Skip to main content
Jira progress: loading…

TG-ATTESTATION-ENGINE

TrustGate Attestation Engine

0. Identity

Loading identity…

Depends on module:

Decision-grade verification and assurance domain that orchestrates verifier workflows, evidence handling, trust scoring, audit trails, and assurance packaging across CSRD/ESRS and other frameworks. Enables third-party sign-off, dispute handling, and assurance-ready disclosure outputs with replayable provenance.
Domain:
assurance-verification
Category:
trust-assurance
Classification:
module
Lifecycle status:
active
Semver:
1.0.0
Introduced in:
v0.3
Governance
AI risk level:
high
Trust threshold:
0.97
Human review required:
true
Verifier involved:
true
Audit required:
true
Ownership
Primary owner:
Platform
Architecture board:
true
White-label allowed:
true
Entrypoints
Docs:
/verification-assurance
UI:
/app/assurance
API:
/api/assurance
Dependencies
Modules
  • sis
  • input-hub
  • reports-insights-hub
  • zara
  • zaam
Unresolved tokens
  • ALTD
  • DAL
  • EvidenceVault
  • StripeConnect
  • TruliooKYB
  • TrustGate
  • VTE
  • VerifierWorkflowEngine
Engines (declared)
  • VerifierWorkflowEngine
  • DaVE
  • VTE
  • DICE
  • EvidenceVault
  • ALTD
  • DAL
  • TrustGate
  • StripeConnect
  • TruliooKYB
  • AISIM
Micro-engines (from registry)
None
Micro-engines (declared)
None
Signals
USO
  • ASSURANCE.VERIFICATION
  • ASSURANCE.EVIDENCE
  • ASSURANCE.SIGNOFF
  • AUDIT.LINEAGE
  • GOVERNANCE.TRUST
  • IDENTITY.VERIFIER
  • PAYMENT.ESCROW
CSI
  • CSI_VERIFICATION_ASSURANCE
SSSR tags
  • assurance
  • verification
  • verifiers
  • evidence
  • signoff
  • trust-score
  • audit
  • tamper-detection
  • blockchain
  • rfp
  • disputes
  • escrow
  • stripe-connect
Workflows & Outputs
Workflows
  • VerifierOnboardingAndQualification
  • AssuranceRFPAndProposalFlow
  • EvidenceRequestAndCollection
  • EvidenceValidationAndScoring
  • TrustScoreComputationAndPropagation
  • VerifierReviewAndCommenting
  • IssueFlaggingAndDisputeResolution
  • VerifierSignOffAndStamping
  • AssurancePackagingForReports
  • PaymentEscrowAndPayoutOrchestration
Outputs
  • verifier_profiles
  • assurance_requests
  • evidence_packages
  • validation_findings
  • trust_score_updates
  • signoff_stamps
  • assurance_ready_disclosure_packages
  • payment_events
Audit
Ledger:
ALTD
Replay supported:
true
PII policy:
controlled_pii_outside_omr
Tags

1. Purpose

The TrustGate Attestation Engine generates verifiable assurance statements from finalized TrustGate runtime outcomes.

It converts TrustGate scores, decisions, replay manifests, policy context, lineage references, and identity metadata into structured trust attestations that can be used internally, anchored in DAL, exchanged through AFLE, referenced by Carbon Passports, and inspected by auditors or federation participants.

The Attestation Engine is not the source of the trust score. It packages already computed and decisioned assurance evidence into a verifiable attestation artifact.

The primary purpose is to answer:

What did TrustGate conclude, based on which evidence, under which software, policy, schema, and identity context?


2. Position within TrustGate Runtime

Trust Scoring


Decision Engine


Replay Engine


──────────────────────────────────────────
Attestation Engine
──────────────────────────────────────────

├── Trust Attestation
├── Assurance Bundle
├── Carbon Passport Reference
├── AFLE Federation Package
└── DAL Anchor Candidate

The Attestation Engine executes after a valid TrustGate decision and replay manifest exist, unless policy allows provisional attestations.


