SSM-NET — Well-known endpoints: Endpoints (7B)

Predictable, read-only URLs for rulebooks, HEAD, and evidence—byte-stable, cacheable, identity-free.

Intent. Define the normative endpoint set that any party can fetch without private coordination to obtain manifests, scope HEAD, and self-service evidence. All textual materials SHOULD be UTF-8 and, when hashed, MUST be normalized to UTF-8 NFC for byte-stable verification.

Manifest (by ID)

GET /.well-known/ssmnet/manifest/<manifest_id>

  • Returns: the exact manifest text used for cutpoints and policy (edges, eps_a, eps_w, weight_rule, optional cmp_tolerance, text_norm, epoch/rollover notes).
  • MUST be immutable once published for a given manifest_id.
  • SHOULD ship a strong validator (e.g., ETag) and long cache TTL.
  • MAY include brief assumptions (operating ranges, hysteresis, sampling notes).
  • MUST NOT include identity/PII.
  • Content-Type (SHOULD): a byte-stable text format for hashing (e.g., application/json, text/plain).
  • If self-digest present: a manifest line like sha256=<HEX> MUST be computed over the byte-exact body.
# Manifest fetch (normative surface)
GET /.well-known/ssmnet/manifest/NETWORK_POSTURE.DEMO

Checkpoint (scope HEAD)

GET /.well-known/ssmnet/checkpoint[?scope=<name>]

  • Returns: HEAD=<HEX> for the requested scope (or the default if omitted).
  • Used for: resync, replay anchors, fork detection.
  • SHOULD include updated=<UTC_ISO>; SHOULD support light caching (short TTL, conditional requests).
  • MUST remain read-only; publishing HEAD never rewrites history.
  • MAY include rollover=<UTC_ISO> hint when (U,W) epoch boundaries occur.
# Example checkpoint payload (illustrative)
HEAD=1F3C4D...A902
scope=default
updated=2025-11-07T12:30:00Z

Evidence bundle (self-service audit)

GET /.well-known/ssmnet/evidence[?scope=<name>&from=<iso>&to=<iso>]

  • Returns a compact archive containing at minimum:
    envelopes.jsonl (declared canonical subset per line),
    manifests.json (byte-exact texts),
    hashes.txt (per-item sha256 over the declared subset [+ body if declared]),
    checkpoint.txt (HEAD=<HEX>),
    verify.sh (tiny script that prints ALL CHECKS PASSED or pinpoints the first failure).
  • MAY support time/range filtering for large scopes.
  • SHOULD include a top-level bundle.sha256.
  • MUST avoid PII in canonical subsets (posture, not identity).
  • Content-Type (SHOULD): deterministic archive (e.g., .zip) with stable ordering for reproducible digests.
/.well-known/ssmnet/evidence?scope=default&from=2025-11-01T00:00:00Z&to=2025-11-07T23:59:59Z

Manifest index (optional)

GET /.well-known/ssmnet/manifest/

  • MAY list available manifest_id entries and their digests for discovery and tooling.
  • MUST NOT change the semantics of any previously published manifest.
# Optional index (illustrative)
[
  {"manifest_id":"NETWORK_POSTURE.DEMO","sha256":"..."},
  {"manifest_id":"FEED_ALPHA.POSTURE","sha256":"..."}
]

Hashing & normalization guardrails (normative)

  • Text used in hashing MUST be UTF-8 NFC to prevent digest drift.
  • When a body hash is declared, compute exactly over on-wire bytes.
  • The stamp carries the digest and continuity:
# Continuity stamp (single line, scope-local)
SSMCLOCK1|<UTC_ISO>|nonce=<...>|sha256=<HEAD>|prev=<HEX or NONE>

Privacy posture (surface)

  • Default label-first: publish band and manifest_id; keep align private unless declared public.
  • Canonical subsets SHOULD NOT include PII.

Navigation

Previous: SSM-NET — Well-known endpoints: Discovery & Purpose (7.0–7A)
Next: SSM-NET — Well-known endpoints (7C–7D)