1. Concept: Auditable Failure
Auditable Failure means we do not try to hide errors. Every decision attempt (including failed verifications) becomes a first-class log record. Records are cryptographically chained so gaps are detectable.
2. The Schema (JSON)
A DecisionTrace is one append-only event record.
Required fields:
- event_id (UUID)
- timestamp_utc (ISO-8601)
- sensor_inputs (Array)
- custodian_id (SHA-256 Hash of User)
- verification_method (Enum: VISUAL_CONFIRMATION, TWO_PERSON_RULE)
- prev_hash (SHA-256 Link to previous record)
3. Integrity Protocol
3.1 Hash Chaining. Each DecisionTrace is part of a hash chain. If any past record is modified, the hash changes, and every subsequent record fails verification.
3.3 Append-Only. No in-place edits. No deletions. If a correction is needed, append a new DecisionTrace referencing the prior state.
4. University Audit Process
A university researcher verifies integrity by independently recomputing hashes and checking continuity. Any mismatch implies tampering, data loss, or software failure.