3. Canonical Identity

PropertyValue
MEIDMEID_TRUST_ATTEST_GENERATOR
CMIvera.TG-ATTEST.ENGINE.GENERATOR.1_0_0
KINDENGINE
Owner ModuleVerification & Assurance
Runtime TierTier-0 Assurance Runtime
Engine CategoryATTEST
Engine Domaintrust
ZAR RegistrationRequired
Replay SupportNative
DAL AnchoringRequired
Federation AwareYes

The MEID identifies the stable logical attestation engine.

The CMI identifies this specific versioned executable artifact.


4. Runtime Responsibilities

ResponsibilityDescription
Trust Attestation CreationProduce canonical TrustGate trust attestations.
Assurance Bundle AssemblyPackage score, confidence, decision, replay, lineage, and policy references.
Identity BindingBind attestations to ECO Number and DID.
Evidence BindingBind attestations to USO, DAL, replay, CMI, CSI, and policy references.
Federation PackagingPrepare AFLE-compatible attestation exchange objects.
Carbon Passport ReferencingGenerate trust references for Carbon Passport and DPP workflows.
Signature PreparationPrepare payloads for signing through the configured cryptographic service.
DAL Anchor Candidate CreationProduce DAL anchor candidates for attestation artifacts.
Redaction Profile ApplicationApply federation and disclosure redaction profiles.
Audit Event EmissionEmit immutable attestation events for OARM and AII.

The engine must not alter the underlying score, decision, or replay evidence.


5. Attestation Types

TrustGate supports multiple attestation types.

Attestation TypePurpose
TRUST_SCORE_ATTESTATIONAttests to TrustGate score and confidence.
TRUST_DECISION_ATTESTATIONAttests to the final TrustGate decision.
REPLAY_READY_ATTESTATIONAttests that replay prerequisites exist.
CARBON_PASSPORT_TRUST_REFERENCESupplies assurance metadata to Carbon Passport assembly.
FEDERATION_TRUST_ATTESTATIONAFLE-compatible cross-ECO trust package.
AUDITOR_ASSURANCE_BUNDLEEvidence package for auditor inspection.
PROVISIONAL_ATTESTATIONLimited attestation before replay or DAL finalization.

Policy controls which attestation types are permitted in each context.


6. Attestation Preconditions

A standard final attestation requires:

PreconditionRequired
Valid ECO NumberYes
Valid DID or identity bindingYes
Trust score existsYes
Confidence score existsYes
Trust decision existsYes
Replay manifest existsYes
Policy bundle recordedYes
Engine CMI map recordedYes
USO lineage existsYes
DAL anchor candidate existsYes
Redaction profile resolvedConditional
Federation profile resolvedConditional

If a mandatory precondition is missing, the engine must either abort or emit a policy-controlled provisional attestation.


7. Runtime Processing Pipeline

Receive Attestation Request


Resolve Trust Outcome


Resolve Identity


Resolve Lineage and Replay


Resolve Policy and Redaction Profile


Assemble Evidence References


Generate Attestation Payload


Prepare Signature Envelope


Emit Attestation Event


Queue DAL Anchor Candidate

The pipeline is deterministic and replayable.


8. Processing Algorithm

function attest(request):

trust_outcome = resolve_trust_outcome(request.signal_id)

identity = resolve_identity(trust_outcome.eco_number)

lineage = resolve_lineage(trust_outcome.uso_id)

replay = resolve_replay_manifest(trust_outcome.signal_id)

policy = resolve_attestation_policy(request.policy_context)

redaction_profile = resolve_redaction_profile(policy, request.target)

evidence_refs = assemble_evidence_refs(
trust_outcome,
identity,
lineage,
replay,
policy
)

payload = create_attestation_payload(
request.attestation_type,
evidence_refs,
redaction_profile
)

signature_envelope = prepare_signature(payload)

emit_attestation_event(payload)

queue_dal_anchor_candidate(payload)

return payload

The engine must ensure that attestation content is derived only from immutable source artifacts.


