TG-CSI
TrustGate CSI Catalog
1. Purpose
The TrustGate CSI Catalog is the canonical interface and contract catalog for TrustGate.
CSI means Canonical Signal Interface.
A CSI defines a governed input, output, or event contract used by TrustGate engines and related ZAYAZ assurance services. It defines the semantic contract, schema binding, producer, consumer, direction, version, lifecycle status, security classification, replay behavior, DAL eligibility, federation visibility, and compatibility rules for TrustGate runtime artifacts.
The catalog answers questions such as:
- Which CSI represents a raw incoming TrustGate signal?
- Which CSI is produced by the Signal Parser?
- Which CSI is consumed by the Validation Rule Engine?
- Which CSI is replay-safe?
- Which CSI is federation-exportable?
- Which CSI requires DAL anchoring?
- Which CSI schema version is active?
- Which engines produce and consume each CSI?
- Which CSI versions are backward compatible?
- Which CSIs are allowed in production?
- Which CSIs are events, and which are durable artifacts?
- Which CSIs must be captured in USO lineage?
- Which CSIs are safe for AII or DSAIL feedback?
The CSI Catalog is the contract layer between TrustGate engines.
2. CSI Naming Convention
TrustGate follows the canonical CSI pattern:
<csi_module>.<csi_component>.<csi_kind>.<csi_name>.<csi_version_maj>_<csi_version_min>
Example:
comp.AIIL.INPUT.TRUST-SCORE.v1_0
For TrustGate, the most common pattern is:
comp.TG.<KIND>.<NAME>.v<MAJOR>_<MINOR>
Examples:
comp.TG.INPUT.RAW-SIGNAL.v1_0
comp.TG.OUTPUT.CANONICAL-SIGNAL.v1_0
comp.TG.EVENT.TRUST-SCORED.v1_0
The module prefix comp is used because CSIs describe computational and runtime data contracts crossing component boundaries. The CMI domain for TrustGate executable engines remains vera where the executable belongs to Verification & Assurance.
3. CSI Identity Fields
| Field | Description |
|---|---|
csi | Full canonical CSI identifier. |
csi_module | Module namespace, usually comp for computational interface contracts. |
csi_component | Component namespace, usually TG for TrustGate. |
csi_kind | Interface kind, such as INPUT, OUTPUT, EVENT, STATE, SNAPSHOT, or ERROR. |
csi_name | Canonical name of the contract. |
csi_version_major | Major version. |
csi_version_minor | Minor version. |
canonical_name | Human-readable name. |
description | Purpose of the interface. |
schema_ref | SSSR or JSON Schema reference. |
status | Lifecycle status. |
security_level | Public, internal, restricted, confidential, critical. |
producer_meid | Producing MEID, if engine-produced. |
consumer_meids | Consuming MEIDs. |
replay_required | Whether the interface must be replay-captured. |
dal_anchor_eligible | Whether the artifact can be anchored in DAL. |
federation_exportable | Whether the interface can cross ECO boundaries. |
4. CSI Kind Vocabulary
| Kind | Purpose |
|---|---|
INPUT | Runtime input contract consumed by an engine. |
OUTPUT | Runtime output artifact produced by an engine. |
EVENT | Event contract emitted to the event bus or observability stream. |
STATE | Durable runtime state contract. |
SNAPSHOT | Immutable replay or registry snapshot contract. |
ERROR | Error or failure contract. |
CONFIG | Configuration contract. |
PROFILE | Profile contract. |
TELEMETRY | Observability or AII telemetry contract. |
ANCHOR | DAL anchor candidate or ledger reference contract. |
FEDERATION | Cross-ECO exchange contract. |
ATTESTATION | Trust attestation contract. |
A single CSI should not mix durable artifact semantics with event semantics. If both are required, define separate OUTPUT and EVENT CSIs.
5. CSI Lifecycle Status
| Status | Meaning |
|---|---|
draft | Proposed contract not yet executable. |
review | Under architecture or governance review. |
active | Approved for production use. |
canary | Approved for limited production rollout. |
shadow | Produced for comparison but not authoritative. |
deprecated | Still supported but should not be used for new work. |
retired | No longer valid for runtime use. |
suspended | Temporarily disabled. |
rejected | Proposal rejected. |
Production engines should only use active, canary, or explicitly authorized shadow CSIs.
6. CSI Versioning Rules
CSI versioning follows semantic contract compatibility.
v<MAJOR>_<MINOR>
| Change Type | Version Impact |
|---|---|
| Add optional field | Minor version. |
| Add enum value where consumers tolerate unknown values | Minor version. |
| Clarify description only | Metadata revision. |
| Add required field | Major version. |
| Remove field | Major version. |
| Rename field | Major version. |
| Change datatype | Major version. |
| Change semantic meaning | Major version. |
| Change security classification | Governance review, often major version. |
| Change federation visibility | Governance review, often major version. |
| Change replay semantics | Governance review, often major version. |
A CSI version must never change semantics silently.
7. CSI Relationship to SSSR
SSSR is the canonical schema system.
The CSI Catalog identifies the contract. SSSR defines the machine-readable schema.
CSI Catalog
│
├── CSI identity
├── lifecycle
├── producer/consumer mapping
├── governance metadata
└── schema_ref
│
▼
SSSR
│
├── JSON Schema
├── validation rules
├── datatype definitions
└── schema snapshots
Every production CSI must reference either an SSSR schema, JSON Schema document, table schema, event schema, or formally approved contract definition.
8. CSI Relationship to MEID and CMI
MEID identifies a stable logical micro-engine. CMI identifies a versioned executable artifact. CSI identifies the data contract that engines consume or produce.
MEID
│
├── CMI v1_0_0
│ ├── consumes CSI A
│ └── produces CSI B
│
└── CMI v1_1_0
├── consumes CSI A v1_1
└── produces CSI B v1_1
A single MEID may consume or produce multiple CSIs.
A CSI may be produced by one canonical engine and consumed by many engines.
