SSM-Clock Stamp – Operational Playbook (4.6)

Purpose. A minimal, repeatable workflow for producing, verifying, anchoring, and auditing SSM-Clock Stamp artifacts — fully offline, plain ASCII, and deterministic.

Day-0 setup (once)

  • Locations. Create folders: files/, sidecars/, ledger/, anchors/.
  • Policy note (ASCII). Freeze rounding/precision and enabled algos, e.g.:
    theta_prec=5; float=ieee75464; algo=sha256; chain_algo=sha256; leap_second=ban
  • Initialize ledger. Start with chain_0 = "0"*64 (no file yet).

Routine: on create/update (stamp)

  1. Produce the artifact A.
  2. Run stamp --file A [--kv "k1=v1;..."] [--ledger ledger/ledger.txt].
  3. Persist the single-line stamp next to the file as a sidecar: sidecars/A.stamp.
  4. Append the same line to ledger/ledger.txt (append-only).
  • Determinism reminders. Hash exact bytes; iso_utc = "YYYY-MM-DDThh:mm:ssZ"; print theta_deg with exactly theta_prec digits using round-half-to-even; digests are lowercase 64-hex.

Routine: on consume (verify before use)

  • Run verify --file A --stamp "$(cat sidecars/A.stamp)" [--ledger ledger/ledger.txt].
  • Require: HASH_OK=true, CLOCK_OK=true; if a ledger is available then CHAIN_OK=true.
  • Gate the action on VERDICT=PASS.

Daily close (anchor once per UTC day)

  1. Select stamps whose iso_utc share the UTC day key YYYY-MM-DD.
  2. Canonical order by (iso_utc, stamp_core, chain) where
    stamp_core = "SSMCLOCK1|" + iso_utc + "|" + rasi_idx + "|" + theta_deg + "|" + sha256(file).
  3. Compute the roll-up: rollup_D = sha256( ascii(Stamp_1 "|" ... "|" Stamp_n) ).
  4. Publish a tiny ASCII note in anchors/ (and/or externally) with:
    date, count, rollup_algo=sha256, rollup_sha256, sort=iso_utc,stamp_core,chain, source=<ledger|sidecars>.
  5. (Optional) Add witnesses: witness_chain_tip=<64-hex>, policy_sha256=<64-hex>.

Periodic audit (weekly or on demand)

  • Verify all: verify-all [--today] to recompute per-file checks, rewalk the ledger, and confirm anchor parity.
  • Dual-source parity: recompute the daily anchor from ledger and sidecars; expect identical rollup_D and count.
  • Report (ASCII). Summarize: Verified files: <N> PASS:<p> FAIL:<f> Orphan sidecars:<o>.

Incident response (deterministic triage)

  1. FAIL on HASH: treat as tamper/replace; restore from source.
  2. FAIL on CLOCK: re-emit iso_utc shape; ensure fixed-digit theta_deg formatting; reject :60.
  3. FAIL on CHAIN: rewalk to find the first bad row; restore ledger from sidecars (append-only rebuild from chain_0 = "0"*64).
  4. ANCHOR mismatch: rebuild selection → canonical order → literal join → hash; fix missing/extra lines; republish note.

Minimal policies (ASCII, copy-ready)

LEAP_SECOND=ban
FLOAT=ieee75464
THETA_PREC=5
ALGO=sha256
CHAIN_ALGO=sha256
KV_UNKNOWN=ignore
ANCHOR_ALGO=sha256

Operator checklist (one-page)

  • Stamp: SSMCLOCK1|iso_utc|rasi_idx|theta_deg|sha256(file)|chain[|kv:...]
  • UTC only: YYYY-MM-DDThh:mm:ssZ (no subseconds; 23:59:60 forbidden)
  • Angles: fixed theta_prec digits, banker’s rounding (binary64)
  • Digests: lowercase 64-hex
  • Chain step: chain_k = H_chain( ascii(chain_{k-1} + "|" + stamp_core) ) with chain_0 = "0"*64
  • Anchor: rollup_D = sha256( ascii(Stamp_1 "|" ... "|" Stamp_n) ) after canonical order
  • Unknown kv: keys: ignore; duplicates/invalid domains → FAIL

Navigation
Back: SSM-Clock Stamp – Minimal Verifier Pseudocode (4.5)
Next: SSM-Clock Stamp – Validation Suite Overview (5)