Skip to main content
Jira progress: loading…

TG-CSI

TrustGate CSI Catalog

1. Purpose

The TrustGate CSI Catalog is the canonical interface and contract catalog for TrustGate.

CSI means Canonical Signal Interface.

A CSI defines a governed input, output, or event contract used by TrustGate engines and related ZAYAZ assurance services. It defines the semantic contract, schema binding, producer, consumer, direction, version, lifecycle status, security classification, replay behavior, DAL eligibility, federation visibility, and compatibility rules for TrustGate runtime artifacts.

The catalog answers questions such as:

  • Which CSI represents a raw incoming TrustGate signal?
  • Which CSI is produced by the Signal Parser?
  • Which CSI is consumed by the Validation Rule Engine?
  • Which CSI is replay-safe?
  • Which CSI is federation-exportable?
  • Which CSI requires DAL anchoring?
  • Which CSI schema version is active?
  • Which engines produce and consume each CSI?
  • Which CSI versions are backward compatible?
  • Which CSIs are allowed in production?
  • Which CSIs are events, and which are durable artifacts?
  • Which CSIs must be captured in USO lineage?
  • Which CSIs are safe for AII or DSAIL feedback?

The CSI Catalog is the contract layer between TrustGate engines.


2. CSI Naming Convention

TrustGate follows the canonical CSI pattern:

<csi_module>.<csi_component>.<csi_kind>.<csi_name>.<csi_version_maj>_<csi_version_min>

Example:

comp.AIIL.INPUT.TRUST-SCORE.v1_0

For TrustGate, the most common pattern is:

comp.TG.<KIND>.<NAME>.v<MAJOR>_<MINOR>

Examples:

comp.TG.INPUT.RAW-SIGNAL.v1_0
comp.TG.OUTPUT.CANONICAL-SIGNAL.v1_0
comp.TG.EVENT.TRUST-SCORED.v1_0

The module prefix comp is used because CSIs describe computational and runtime data contracts crossing component boundaries. The CMI domain for TrustGate executable engines remains vera where the executable belongs to Verification & Assurance.


3. CSI Identity Fields

FieldDescription
csiFull canonical CSI identifier.
csi_moduleModule namespace, usually comp for computational interface contracts.
csi_componentComponent namespace, usually TG for TrustGate.
csi_kindInterface kind, such as INPUT, OUTPUT, EVENT, STATE, SNAPSHOT, or ERROR.
csi_nameCanonical name of the contract.
csi_version_majorMajor version.
csi_version_minorMinor version.
canonical_nameHuman-readable name.
descriptionPurpose of the interface.
schema_refSSSR or JSON Schema reference.
statusLifecycle status.
security_levelPublic, internal, restricted, confidential, critical.
producer_meidProducing MEID, if engine-produced.
consumer_meidsConsuming MEIDs.
replay_requiredWhether the interface must be replay-captured.
dal_anchor_eligibleWhether the artifact can be anchored in DAL.
federation_exportableWhether the interface can cross ECO boundaries.

4. CSI Kind Vocabulary

KindPurpose
INPUTRuntime input contract consumed by an engine.
OUTPUTRuntime output artifact produced by an engine.
EVENTEvent contract emitted to the event bus or observability stream.
STATEDurable runtime state contract.
SNAPSHOTImmutable replay or registry snapshot contract.
ERRORError or failure contract.
CONFIGConfiguration contract.
PROFILEProfile contract.
TELEMETRYObservability or AII telemetry contract.
ANCHORDAL anchor candidate or ledger reference contract.
FEDERATIONCross-ECO exchange contract.
ATTESTATIONTrust attestation contract.

A single CSI should not mix durable artifact semantics with event semantics. If both are required, define separate OUTPUT and EVENT CSIs.


5. CSI Lifecycle Status

StatusMeaning
draftProposed contract not yet executable.
reviewUnder architecture or governance review.
activeApproved for production use.
canaryApproved for limited production rollout.
shadowProduced for comparison but not authoritative.
deprecatedStill supported but should not be used for new work.
retiredNo longer valid for runtime use.
suspendedTemporarily disabled.
rejectedProposal rejected.

Production engines should only use active, canary, or explicitly authorized shadow CSIs.


6. CSI Versioning Rules

CSI versioning follows semantic contract compatibility.

v<MAJOR>_<MINOR>
Change TypeVersion Impact
Add optional fieldMinor version.
Add enum value where consumers tolerate unknown valuesMinor version.
Clarify description onlyMetadata revision.
Add required fieldMajor version.
Remove fieldMajor version.
Rename fieldMajor version.
Change datatypeMajor version.
Change semantic meaningMajor version.
Change security classificationGovernance review, often major version.
Change federation visibilityGovernance review, often major version.
Change replay semanticsGovernance review, often major version.

A CSI version must never change semantics silently.


7. CSI Relationship to SSSR

SSSR is the canonical schema system.

The CSI Catalog identifies the contract. SSSR defines the machine-readable schema.

CSI Catalog

├── CSI identity
├── lifecycle
├── producer/consumer mapping
├── governance metadata
└── schema_ref


SSSR

├── JSON Schema
├── validation rules
├── datatype definitions
└── schema snapshots

Every production CSI must reference either an SSSR schema, JSON Schema document, table schema, event schema, or formally approved contract definition.


8. CSI Relationship to MEID and CMI

MEID identifies a stable logical micro-engine. CMI identifies a versioned executable artifact. CSI identifies the data contract that engines consume or produce.

MEID

├── CMI v1_0_0
│ ├── consumes CSI A
│ └── produces CSI B

└── CMI v1_1_0
├── consumes CSI A v1_1
└── produces CSI B v1_1

A single MEID may consume or produce multiple CSIs.

A CSI may be produced by one canonical engine and consumed by many engines.


9. Canonical TrustGate Runtime CSI Flow

comp.TG.INPUT.RAW-SIGNAL.v1_0


comp.TG.OUTPUT.CANONICAL-SIGNAL.v1_0


comp.TG.OUTPUT.STRUCTURE-VALIDATION-RESULT.v1_0


comp.TG.OUTPUT.NORMALIZED-SIGNAL.v1_0


comp.TG.OUTPUT.ENRICHED-SIGNAL.v1_0


comp.TG.OUTPUT.VALIDATION-RULE-RESULT.v1_0


comp.TG.OUTPUT.POLICY-CONTEXT.v1_0


comp.TG.OUTPUT.RULE-EVALUATION-RESULT.v1_0


comp.TG.OUTPUT.TRUST-SCORE.v1_0


comp.TG.OUTPUT.DECISION-RECORD.v1_0


comp.TG.OUTPUT.REPLAY-ARTIFACT.v1_0


comp.TG.OUTPUT.TRUST-ATTESTATION.v1_0


comp.DAL.INPUT.ANCHOR-CANDIDATE.v1_0


comp.TG.FEDERATION.EXCHANGE-EVENT.v1_0


comp.DSAIL.INPUT.AI-FEEDBACK.v1_0

10. CSI Catalog Record Model

FieldRequiredDescription
csiYesFull CSI identifier.
canonical_nameYesHuman-readable name.
descriptionYesInterface purpose.
csi_moduleYesModule namespace.
csi_componentYesComponent namespace.
csi_kindYesInterface kind.
csi_nameYesShort name.
version_majorYesMajor version.
version_minorYesMinor version.
schema_refYesSSSR or JSON Schema reference.
schema_digestConditionalSchema digest.
producer_meidConditionalCanonical producing engine.
producer_cmiConditionalProducing CMI, where version-specific.
consumer_meidsConditionalConsumer engines.
directionYesinput, output, event, state, snapshot.
artifact_classYessignal, result, event, attestation, anchor, telemetry, etc.
durabilityYestransient, persisted, immutable, ledgered.
replay_requiredYesWhether replay capture is required.
dal_anchor_eligibleYesWhether DAL anchoring is allowed.
dal_anchor_requiredYesWhether DAL anchoring is mandatory.
federation_exportableYesWhether export outside ECO is permitted.
redaction_profile_requiredYesWhether redaction profile is required.
security_levelYesSecurity classification.
statusYesLifecycle status.
versionYesCatalog record version.