9. Canonical TrustGate Runtime CSI Flow
comp.TG.INPUT.RAW-SIGNAL.v1_0
│
▼
comp.TG.OUTPUT.CANONICAL-SIGNAL.v1_0
│
▼
comp.TG.OUTPUT.STRUCTURE-VALIDATION-RESULT.v1_0
│
▼
comp.TG.OUTPUT.NORMALIZED-SIGNAL.v1_0
│
▼
comp.TG.OUTPUT.ENRICHED-SIGNAL.v1_0
│
▼
comp.TG.OUTPUT.VALIDATION-RULE-RESULT.v1_0
│
▼
comp.TG.OUTPUT.POLICY-CONTEXT.v1_0
│
▼
comp.TG.OUTPUT.RULE-EVALUATION-RESULT.v1_0
│
▼
comp.TG.OUTPUT.TRUST-SCORE.v1_0
│
▼
comp.TG.OUTPUT.DECISION-RECORD.v1_0
│
▼
comp.TG.OUTPUT.REPLAY-ARTIFACT.v1_0
│
▼
comp.TG.OUTPUT.TRUST-ATTESTATION.v1_0
│
▼
comp.DAL.INPUT.ANCHOR-CANDIDATE.v1_0
│
▼
comp.TG.FEDERATION.EXCHANGE-EVENT.v1_0
│
▼
comp.DSAIL.INPUT.AI-FEEDBACK.v1_0
10. CSI Catalog Record Model
| Field | Required | Description |
|---|---|---|
csi | Yes | Full CSI identifier. |
canonical_name | Yes | Human-readable name. |
description | Yes | Interface purpose. |
csi_module | Yes | Module namespace. |
csi_component | Yes | Component namespace. |
csi_kind | Yes | Interface kind. |
csi_name | Yes | Short name. |
version_major | Yes | Major version. |
version_minor | Yes | Minor version. |
schema_ref | Yes | SSSR or JSON Schema reference. |
schema_digest | Conditional | Schema digest. |
producer_meid | Conditional | Canonical producing engine. |
producer_cmi | Conditional | Producing CMI, where version-specific. |
consumer_meids | Conditional | Consumer engines. |
direction | Yes | input, output, event, state, snapshot. |
artifact_class | Yes | signal, result, event, attestation, anchor, telemetry, etc. |
durability | Yes | transient, persisted, immutable, ledgered. |
replay_required | Yes | Whether replay capture is required. |
dal_anchor_eligible | Yes | Whether DAL anchoring is allowed. |
dal_anchor_required | Yes | Whether DAL anchoring is mandatory. |
federation_exportable | Yes | Whether export outside ECO is permitted. |
redaction_profile_required | Yes | Whether redaction profile is required. |
security_level | Yes | Security classification. |
status | Yes | Lifecycle status. |
version | Yes | Catalog record version. |
11. Artifact Classes
| Artifact Class | Description |
|---|---|
raw_signal | Incoming external payload. |
canonical_signal | Parsed canonical signal. |
validation_result | Structural or rule validation result. |
normalized_signal | Unit/time/identity-normalized signal. |
enriched_signal | Signal enriched with identity, lineage, governance, replay, federation, AI, and risk context. |
policy_context | Resolved policy and runtime configuration context. |
rule_result | Runtime rule evaluation result. |
trust_score | Trust score and dimensions. |
decision_record | TrustGate decision artifact. |
quarantine_record | Quarantine case or candidate. |
replay_artifact | Replay manifest, result, or proof. |
attestation | Trust attestation or verifiable assurance artifact. |
anchor_candidate | DAL anchor candidate. |
federation_event | Cross-ECO exchange event. |
audit_record | Audit log artifact. |
telemetry | Observability, AII, or DSAIL telemetry. |
configuration | Runtime configuration or profile. |
scheduler_job | Scheduler job or workflow state. |
12. Durability Model
| Durability | Meaning |
|---|---|
transient | Used during runtime, not stored by default. |
persisted | Stored in operational store. |
immutable | Stored as immutable assurance artifact. |
ledger_candidate | Eligible for DAL anchoring. |
ledgered | Already anchored or represented in DAL. |
federated | Exported or importable across ECO boundaries. |
Durability is important for replay, audit, DAL, and retention.
13. Security Classification
| Security Level | Meaning |
|---|---|
public | Safe for public disclosure. |
internal | Internal ZAYAZ / Viroway use. |
restricted | Tenant or assurance team restricted. |
confidential | Sensitive business, identity, or compliance data. |
critical | Security, ledger, identity, federation, or assurance-critical artifact. |
Most TrustGate runtime CSIs are at least restricted. Identity, signature, federation, DAL, audit, and configuration CSIs are usually critical.
14. Replay Semantics
Each CSI must define replay behavior.
| Replay Value | Meaning |
|---|---|
not_replayable | Not used in replay. |
replay_input | Required as replay input. |
replay_output | Produced during replay. |
replay_snapshot | Immutable snapshot required for deterministic replay. |
replay_evidence | Evidence artifact used to prove replay result. |
replay_optional | May be used for diagnostics but not required. |
Audit-grade replay requires exact CSI version and schema digest.
15. DAL Semantics
Each CSI must define DAL anchoring behavior.
| DAL Field | Meaning |
|---|---|
dal_anchor_eligible | The artifact may be anchored. |
dal_anchor_required | The artifact must be anchored under policy. |
dal_anchor_mode | direct, merkle_batch, digest_only, none. |
dal_artifact_type | DAL artifact type name. |
dal_trigger | Condition that triggers anchoring. |
Examples of DAL-required CSIs include trust attestations, critical replay proofs, signature failures, invalid DID failures, material configuration snapshots, federation exchange proofs, and audit chain conflicts.
16. Federation Semantics
Each CSI must define federation visibility.
| Field | Meaning |
|---|---|
federation_exportable | Whether the artifact may leave the source ECO boundary. |
federation_importable | Whether the artifact may be received from another ECO. |
redaction_profile_required | Whether redaction is mandatory before export. |
federation_profile | Applicable AFLE/EGFS profile. |
allowed_federation_fields | Whitelisted export fields. |
blocked_federation_fields | Fields that must never be exported. |
Raw signals, private audit details, reviewer notes, and internal configuration internals should not be exported.
Trust attestations, redacted validation summaries, DAL references, replay references, and federation health summaries may be exportable.
17. Core TrustGate Input CSIs
| CSI | Canonical Name | Producer | Consumer | Replay | Federation |
|---|---|---|---|---|---|
comp.TG.INPUT.RAW-SIGNAL.v1_0 | Raw Signal | External source / Input Hub | Signal Parser | replay_input | No |
comp.TG.INPUT.PARSER-CONTEXT.v1_0 | Parser Context | Runtime Configuration | Signal Parser | replay_snapshot | No |
comp.TG.INPUT.STRUCTURE-VALIDATION-REQUEST.v1_0 | Structure Validation Request | Signal Parser | Structure Validation Engine | replay_input | No |
