Skip to content

Commit c406ce7

Browse files
Add cross-system authorization invariant
1 parent 5cc2a1a commit c406ce7

1 file changed

Lines changed: 11 additions & 0 deletions

File tree

COMPLIANCE.md

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -18,3 +18,14 @@
1818
| ASI08 | Cascading Failures | Partial | trail.py tracing; circuit breaker planned |
1919
| ASI09 | Insecure Output Handling | Partial | codebank.py; downstream validation planned |
2020
| ASI10 | Shared Resource Abuse | Partial | Redis controlled via RealAgentID signatures |
21+
22+
## Cross-System Authorization Invariant
23+
24+
A valid section must satisfy three independent conditions:
25+
26+
1. Keypair Authenticity (RealAgentID) - the agent is who it claims to be
27+
2. Scope-Gate Binding (RealAgentID) - the credential is valid for this gate and task
28+
3. Blueprint Provenance Integrity (Ira) - the artifact being acted on matches its TrailStax-committed hash
29+
30+
Satisfaction of any one or two conditions does not constitute authorizatiion.
31+
This invariant applis across RealAgentID, TrailStax, and Ira-Digital-Blueprints.

0 commit comments

Comments
 (0)