11. Artifact Classes

Artifact ClassDescription
raw_signalIncoming external payload.
canonical_signalParsed canonical signal.
validation_resultStructural or rule validation result.
normalized_signalUnit/time/identity-normalized signal.
enriched_signalSignal enriched with identity, lineage, governance, replay, federation, AI, and risk context.
policy_contextResolved policy and runtime configuration context.
rule_resultRuntime rule evaluation result.
trust_scoreTrust score and dimensions.
decision_recordTrustGate decision artifact.
quarantine_recordQuarantine case or candidate.
replay_artifactReplay manifest, result, or proof.
attestationTrust attestation or verifiable assurance artifact.
anchor_candidateDAL anchor candidate.
federation_eventCross-ECO exchange event.
audit_recordAudit log artifact.
telemetryObservability, AII, or DSAIL telemetry.
configurationRuntime configuration or profile.
scheduler_jobScheduler job or workflow state.

12. Durability Model

DurabilityMeaning
transientUsed during runtime, not stored by default.
persistedStored in operational store.
immutableStored as immutable assurance artifact.
ledger_candidateEligible for DAL anchoring.
ledgeredAlready anchored or represented in DAL.
federatedExported or importable across ECO boundaries.

Durability is important for replay, audit, DAL, and retention.


13. Security Classification

Security LevelMeaning
publicSafe for public disclosure.
internalInternal ZAYAZ / Viroway use.
restrictedTenant or assurance team restricted.
confidentialSensitive business, identity, or compliance data.
criticalSecurity, ledger, identity, federation, or assurance-critical artifact.

Most TrustGate runtime CSIs are at least restricted. Identity, signature, federation, DAL, audit, and configuration CSIs are usually critical.


14. Replay Semantics

Each CSI must define replay behavior.

Replay ValueMeaning
not_replayableNot used in replay.
replay_inputRequired as replay input.
replay_outputProduced during replay.
replay_snapshotImmutable snapshot required for deterministic replay.
replay_evidenceEvidence artifact used to prove replay result.
replay_optionalMay be used for diagnostics but not required.

Audit-grade replay requires exact CSI version and schema digest.


15. DAL Semantics

Each CSI must define DAL anchoring behavior.

DAL FieldMeaning
dal_anchor_eligibleThe artifact may be anchored.
dal_anchor_requiredThe artifact must be anchored under policy.
dal_anchor_modedirect, merkle_batch, digest_only, none.
dal_artifact_typeDAL artifact type name.
dal_triggerCondition that triggers anchoring.

Examples of DAL-required CSIs include trust attestations, critical replay proofs, signature failures, invalid DID failures, material configuration snapshots, federation exchange proofs, and audit chain conflicts.


16. Federation Semantics

Each CSI must define federation visibility.

FieldMeaning
federation_exportableWhether the artifact may leave the source ECO boundary.
federation_importableWhether the artifact may be received from another ECO.
redaction_profile_requiredWhether redaction is mandatory before export.
federation_profileApplicable AFLE/EGFS profile.
allowed_federation_fieldsWhitelisted export fields.
blocked_federation_fieldsFields that must never be exported.

Raw signals, private audit details, reviewer notes, and internal configuration internals should not be exported.

Trust attestations, redacted validation summaries, DAL references, replay references, and federation health summaries may be exportable.


17. Core TrustGate Input CSIs

CSICanonical NameProducerConsumerReplayFederation
comp.TG.INPUT.RAW-SIGNAL.v1_0Raw SignalExternal source / Input HubSignal Parserreplay_inputNo
comp.TG.INPUT.PARSER-CONTEXT.v1_0Parser ContextRuntime ConfigurationSignal Parserreplay_snapshotNo
comp.TG.INPUT.STRUCTURE-VALIDATION-REQUEST.v1_0Structure Validation RequestSignal ParserStructure Validation Enginereplay_inputNo
comp.TG.INPUT.NORMALIZATION-REQUEST.v1_0Normalization RequestStructure Validation EngineSignal Normalizerreplay_inputNo
comp.TG.INPUT.CONTEXT-ENRICHMENT-REQUEST.v1_0Context Enrichment RequestSignal NormalizerContext Enrichment Enginereplay_inputNo
comp.TG.INPUT.VALIDATION-RULE-REQUEST.v1_0Validation Rule RequestContext Enrichment EngineValidation Rule Enginereplay_inputNo
comp.TG.INPUT.POLICY-RESOLUTION-REQUEST.v1_0Policy Resolution RequestValidation Rule EnginePolicy Resolution Enginereplay_inputNo
comp.TG.INPUT.RULE-EVALUATION-REQUEST.v1_0Rule Evaluation RequestPolicy Resolution EngineRule Evaluation Enginereplay_inputNo
comp.TG.INPUT.TRUST-SCORE-REQUEST.v1_0Trust Score RequestRule Evaluation EngineTrust Scoring Enginereplay_inputNo
comp.TG.INPUT.DECISION-REQUEST.v1_0Decision RequestTrust Scoring EngineDecision Enginereplay_inputNo

