Skip to main content
Jira progress: loading…

TG-PARSE

TrustGate Signal Parser Engine

0. Identity

Loading identity…

Depends on module:

Decision-grade verification and assurance domain that orchestrates verifier workflows, evidence handling, trust scoring, audit trails, and assurance packaging across CSRD/ESRS and other frameworks. Enables third-party sign-off, dispute handling, and assurance-ready disclosure outputs with replayable provenance.
Domain:
assurance-verification
Category:
trust-assurance
Classification:
module
Lifecycle status:
active
Semver:
1.0.0
Introduced in:
v0.3
Governance
AI risk level:
high
Trust threshold:
0.97
Human review required:
true
Verifier involved:
true
Audit required:
true
Ownership
Primary owner:
Platform
Architecture board:
true
White-label allowed:
true
Entrypoints
Docs:
/verification-assurance
UI:
/app/assurance
API:
/api/assurance
Dependencies
Modules
  • sis
  • input-hub
  • reports-insights-hub
  • zara
  • zaam
Unresolved tokens
  • ALTD
  • DAL
  • EvidenceVault
  • StripeConnect
  • TruliooKYB
  • TrustGate
  • VTE
  • VerifierWorkflowEngine
Engines (declared)
  • VerifierWorkflowEngine
  • DaVE
  • VTE
  • DICE
  • EvidenceVault
  • ALTD
  • DAL
  • TrustGate
  • StripeConnect
  • TruliooKYB
  • AISIM
Micro-engines (from registry)
None
Micro-engines (declared)
None
Signals
USO
  • ASSURANCE.VERIFICATION
  • ASSURANCE.EVIDENCE
  • ASSURANCE.SIGNOFF
  • AUDIT.LINEAGE
  • GOVERNANCE.TRUST
  • IDENTITY.VERIFIER
  • PAYMENT.ESCROW
CSI
  • CSI_VERIFICATION_ASSURANCE
SSSR tags
  • assurance
  • verification
  • verifiers
  • evidence
  • signoff
  • trust-score
  • audit
  • tamper-detection
  • blockchain
  • rfp
  • disputes
  • escrow
  • stripe-connect
Workflows & Outputs
Workflows
  • VerifierOnboardingAndQualification
  • AssuranceRFPAndProposalFlow
  • EvidenceRequestAndCollection
  • EvidenceValidationAndScoring
  • TrustScoreComputationAndPropagation
  • VerifierReviewAndCommenting
  • IssueFlaggingAndDisputeResolution
  • VerifierSignOffAndStamping
  • AssurancePackagingForReports
  • PaymentEscrowAndPayoutOrchestration
Outputs
  • verifier_profiles
  • assurance_requests
  • evidence_packages
  • validation_findings
  • trust_score_updates
  • signoff_stamps
  • assurance_ready_disclosure_packages
  • payment_events
Audit
Ledger:
ALTD
Replay supported:
true
PII policy:
controlled_pii_outside_omr
Tags

1. Purpose

The TrustGate Signal Parser Engine (TG-PARSE) is the first executable micro-engine in the TrustGate runtime pipeline.

TG-PARSE receives inbound raw signals from Input Hub, federation gateways, connectors, APIs, uploaded files, and internal event streams. Its purpose is to parse those raw inputs into canonical TrustGate signal objects that can be normalized, enriched, validated, scored, routed, replayed, and anchored.

TG-PARSE does not decide whether a signal is trusted. It establishes whether the signal can be structurally interpreted and represented as a deterministic runtime object.

The output of TG-PARSE becomes the required input to TG-VALIDATE-STRUCTURE.

Only structurally admitted signals may proceed to TG-NORMALIZE-SIGNAL.


2. Position Within TrustGate

2.1. Pipeline Position

External Source / Input Hub / Federation Gateway


TG-PARSE — Signal Parser Engine


TG-VALIDATE-STRUCTURE — Structure Validation Engine


TG-NORMALIZE-SIGNAL — Signal Normalizer Engine


TG-ENRICH-CONTEXT — Context Enrichment Engine

TG-PARSE SHALL execute before normalization, enrichment, validation, scoring, routing, replay artifact preparation, DAL anchoring, and federation exchange.