9. Attestation Data Model

The canonical attestation object contains:

FieldDescription
attestation_idUnique TrustGate attestation identifier.
attestation_typeType of attestation produced.
eco_numberECO Number bound to the attestation.
didDID or equivalent identity reference.
signal_idSignal being attested.
trust_scoreTrust score at time of attestation.
confidenceConfidence score.
decisionFinal TrustGate decision.
uso_idLineage reference.
replay_idReplay manifest reference.
policy_bundleActive governance policy.
engine_cmiAttestation engine version.
evidence_refsEvidence references included in attestation.
signatureSignature envelope or signing reference.
created_atCreation timestamp.

10. CSI Contracts

10.1. Input CSIs

CSIRequiredPurpose
comp.TG.INPUT.TRUST-SCORE.v1_0YesTrust score and confidence.
comp.TG.INPUT.TRUST-DECISION.v1_0YesFinal TrustGate decision.
comp.TG.INPUT.REPLAY-MANIFEST.v1_0YesReplay manifest and replayability status.
comp.USO.INPUT.LINEAGE-GRAPH.v1_0YesOperational lineage graph.
comp.FAGF.INPUT.POLICY-CONTEXT.v1_0YesActive attestation policy.
comp.EGFS.INPUT.IDENTITY-CONTEXT.v1_0ConditionalFederation identity and DID context.
comp.DAL.INPUT.ANCHOR-CANDIDATE.v1_0ConditionalDAL anchor candidate reference.

10.2. Output CSIs

CSIPurpose
comp.TG.OUTPUT.TRUST-ATTESTATION.v1_0Canonical TrustGate attestation.
comp.TG.OUTPUT.ASSURANCE-BUNDLE.v1_0Auditor-facing assurance evidence package.
comp.AFLE.INPUT.FEDERATION-ATTESTATION.v1_0AFLE-compatible attestation package.
comp.TG.OUTPUT.CARBON-PASSPORT-TRUST-REF.v1_0Carbon Passport trust reference.
comp.TG.EVENT.ATTESTATION-CREATED.v1_0Attestation runtime event.
comp.DAL.INPUT.ANCHOR-CANDIDATE.v1_0DAL anchor candidate.
comp.AII.INPUT.ATTESTATION-TELEMETRY.v1_0AII attestation telemetry.

11. Canonical Input Payload

{
"attestation_request_id": "TGAR-2026-00001472",
"attestation_type": "TRUST_DECISION_ATTESTATION",
"signal_id": "SIG-2026-00001472",
"eco_number": "ECO-A123",
"score_id": "TGS-2026-00001472",
"decision_id": "TGD-2026-00001472",
"replay_id": "TGR-2026-00001472",
"uso_id": "USO-98122",
"policy_context": {
"policy_bundle": "FAGF-2026.2",
"attestation_profile": "federation_trust_attestation_v1"
},
"target": {
"type": "AFLE",
"audience": "buyer",
"redaction_profile": "standard_federation"
},
"created_at": "2026-06-25T12:40:02Z"
}

12. Canonical Output Payload

{
"attestation_id": "TGATT-2026-00001472",
"attestation_type": "TRUST_DECISION_ATTESTATION",
"eco_number": "ECO-A123",
"did": "did:zayaz:ECO-A123",
"signal_id": "SIG-2026-00001472",
"trust_score": 0.914,
"confidence": 0.936,
"decision": "ACCEPT",
"lineage": {
"uso_id": "USO-98122",
"origin_chain_verified": true
},
"replay": {
"replay_id": "TGR-2026-00001472",
"replayable": true
},
"policy": {
"policy_bundle": "FAGF-2026.2",
"attestation_profile": "federation_trust_attestation_v1"
},
"evidence_refs": [
"TGS-2026-00001472",
"TGD-2026-00001472",
"TGR-2026-00001472",
"USO-98122"
],
"engine_cmi": "vera.TG-ATTEST.ENGINE.GENERATOR.1_0_0",
"meid": "MEID_TRUST_ATTEST_GENERATOR",
"signature": {
"type": "Ed25519Signature2020",
"verification_method": "did:zayaz:ECO-A123#trustgate-key",
"status": "prepared"
},
"created_at": "2026-06-25T12:40:02Z"
}

13. AFLE Federation Attestation Package

When prepared for AFLE, the attestation is wrapped in a federation-safe package.