18. Core TrustGate Output CSIs

CSICanonical NameProducerConsumerReplayDAL
comp.TG.OUTPUT.CANONICAL-SIGNAL.v1_0Canonical SignalSignal ParserStructure Validation / USOreplay_outputeligible
comp.TG.OUTPUT.STRUCTURE-VALIDATION-RESULT.v1_0Structure Validation ResultStructure Validation EngineSignal Normalizer / Auditreplay_outputconditional
comp.TG.OUTPUT.NORMALIZED-SIGNAL.v1_0Normalized SignalSignal NormalizerContext Enrichmentreplay_outputeligible
comp.TG.OUTPUT.ENRICHED-SIGNAL.v1_0Enriched SignalContext Enrichment EngineValidation Rule Enginereplay_outputconditional
comp.TG.OUTPUT.VALIDATION-RULE-RESULT.v1_0Validation Rule ResultValidation Rule EnginePolicy Resolution / Scoring / Auditreplay_outputconditional
comp.TG.OUTPUT.POLICY-CONTEXT.v1_0Policy ContextPolicy Resolution EngineRule Evaluation / Decision / Replayreplay_snapshotconditional
comp.TG.OUTPUT.RULE-EVALUATION-RESULT.v1_0Rule Evaluation ResultRule Evaluation EngineTrust Scoringreplay_outputconditional
comp.TG.OUTPUT.TRUST-SCORE.v1_0Trust ScoreTrust Scoring EngineDecision / AII / VIZZreplay_outputconditional
comp.TG.OUTPUT.DECISION-RECORD.v1_0Decision RecordDecision EngineQuarantine / Replay / Audit / DALreplay_outputconditional
comp.TG.OUTPUT.QUARANTINE-CANDIDATE.v1_0Quarantine CandidateDecision / Validation / Rule EnginesQuarantine Managerreplay_outputconditional
comp.TG.OUTPUT.QUARANTINE-RECORD.v1_0Quarantine RecordQuarantine ManagerAudit / VIZZ / Replayreplay_outputconditional
comp.TG.OUTPUT.TRUST-ATTESTATION.v1_0Trust AttestationAttestation EngineDAL / Federation / Auditreplay_evidencerequired
comp.TG.OUTPUT.REPLAY-ARTIFACT.v1_0Replay ArtifactReplay EngineAudit / DAL / Federationreplay_evidenceconditional
comp.TG.OUTPUT.AUDIT-RECORD.v1_0Audit RecordAudit Log EngineAudit Store / DALreplay_evidenceconditional
comp.TG.OUTPUT.RUNTIME-HEALTH.v1_0Runtime HealthObservability EngineVIZZ / AII / Schedulerreplay_optionalconditional

19. TrustGate Event CSIs

CSICanonical NameProducerPrimary Consumers
comp.TG.EVENT.SIGNAL-RECEIVED.v1_0Signal Received EventInput Hub / Signal ParserObservability, Audit
comp.TG.EVENT.SIGNAL-PARSED.v1_0Signal Parsed EventSignal ParserObservability, USO
comp.TG.EVENT.STRUCTURE-VALIDATED.v1_0Structure Validated EventStructure Validation EngineObservability, Audit
comp.TG.EVENT.SIGNAL-NORMALIZED.v1_0Signal Normalized EventSignal NormalizerObservability, USO
comp.TG.EVENT.CONTEXT-ENRICHED.v1_0Context Enriched EventContext Enrichment EngineAudit, AII
comp.TG.EVENT.VALIDATION-RULES-EXECUTED.v1_0Validation Rules Executed EventValidation Rule EngineAudit, Observability
comp.TG.EVENT.POLICY-RESOLVED.v1_0Policy Resolved EventPolicy Resolution EngineAudit, Replay
comp.TG.EVENT.RULE-EVALUATED.v1_0Rule Evaluated EventRule Evaluation EngineObservability, Scoring
comp.TG.EVENT.TRUST-SCORED.v1_0Trust Scored EventTrust Scoring EngineVIZZ, AII
comp.TG.EVENT.DECISION-CREATED.v1_0Decision Created EventDecision EngineAudit, Quarantine
comp.TG.EVENT.QUARANTINE-CREATED.v1_0Quarantine Created EventQuarantine ManagerScheduler, VIZZ
comp.TG.EVENT.REPLAY-COMPLETED.v1_0Replay Completed EventReplay EngineAudit, DAL, AII
comp.TG.EVENT.ATTESTATION-CREATED.v1_0Attestation Created EventAttestation EngineDAL, Federation
comp.TG.EVENT.DAL-CANDIDATE-CREATED.v1_0DAL Candidate Created EventDAL Anchor EngineScheduler, Audit
comp.TG.EVENT.FEDERATION-EXPORTED.v1_0Federation Exported EventFederation Exchange EngineAudit, Observability
comp.TG.EVENT.AI-FEEDBACK-PUBLISHED.v1_0AI Feedback Published EventAI Feedback EngineDSAIL, Audit

20. Configuration and Profile CSIs

CSICanonical NameProducerConsumer
comp.TG.CONFIG.RUNTIME-CONFIG.v1_0Runtime ConfigurationRuntime Configuration EngineAll TrustGate Engines
comp.TG.CONFIG.ENGINE-CONFIG-VIEW.v1_0Engine Configuration ViewRuntime Configuration EngineSpecific Engine
comp.TG.SNAPSHOT.CONFIG-SNAPSHOT.v1_0Configuration SnapshotRuntime Configuration EngineReplay / Audit
comp.TG.PROFILE.VALIDATION-PROFILE.v1_0Validation ProfileRuntime Configuration / ZARValidation Rule Engine
comp.TG.PROFILE.SCORING-PROFILE.v1_0Scoring ProfileRuntime Configuration / ZARTrust Scoring Engine
comp.TG.PROFILE.DECISION-PROFILE.v1_0Decision ProfileRuntime Configuration / ZARDecision Engine
comp.TG.PROFILE.REPLAY-PROFILE.v1_0Replay ProfileRuntime Configuration / OARMReplay Engine
comp.TG.PROFILE.DAL-ANCHOR-PROFILE.v1_0DAL Anchor ProfileRuntime Configuration / DALDAL Anchor Engine
comp.TG.PROFILE.FEDERATION-PROFILE.v1_0Federation ProfileRuntime Configuration / EGFS / AFLEFederation Exchange Engine
comp.TG.PROFILE.AI-GOVERNANCE-PROFILE.v1_0AI Governance ProfileRuntime Configuration / DSAILAI Feedback Engine
comp.TG.PROFILE.OBSERVABILITY-PROFILE.v1_0Observability ProfileRuntime ConfigurationObservability Engine
comp.TG.PROFILE.SCHEDULER-PROFILE.v1_0Scheduler ProfileRuntime ConfigurationScheduler / Orchestrator

21. Replay CSIs

CSICanonical NameProducerConsumer
comp.TG.INPUT.REPLAY-REQUEST.v1_0Replay RequestOARM / Auditor / SchedulerReplay Engine
comp.TG.OUTPUT.REPLAY-MANIFEST.v1_0Replay ManifestReplay EngineAAE / Audit
comp.TG.OUTPUT.REPLAY-RESULT.v1_0Replay ResultReplay EngineAudit / DAL / AII
comp.TG.OUTPUT.REPLAY-DIFF.v1_0Replay DiffReplay EngineAudit / Review
comp.TG.OUTPUT.REPLAY-PROOF.v1_0Replay ProofReplay EngineDAL / Federation
comp.TG.EVENT.REPLAY-STARTED.v1_0Replay Started EventReplay EngineObservability
comp.TG.EVENT.REPLAY-FAILED.v1_0Replay Failed EventReplay EngineAudit / Scheduler
comp.TG.SNAPSHOT.REPLAY-SNAPSHOT.v1_0Replay SnapshotRuntime Configuration / ReplayReplay Engine

22. DAL CSIs

CSICanonical NameProducerConsumer
comp.DAL.INPUT.ANCHOR-CANDIDATE.v1_0DAL Anchor CandidateTrustGate EnginesDAL Anchor Engine
comp.DAL.OUTPUT.ANCHOR-RECEIPT.v1_0DAL Anchor ReceiptDAL Anchor EngineAudit / Replay / Federation
comp.DAL.OUTPUT.MERKLE-PROOF.v1_0Merkle ProofDALReplay / Federation
comp.DAL.EVENT.ANCHOR-SUBMITTED.v1_0Anchor Submitted EventDAL Anchor EngineObservability
comp.DAL.EVENT.ANCHOR-VERIFIED.v1_0Anchor Verified EventDAL Anchor EngineAudit / AII
comp.DAL.EVENT.ANCHOR-FAILED.v1_0Anchor Failed EventDAL Anchor EngineScheduler / Audit

23. Federation CSIs

CSICanonical NameProducerConsumer
comp.TG.FEDERATION.EXPORT-PACKAGE.v1_0Federation Export PackageFederation Exchange EngineTarget ECO
comp.TG.FEDERATION.IMPORT-PACKAGE.v1_0Federation Import PackageSource ECOFederation Exchange Engine
comp.TG.FEDERATION.EXCHANGE-EVENT.v1_0Federation Exchange EventFederation Exchange EngineAudit / Observability
comp.TG.FEDERATION.REDACTED-ATTESTATION.v1_0Redacted AttestationFederation Exchange EngineTarget ECO
comp.TG.FEDERATION.TRUST-REFERENCE.v1_0Trust ReferenceFederation Exchange EngineTarget ECO / Carbon Passport
comp.TG.FEDERATION.CONFLICT-EVENT.v1_0Federation Conflict EventFederation Exchange EngineScheduler / Audit
comp.EGFS.INPUT.IDENTITY-CONTEXT.v1_0EGFS Identity ContextEGFSContext Enrichment / Federation
comp.AFLE.INPUT.FEDERATION-POLICY.v1_0AFLE Federation PolicyAFLEFederation Exchange Engine

24. AI and AII CSIs

CSICanonical NameProducerConsumer
comp.DSAIL.INPUT.AI-FEEDBACK.v1_0AI FeedbackAI Feedback EngineDSAIL
comp.DSAIL.INPUT.VALIDATION-FEEDBACK.v1_0Validation FeedbackValidation Rule EngineDSAIL
comp.DSAIL.INPUT.CONTEXT-FEEDBACK.v1_0Context FeedbackContext Enrichment EngineDSAIL
comp.DSAIL.INPUT.OBSERVABILITY-FEEDBACK.v1_0Observability FeedbackObservability EngineDSAIL
comp.AII.INPUT.TRUST-SCORE.v1_0Trust Score TelemetryTrust Scoring EngineAII
comp.AII.INPUT.VALIDATION-TELEMETRY.v1_0Validation TelemetryValidation Rule EngineAII
comp.AII.INPUT.REPLAY-TELEMETRY.v1_0Replay TelemetryReplay EngineAII
comp.AII.INPUT.DAL-TELEMETRY.v1_0DAL TelemetryDAL Anchor EngineAII
comp.AII.INPUT.FEDERATION-TELEMETRY.v1_0Federation TelemetryFederation Exchange EngineAII
comp.AII.INPUT.RUNTIME-TELEMETRY.v1_0Runtime TelemetryObservability EngineAII
comp.AII.INPUT.SCHEDULER-TELEMETRY.v1_0Scheduler TelemetryScheduler / OrchestratorAII

25. Scheduler and Observability CSIs

CSICanonical NameProducerConsumer
comp.TG.INPUT.SCHEDULER-TRIGGER.v1_0Scheduler TriggerEvent Bus / Manual / PolicyScheduler
comp.TG.OUTPUT.SCHEDULED-JOB.v1_0Scheduled JobSchedulerWorker / Audit
comp.TG.OUTPUT.JOB-RUN.v1_0Job RunSchedulerObservability / Audit
comp.TG.OUTPUT.WORKFLOW-RUN.v1_0Workflow RunSchedulerReplay / Audit
comp.TG.EVENT.JOB-STARTED.v1_0Job Started EventSchedulerObservability
comp.TG.EVENT.JOB-COMPLETED.v1_0Job Completed EventSchedulerObservability / AII
comp.TG.EVENT.JOB-FAILED.v1_0Job Failed EventSchedulerObservability / Audit
comp.TG.EVENT.JOB-DEAD-LETTERED.v1_0Job Dead-Lettered EventSchedulerAudit / VIZZ
comp.TG.INPUT.RUNTIME-METRIC.v1_0Runtime MetricTrustGate EnginesObservability
comp.TG.INPUT.RUNTIME-TRACE.v1_0Runtime TraceTrustGate EnginesObservability
comp.TG.INPUT.RUNTIME-LOG.v1_0Runtime LogTrustGate EnginesObservability
comp.TG.OUTPUT.OBSERVABILITY-EVENT.v1_0Observability EventObservability EngineVIZZ / Audit
comp.TG.OUTPUT.RUNTIME-ALERT.v1_0Runtime AlertObservability EngineScheduler / VIZZ

26. Audit CSIs

CSICanonical NameProducerConsumer
comp.TG.OUTPUT.AUDIT-RECORD.v1_0Audit RecordAudit Log EngineAudit Store
comp.TG.EVENT.AUDIT-WRITTEN.v1_0Audit Written EventAudit Log EngineObservability
comp.TG.EVENT.AUDIT-CHAIN-CONFLICT.v1_0Audit Chain Conflict EventAudit Log EngineScheduler / DAL
comp.TG.SNAPSHOT.AUDIT-CHAIN-SNAPSHOT.v1_0Audit Chain SnapshotAudit Log EngineReplay / DAL

27. Error CSIs

CSICanonical NameProducerConsumer
comp.TG.ERROR.PARSE-ERROR.v1_0Parse ErrorSignal ParserAudit / Observability
comp.TG.ERROR.VALIDATION-ERROR.v1_0Validation ErrorValidation EnginesQuarantine / Audit
comp.TG.ERROR.CONFIG-ERROR.v1_0Configuration ErrorRuntime Configuration EngineScheduler / Audit
comp.TG.ERROR.REPLAY-ERROR.v1_0Replay ErrorReplay EngineScheduler / Audit
comp.TG.ERROR.DAL-ANCHOR-ERROR.v1_0DAL Anchor ErrorDAL Anchor EngineScheduler / Audit
comp.TG.ERROR.FEDERATION-ERROR.v1_0Federation ErrorFederation Exchange EngineScheduler / Audit
comp.TG.ERROR.AI-FEEDBACK-ERROR.v1_0AI Feedback ErrorAI Feedback EngineScheduler / Observability
comp.TG.ERROR.SCHEDULER-ERROR.v1_0Scheduler ErrorSchedulerAudit / Observability

