Stamped facts, never edits: surface errors, preserve bytes, continue append-only
8.0 Introduction. This section defines how errors are disclosed without mutating history. The overlay treats every failure as new evidence, not an edit: payload bytes remain inviolable (collapse parity phi((m,a)) = m), continuity stays append-only, and receivers can replay the story independently.
Context kernels (for parity and continuity).
# payload invariance
phi((m,a)) = m
# deterministic lane (when public)
a_c := clamp(a_raw, -1+eps_a, +1-eps_a)
u := atanh(a_c)
U += w*u ; W += w
align := tanh( U / max(W, eps_w) )
# integrity over declared subset (+ raw body bytes if declared)
HEAD := sha256( serialize(["value","band","manifest_id"(,"align_ascii"?)] [+ raw_body_bytes]) )
# single-link continuity (append-only)
stamp := "SSMCLOCK1|<UTC_ISO>|nonce=<...>|sha256=" + HEAD + "|prev=<HEX or NONE>"
8A. Philosophy
Errors expose facts without rewriting anything. A compliant implementation records an error as a stamped disclosure that chains from the current HEAD, leaving prior payloads, stamps, and subsets untouched. Repairs are append-only (publish corrections forward).
Principles.
- Do not mutate history. Publish a new stamped note; never edit previous envelopes.
- Make it independently replayable. Include enough on-wire detail for any party to verify the failure.
- Minimize exposure. Default to label-first (value+band); publish
alignonly where policy declares it public.
8B. Signaling errors on the wire
Required behavior.
- MUST keep original payload bytes unchanged (
phi((m,a)) = m). - MUST include a machine-parsable error code.
- SHOULD include a short, human-readable reason (no secrets, no PII).
- MUST append a new continuity stamp for the error note (append-only chain).
- MUST NOT remove or alter prior stamps, subsets, or manifests.
Illustrative overlay fields (HTTP-style headers).
SSMNET-Error: <CODE>
SSMNET-Error-Reason: <short-text>
SSMNET-Stamp: SSMCLOCK1|<UTC_ISO>|nonce=<...>|sha256=<HEX>|prev=<HEAD>
Canonical codes (starter set).
commit-mismatch # recomputed sha256 != declared digest
unknown-manifest # referenced manifest_id not retrievable/invalid
subset-missing # canonical subset missing/incomplete
subset-order # fields present but not in declared order
align-format # public align_ascii not in canonical numeric form
stamp-invalid # malformed stamp (missing fields / parse failure)
chain-fork # prev does not chain to current HEAD; no fork procedure
clock-skew # timestamp outside allowed skew window
disclosure-violation # disclosure exceeds manifest/profile policy
policy-deny # local policy prohibits acceptance despite syntax OK
Receiver guidance (non-mutating).
# preserve the exchange and record the incident
- store original payload + declarations as received
- append a stamped error note chaining from current HEAD
- (optional) include SSMNET-Checkpoint: HEAD=<HEX> in follow-up diagnostics
Compact error body (optional, non-PII).
{
"error": "commit-mismatch",
"reason": "Digest does not match declared canonical subset",
"scope": "default",
"head": "AB12...FF90",
"stamp": "SSMCLOCK1|2025-11-07T12:45:33Z|n42|sha256=...|prev=AB12...FF90"
}
Navigation
Previous: SSM-NET — Well-known endpoints: 7E–7F
Next: SSM-NET — Error model: canonical codes, bodies, receiver/sender/intermediary actions (8C–8G)
SHUNYAYA 