comp.TG.INPUT.NORMALIZATION-REQUEST.v1_0 | Normalization Request | Structure Validation Engine | Signal Normalizer | replay_input | No |
comp.TG.INPUT.CONTEXT-ENRICHMENT-REQUEST.v1_0 | Context Enrichment Request | Signal Normalizer | Context Enrichment Engine | replay_input | No |
comp.TG.INPUT.VALIDATION-RULE-REQUEST.v1_0 | Validation Rule Request | Context Enrichment Engine | Validation Rule Engine | replay_input | No |
comp.TG.INPUT.POLICY-RESOLUTION-REQUEST.v1_0 | Policy Resolution Request | Validation Rule Engine | Policy Resolution Engine | replay_input | No |
comp.TG.INPUT.RULE-EVALUATION-REQUEST.v1_0 | Rule Evaluation Request | Policy Resolution Engine | Rule Evaluation Engine | replay_input | No |
comp.TG.INPUT.TRUST-SCORE-REQUEST.v1_0 | Trust Score Request | Rule Evaluation Engine | Trust Scoring Engine | replay_input | No |
comp.TG.INPUT.DECISION-REQUEST.v1_0 | Decision Request | Trust Scoring Engine | Decision Engine | replay_input | No |
18. Core TrustGate Output CSIs
| CSI | Canonical Name | Producer | Consumer | Replay | DAL |
|---|---|---|---|---|---|
comp.TG.OUTPUT.CANONICAL-SIGNAL.v1_0 | Canonical Signal | Signal Parser | Structure Validation / USO | replay_output | eligible |
comp.TG.OUTPUT.STRUCTURE-VALIDATION-RESULT.v1_0 | Structure Validation Result | Structure Validation Engine | Signal Normalizer / Audit | replay_output | conditional |
comp.TG.OUTPUT.NORMALIZED-SIGNAL.v1_0 | Normalized Signal | Signal Normalizer | Context Enrichment | replay_output | eligible |
comp.TG.OUTPUT.ENRICHED-SIGNAL.v1_0 | Enriched Signal | Context Enrichment Engine | Validation Rule Engine | replay_output | conditional |
comp.TG.OUTPUT.VALIDATION-RULE-RESULT.v1_0 | Validation Rule Result | Validation Rule Engine | Policy Resolution / Scoring / Audit | replay_output | conditional |
comp.TG.OUTPUT.POLICY-CONTEXT.v1_0 | Policy Context | Policy Resolution Engine | Rule Evaluation / Decision / Replay | replay_snapshot | conditional |
comp.TG.OUTPUT.RULE-EVALUATION-RESULT.v1_0 | Rule Evaluation Result | Rule Evaluation Engine | Trust Scoring | replay_output | conditional |
comp.TG.OUTPUT.TRUST-SCORE.v1_0 | Trust Score | Trust Scoring Engine | Decision / AII / VIZZ | replay_output | conditional |
comp.TG.OUTPUT.DECISION-RECORD.v1_0 | Decision Record | Decision Engine | Quarantine / Replay / Audit / DAL | replay_output | conditional |
comp.TG.OUTPUT.QUARANTINE-CANDIDATE.v1_0 | Quarantine Candidate | Decision / Validation / Rule Engines | Quarantine Manager | replay_output | conditional |
comp.TG.OUTPUT.QUARANTINE-RECORD.v1_0 | Quarantine Record | Quarantine Manager | Audit / VIZZ / Replay | replay_output | conditional |
comp.TG.OUTPUT.TRUST-ATTESTATION.v1_0 | Trust Attestation | Attestation Engine | DAL / Federation / Audit | replay_evidence | required |
comp.TG.OUTPUT.REPLAY-ARTIFACT.v1_0 | Replay Artifact | Replay Engine | Audit / DAL / Federation | replay_evidence | conditional |
comp.TG.OUTPUT.AUDIT-RECORD.v1_0 | Audit Record | Audit Log Engine | Audit Store / DAL | replay_evidence | conditional |
comp.TG.OUTPUT.RUNTIME-HEALTH.v1_0 | Runtime Health | Observability Engine | VIZZ / AII / Scheduler | replay_optional | conditional |
19. TrustGate Event CSIs
| CSI | Canonical Name | Producer | Primary Consumers |
|---|---|---|---|
comp.TG.EVENT.SIGNAL-RECEIVED.v1_0 | Signal Received Event | Input Hub / Signal Parser | Observability, Audit |
comp.TG.EVENT.SIGNAL-PARSED.v1_0 | Signal Parsed Event | Signal Parser | Observability, USO |
comp.TG.EVENT.STRUCTURE-VALIDATED.v1_0 | Structure Validated Event | Structure Validation Engine | Observability, Audit |
comp.TG.EVENT.SIGNAL-NORMALIZED.v1_0 | Signal Normalized Event | Signal Normalizer | Observability, USO |
comp.TG.EVENT.CONTEXT-ENRICHED.v1_0 | Context Enriched Event | Context Enrichment Engine | Audit, AII |
comp.TG.EVENT.VALIDATION-RULES-EXECUTED.v1_0 | Validation Rules Executed Event | Validation Rule Engine | Audit, Observability |
comp.TG.EVENT.POLICY-RESOLVED.v1_0 | Policy Resolved Event | Policy Resolution Engine | Audit, Replay |
comp.TG.EVENT.RULE-EVALUATED.v1_0 | Rule Evaluated Event | Rule Evaluation Engine | Observability, Scoring |
comp.TG.EVENT.TRUST-SCORED.v1_0 | Trust Scored Event | Trust Scoring Engine | VIZZ, AII |
comp.TG.EVENT.DECISION-CREATED.v1_0 | Decision Created Event | Decision Engine | Audit, Quarantine |
comp.TG.EVENT.QUARANTINE-CREATED.v1_0 | Quarantine Created Event | Quarantine Manager | Scheduler, VIZZ |
comp.TG.EVENT.REPLAY-COMPLETED.v1_0 | Replay Completed Event | Replay Engine | Audit, DAL, AII |
comp.TG.EVENT.ATTESTATION-CREATED.v1_0 | Attestation Created Event | Attestation Engine | DAL, Federation |
comp.TG.EVENT.DAL-CANDIDATE-CREATED.v1_0 | DAL Candidate Created Event | DAL Anchor Engine | Scheduler, Audit |
comp.TG.EVENT.FEDERATION-EXPORTED.v1_0 | Federation Exported Event | Federation Exchange Engine | Audit, Observability |
comp.TG.EVENT.AI-FEEDBACK-PUBLISHED.v1_0 | AI Feedback Published Event | AI Feedback Engine | DSAIL, Audit |
20. Configuration and Profile CSIs
| CSI | Canonical Name | Producer | Consumer |
|---|---|---|---|
comp.TG.CONFIG.RUNTIME-CONFIG.v1_0 | Runtime Configuration | Runtime Configuration Engine | All TrustGate Engines |
comp.TG.CONFIG.ENGINE-CONFIG-VIEW.v1_0 | Engine Configuration View | Runtime Configuration Engine | Specific Engine |
comp.TG.SNAPSHOT.CONFIG-SNAPSHOT.v1_0 | Configuration Snapshot | Runtime Configuration Engine | Replay / Audit |
comp.TG.PROFILE.VALIDATION-PROFILE.v1_0 | Validation Profile | Runtime Configuration / ZAR | Validation Rule Engine |
comp.TG.PROFILE.SCORING-PROFILE.v1_0 | Scoring Profile | Runtime Configuration / ZAR | Trust Scoring Engine |
comp.TG.PROFILE.DECISION-PROFILE.v1_0 | Decision Profile | Runtime Configuration / ZAR | Decision Engine |
comp.TG.PROFILE.REPLAY-PROFILE.v1_0 | Replay Profile | Runtime Configuration / OARM | Replay Engine |
comp.TG.PROFILE.DAL-ANCHOR-PROFILE.v1_0 | DAL Anchor Profile | Runtime Configuration / DAL | DAL Anchor Engine |
comp.TG.PROFILE.FEDERATION-PROFILE.v1_0 | Federation Profile | Runtime Configuration / EGFS / AFLE | Federation Exchange Engine |
comp.TG.PROFILE.AI-GOVERNANCE-PROFILE.v1_0 | AI Governance Profile | Runtime Configuration / DSAIL | AI Feedback Engine |
comp.TG.PROFILE.OBSERVABILITY-PROFILE.v1_0 | Observability Profile | Runtime Configuration | Observability Engine |