28. Canonical CSI Record Example

{
"csi": "comp.TG.OUTPUT.TRUST-SCORE.v1_0",
"canonical_name": "TrustGate Trust Score",
"description": "Trust score artifact produced by the TrustGate Trust Scoring Engine.",
"csi_module": "comp",
"csi_component": "TG",
"csi_kind": "OUTPUT",
"csi_name": "TRUST-SCORE",
"version_major": 1,
"version_minor": 0,
"schema_ref": "sssr://trustgate/trust-score/1_0",
"producer_meid": "MEID_TRUST_SCORE_CALCULATOR",
"producer_cmi": "vera.TG-SCORE.ENGINE.CALCULATOR.1_0_0",
"consumer_meids": [
"MEID_TRUST_ROUTE_DECISION",
"MEID_TRUST_AUDIT_LOG",
"MEID_TRUST_MONITOR_RUNTIME"
],
"direction": "output",
"artifact_class": "trust_score",
"durability": "immutable",
"replay_required": true,
"dal_anchor_eligible": true,
"dal_anchor_required": false,
"federation_exportable": false,
"redaction_profile_required": false,
"security_level": "critical",
"status": "active",
"version": "1.0.0"
}

29. Trust Score CSI Schema Example

{
"$id": "https://schema.zayaz.io/trustgate/trust-score/v1_0.schema.json",
"type": "object",
"required": [
"trust_score_id",
"signal_id",
"eco_number",
"score",
"confidence",
"scoring_profile",
"engine_meid",
"engine_cmi",
"config_snapshot_id",
"created_at"
],
"properties": {
"trust_score_id": {
"type": "string"
},
"signal_id": {
"type": "string"
},
"eco_number": {
"type": "string"
},
"score": {
"type": "number",
"minimum": 0,
"maximum": 1
},
"confidence": {
"type": "number",
"minimum": 0,
"maximum": 1
},
"scoring_profile": {
"type": "string"
},
"dimensions": {
"type": "object"
},
"engine_meid": {
"type": "string"
},
"engine_cmi": {
"type": "string"
},
"config_snapshot_id": {
"type": "string"
},
"created_at": {
"type": "string",
"format": "date-time"
}
}
}

30. Decision Record CSI Schema Example

{
"$id": "https://schema.zayaz.io/trustgate/decision-record/v1_0.schema.json",
"type": "object",
"required": [
"decision_id",
"signal_id",
"eco_number",
"decision",
"trust_score_id",
"decision_profile",
"engine_meid",
"engine_cmi",
"created_at"
],
"properties": {
"decision_id": {
"type": "string"
},
"signal_id": {
"type": "string"
},
"eco_number": {
"type": "string"
},
"decision": {
"type": "string",
"enum": [
"accept",
"review",
"quarantine",
"reject",
"abort"
]
},
"trust_score_id": {
"type": "string"
},
"decision_profile": {
"type": "string"
},
"replay_required": {
"type": "boolean"
},
"dal_anchor_required": {
"type": "boolean"
},
"engine_meid": {
"type": "string"
},
"engine_cmi": {
"type": "string"
},
"created_at": {
"type": "string",
"format": "date-time"
}
}
}

31. CSI Compatibility Model

Compatibility must be explicit.

Compatibility TypeMeaning
exactProducer and consumer require same version.
minor_forwardConsumer supports same major and higher minor versions.
minor_backwardConsumer supports same major and lower minor versions.
major_migrationMajor version migration requires adapter or migration engine.
adapter_requiredRuntime adapter must transform contract.
incompatibleNot allowed.

Compatibility should be enforced by the Runtime Configuration Engine before execution.


32. CSI Producer / Consumer Matrix

Producer EngineProducesPrimary Consumers
Signal Parsercomp.TG.OUTPUT.CANONICAL-SIGNAL.v1_0Structure Validation, USO, Audit
Structure Validationcomp.TG.OUTPUT.STRUCTURE-VALIDATION-RESULT.v1_0Normalizer, Audit
Signal Normalizercomp.TG.OUTPUT.NORMALIZED-SIGNAL.v1_0Context Enrichment
Context Enrichmentcomp.TG.OUTPUT.ENRICHED-SIGNAL.v1_0Validation Rule Engine, Rule Evaluation
Validation Rule Enginecomp.TG.OUTPUT.VALIDATION-RULE-RESULT.v1_0Policy Resolution, Scoring, Audit
Policy Resolutioncomp.TG.OUTPUT.POLICY-CONTEXT.v1_0Rule Evaluation, Decision, Replay
Rule Evaluationcomp.TG.OUTPUT.RULE-EVALUATION-RESULT.v1_0Trust Scoring
Trust Scoringcomp.TG.OUTPUT.TRUST-SCORE.v1_0Decision, AII, VIZZ
Decision Enginecomp.TG.OUTPUT.DECISION-RECORD.v1_0Quarantine, Replay, Audit
Quarantine Managercomp.TG.OUTPUT.QUARANTINE-RECORD.v1_0Scheduler, VIZZ, Audit
Replay Enginecomp.TG.OUTPUT.REPLAY-ARTIFACT.v1_0Audit, DAL, Federation
Attestation Enginecomp.TG.OUTPUT.TRUST-ATTESTATION.v1_0DAL, Federation
DAL Anchor Enginecomp.DAL.OUTPUT.ANCHOR-RECEIPT.v1_0Audit, Replay, Federation
Federation Exchangecomp.TG.FEDERATION.EXCHANGE-EVENT.v1_0Audit, Observability
AI Feedback Enginecomp.DSAIL.INPUT.AI-FEEDBACK.v1_0DSAIL
Audit Log Enginecomp.TG.OUTPUT.AUDIT-RECORD.v1_0Audit Store, DAL
Observability Enginecomp.TG.OUTPUT.OBSERVABILITY-EVENT.v1_0VIZZ, AII
Scheduler / Orchestratorcomp.TG.OUTPUT.JOB-RUN.v1_0Observability, Audit

33. SQL DDL — CSI Catalog

create table if not exists zar.csi_catalog (
csi_id uuid primary key default gen_random_uuid(),

csi text not null unique,
canonical_name text not null,
description text not null,

csi_module text not null,
csi_component text not null,
csi_kind text not null,
csi_name text not null,
version_major integer not null,
version_minor integer not null,

schema_ref text not null,
schema_digest text,

producer_meid text,
producer_cmi text,
consumer_meids text[],

direction text not null,
artifact_class text not null,
durability text not null,

replay_semantics text not null default 'not_replayable',
replay_required boolean not null default false,

dal_anchor_eligible boolean not null default false,
dal_anchor_required boolean not null default false,
dal_anchor_mode text not null default 'none',
dal_artifact_type text,

federation_exportable boolean not null default false,
federation_importable boolean not null default false,
redaction_profile_required boolean not null default false,
federation_profile text,

security_level text not null default 'internal',
classification text[],

status text not null default 'draft',
version text not null default '1.0.0',

source_doc_id text,
approved_by text,
approval_status text not null default 'pending',
notes text,

created_at timestamptz not null default now(),
updated_at timestamptz not null default now(),

constraint csi_catalog_kind_chk
check (csi_kind in ('INPUT', 'OUTPUT', 'EVENT', 'STATE', 'SNAPSHOT', 'ERROR', 'CONFIG', 'PROFILE', 'TELEMETRY', 'ANCHOR', 'FEDERATION', 'ATTESTATION')),

constraint csi_catalog_direction_chk
check (direction in ('input', 'output', 'event', 'state', 'snapshot', 'error', 'config', 'profile', 'telemetry', 'anchor', 'federation', 'attestation')),

constraint csi_catalog_durability_chk
check (durability in ('transient', 'persisted', 'immutable', 'ledger_candidate', 'ledgered', 'federated')),

constraint csi_catalog_replay_semantics_chk
check (replay_semantics in ('not_replayable', 'replay_input', 'replay_output', 'replay_snapshot', 'replay_evidence', 'replay_optional')),

constraint csi_catalog_dal_anchor_mode_chk
check (dal_anchor_mode in ('none', 'direct', 'merkle_batch', 'digest_only')),

constraint csi_catalog_security_level_chk
check (security_level in ('public', 'internal', 'restricted', 'confidential', 'critical')),

constraint csi_catalog_status_chk
check (status in ('draft', 'review', 'active', 'canary', 'shadow', 'deprecated', 'retired', 'suspended', 'rejected')),

constraint csi_catalog_approval_status_chk
check (approval_status in ('pending', 'approved', 'rejected', 'not_required'))
);