2.2. Architectural Role

Responsibility AreaRole of TG-PARSE
Runtime PipelineFirst executable parsing stage
Data IntegrityConverts raw payloads into deterministic canonical objects
ReplayabilityPreserves input hashes and parse metadata required for deterministic replay
LineageCreates the first TrustGate parsing lineage event
DALProduces parse-stage anchor candidates
FederationPreserves source ECO Number, DID metadata, signatures, and federation context when present

3. Canonical Identity

3.1. Engine Identity

PropertyValue
Engine NameSignal Parser Engine
Short NameTG-PARSE
MEIDMEID_SIGNAL_INGEST_PARSER
Canonical CMIvera.TG-PARSE.ENGINE.SIGNAL.1_0_0
ZAR CodeTGP01
CMI KindENGINE
Owner ModuleVerification & Assurance
Runtime TierTier-0
CriticalityCritical
Replay SupportNative
DAL AnchoringYes
Federation AwareYes

3.2. MEID Binding

The logical engine identity is stable:

MEID_SIGNAL_INGEST_PARSER

The CMI identifies the versioned executable implementation:

vera.TG-PARSE.ENGINE.SIGNAL.1_0_0

ZAR SHALL bind the MEID to one or more CMI versions.

MEID_SIGNAL_INGEST_PARSER
├── vera.TG-PARSE.ENGINE.SIGNAL.1_0_0
├── vera.TG-PARSE.ENGINE.SIGNAL.1_1_0
└── vera.TG-PARSE.ENGINE.SIGNAL.2_0_0

4. Runtime Responsibilities

TG-PARSE SHALL perform the following responsibilities:

ResponsibilityDescription
Payload IntakeAccept raw payloads or payload references from approved ingress channels
Format DetectionIdentify JSON, XML, CSV, XBRL, PDF-extracted JSON, OCR-derived JSON, API payloads, or binary references
Envelope ParsingExtract event metadata, source metadata, tenant context, ECO Number, and routing hints where present
Structural ParsingConvert raw payload into a canonical internal parse object
HashingGenerate deterministic input hash and parse output hash
Schema Candidate DetectionIdentify candidate SSSR schema references
Source PreservationPreserve raw payload URI or immutable payload pointer
Parse DiagnosticsEmit parse warnings, ambiguity indicators, and field-level parse status
Lineage CreationEmit initial TrustGate parse lineage event
Replay PreparationStore all information needed for deterministic re-parse
DAL PreparationCreate parse-stage DAL anchor candidate

TG-PARSE SHALL NOT perform trust scoring, business validation, threshold routing, or quarantine decisions except for unrecoverable parse failures.


5. Inputs

5.1. Canonical Input CSIs

TrustGate CSI identifiers SHALL follow the canonical CSI pattern:

<csi_module>.<csi_component>.<csi_kind>.<csi_name>.<csi_version_maj>_<csi_version_min>

Example:

comp.AIIL.INPUT.TRUST-SCORE.v1_0

TG-PARSE consumes the following CSI contracts:

CSIRequiredDescription
vera.TG.INPUT.RAW-SIGNAL.v1_0YesRaw inbound signal or payload reference
vera.TG.INPUT.SOURCE-METADATA.v1_0YesSource system, connector, tenant, and ingestion metadata
vera.TG.INPUT.ROUTING-HINT.v1_0NoOptional routing hint emitted by ZSSR or upstream orchestrator
vera.TG.INPUT.FEDERATION-CONTEXT.v1_0NoOptional AFLE/EGFS federation context
siss.SSSR.INPUT.SCHEMA-REF.v1_0NoOptional explicit schema reference

5.2. Minimal Input Envelope

{
"event_id": "01JBF0W4Y5T2V5W3N5X7A1B2C",
"event_type": "trustgate.raw_signal",
"event_time": "2026-06-25T09:40:12Z",
"eco_number": "ECO-A123",
"source_system": "mice_invoice_emissions",
"payload_format": "json",
"payload": {
"invoice_id": "INV-203948",
"line_id": "INV-203948-L5",
"description": "Recycled copy paper A4 80gsm"
},
"routing_hint": {
"version": "1.0",
"proposed_by_cmi": "vera.ZSSR-RULESET.RULESET.INVOICE-LINES.2026_06_01",
"candidates": [
{
"next_zar_code": "TGP01",
"reason": "TrustGate parsing",
"confidence": 0.94
}
]
}
}

5.3. Input Validation Requirements

TG-PARSE SHALL verify that:

  • event_id is present and unique within the ingestion window;
  • event_time is present and parseable;
  • either payload or payload_uri is present;
  • source metadata is present;
  • payload size is within configured limits;
  • if an ECO Number is present, its format is valid;
  • if a signature is present, the signature envelope is preserved for later verification.