comp.TG.PROFILE.SCHEDULER-PROFILE.v1_0 | Scheduler Profile | Runtime Configuration | Scheduler / Orchestrator |
21. Replay CSIs
| CSI | Canonical Name | Producer | Consumer |
|---|---|---|---|
comp.TG.INPUT.REPLAY-REQUEST.v1_0 | Replay Request | OARM / Auditor / Scheduler | Replay Engine |
comp.TG.OUTPUT.REPLAY-MANIFEST.v1_0 | Replay Manifest | Replay Engine | AAE / Audit |
comp.TG.OUTPUT.REPLAY-RESULT.v1_0 | Replay Result | Replay Engine | Audit / DAL / AII |
comp.TG.OUTPUT.REPLAY-DIFF.v1_0 | Replay Diff | Replay Engine | Audit / Review |
comp.TG.OUTPUT.REPLAY-PROOF.v1_0 | Replay Proof | Replay Engine | DAL / Federation |
comp.TG.EVENT.REPLAY-STARTED.v1_0 | Replay Started Event | Replay Engine | Observability |
comp.TG.EVENT.REPLAY-FAILED.v1_0 | Replay Failed Event | Replay Engine | Audit / Scheduler |
comp.TG.SNAPSHOT.REPLAY-SNAPSHOT.v1_0 | Replay Snapshot | Runtime Configuration / Replay | Replay Engine |
22. DAL CSIs
| CSI | Canonical Name | Producer | Consumer |
|---|---|---|---|
comp.DAL.INPUT.ANCHOR-CANDIDATE.v1_0 | DAL Anchor Candidate | TrustGate Engines | DAL Anchor Engine |
comp.DAL.OUTPUT.ANCHOR-RECEIPT.v1_0 | DAL Anchor Receipt | DAL Anchor Engine | Audit / Replay / Federation |
comp.DAL.OUTPUT.MERKLE-PROOF.v1_0 | Merkle Proof | DAL | Replay / Federation |
comp.DAL.EVENT.ANCHOR-SUBMITTED.v1_0 | Anchor Submitted Event | DAL Anchor Engine | Observability |
comp.DAL.EVENT.ANCHOR-VERIFIED.v1_0 | Anchor Verified Event | DAL Anchor Engine | Audit / AII |
comp.DAL.EVENT.ANCHOR-FAILED.v1_0 | Anchor Failed Event | DAL Anchor Engine | Scheduler / Audit |
23. Federation CSIs
| CSI | Canonical Name | Producer | Consumer |
|---|---|---|---|
comp.TG.FEDERATION.EXPORT-PACKAGE.v1_0 | Federation Export Package | Federation Exchange Engine | Target ECO |
comp.TG.FEDERATION.IMPORT-PACKAGE.v1_0 | Federation Import Package | Source ECO | Federation Exchange Engine |
comp.TG.FEDERATION.EXCHANGE-EVENT.v1_0 | Federation Exchange Event | Federation Exchange Engine | Audit / Observability |
comp.TG.FEDERATION.REDACTED-ATTESTATION.v1_0 | Redacted Attestation | Federation Exchange Engine | Target ECO |
comp.TG.FEDERATION.TRUST-REFERENCE.v1_0 | Trust Reference | Federation Exchange Engine | Target ECO / Carbon Passport |
comp.TG.FEDERATION.CONFLICT-EVENT.v1_0 | Federation Conflict Event | Federation Exchange Engine | Scheduler / Audit |
comp.EGFS.INPUT.IDENTITY-CONTEXT.v1_0 | EGFS Identity Context | EGFS | Context Enrichment / Federation |
comp.AFLE.INPUT.FEDERATION-POLICY.v1_0 | AFLE Federation Policy | AFLE | Federation Exchange Engine |
24. AI and AII CSIs
| CSI | Canonical Name | Producer | Consumer |
|---|---|---|---|
comp.DSAIL.INPUT.AI-FEEDBACK.v1_0 | AI Feedback | AI Feedback Engine | DSAIL |
comp.DSAIL.INPUT.VALIDATION-FEEDBACK.v1_0 | Validation Feedback | Validation Rule Engine | DSAIL |
comp.DSAIL.INPUT.CONTEXT-FEEDBACK.v1_0 | Context Feedback | Context Enrichment Engine | DSAIL |
comp.DSAIL.INPUT.OBSERVABILITY-FEEDBACK.v1_0 | Observability Feedback | Observability Engine | DSAIL |
comp.AII.INPUT.TRUST-SCORE.v1_0 | Trust Score Telemetry | Trust Scoring Engine | AII |
comp.AII.INPUT.VALIDATION-TELEMETRY.v1_0 | Validation Telemetry | Validation Rule Engine | AII |
comp.AII.INPUT.REPLAY-TELEMETRY.v1_0 | Replay Telemetry | Replay Engine | AII |
comp.AII.INPUT.DAL-TELEMETRY.v1_0 | DAL Telemetry | DAL Anchor Engine | AII |
comp.AII.INPUT.FEDERATION-TELEMETRY.v1_0 | Federation Telemetry | Federation Exchange Engine | AII |
comp.AII.INPUT.RUNTIME-TELEMETRY.v1_0 | Runtime Telemetry | Observability Engine | AII |
comp.AII.INPUT.SCHEDULER-TELEMETRY.v1_0 | Scheduler Telemetry | Scheduler / Orchestrator | AII |
25. Scheduler and Observability CSIs
| CSI | Canonical Name | Producer | Consumer |
|---|---|---|---|
comp.TG.INPUT.SCHEDULER-TRIGGER.v1_0 | Scheduler Trigger | Event Bus / Manual / Policy | Scheduler |
comp.TG.OUTPUT.SCHEDULED-JOB.v1_0 | Scheduled Job | Scheduler | Worker / Audit |
comp.TG.OUTPUT.JOB-RUN.v1_0 | Job Run | Scheduler | Observability / Audit |
comp.TG.OUTPUT.WORKFLOW-RUN.v1_0 | Workflow Run | Scheduler | Replay / Audit |
comp.TG.EVENT.JOB-STARTED.v1_0 | Job Started Event | Scheduler | Observability |
comp.TG.EVENT.JOB-COMPLETED.v1_0 | Job Completed Event | Scheduler | Observability / AII |
comp.TG.EVENT.JOB-FAILED.v1_0 | Job Failed Event | Scheduler | Observability / Audit |
comp.TG.EVENT.JOB-DEAD-LETTERED.v1_0 | Job Dead-Lettered Event | Scheduler | Audit / VIZZ |
comp.TG.INPUT.RUNTIME-METRIC.v1_0 | Runtime Metric | TrustGate Engines | Observability |
comp.TG.INPUT.RUNTIME-TRACE.v1_0 | Runtime Trace | TrustGate Engines | Observability |
comp.TG.INPUT.RUNTIME-LOG.v1_0 | Runtime Log | TrustGate Engines | Observability |
comp.TG.OUTPUT.OBSERVABILITY-EVENT.v1_0 | Observability Event | Observability Engine | VIZZ / Audit |
comp.TG.OUTPUT.RUNTIME-ALERT.v1_0 | Runtime Alert | Observability Engine | Scheduler / VIZZ |
26. Audit CSIs
| CSI | Canonical Name | Producer | Consumer |
|---|---|---|---|
comp.TG.OUTPUT.AUDIT-RECORD.v1_0 | Audit Record | Audit Log Engine | Audit Store |
comp.TG.EVENT.AUDIT-WRITTEN.v1_0 | Audit Written Event | Audit Log Engine | Observability |
comp.TG.EVENT.AUDIT-CHAIN-CONFLICT.v1_0 | Audit Chain Conflict Event | Audit Log Engine | Scheduler / DAL |
comp.TG.SNAPSHOT.AUDIT-CHAIN-SNAPSHOT.v1_0 | Audit Chain Snapshot | Audit Log Engine | Replay / DAL |
27. Error CSIs
| CSI | Canonical Name | Producer | Consumer |
|---|---|---|---|
comp.TG.ERROR.PARSE-ERROR.v1_0 | Parse Error | Signal Parser | Audit / Observability |
comp.TG.ERROR.VALIDATION-ERROR.v1_0 | Validation Error | Validation Engines | Quarantine / Audit |
comp.TG.ERROR.CONFIG-ERROR.v1_0 | Configuration Error | Runtime Configuration Engine | Scheduler / Audit |
comp.TG.ERROR.REPLAY-ERROR.v1_0 | Replay Error | Replay Engine | Scheduler / Audit |
comp.TG.ERROR.DAL-ANCHOR-ERROR.v1_0 | DAL Anchor Error | DAL Anchor Engine | Scheduler / Audit |
comp.TG.ERROR.FEDERATION-ERROR.v1_0 | Federation Error | Federation Exchange Engine | Scheduler / Audit |
comp.TG.ERROR.AI-FEEDBACK-ERROR.v1_0 | AI Feedback Error | AI Feedback Engine | Scheduler / Observability |
comp.TG.ERROR.SCHEDULER-ERROR.v1_0 | Scheduler Error | Scheduler | Audit / Observability |
28. Canonical CSI Record Example
{
"csi": "comp.TG.OUTPUT.TRUST-SCORE.v1_0",
"canonical_name": "TrustGate Trust Score",
"description": "Trust score artifact produced by the TrustGate Trust Scoring Engine.",
"csi_module": "comp",
"csi_component": "TG",
"csi_kind": "OUTPUT",
"csi_name": "TRUST-SCORE",
"version_major": 1,
"version_minor": 0,
"schema_ref": "sssr://trustgate/trust-score/1_0",
"producer_meid": "MEID_TRUST_SCORE_CALCULATOR",
"producer_cmi": "vera.TG-SCORE.ENGINE.CALCULATOR.1_0_0",
"consumer_meids": [
"MEID_TRUST_ROUTE_DECISION",
"MEID_TRUST_AUDIT_LOG",
"MEID_TRUST_MONITOR_RUNTIME"
],
"direction": "output",
"artifact_class": "trust_score",
"durability": "immutable",
"replay_required": true,
"dal_anchor_eligible": true,
"dal_anchor_required": false,
"federation_exportable": false,
"redaction_profile_required": false,
"security_level": "critical",
"status": "active",
"version": "1.0.0"
}
29. Trust Score CSI Schema Example
{
"$id": "https://schema.zayaz.io/trustgate/trust-score/v1_0.schema.json",
"type": "object",
"required": [
"trust_score_id",
"signal_id",
"eco_number",
"score",
"confidence",
"scoring_profile",
"engine_meid",
"engine_cmi",
"config_snapshot_id",
"created_at"
],
"properties": {
"trust_score_id": {
"type": "string"
},
"signal_id": {
"type": "string"
},
"eco_number": {
"type": "string"
},
"score": {
"type": "number",
"minimum": 0,
"maximum": 1
},
"confidence": {
"type": "number",
"minimum": 0,
"maximum": 1
},
"scoring_profile": {
"type": "string"
},
"dimensions": {
"type": "object"
},
"engine_meid": {
"type": "string"
},
"engine_cmi": {
"type": "string"
},
"config_snapshot_id": {
"type": "string"
},
"created_at": {
"type": "string",
"format": "date-time"
}
}
}
30. Decision Record CSI Schema Example
{
"$id": "https://schema.zayaz.io/trustgate/decision-record/v1_0.schema.json",
"type": "object",
"required": [
"decision_id",
"signal_id",
"eco_number",
"decision",
"trust_score_id",
"decision_profile",
"engine_meid",
"engine_cmi",
"created_at"
],
"properties": {
"decision_id": {
"type": "string"
},
"signal_id": {
"type": "string"
},
"eco_number": {
"type": "string"
},
"decision": {
"type": "string",
"enum": [
"accept",
"review",
"quarantine",
"reject",
"abort"
]
},
"trust_score_id": {
"type": "string"
},
"decision_profile": {
"type": "string"
},
"replay_required": {
"type": "boolean"
},
"dal_anchor_required": {
"type": "boolean"
},
"engine_meid": {
"type": "string"
},
"engine_cmi": {
"type": "string"
},
"created_at": {
"type": "string",
"format": "date-time"
}
}
}
31. CSI Compatibility Model
Compatibility must be explicit.
| Compatibility Type | Meaning |
|---|---|
exact | Producer and consumer require same version. |
minor_forward | Consumer supports same major and higher minor versions. |
minor_backward | Consumer supports same major and lower minor versions. |
major_migration | Major version migration requires adapter or migration engine. |
adapter_required | Runtime adapter must transform contract. |
incompatible | Not allowed. |
Compatibility should be enforced by the Runtime Configuration Engine before execution.
32. CSI Producer / Consumer Matrix
| Producer Engine | Produces | Primary Consumers |
|---|---|---|
| Signal Parser | comp.TG.OUTPUT.CANONICAL-SIGNAL.v1_0 | Structure Validation, USO, Audit |
| Structure Validation | comp.TG.OUTPUT.STRUCTURE-VALIDATION-RESULT.v1_0 | Normalizer, Audit |
| Signal Normalizer | comp.TG.OUTPUT.NORMALIZED-SIGNAL.v1_0 | Context Enrichment |
| Context Enrichment | comp.TG.OUTPUT.ENRICHED-SIGNAL.v1_0 | Validation Rule Engine, Rule Evaluation |
| Validation Rule Engine | comp.TG.OUTPUT.VALIDATION-RULE-RESULT.v1_0 | Policy Resolution, Scoring, Audit |
| Policy Resolution | comp.TG.OUTPUT.POLICY-CONTEXT.v1_0 | Rule Evaluation, Decision, Replay |
| Rule Evaluation | comp.TG.OUTPUT.RULE-EVALUATION-RESULT.v1_0 | Trust Scoring |
| Trust Scoring | comp.TG.OUTPUT.TRUST-SCORE.v1_0 | Decision, AII, VIZZ |
| Decision Engine | comp.TG.OUTPUT.DECISION-RECORD.v1_0 | Quarantine, Replay, Audit |
| Quarantine Manager | comp.TG.OUTPUT.QUARANTINE-RECORD.v1_0 | Scheduler, VIZZ, Audit |
| Replay Engine | comp.TG.OUTPUT.REPLAY-ARTIFACT.v1_0 | Audit, DAL, Federation |
| Attestation Engine | comp.TG.OUTPUT.TRUST-ATTESTATION.v1_0 | DAL, Federation |
| DAL Anchor Engine | comp.DAL.OUTPUT.ANCHOR-RECEIPT.v1_0 | Audit, Replay, Federation |
| Federation Exchange | comp.TG.FEDERATION.EXCHANGE-EVENT.v1_0 | Audit, Observability |
| AI Feedback Engine | comp.DSAIL.INPUT.AI-FEEDBACK.v1_0 | DSAIL |
| Audit Log Engine | comp.TG.OUTPUT.AUDIT-RECORD.v1_0 | Audit Store, DAL |
| Observability Engine | comp.TG.OUTPUT.OBSERVABILITY-EVENT.v1_0 | VIZZ, AII |
| Scheduler / Orchestrator | comp.TG.OUTPUT.JOB-RUN.v1_0 | Observability, Audit |
33. SQL DDL — CSI Catalog
create table if not exists zar.csi_catalog (
csi_id uuid primary key default gen_random_uuid(),
csi text not null unique,
canonical_name text not null,
description text not null,
csi_module text not null,
csi_component text not null,
csi_kind text not null,
csi_name text not null,
version_major integer not null,
version_minor integer not null,
schema_ref text not null,
schema_digest text,
producer_meid text,
producer_cmi text,
consumer_meids text[],
direction text not null,
artifact_class text not null,
durability text not null,
replay_semantics text not null default 'not_replayable',
replay_required boolean not null default false,
dal_anchor_eligible boolean not null default false,
dal_anchor_required boolean not null default false,
dal_anchor_mode text not null default 'none',
dal_artifact_type text,
federation_exportable boolean not null default false,
federation_importable boolean not null default false,
redaction_profile_required boolean not null default false,
federation_profile text,
security_level text not null default 'internal',
classification text[],
status text not null default 'draft',
version text not null default '1.0.0',
source_doc_id text,
approved_by text,
approval_status text not null default 'pending',
notes text,
created_at timestamptz not null default now(),
updated_at timestamptz not null default now(),
constraint csi_catalog_kind_chk
check (csi_kind in ('INPUT', 'OUTPUT', 'EVENT', 'STATE', 'SNAPSHOT', 'ERROR', 'CONFIG', 'PROFILE', 'TELEMETRY', 'ANCHOR', 'FEDERATION', 'ATTESTATION')),
constraint csi_catalog_direction_chk
check (direction in ('input', 'output', 'event', 'state', 'snapshot', 'error', 'config', 'profile', 'telemetry', 'anchor', 'federation', 'attestation')),
constraint csi_catalog_durability_chk
check (durability in ('transient', 'persisted', 'immutable', 'ledger_candidate', 'ledgered', 'federated')),
constraint csi_catalog_replay_semantics_chk
check (replay_semantics in ('not_replayable', 'replay_input', 'replay_output', 'replay_snapshot', 'replay_evidence', 'replay_optional')),
constraint csi_catalog_dal_anchor_mode_chk
check (dal_anchor_mode in ('none', 'direct', 'merkle_batch', 'digest_only')),
constraint csi_catalog_security_level_chk
check (security_level in ('public', 'internal', 'restricted', 'confidential', 'critical')),
constraint csi_catalog_status_chk
check (status in ('draft', 'review', 'active', 'canary', 'shadow', 'deprecated', 'retired', 'suspended', 'rejected')),
constraint csi_catalog_approval_status_chk
check (approval_status in ('pending', 'approved', 'rejected', 'not_required'))
);
34. SQL DDL — CSI Compatibility
create table if not exists zar.csi_compatibility (
compatibility_id uuid primary key default gen_random_uuid(),
source_csi text not null references zar.csi_catalog(csi),
target_csi text not null references zar.csi_catalog(csi),
compatibility_type text not null,
adapter_required boolean not null default false,
adapter_meid text,
adapter_cmi text,
notes text,
status text not null default 'active',
created_at timestamptz not null default now(),
updated_at timestamptz not null default now(),
constraint csi_compatibility_type_chk
check (compatibility_type in ('exact', 'minor_forward', 'minor_backward', 'major_migration', 'adapter_required', 'incompatible')),
constraint csi_compatibility_status_chk
check (status in ('active', 'deprecated', 'retired', 'rejected'))
);
35. SQL DDL — CSI Schema Binding
create table if not exists zar.csi_schema_binding (
binding_id uuid primary key default gen_random_uuid(),
csi text not null references zar.csi_catalog(csi),
schema_ref text not null,
schema_digest text,
schema_type text not null default 'json_schema',
sssr_schema_id text,
sssr_schema_version text,
status text not null default 'active',
effective_from timestamptz,
effective_to timestamptz,
created_at timestamptz not null default now(),
updated_at timestamptz not null default now(),
constraint csi_schema_binding_schema_type_chk
check (schema_type in ('json_schema', 'table_schema', 'event_schema', 'avro', 'protobuf', 'sssr')),
constraint csi_schema_binding_status_chk
check (status in ('active', 'deprecated', 'retired', 'rejected'))
);
36. SQL Seed — Core CSI Catalog
insert into zar.csi_catalog
(csi, canonical_name, description, csi_module, csi_component, csi_kind, csi_name,
version_major, version_minor, schema_ref, producer_meid, consumer_meids,
direction, artifact_class, durability, replay_semantics, replay_required,
dal_anchor_eligible, dal_anchor_required, dal_anchor_mode,
federation_exportable, federation_importable, redaction_profile_required,
security_level, classification, status, version, approval_status)
values
('comp.TG.INPUT.RAW-SIGNAL.v1_0', 'Raw Signal', 'Incoming external signal before TrustGate parsing.', 'comp', 'TG', 'INPUT', 'RAW-SIGNAL', 1, 0, 'sssr://trustgate/raw-signal/1_0', null, array['MEID_SIGNAL_PARSE_CANONICAL'], 'input', 'raw_signal', 'persisted', 'replay_input', true, false, false, 'none', false, false, false, 'restricted', array['Runtime','Input'], 'active', '1.0.0', 'approved'),
('comp.TG.OUTPUT.CANONICAL-SIGNAL.v1_0', 'Canonical Signal', 'Parsed canonical TrustGate signal.', 'comp', 'TG', 'OUTPUT', 'CANONICAL-SIGNAL', 1, 0, 'sssr://trustgate/canonical-signal/1_0', 'MEID_SIGNAL_PARSE_CANONICAL', array['MEID_SIGNAL_VALIDATE_STRUCTURE','MEID_TRUST_AUDIT_LOG'], 'output', 'canonical_signal', 'persisted', 'replay_output', true, true, false, 'digest_only', false, false, false, 'restricted', array['Runtime','Assurance'], 'active', '1.0.0', 'approved'),
('comp.TG.OUTPUT.STRUCTURE-VALIDATION-RESULT.v1_0', 'Structure Validation Result', 'Result of structural validation.', 'comp', 'TG', 'OUTPUT', 'STRUCTURE-VALIDATION-RESULT', 1, 0, 'sssr://trustgate/structure-validation-result/1_0', 'MEID_SIGNAL_VALIDATE_STRUCTURE', array['MEID_SIGNAL_NORMALIZE_UNIT','MEID_TRUST_AUDIT_LOG'], 'output', 'validation_result', 'immutable', 'replay_output', true, true, false, 'digest_only', false, false, false, 'restricted', array['Validation','Assurance'], 'active', '1.0.0', 'approved'),
('comp.TG.OUTPUT.NORMALIZED-SIGNAL.v1_0', 'Normalized Signal', 'Normalized TrustGate signal with canonical units and timestamps.', 'comp', 'TG', 'OUTPUT', 'NORMALIZED-SIGNAL', 1, 0, 'sssr://trustgate/normalized-signal/1_0', 'MEID_SIGNAL_NORMALIZE_UNIT', array['MEID_SIGNAL_ENRICH_CONTEXT'], 'output', 'normalized_signal', 'persisted', 'replay_output', true, true, false, 'digest_only', false, false, false, 'restricted', array['Runtime','Assurance'], 'active', '1.0.0', 'approved'),
('comp.TG.OUTPUT.ENRICHED-SIGNAL.v1_0', 'Enriched Signal', 'TrustGate signal enriched with identity, lineage, governance, replay, federation, AI, and risk context.', 'comp', 'TG', 'OUTPUT', 'ENRICHED-SIGNAL', 1, 0, 'sssr://trustgate/enriched-signal/1_0', 'MEID_SIGNAL_ENRICH_CONTEXT', array['MEID_SIGNAL_VALIDATE_RULES','MEID_TRUST_EVALUATE_RULES'], 'output', 'enriched_signal', 'immutable', 'replay_output', true, true, false, 'digest_only', false, false, false, 'critical', array['Assurance','Runtime'], 'active', '1.0.0', 'approved'),
('comp.TG.OUTPUT.VALIDATION-RULE-RESULT.v1_0', 'Validation Rule Result', 'Result of registry-driven validation rule execution.', 'comp', 'TG', 'OUTPUT', 'VALIDATION-RULE-RESULT', 1, 0, 'sssr://trustgate/validation-rule-result/1_0', 'MEID_SIGNAL_VALIDATE_RULES', array['MEID_TRUST_POLICY_RESOLVE','MEID_TRUST_SCORE_CALCULATOR','MEID_TRUST_AUDIT_LOG'], 'output', 'validation_result', 'immutable', 'replay_output', true, true, false, 'digest_only', false, false, false, 'critical', array['Validation','Assurance'], 'active', '1.0.0', 'approved'),
('comp.TG.OUTPUT.POLICY-CONTEXT.v1_0', 'Policy Context', 'Resolved TrustGate runtime policy context.', 'comp', 'TG', 'OUTPUT', 'POLICY-CONTEXT', 1, 0, 'sssr://trustgate/policy-context/1_0', 'MEID_TRUST_POLICY_RESOLVE', array['MEID_TRUST_EVALUATE_RULES','MEID_TRUST_ROUTE_DECISION','MEID_TRUST_REPLAY_COORDINATOR'], 'output', 'policy_context', 'immutable', 'replay_snapshot', true, true, false, 'digest_only', false, false, false, 'critical', array['Governance','Runtime'], 'active', '1.0.0', 'approved'),
