Skip to content

Model Mutation and Evidence Accountability ontology and SHACL gates #60

Description

@mdheller

Purpose

Add ontology classes and SHACL gates for SourceOS Mutation and Evidence Accountability.

Canonical spec PR:

SourceOS-Linux/sourceos-spec#96

Required ontology classes

  • MutationReceipt
  • ExecutionContextReceipt
  • ServiceWorkReceipt
  • EvidencePipelineReceipt
  • ActorChain
  • DelegatedMutation
  • EvidenceQuality
  • SensorState
  • CompromiseAssessment
  • PathClass
  • ResourceCost
  • PolicyDecision
  • TemporaryArtifact
  • SyncCycle
  • DiagnosticSelfNoise

Required SHACL gates

  • Reject compromise clearance when sensor state is blind, degraded, or missing.
  • Reject delegated mutation without origin/requesting/execution/storage actor chain where applicable.
  • Reject extension-primary browser write attribution when visible extension inventory is empty and no hidden/system/policy add-on evidence exists.
  • Reject archive extraction receipts without path boundary and cleanup accounting.
  • Reject diagnostic observer-effect receipts that allow clearance with redacted or partial evidence.

Acceptance criteria

  • Valid fixtures from SourceOS spec PR docs(module-map): add post-consolidation ontology tranches #96 can be represented in the ontology.
  • Invalid anti-pattern fixtures fail SHACL validation.
  • Ontology includes enough semantics for evidence console and policy gates to reason about evidence quality, attribution, and clearance limits.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions