
+- Dossier (rendered): https://infrafabric.io/static/dossier/6qRgcR01kw_qNo63Dbs_ob9n
+- Trace (receipt): https://infrafabric.io/static/trace/6qRgcR01kw_qNo63Dbs_ob9n
+- Source (PDF): https://infrafabric.io/static/source/6153a5998fe103e69f6d5b6042fbe780476ff869a625fcf497fd1948b2944b7c.pdf
+
+Optional triage selector (bundle downloads + expected SHA256):
+
+- https://infrafabric.io/static/hosted/review/trace-bundles/d70ed99a/index.md
+
+### 1.4.3 Why this matters
+
+Most systems explain their governance. IF.TTT publishes receipts.
+
+The “trace” is not a closing paragraph. It is the start of trust: a chain-of-custody surface that exists before anyone asks for it.
+
+---
+
 # 2. The Three Pillars: Traceable, Transparent, Trustworthy
 
 ## 2.1 Traceable: Every Claim Links to Evidence
@@ -148,6 +201,8 @@ A claim without a source is noise. A claim with a source is information. The dif
 
 IF.TTT is not only an internal `if://` scheme. It also has a **public receipt surface** designed for external reviewers who should not need credentials to verify provenance.
 
+**Where this fits in the lifecycle:** this section is the detailed spec for steps **4–7** in §1.4 (public receipts + optional triage bundles). It is not a bolt-on; it is the external interface of the Traceable pillar.
+
 **No-login share aliases (stable):**
 - Single-link bundle (recommended): `https://infrafabric.io/static/pack/<shareId>.md`
 - Marketing-safe excerpt: `https://infrafabric.io/static/marketing/<shareId>.md`
@@ -2418,7 +2473,7 @@ And that skeleton can hold the weight of whatever we build on top of it.
 
 ## Appendix C: Citation URIs in This Document
 
-- `if://doc/ttt-skeleton-paper/v2.0` - This paper
+- `if://doc/ttt-skeleton-paper/v2.1` - This paper
 - `if://doc/if-ttt-compliance-framework/2025-12-01` - Main TTT research
 - `if://doc/if-swarm-s2-comms/2025-11-26` - Redis bus architecture
 - `if://doc/if-guard-council-framework/2025-12-01` - Guardian council