6. Outputs

6.1. Canonical Output CSIs

CSIDescription
vera.TG.OUTPUT.CANONICAL-SIGNAL.v1_0Canonical parsed signal object
vera.TG.OUTPUT.PARSE-METADATA.v1_0Format, schema candidate, parser version, diagnostics
vera.TG.OUTPUT.PARSE-DIAGNOSTICS.v1_0Parse warnings, recoverable errors, ambiguity markers
vera.TG.OUTPUT.LINEAGE-EVENT.v1_0Parse-stage lineage event
vera.TG.OUTPUT.DAL-CANDIDATE.v1_0Parse-stage DAL anchor candidate

6.2. Canonical Parsed Signal

{
"parsed_signal_id": "PSG-2026-000001",
"source_event_id": "01JBF0W4Y5T2V5W3N5X7A1B2C",
"eco_number": "ECO-A123",
"payload_format": "json",
"schema_candidates": [
"siss.SSSR.SCHEMA.TRUSTGATE-RAW-SIGNAL.1_0_0"
],
"canonical_payload": {
"invoice_id": "INV-203948",
"line_id": "INV-203948-L5",
"description": "Recycled copy paper A4 80gsm"
},
"parse_metadata": {
"parser_cmi": "vera.TG-PARSE.ENGINE.SIGNAL.1_0_0",
"input_hash": "sha256:a2f4f6e0d9a3...",
"output_hash": "sha256:9a5b1f2d0c4e...",
"parse_duration_ms": 14,
"warnings": []
},
"created_at": "2026-06-25T09:40:12Z"
}

7. Processing Pipeline

7.1. Pipeline Steps

Receive Input


Validate Envelope


Detect Payload Format


Load Parser Strategy


Parse Payload


Generate Canonical Signal


Compute Hashes


Emit Parse Metadata


Emit Lineage Event


Forward to TG-NORM

7.2. Runtime Algorithm

function parse_signal(input_event):
validate_required_envelope(input_event)

payload_ref = resolve_payload(input_event.payload, input_event.payload_uri)

input_hash = canonical_hash(payload_ref)

format = detect_format(payload_ref)

parser = select_parser_strategy(format, input_event.source_system)

canonical_payload = parser.parse(payload_ref)

schema_candidates = infer_schema_candidates(canonical_payload)

output_hash = canonical_hash(canonical_payload)

parse_metadata = build_parse_metadata(
parser_cmi,
input_hash,
output_hash,
format,
schema_candidates
)

emit_canonical_signal(canonical_payload, parse_metadata)

emit_lineage_event()

emit_dal_candidate()

return canonical_payload

8. Runtime Configuration

8.1. Configuration Object

{
"engine_cmi": "vera.TG-PARSE.ENGINE.SIGNAL.1_0_0",
"strict_schema_detection": false,
"allow_payload_uri": true,
"allow_inline_payload": true,
"maximum_payload_size_mb": 50,
"accepted_formats": [
"JSON",
"XML",
"CSV",
"XBRL",
"PARQUET",
"PDF_EXTRACTED_JSON",
"OCR_JSON"
],
"hash_algorithm": "SHA-256",
"preserve_raw_pointer": true,
"emit_parse_diagnostics": true
}

8.2. Configuration Rules

ConfigurationDefaultDescription
strict_schema_detectionfalseWhether parsing fails if no schema candidate is found
allow_payload_uritrueWhether payloads may be referenced by URI
allow_inline_payloadtrueWhether inline payloads are accepted
maximum_payload_size_mb50Maximum allowed payload size
preserve_raw_pointertrueWhether raw payload pointer is preserved
emit_parse_diagnosticstrueWhether diagnostics are emitted

9. Data Model

9.1. Parsed Signal Entity

FieldTypeRequiredDescription
parsed_signal_idstringYesTrustGate parsed signal identifier
source_event_idstringYesUpstream event identifier
eco_numberstringConditionalECO Number associated with source entity
payload_formatenumYesDetected payload format
schema_candidatesarrayNoCandidate schemas inferred from payload
canonical_payloadobjectYesParsed canonical payload
parse_metadataobjectYesRuntime parse metadata
created_attimestampYesParse completion timestamp

9.2. Parse Metadata Entity

FieldTypeRequiredDescription
parser_cmistringYesCMI of parser implementation
input_hashstringYesHash of canonicalized raw input
output_hashstringYesHash of canonical parsed output
parse_duration_msintegerYesParse latency
warningsarrayNoParse warnings
ambiguity_scorenumberNoParser ambiguity indicator