('comp.TG.OUTPUT.RULE-EVALUATION-RESULT.v1_0', 'Rule Evaluation Result', 'TrustGate business and assurance rule evaluation result.', 'comp', 'TG', 'OUTPUT', 'RULE-EVALUATION-RESULT', 1, 0, 'sssr://trustgate/rule-evaluation-result/1_0', 'MEID_TRUST_EVALUATE_RULES', array['MEID_TRUST_SCORE_CALCULATOR'], 'output', 'rule_result', 'immutable', 'replay_output', true, true, false, 'digest_only', false, false, false, 'critical', array['Assurance','Runtime'], 'active', '1.0.0', 'approved'),
('comp.TG.OUTPUT.TRUST-SCORE.v1_0', 'Trust Score', 'Trust score artifact produced by the TrustGate Trust Scoring Engine.', 'comp', 'TG', 'OUTPUT', 'TRUST-SCORE', 1, 0, 'sssr://trustgate/trust-score/1_0', 'MEID_TRUST_SCORE_CALCULATOR', array['MEID_TRUST_ROUTE_DECISION','MEID_TRUST_AUDIT_LOG','MEID_TRUST_MONITOR_RUNTIME'], 'output', 'trust_score', 'immutable', 'replay_output', true, true, false, 'digest_only', false, false, false, 'critical', array['Assurance','Scoring'], 'active', '1.0.0', 'approved'),
('comp.TG.OUTPUT.DECISION-RECORD.v1_0', 'Decision Record', 'TrustGate decision artifact.', 'comp', 'TG', 'OUTPUT', 'DECISION-RECORD', 1, 0, 'sssr://trustgate/decision-record/1_0', 'MEID_TRUST_ROUTE_DECISION', array['MEID_TRUST_QUARANTINE_MANAGER','MEID_TRUST_REPLAY_COORDINATOR','MEID_TRUST_AUDIT_LOG'], 'output', 'decision_record', 'immutable', 'replay_output', true, true, false, 'digest_only', false, false, false, 'critical', array['Decision','Assurance'], 'active', '1.0.0', 'approved'),
('comp.TG.OUTPUT.TRUST-ATTESTATION.v1_0', 'Trust Attestation', 'Trust attestation generated from validated TrustGate runtime evidence.', 'comp', 'TG', 'OUTPUT', 'TRUST-ATTESTATION', 1, 0, 'sssr://trustgate/trust-attestation/1_0', 'MEID_TRUST_ATTESTATION_ISSUE', array['MEID_TRUST_ANCHOR_DAL','MEID_TRUST_EXCHANGE_FEDERATION'], 'output', 'attestation', 'ledger_candidate', 'replay_evidence', true, true, true, 'merkle_batch', true, true, true, 'critical', array['Attestation','Federation','DAL'], 'active', '1.0.0', 'approved')
on conflict (csi) do update set
canonical_name = excluded.canonical_name,
description = excluded.description,
schema_ref = excluded.schema_ref,
producer_meid = excluded.producer_meid,
consumer_meids = excluded.consumer_meids,
direction = excluded.direction,
artifact_class = excluded.artifact_class,
durability = excluded.durability,
replay_semantics = excluded.replay_semantics,
replay_required = excluded.replay_required,
dal_anchor_eligible = excluded.dal_anchor_eligible,
dal_anchor_required = excluded.dal_anchor_required,
dal_anchor_mode = excluded.dal_anchor_mode,
federation_exportable = excluded.federation_exportable,
federation_importable = excluded.federation_importable,
redaction_profile_required = excluded.redaction_profile_required,
security_level = excluded.security_level,
classification = excluded.classification,
status = excluded.status,
version = excluded.version,
approval_status = excluded.approval_status,
updated_at = now();
37. JSON Schema — CSI Catalog Record
{
"$id": "https://schema.zayaz.io/trustgate/csi-catalog/v1/csi-record.schema.json",
"type": "object",
"required": [
"csi",
"canonical_name",
"description",
"csi_module",
"csi_component",
"csi_kind",
"csi_name",
"version_major",
"version_minor",
"schema_ref",
"direction",
"artifact_class",
"durability",
"replay_semantics",
"replay_required",
"dal_anchor_eligible",
"dal_anchor_required",
"federation_exportable",
"security_level",
"status",
"version"
],
"properties": {
"csi": {
"type": "string",
"pattern": "^[a-z]+\\.[A-Z0-9-]+\\.[A-Z]+\\.[A-Z0-9-]+\\.v[0-9]+_[0-9]+$"
},
"canonical_name": {
"type": "string"
},
"description": {
"type": "string"
},
"csi_module": {
"type": "string"
},
"csi_component": {
"type": "string"
},
"csi_kind": {
"type": "string"
},
"csi_name": {
"type": "string"
},
"version_major": {
"type": "integer"
},
"version_minor": {
"type": "integer"
},
"schema_ref": {
"type": "string"
},
"producer_meid": {
"type": ["string", "null"]
},
"consumer_meids": {
"type": "array",
"items": {
"type": "string"
}
},
"direction": {
"type": "string"
},
"artifact_class": {
"type": "string"
},
"durability": {
"type": "string"
},
"replay_semantics": {
"type": "string"
},
"replay_required": {
"type": "boolean"
},
"dal_anchor_eligible": {
"type": "boolean"
},
"dal_anchor_required": {
"type": "boolean"
},
"federation_exportable": {
"type": "boolean"
},
"security_level": {
"type": "string"
},
"status": {
"type": "string"
},
"version": {
"type": "string"
}
}
}
38. API Contract — Resolve CSI
POST /api/trustgate/csi-catalog/resolve
Request:
{
"csi": "comp.TG.OUTPUT.TRUST-SCORE.v1_0",
"purpose": "runtime_execution",
"engine_meid": "MEID_TRUST_ROUTE_DECISION",
"engine_cmi": "vera.TG-DECISION.ENGINE.ROUTER.1_0_0"
}
Response:
{
"status": "resolved",
"csi": "comp.TG.OUTPUT.TRUST-SCORE.v1_0",
"schema_ref": "sssr://trustgate/trust-score/1_0",
"schema_digest": "sha256:...",
"compatible": true,
"replay_required": true,
"dal_anchor_eligible": true,
"federation_exportable": false,
"security_level": "critical"
}
39. API Contract — Check Compatibility
POST /api/trustgate/csi-catalog/check-compatibility
Request:
{
"producer_csi": "comp.TG.OUTPUT.TRUST-SCORE.v1_0",
"consumer_engine_meid": "MEID_TRUST_ROUTE_DECISION",
"consumer_engine_cmi": "vera.TG-DECISION.ENGINE.ROUTER.1_0_0",
"accepted_versions": [
"comp.TG.OUTPUT.TRUST-SCORE.v1_0",
"comp.TG.OUTPUT.TRUST-SCORE.v1_1"
]
}
Response:
{
"status": "compatible",
"compatibility_type": "exact",
"adapter_required": false,
"schema_ref": "sssr://trustgate/trust-score/1_0"
}
40. API Contract — Register CSI
POST /api/trustgate/csi-catalog/register
Request:
{
"csi": "comp.TG.OUTPUT.TRUST-SCORE.v1_1",
"canonical_name": "TrustGate Trust Score",
"description": "Minor version adding optional calibration diagnostics.",
"schema_ref": "sssr://trustgate/trust-score/1_1",
"producer_meid": "MEID_TRUST_SCORE_CALCULATOR",
"direction": "output",
"artifact_class": "trust_score",
"durability": "immutable",
"replay_required": true,
"security_level": "critical"
}
Response:
{
"status": "registered",
"csi": "comp.TG.OUTPUT.TRUST-SCORE.v1_1",
"requires_approval": true,
"material_change": false,
"compatibility_review_required": true
}
41. Governance Requirements
CSI changes require governance review when they affect:
- required fields;
- datatypes;
- semantic meaning;
- replay behavior;
- DAL behavior;
- federation visibility;
- security classification;
- producer/consumer compatibility;
- schema digest;
- event ordering;
- retention;
- public or regulator-facing exposure.