34. SQL DDL — CSI Compatibility

create table if not exists zar.csi_compatibility (
compatibility_id uuid primary key default gen_random_uuid(),

source_csi text not null references zar.csi_catalog(csi),
target_csi text not null references zar.csi_catalog(csi),

compatibility_type text not null,
adapter_required boolean not null default false,
adapter_meid text,
adapter_cmi text,

notes text,
status text not null default 'active',

created_at timestamptz not null default now(),
updated_at timestamptz not null default now(),

constraint csi_compatibility_type_chk
check (compatibility_type in ('exact', 'minor_forward', 'minor_backward', 'major_migration', 'adapter_required', 'incompatible')),

constraint csi_compatibility_status_chk
check (status in ('active', 'deprecated', 'retired', 'rejected'))
);

35. SQL DDL — CSI Schema Binding

create table if not exists zar.csi_schema_binding (
binding_id uuid primary key default gen_random_uuid(),

csi text not null references zar.csi_catalog(csi),
schema_ref text not null,
schema_digest text,
schema_type text not null default 'json_schema',
sssr_schema_id text,
sssr_schema_version text,

status text not null default 'active',
effective_from timestamptz,
effective_to timestamptz,

created_at timestamptz not null default now(),
updated_at timestamptz not null default now(),

constraint csi_schema_binding_schema_type_chk
check (schema_type in ('json_schema', 'table_schema', 'event_schema', 'avro', 'protobuf', 'sssr')),

constraint csi_schema_binding_status_chk
check (status in ('active', 'deprecated', 'retired', 'rejected'))
);

36. SQL Seed — Core CSI Catalog

insert into zar.csi_catalog
(csi, canonical_name, description, csi_module, csi_component, csi_kind, csi_name,
version_major, version_minor, schema_ref, producer_meid, consumer_meids,
direction, artifact_class, durability, replay_semantics, replay_required,
dal_anchor_eligible, dal_anchor_required, dal_anchor_mode,
federation_exportable, federation_importable, redaction_profile_required,
security_level, classification, status, version, approval_status)
values
('comp.TG.INPUT.RAW-SIGNAL.v1_0', 'Raw Signal', 'Incoming external signal before TrustGate parsing.', 'comp', 'TG', 'INPUT', 'RAW-SIGNAL', 1, 0, 'sssr://trustgate/raw-signal/1_0', null, array['MEID_SIGNAL_PARSE_CANONICAL'], 'input', 'raw_signal', 'persisted', 'replay_input', true, false, false, 'none', false, false, false, 'restricted', array['Runtime','Input'], 'active', '1.0.0', 'approved'),
('comp.TG.OUTPUT.CANONICAL-SIGNAL.v1_0', 'Canonical Signal', 'Parsed canonical TrustGate signal.', 'comp', 'TG', 'OUTPUT', 'CANONICAL-SIGNAL', 1, 0, 'sssr://trustgate/canonical-signal/1_0', 'MEID_SIGNAL_PARSE_CANONICAL', array['MEID_SIGNAL_VALIDATE_STRUCTURE','MEID_TRUST_AUDIT_LOG'], 'output', 'canonical_signal', 'persisted', 'replay_output', true, true, false, 'digest_only', false, false, false, 'restricted', array['Runtime','Assurance'], 'active', '1.0.0', 'approved'),
('comp.TG.OUTPUT.STRUCTURE-VALIDATION-RESULT.v1_0', 'Structure Validation Result', 'Result of structural validation.', 'comp', 'TG', 'OUTPUT', 'STRUCTURE-VALIDATION-RESULT', 1, 0, 'sssr://trustgate/structure-validation-result/1_0', 'MEID_SIGNAL_VALIDATE_STRUCTURE', array['MEID_SIGNAL_NORMALIZE_UNIT','MEID_TRUST_AUDIT_LOG'], 'output', 'validation_result', 'immutable', 'replay_output', true, true, false, 'digest_only', false, false, false, 'restricted', array['Validation','Assurance'], 'active', '1.0.0', 'approved'),
('comp.TG.OUTPUT.NORMALIZED-SIGNAL.v1_0', 'Normalized Signal', 'Normalized TrustGate signal with canonical units and timestamps.', 'comp', 'TG', 'OUTPUT', 'NORMALIZED-SIGNAL', 1, 0, 'sssr://trustgate/normalized-signal/1_0', 'MEID_SIGNAL_NORMALIZE_UNIT', array['MEID_SIGNAL_ENRICH_CONTEXT'], 'output', 'normalized_signal', 'persisted', 'replay_output', true, true, false, 'digest_only', false, false, false, 'restricted', array['Runtime','Assurance'], 'active', '1.0.0', 'approved'),
('comp.TG.OUTPUT.ENRICHED-SIGNAL.v1_0', 'Enriched Signal', 'TrustGate signal enriched with identity, lineage, governance, replay, federation, AI, and risk context.', 'comp', 'TG', 'OUTPUT', 'ENRICHED-SIGNAL', 1, 0, 'sssr://trustgate/enriched-signal/1_0', 'MEID_SIGNAL_ENRICH_CONTEXT', array['MEID_SIGNAL_VALIDATE_RULES','MEID_TRUST_EVALUATE_RULES'], 'output', 'enriched_signal', 'immutable', 'replay_output', true, true, false, 'digest_only', false, false, false, 'critical', array['Assurance','Runtime'], 'active', '1.0.0', 'approved'),
('comp.TG.OUTPUT.VALIDATION-RULE-RESULT.v1_0', 'Validation Rule Result', 'Result of registry-driven validation rule execution.', 'comp', 'TG', 'OUTPUT', 'VALIDATION-RULE-RESULT', 1, 0, 'sssr://trustgate/validation-rule-result/1_0', 'MEID_SIGNAL_VALIDATE_RULES', array['MEID_TRUST_POLICY_RESOLVE','MEID_TRUST_SCORE_CALCULATOR','MEID_TRUST_AUDIT_LOG'], 'output', 'validation_result', 'immutable', 'replay_output', true, true, false, 'digest_only', false, false, false, 'critical', array['Validation','Assurance'], 'active', '1.0.0', 'approved'),
('comp.TG.OUTPUT.POLICY-CONTEXT.v1_0', 'Policy Context', 'Resolved TrustGate runtime policy context.', 'comp', 'TG', 'OUTPUT', 'POLICY-CONTEXT', 1, 0, 'sssr://trustgate/policy-context/1_0', 'MEID_TRUST_POLICY_RESOLVE', array['MEID_TRUST_EVALUATE_RULES','MEID_TRUST_ROUTE_DECISION','MEID_TRUST_REPLAY_COORDINATOR'], 'output', 'policy_context', 'immutable', 'replay_snapshot', true, true, false, 'digest_only', false, false, false, 'critical', array['Governance','Runtime'], 'active', '1.0.0', 'approved'),
('comp.TG.OUTPUT.RULE-EVALUATION-RESULT.v1_0', 'Rule Evaluation Result', 'TrustGate business and assurance rule evaluation result.', 'comp', 'TG', 'OUTPUT', 'RULE-EVALUATION-RESULT', 1, 0, 'sssr://trustgate/rule-evaluation-result/1_0', 'MEID_TRUST_EVALUATE_RULES', array['MEID_TRUST_SCORE_CALCULATOR'], 'output', 'rule_result', 'immutable', 'replay_output', true, true, false, 'digest_only', false, false, false, 'critical', array['Assurance','Runtime'], 'active', '1.0.0', 'approved'),
('comp.TG.OUTPUT.TRUST-SCORE.v1_0', 'Trust Score', 'Trust score artifact produced by the TrustGate Trust Scoring Engine.', 'comp', 'TG', 'OUTPUT', 'TRUST-SCORE', 1, 0, 'sssr://trustgate/trust-score/1_0', 'MEID_TRUST_SCORE_CALCULATOR', array['MEID_TRUST_ROUTE_DECISION','MEID_TRUST_AUDIT_LOG','MEID_TRUST_MONITOR_RUNTIME'], 'output', 'trust_score', 'immutable', 'replay_output', true, true, false, 'digest_only', false, false, false, 'critical', array['Assurance','Scoring'], 'active', '1.0.0', 'approved'),
('comp.TG.OUTPUT.DECISION-RECORD.v1_0', 'Decision Record', 'TrustGate decision artifact.', 'comp', 'TG', 'OUTPUT', 'DECISION-RECORD', 1, 0, 'sssr://trustgate/decision-record/1_0', 'MEID_TRUST_ROUTE_DECISION', array['MEID_TRUST_QUARANTINE_MANAGER','MEID_TRUST_REPLAY_COORDINATOR','MEID_TRUST_AUDIT_LOG'], 'output', 'decision_record', 'immutable', 'replay_output', true, true, false, 'digest_only', false, false, false, 'critical', array['Decision','Assurance'], 'active', '1.0.0', 'approved'),
('comp.TG.OUTPUT.TRUST-ATTESTATION.v1_0', 'Trust Attestation', 'Trust attestation generated from validated TrustGate runtime evidence.', 'comp', 'TG', 'OUTPUT', 'TRUST-ATTESTATION', 1, 0, 'sssr://trustgate/trust-attestation/1_0', 'MEID_TRUST_ATTESTATION_ISSUE', array['MEID_TRUST_ANCHOR_DAL','MEID_TRUST_EXCHANGE_FEDERATION'], 'output', 'attestation', 'ledger_candidate', 'replay_evidence', true, true, true, 'merkle_batch', true, true, true, 'critical', array['Attestation','Federation','DAL'], 'active', '1.0.0', 'approved')
on conflict (csi) do update set
canonical_name = excluded.canonical_name,
description = excluded.description,
schema_ref = excluded.schema_ref,
producer_meid = excluded.producer_meid,
consumer_meids = excluded.consumer_meids,
direction = excluded.direction,
artifact_class = excluded.artifact_class,
durability = excluded.durability,
replay_semantics = excluded.replay_semantics,
replay_required = excluded.replay_required,
dal_anchor_eligible = excluded.dal_anchor_eligible,
dal_anchor_required = excluded.dal_anchor_required,
dal_anchor_mode = excluded.dal_anchor_mode,
federation_exportable = excluded.federation_exportable,
federation_importable = excluded.federation_importable,
redaction_profile_required = excluded.redaction_profile_required,
security_level = excluded.security_level,
classification = excluded.classification,
status = excluded.status,
version = excluded.version,
approval_status = excluded.approval_status,
updated_at = now();