{
"@context": [
"https://schema.zayaz.io/trustgate/attestation/v1"
],
"id": "urn:trustgate-attestation:TGATT-2026-00001472",
"issuer": "ECO-A123",
"issued_at": "2026-06-25T12:40:02Z",
"subject": {
"eco_number": "ECO-A123",
"did": "did:zayaz:ECO-A123"
},
"trust": {
"score": 0.914,
"confidence": 0.936,
"decision": "ACCEPT"
},
"lineage": {
"uso_id": "USO-98122",
"replay_id": "TGR-2026-00001472",
"dal_ref": "DAL-PENDING"
},
"proof": {
"type": "Ed25519Signature2020",
"proofPurpose": "assertionMethod",
"verificationMethod": "did:zayaz:ECO-A123#trustgate-key",
"jws": "PENDING_SIGNATURE"
}
}

The final jws value is produced by the configured signing service.


14. Carbon Passport Trust Reference

The Attestation Engine may emit trust references for Carbon Passport workflows.

{
"passport_trust_ref_id": "CPTR-2026-00001472",
"passport_id": "CP-2026-000087",
"attestation_id": "TGATT-2026-00001472",
"trust_score": 0.914,
"confidence": 0.936,
"decision": "ACCEPT",
"replay_id": "TGR-2026-00001472",
"dal_ref": "DAL-PENDING",
"created_at": "2026-06-25T12:40:02Z"
}

Carbon Passport trust references must preserve linkage to the underlying TrustGate attestation.


15. Attestation Event

{
"event_type": "trustgate.attestation.created",
"attestation_id": "TGATT-2026-00001472",
"attestation_type": "TRUST_DECISION_ATTESTATION",
"signal_id": "SIG-2026-00001472",
"eco_number": "ECO-A123",
"trust_score": 0.914,
"confidence": 0.936,
"decision": "ACCEPT",
"engine_cmi": "vera.TG-ATTEST.ENGINE.GENERATOR.1_0_0",
"timestamp": "2026-06-25T12:40:02Z"
}

16. DAL Integration

The Attestation Engine produces DAL anchor candidates for all final attestations.

{
"artifact_type": "TrustAttestation",
"artifact_id": "TGATT-2026-00001472",
"artifact_hash": "sha256:77fd22...",
"engine_cmi": "vera.TG-ATTEST.ENGINE.GENERATOR.1_0_0",
"meid": "MEID_TRUST_ATTEST_GENERATOR",
"attestation_type": "TRUST_DECISION_ATTESTATION",
"created_at": "2026-06-25T12:40:02Z"
}

Final anchoring is performed by the TrustGate DAL Anchor Engine.


17. Replay Behaviour

The engine must be replay deterministic.

Replay inputs include:

  • score result;
  • decision result;
  • replay manifest;
  • lineage graph reference;
  • policy context;
  • attestation profile;
  • redaction profile;
  • engine CMI.

Replay verification succeeds when:

Hash(Attestationoriginal)=Hash(Attestationreplay)Hash(Attestation_{original}) = Hash(Attestation_{replay})

Signature material may be excluded from deterministic replay if signing keys rotate. In that case, replay must verify the unsigned canonical payload hash.


18. Federation Behaviour

The Attestation Engine is the primary TrustGate producer of AFLE-compatible trust evidence.

Federation exports must:

  • verify ECO Number;
  • verify DID;
  • include trust score and confidence;
  • include decision;
  • include replay reference;
  • include DAL reference or anchor candidate;
  • include policy bundle;
  • apply redaction profile;
  • preserve original evidence hashes.

Federation profiles determine whether detailed rule failures, reviewer notes, and source-system references may be shared.


19. AI Integration

The engine emits attestation outcomes to DSAIL.

AI may use attestation telemetry to:

  • detect trust patterns;
  • recommend sampling frequency;
  • identify suppliers requiring attention;
  • tune federation trust weighting;
  • improve anomaly detection.

