SSM-NET — API-M, MESH-M & IoT-M (5C–5E)

Same semantics across APIs, meshes, and devices—manifest, subset, stamp; bytes unchanged.

5C. API-M (programmatic APIs)
Apply SSM-NET to REST/GraphQL/gRPC without altering transport semantics. The overlay rides as headers/metadata; payload bytes remain invariant (phi((m,a)) = m).

Binding (copy-ready).

# declarations (visible on the wire)
SSMNET-Manifest: <ManifestID>
SSMNET-Disclosure: value-only | value+band | full
SSMNET-Canonical-Subset: ["value","band","manifest_id"(,"align_ascii"?)]
SSMNET-Body-Hash: sha256=<HEX>             # if body exists
SSMNET-Stamp: SSMCLOCK1|<UTC_ISO>|nonce=<...>|sha256=<HEAD>|prev=<HEX or NONE>

Rules (MUST/SHOULD).

- MUST bind exactly the declared subset in the declared order.
- MUST compute sha256 over the exact on-wire body bytes when present.
- MUST NOT let intermediaries reserialize fields listed in the subset.
- SHOULD default to label-first (value+band); expose align only if declared public.
- If align is public, align_ascii MUST be canonical (e.g., "+0.732000").

Pattern (illustrative JSON API).

POST /api/do-thing
SSMNET-Manifest: NETWORK_POSTURE.DEMO
SSMNET-Disclosure: value+band
SSMNET-Canonical-Subset: ["value","band","manifest_id"]
SSMNET-Body-Hash: sha256=<B_REQ>
SSMNET-Stamp: SSMCLOCK1|2025-11-10T07:05:00Z|nA1|sha256=<H_REQ>|prev=NONE

{ "value": { "op": "do-thing", "x": 12 } }

HTTP/1.1 200 OK
SSMNET-Manifest: NETWORK_POSTURE.DEMO
SSMNET-Band: A0
SSMNET-Canonical-Subset: ["value","band","manifest_id"]
SSMNET-Body-Hash: sha256=<B_RES>
SSMNET-Stamp: SSMCLOCK1|2025-11-10T07:05:01Z|nA2|sha256=<H_RES>|prev=<H_REQ>

5D. MESH-M (peer/mesh links)
Peers exchange stamped envelopes over arbitrary links; continuity remains linear per scope.

Binding & behavior.

- Peers MUST preserve linear chains; repairs are append-only.
- Federation level is negotiated per link (label-first → full evidence).
- Peers MAY gossip checkpoints: HEAD=<HEX> for quick recovery.

Envelope sketch.

envelope := {
  "value":        <opaque/structured>,
  "band":         "<BandLabel>",
  "manifest_id":  "<ManifestID>",
  "stamp":        "SSMCLOCK1|<UTC_ISO>|nonce=<...>|sha256=<HEAD>|prev=<HEX or NONE>"
}
# optional: align (+ align_ascii) if link policy is "full"

Why it helps.
Mesh participants can prove what they forwarded and when—without centralized ledgers—while keeping payload formats intact.

5E. IoT-M (devices & gateways)
Constrained devices carry bands and stamps with minimal overhead; gateways preserve and may append observations.

Device essentials (MUST/SHOULD).

- MUST emit: manifest_id, band, stamp
- MUST keep payload bytes unchanged: phi((m,a)) = m
- MUST compute body hash over exact on-wire bytes if declared
- SHOULD generate nonce via CSPRNG; size declared by manifest/profile
- If align public: MUST emit align_ascii as canonical signed decimal (e.g., "+0.732000")

Gateway behavior.

- SHOULD preserve device stamps and commitments
- MAY append a new stamped observation (append-only, no rewrites)
- MUST NOT reserialize fields included in the device's declared subset

Low-power session hint.

# declare subset once per session
SSMNET-Subset-Decl-ID: S1
SSMNET-Canonical-Subset@S1 := ["value","band","manifest_id"]
# subsequent frames reference S1; any change requires a new declaration id

IoT continuity line (template).

SSMCLOCK1|<UTC_ISO>|nonce=<HEX>|sha256=<HEAD>|prev=<HEX or NONE>

Why it helps.
Even tiny sensors can ship portable meaning with replayable provenance—and gateways can extend the audit trail without touching device bytes.

Navigation
Previous: SSM-NET — HTTP-M & WS-M (5A–5B)
Next: SSM-NET — Golden flows: GET, POST, mirrors, streams, audits (6A–6E)