Seed Directory Query Attestation v1¶
Source schema: doc/schemas/seed-directory-query-attestation.v1.schema.json
Signed proof for one Seed Directory query response. It binds the normalized query path/filter to the canonical response digest and the local projection high-water mark. This attests what the directory returned; it does not by itself prove that the returned world-state is globally true.
Governing Basis¶
Project Lineage¶
Fields¶
| Field | Required | Shape | Description |
|---|---|---|---|
schema |
yes |
const: seed-directory-query-attestation.v1 |
Schema discriminator. MUST be exactly seed-directory-query-attestation.v1. |
attestation/id |
yes |
string | Stable identifier for this attested response. The reference implementation derives it from result/digest. |
directory/node-id |
yes |
string | Node id of the Seed Directory instance that assembled the response. |
query/mode |
yes |
enum: adv-get, adv-list, cap-node, cap-query, revocations |
Read surface being attested. |
query/path |
yes |
string | HTTP path without query string. |
query/filter |
yes |
object | URL-decoded query parameters after removing the attest trigger. |
result/digest |
yes |
string | Digest of the canonical JSON response body before the attestation is attached. |
result/digest-alg |
yes |
const: jcs-nfc-sha256-base64url |
Canonicalization and digest algorithm used for result/digest. |
projection/high-water-tx-id |
yes |
integer | null | Highest temporal projection transaction id visible when the response was assembled, or null if the projection has no temporal facts yet. |
policy/id |
no |
string | Optional local policy id that governed this query. |
policy/digest |
no |
string | Optional digest of the local policy material. |
issued/at |
yes |
string | |
expires/at |
yes |
string | |
signer/id |
yes |
string | Signer id used for the attestation signature. |
signature |
yes |
object | Signature over canonical JSON of this object with signature omitted. |
| ## Field Semantics |
schema¶
- Required:
yes - Shape: const:
seed-directory-query-attestation.v1
Schema discriminator. MUST be exactly seed-directory-query-attestation.v1.
attestation/id¶
- Required:
yes - Shape: string
Stable identifier for this attested response. The reference implementation derives it from result/digest.
directory/node-id¶
- Required:
yes - Shape: string
Node id of the Seed Directory instance that assembled the response.
query/mode¶
- Required:
yes - Shape: enum:
adv-get,adv-list,cap-node,cap-query,revocations
Read surface being attested.
query/path¶
- Required:
yes - Shape: string
HTTP path without query string.
query/filter¶
- Required:
yes - Shape: object
URL-decoded query parameters after removing the attest trigger.
result/digest¶
- Required:
yes - Shape: string
Digest of the canonical JSON response body before the attestation is attached.
result/digest-alg¶
- Required:
yes - Shape: const:
jcs-nfc-sha256-base64url
Canonicalization and digest algorithm used for result/digest.
projection/high-water-tx-id¶
- Required:
yes - Shape: integer | null
Highest temporal projection transaction id visible when the response was assembled, or null if the projection has no temporal facts yet.
policy/id¶
- Required:
no - Shape: string
Optional local policy id that governed this query.
policy/digest¶
- Required:
no - Shape: string
Optional digest of the local policy material.
issued/at¶
- Required:
yes - Shape: string
expires/at¶
- Required:
yes - Shape: string
signer/id¶
- Required:
yes - Shape: string
Signer id used for the attestation signature.
signature¶
- Required:
yes - Shape: object
Signature over canonical JSON of this object with signature omitted.