37. JSON Schema — CSI Catalog Record

{
"$id": "https://schema.zayaz.io/trustgate/csi-catalog/v1/csi-record.schema.json",
"type": "object",
"required": [
"csi",
"canonical_name",
"description",
"csi_module",
"csi_component",
"csi_kind",
"csi_name",
"version_major",
"version_minor",
"schema_ref",
"direction",
"artifact_class",
"durability",
"replay_semantics",
"replay_required",
"dal_anchor_eligible",
"dal_anchor_required",
"federation_exportable",
"security_level",
"status",
"version"
],
"properties": {
"csi": {
"type": "string",
"pattern": "^[a-z]+\\.[A-Z0-9-]+\\.[A-Z]+\\.[A-Z0-9-]+\\.v[0-9]+_[0-9]+$"
},
"canonical_name": {
"type": "string"
},
"description": {
"type": "string"
},
"csi_module": {
"type": "string"
},
"csi_component": {
"type": "string"
},
"csi_kind": {
"type": "string"
},
"csi_name": {
"type": "string"
},
"version_major": {
"type": "integer"
},
"version_minor": {
"type": "integer"
},
"schema_ref": {
"type": "string"
},
"producer_meid": {
"type": ["string", "null"]
},
"consumer_meids": {
"type": "array",
"items": {
"type": "string"
}
},
"direction": {
"type": "string"
},
"artifact_class": {
"type": "string"
},
"durability": {
"type": "string"
},
"replay_semantics": {
"type": "string"
},
"replay_required": {
"type": "boolean"
},
"dal_anchor_eligible": {
"type": "boolean"
},
"dal_anchor_required": {
"type": "boolean"
},
"federation_exportable": {
"type": "boolean"
},
"security_level": {
"type": "string"
},
"status": {
"type": "string"
},
"version": {
"type": "string"
}
}
}

38. API Contract — Resolve CSI

POST /api/trustgate/csi-catalog/resolve

Request:

{
"csi": "comp.TG.OUTPUT.TRUST-SCORE.v1_0",
"purpose": "runtime_execution",
"engine_meid": "MEID_TRUST_ROUTE_DECISION",
"engine_cmi": "vera.TG-DECISION.ENGINE.ROUTER.1_0_0"
}

Response:

{
"status": "resolved",
"csi": "comp.TG.OUTPUT.TRUST-SCORE.v1_0",
"schema_ref": "sssr://trustgate/trust-score/1_0",
"schema_digest": "sha256:...",
"compatible": true,
"replay_required": true,
"dal_anchor_eligible": true,
"federation_exportable": false,
"security_level": "critical"
}

39. API Contract — Check Compatibility

POST /api/trustgate/csi-catalog/check-compatibility

Request:

{
"producer_csi": "comp.TG.OUTPUT.TRUST-SCORE.v1_0",
"consumer_engine_meid": "MEID_TRUST_ROUTE_DECISION",
"consumer_engine_cmi": "vera.TG-DECISION.ENGINE.ROUTER.1_0_0",
"accepted_versions": [
"comp.TG.OUTPUT.TRUST-SCORE.v1_0",
"comp.TG.OUTPUT.TRUST-SCORE.v1_1"
]
}

Response:

{
"status": "compatible",
"compatibility_type": "exact",
"adapter_required": false,
"schema_ref": "sssr://trustgate/trust-score/1_0"
}

40. API Contract — Register CSI

POST /api/trustgate/csi-catalog/register

Request:

{
"csi": "comp.TG.OUTPUT.TRUST-SCORE.v1_1",
"canonical_name": "TrustGate Trust Score",
"description": "Minor version adding optional calibration diagnostics.",
"schema_ref": "sssr://trustgate/trust-score/1_1",
"producer_meid": "MEID_TRUST_SCORE_CALCULATOR",
"direction": "output",
"artifact_class": "trust_score",
"durability": "immutable",
"replay_required": true,
"security_level": "critical"
}

Response:

{
"status": "registered",
"csi": "comp.TG.OUTPUT.TRUST-SCORE.v1_1",
"requires_approval": true,
"material_change": false,
"compatibility_review_required": true
}

41. Governance Requirements

CSI changes require governance review when they affect:

  • required fields;
  • datatypes;
  • semantic meaning;
  • replay behavior;
  • DAL behavior;
  • federation visibility;
  • security classification;
  • producer/consumer compatibility;
  • schema digest;
  • event ordering;
  • retention;
  • public or regulator-facing exposure.

Material CSI changes must produce an audit event and may require DAL anchoring.


42. Replay Requirements

Audit-grade replay requires:

  • exact CSI version;
  • exact schema snapshot;
  • schema digest;
  • producer MEID and CMI;
  • consumer MEID and CMI;
  • runtime configuration snapshot;
  • policy bundle;
  • artifact hash;
  • USO lineage record;
  • replay-compatible serialization.

Replay must not use a newer CSI version unless replay mode is explicitly marked as current-policy simulation.


43. DAL Requirements

DAL anchoring is required for selected CSI artifacts under policy.

Typical DAL-required artifacts:

  • trust attestations;
  • critical replay proofs;
  • critical validation failures;
  • invalid DID failures;
  • signature failures;
  • federation exchange proofs;
  • material configuration snapshots;
  • audit chain conflict records;
  • regulator-requested evidence packages.

The CSI Catalog defines eligibility and default requirement. Runtime policy defines final anchoring obligation.


44. Federation Requirements

Federation-exportable CSIs must define:

  • exportable fields;
  • blocked fields;
  • redaction profile;
  • target federation profile;
  • minimum identity requirements;
  • signature requirements;
  • replay reference requirement;
  • DAL reference requirement;
  • import verification requirements.

A CSI must never become federation-exportable without governance review.


45. Security Requirements

The CSI Catalog must:

  • authenticate all write access;
  • authorize CSI creation, versioning, deprecation, and retirement;
  • validate naming convention;
  • validate schema binding;
  • prevent conflicting producer mappings;
  • prevent unsafe federation exposure;
  • enforce security classification;
  • preserve version history;
  • support signed CSI snapshots;
  • prevent deletion of historically referenced CSIs;
  • emit audit events for material changes.

46. Observability Metrics

MetricDescription
tg_csi_catalog_records_totalTotal CSI records.
tg_csi_catalog_active_totalActive CSI records.
tg_csi_catalog_by_kind_totalCSI count by kind.
tg_csi_catalog_by_security_totalCSI count by security level.
tg_csi_compatibility_check_totalCompatibility checks performed.
tg_csi_compatibility_failed_totalFailed compatibility checks.
tg_csi_schema_binding_failed_totalInvalid schema bindings.
tg_csi_federation_exportable_totalFederation-exportable CSIs.
tg_csi_dal_required_totalDAL-required CSIs.
tg_csi_change_totalCSI changes.

47. Testing Requirements

Test TypeRequirement
Naming TestCSI follows canonical naming pattern.
Schema TestSchema exists and validates.
Compatibility TestProducer and consumer compatibility is explicit.
Replay TestReplay semantics are correct and deterministic.
DAL TestDAL eligibility and requirement behave as expected.
Federation TestExportability and redaction are safe.
Security TestClassification and access controls are correct.
Lifecycle TestStatus transitions are governed.
Producer TestProducer MEID/CMI exists and is compatible.
Consumer TestConsumer MEIDs exist and accept the CSI.

48. Implementation Anti-Patterns

Anti-PatternRisk
Unregistered interfacesBreaks traceability and replay.
Reusing CSI name for changed semanticsSilent contract break.
Missing schema referenceRuntime validation cannot be trusted.
Live schema lookup during audit replayNon-deterministic replay.
Exporting raw internal CSIsFederation leakage.
No producer/consumer mapBreaks impact analysis.
No compatibility tableUnsafe engine upgrades.
Deleting retired CSIsBreaks historical replay.
Hardcoded interfaces in enginesWeak governance.
Missing security classificationData exposure risk.

49. Developer Implementation Notes

Developers should implement the CSI Catalog as a ZAR-backed interface registry with SSSR schema binding.

Recommended components:

  • CSI parser and validator;
  • catalog table;
  • compatibility table;
  • schema binding table;
  • producer/consumer resolver;
  • version compatibility checker;
  • replay snapshot builder;
  • DAL eligibility resolver;
  • federation redaction resolver;
  • audit publisher;
  • observability publisher;
  • runtime read API;
  • governance write API;
  • migration/adapter registry.

All TrustGate engines should declare consumed and produced CSIs in their engine specification and runtime metadata.


50. References

SpecificationID
TrustGateTG
TrustGate MIBTG-MIB
TrustGate Micro-Engine CatalogTG-MEC
TrustGate Validation Rule RegistryTG-VRR
TrustGate Validation Rule EngineTG-VALRULE
TrustGate Runtime Configuration EngineTG-CONFIG
TrustGate Runtime Observability EngineTG-OBSERVE
Digital Assurance LedgerDAL
Operational Assurance & ReplayOARM
Cross-ECO Assurance & FederationAFLE
Global Federation StackEGFS
Federated Assurance Governance FrameworkFAGF
Assurance Intelligence IndexAII
AI-Assisted Assurance & Trust IntelligenceAIATI
Shared Semantic Schema RegistrySSSR
ZAYAZ Artifact RegistryZAR

51. Summary

The TrustGate CSI Catalog is the canonical contract catalog for TrustGate runtime interfaces.

It defines the inputs, outputs, events, snapshots, errors, configuration objects, profiles, federation artifacts, DAL artifacts, telemetry artifacts, and audit artifacts used across the TrustGate engine family.

Together with ZAR, SSSR, the Runtime Configuration Engine, and the Validation Rule Registry, the CSI Catalog ensures TrustGate interfaces are governed, versioned, replayable, auditable, federation-safe, and compatible across engine versions.

No TrustGate runtime interface should be used in production unless it is registered, versioned, schema-bound, compatibility-checked, and governed through this catalog or an equivalent FAGF-authorized mechanism.

GitHub RepoRequest for Change (RFC)