Material CSI changes must produce an audit event and may require DAL anchoring.
42. Replay Requirements
Audit-grade replay requires:
- exact CSI version;
- exact schema snapshot;
- schema digest;
- producer MEID and CMI;
- consumer MEID and CMI;
- runtime configuration snapshot;
- policy bundle;
- artifact hash;
- USO lineage record;
- replay-compatible serialization.
Replay must not use a newer CSI version unless replay mode is explicitly marked as current-policy simulation.
43. DAL Requirements
DAL anchoring is required for selected CSI artifacts under policy.
Typical DAL-required artifacts:
- trust attestations;
- critical replay proofs;
- critical validation failures;
- invalid DID failures;
- signature failures;
- federation exchange proofs;
- material configuration snapshots;
- audit chain conflict records;
- regulator-requested evidence packages.
The CSI Catalog defines eligibility and default requirement. Runtime policy defines final anchoring obligation.
44. Federation Requirements
Federation-exportable CSIs must define:
- exportable fields;
- blocked fields;
- redaction profile;
- target federation profile;
- minimum identity requirements;
- signature requirements;
- replay reference requirement;
- DAL reference requirement;
- import verification requirements.
A CSI must never become federation-exportable without governance review.
45. Security Requirements
The CSI Catalog must:
- authenticate all write access;
- authorize CSI creation, versioning, deprecation, and retirement;
- validate naming convention;
- validate schema binding;
- prevent conflicting producer mappings;
- prevent unsafe federation exposure;
- enforce security classification;
- preserve version history;
- support signed CSI snapshots;
- prevent deletion of historically referenced CSIs;
- emit audit events for material changes.
46. Observability Metrics
| Metric | Description |
|---|---|
tg_csi_catalog_records_total | Total CSI records. |
tg_csi_catalog_active_total | Active CSI records. |
tg_csi_catalog_by_kind_total | CSI count by kind. |
tg_csi_catalog_by_security_total | CSI count by security level. |
tg_csi_compatibility_check_total | Compatibility checks performed. |
tg_csi_compatibility_failed_total | Failed compatibility checks. |
tg_csi_schema_binding_failed_total | Invalid schema bindings. |
tg_csi_federation_exportable_total | Federation-exportable CSIs. |
tg_csi_dal_required_total | DAL-required CSIs. |
tg_csi_change_total | CSI changes. |
47. Testing Requirements
| Test Type | Requirement |
|---|---|
| Naming Test | CSI follows canonical naming pattern. |
| Schema Test | Schema exists and validates. |
| Compatibility Test | Producer and consumer compatibility is explicit. |
| Replay Test | Replay semantics are correct and deterministic. |
| DAL Test | DAL eligibility and requirement behave as expected. |
| Federation Test | Exportability and redaction are safe. |
| Security Test | Classification and access controls are correct. |
| Lifecycle Test | Status transitions are governed. |
| Producer Test | Producer MEID/CMI exists and is compatible. |
| Consumer Test | Consumer MEIDs exist and accept the CSI. |
48. Implementation Anti-Patterns
| Anti-Pattern | Risk |
|---|---|
| Unregistered interfaces | Breaks traceability and replay. |
| Reusing CSI name for changed semantics | Silent contract break. |
| Missing schema reference | Runtime validation cannot be trusted. |
| Live schema lookup during audit replay | Non-deterministic replay. |
| Exporting raw internal CSIs | Federation leakage. |
| No producer/consumer map | Breaks impact analysis. |
| No compatibility table | Unsafe engine upgrades. |
| Deleting retired CSIs | Breaks historical replay. |
| Hardcoded interfaces in engines | Weak governance. |
| Missing security classification | Data exposure risk. |
49. Developer Implementation Notes
Developers should implement the CSI Catalog as a ZAR-backed interface registry with SSSR schema binding.
Recommended components:
- CSI parser and validator;
- catalog table;
- compatibility table;
- schema binding table;
- producer/consumer resolver;
- version compatibility checker;
- replay snapshot builder;
- DAL eligibility resolver;
- federation redaction resolver;
- audit publisher;
- observability publisher;
- runtime read API;
- governance write API;
- migration/adapter registry.
All TrustGate engines should declare consumed and produced CSIs in their engine specification and runtime metadata.
50. References
| Specification | ID |
|---|---|
| TrustGate | TG |
| TrustGate MIB | TG-MIB |
| TrustGate Micro-Engine Catalog | TG-MEC |
| TrustGate Validation Rule Registry | TG-VRR |
| TrustGate Validation Rule Engine | TG-VALRULE |
| TrustGate Runtime Configuration Engine | TG-CONFIG |
| TrustGate Runtime Observability Engine | TG-OBSERVE |
| Digital Assurance Ledger | DAL |
| Operational Assurance & Replay | OARM |
| Cross-ECO Assurance & Federation | AFLE |
| Global Federation Stack | EGFS |
| Federated Assurance Governance Framework | FAGF |
| Assurance Intelligence Index | AII |
| AI-Assisted Assurance & Trust Intelligence | AIATI |
| Shared Semantic Schema Registry | SSSR |
| ZAYAZ Artifact Registry | ZAR |
51. Summary
The TrustGate CSI Catalog is the canonical contract catalog for TrustGate runtime interfaces.
It defines the inputs, outputs, events, snapshots, errors, configuration objects, profiles, federation artifacts, DAL artifacts, telemetry artifacts, and audit artifacts used across the TrustGate engine family.
Together with ZAR, SSSR, the Runtime Configuration Engine, and the Validation Rule Registry, the CSI Catalog ensures TrustGate interfaces are governed, versioned, replayable, auditable, federation-safe, and compatible across engine versions.
No TrustGate runtime interface should be used in production unless it is registered, versioned, schema-bound, compatibility-checked, and governed through this catalog or an equivalent FAGF-authorized mechanism.