AI may not:

  • create attestations autonomously;
  • modify attestation evidence;
  • suppress attestation failures;
  • alter cryptographic proofs;
  • remove required lineage references.

All AI influence must be recorded separately from factual attestation content.


20. AII Integration

Attestation telemetry contributes to AII.

{
"eco_number": "ECO-A123",
"period": "2026-Q2",
"attestations_created": 18440,
"federated_attestations": 3912,
"carbon_passport_trust_refs": 640,
"attestation_replayable_rate": 0.998,
"attestation_dal_ready_rate": 1.0,
"avg_attestation_confidence": 0.936
}

21. Failure Handling

FailureSeverityAction
Missing trust scoreCriticalAbort
Missing decisionCriticalAbort
Missing ECO NumberCriticalAbort
Missing replay manifestCriticalAbort unless provisional allowed
Missing policy contextCriticalAbort
Missing lineage referenceCriticalAbort
Missing redaction profileWarningUse safest default
Signing service unavailableWarningEmit prepared unsigned payload if policy permits
DAL unavailableWarningQueue anchor candidate
Federation unavailableWarningCreate local attestation only

The engine must fail closed for external or federation attestations.


22. Observability Metrics

MetricDescription
tg_attestation_created_totalTotal attestations created.
tg_attestation_federated_totalAttestations prepared for AFLE.
tg_attestation_carbon_passport_totalCarbon Passport trust references produced.
tg_attestation_failed_totalFailed attestation attempts.
tg_attestation_latency_msAttestation creation latency.
tg_attestation_missing_replay_totalMissing replay manifest failures.
tg_attestation_signature_pending_totalAttestations waiting for signature.
tg_attestation_dal_candidate_totalDAL candidates produced.

23. Performance Targets

MetricTarget
Attestation creation latency< 75 ms
Federation package creation latency< 150 ms
Carbon Passport trust reference latency< 100 ms
Throughput5,000 attestations/sec per worker pool
Replay determinism100% for canonical payloads
Availability99.99%

24. Security Requirements

The engine must:

  • verify identity before attestation;
  • ensure attestation source artifacts are immutable;
  • use signed policy profiles;
  • prepare signature envelopes using approved methods;
  • support key rotation;
  • prevent unsigned external export unless policy permits;
  • redact sensitive data before federation;
  • preserve all evidence hashes;
  • record MEID and CMI in all outputs;
  • emit immutable audit logs.

25. Compliance Alignment

FrameworkAttestation Engine Contribution
CSRDProvides auditable assurance evidence for sustainability data.
ESRSSupports traceability, data quality, and assurance transparency.
ISSB / IFRS S1-S2Supports investor-grade trust evidence.
ISO 14064-1Supports GHG verification evidence and chain-of-custody.
ISO 27001Supports cryptographic integrity and controlled evidence handling.
EU AI ActSeparates factual evidence from AI advisory metadata.
W3C VC / DIDSupports verifiable credentials and decentralized identity proofs.

26. Developer Implementation Notes

Developers should implement the Attestation Engine as a deterministic artifact generator.

Recommended design:

  • attestation profile resolver;
  • evidence reference assembler;
  • redaction profile applicator;
  • canonical payload serializer;
  • signature envelope preparer;
  • DAL anchor candidate publisher;
  • AFLE package exporter;
  • Carbon Passport trust reference publisher;
  • AII telemetry publisher.

Attestation payloads must be immutable after creation. Any correction requires a new attestation or revocation event.


27. Summary

The TrustGate Attestation Engine packages TrustGate scores, decisions, replay references, identity, lineage, and policy context into verifiable assurance artifacts.

It is the bridge between internal TrustGate runtime decisions and externally usable assurance evidence, including AFLE federation attestations, Carbon Passport trust references, auditor evidence packages, and DAL-anchored trust records.

No TrustGate trust claim should be exchanged outside the local runtime without a valid attestation produced by this engine or an equivalent FAGF-authorized process.




GitHub RepoRequest for Change (RFC)