Preserve bytes, extend provenance, and enable one-command audits.
6C. Mirror / CDN (intermediary preservation)
Intermediaries should forward content unchanged while keeping provenance intact. They may add their own observation as a new stamped note—append-only, never rewriting history.
# invariants
phi((m,a)) = m # payload invariance
stamp := "SSMCLOCK1|<UTC_ISO>|nonce=<...>|sha256=<HEAD>|prev=<HEX>"
# intermediary duties
forward(raw_bytes) # never alter payload
preserve(HEAD, subset_decl) # keep original commitments visible
optionally_append(
stamp_observation(time, place) # new stamp; same scope or chain_id policy
)
Receiver behavior.
- Accept multiple stamps so long as each chain is single-link linear.
- Verify HEAD progression per scope/chain_id; treat any break as an incident (append-only).
Why this matters.
Caching and replication no longer erase provenance: mirrors can prove what they served and when, without proprietary ledgers.
6D. Streaming frame (duplex scope)
Apply the same semantics to messages/frames in a duplex stream.
# stream treated as a scope
first_frame.prev := "NONE"
each_next.prev := last_accepted_HEAD
# optional full disclosure math (when align is public)
a_c := clamp(a_raw, -1+eps_a, +1-eps_a)
u := atanh(a_c)
U += w*u ; W += w
align := tanh( U / max(W, eps_w) )
band := cutpoint_map(align, manifest_id)
Operational notes.
- Maintain HEAD per stream (topic/room/resource).
- On reconnect, fetch HEAD or use checkpoint to resume.
- Default to label-first; expose align only when needed for public parity.
Outcome.
A live stream becomes a replayable event log with portable posture semantics.
6E. Evidence pack pull (self-service audit)
Publish a minimal set of artifacts so any party can independently replay integrity, order, and policy—no private coordination needed.
# well-known paths
/.well-known/ssmnet/manifest/<manifest_id>
/.well-known/ssmnet/checkpoint # returns HEAD=<HEX>
/.well-known/ssmnet/evidence # zipped bundle
# bundle contents (illustrative)
envelopes.jsonl # declared subset fields for each item
manifests.json # exact bytes for referenced manifests
hashes.txt # HEAD list & per-item digests
checkpoint.txt # HEAD=<HEX>
verify.sh # tiny script to recompute and check everything
Verifier routine (inside verify.sh).
# integrity of subset (+ body if declared)
HEAD_local := SHA256(serialize_declared_subset(e) [+ raw_body_bytes_on_wire_if_declared])
assert HEAD_local == parsed_head_from(e.stamp)
# linear continuity from genesis to HEAD
assert e[i].prev == e[i-1].HEAD # i >= 2; e[1].prev == "NONE"
# manifest-based band replay (when align public)
a_c := clamp(a_raw, -1+eps_a, +1-eps_a)
u := atanh(a_c)
U += w*u ; W += w
align := tanh( U / max(W, eps_w) )
assert cutpoint_map(align, manifest_id) == e.band
Filtering (optional).
# server may support windowed pulls
/.well-known/ssmnet/evidence?scope=<id>&from=<iso>&to=<iso>
# returned subset MUST still form a valid single-link chain within the window
Outcome.
One command prints ALL CHECKS PASSED or pinpoints the first failing step (digest mismatch, chain break, boundary inclusivity error)—while payload bytes remain unchanged.
Navigation
Previous: SSM-NET — Declared POST (6B)
Next: SSM-NET — Well-known endpoints: Introduction & Purpose (7.0, 7A)
SHUNYAYA 