10. Runtime Events

10.1. Parse Completed Event

{
"event_type": "trustgate.parse.completed",
"event_id": "TGEVT-2026-000001",
"parsed_signal_id": "PSG-2026-000001",
"eco_number": "ECO-A123",
"engine_meid": "MEID_SIGNAL_INGEST_PARSER",
"engine_cmi": "vera.TG-PARSE.ENGINE.SIGNAL.1_0_0",
"input_hash": "sha256:a2f4f6e0d9a3...",
"output_hash": "sha256:9a5b1f2d0c4e...",
"duration_ms": 14,
"status": "SUCCESS",
"created_at": "2026-06-25T09:40:12Z"
}

10.2. Parse Failed Event

{
"event_type": "trustgate.parse.failed",
"event_id": "TGEVT-2026-000002",
"source_event_id": "01JBF0W4Y5T2V5W3N5X7A1B2C",
"engine_meid": "MEID_SIGNAL_INGEST_PARSER",
"engine_cmi": "vera.TG-PARSE.ENGINE.SIGNAL.1_0_0",
"failure_code": "INVALID_PAYLOAD_FORMAT",
"failure_message": "Payload could not be parsed as JSON, XML, CSV, XBRL, or supported extracted format.",
"quarantine_recommended": true,
"created_at": "2026-06-25T09:40:12Z"
}

11. USO Integration

TG-PARSE SHALL create or extend USO lineage with parse-stage execution information.

11.1. Produced USO Objects

USO ObjectDescription
ParsedSignalParsed canonical signal object
ParsingEventRuntime parse event
ParseDiagnosticParse diagnostic and warning metadata
LineageEventTraceability event connecting raw input to parsed output

11.2. Example USO Lineage Fragment

{
"uso_id": "01JBF0X0ABCDEF1234567890AB",
"record_id": "PSG-2026-000001",
"primary_origin_cmi": "vera.TG-PARSE.ENGINE.SIGNAL.1_0_0",
"current_cmi": "vera.TG-PARSE.ENGINE.SIGNAL.1_0_0",
"origin_chain": [
"vera.TG-PARSE.ENGINE.SIGNAL.1_0_0"
],
"origin_chain_codes": [
"TGP01"
],
"op_type": "PARSE",
"born_at": "2026-06-25T09:40:12Z",
"audit": {
"hash_before": "sha256:a2f4f6e0d9a3...",
"hash_after": "sha256:9a5b1f2d0c4e...",
"engine_build_sha": "c5f1...",
"schema_cmi": "siss.SSSR.SCHEMA.TRUSTGATE-PARSE.1_0_0",
"timestamp": "2026-06-25T09:40:12Z"
}
}

12. DAL Integration

12.1. DAL Anchor Candidate

TG-PARSE SHALL produce a DAL anchor candidate when parsing completes.

{
"artifact_type": "ParsedSignal",
"artifact_id": "PSG-2026-000001",
"artifact_hash": "sha256:9a5b1f2d0c4e...",
"engine_meid": "MEID_SIGNAL_INGEST_PARSER",
"engine_cmi": "vera.TG-PARSE.ENGINE.SIGNAL.1_0_0",
"zar_code": "TGP01",
"created_at": "2026-06-25T09:40:12Z"
}

12.2. DAL Requirements

RequirementDescription
Input HashHash of canonicalized input must be preserved
Output HashHash of parsed canonical output must be preserved
Engine CMIParser implementation version must be recorded
ZAR CodeHuman-readable artifact code must be recorded
TimestampParse completion time must be recorded

13. Replay Behaviour

13.1. Replay Guarantees

TG-PARSE SHALL be deterministic.

Given the same:

  • raw payload;
  • parser CMI;
  • configuration hash;
  • schema registry state;
  • source metadata;

the engine SHALL produce the same canonical output hash.

13.2. Replay Verification

Replay verification succeeds when:

replayed_output_hash == original_output_hash

13.3. Replay Artifact

{
"replay_artifact_id": "RPL-TGPARSE-2026-000001",
"engine_meid": "MEID_SIGNAL_INGEST_PARSER",
"engine_cmi": "vera.TG-PARSE.ENGINE.SIGNAL.1_0_0",
"source_event_id": "01JBF0W4Y5T2V5W3N5X7A1B2C",
"input_hash": "sha256:a2f4f6e0d9a3...",
"output_hash": "sha256:9a5b1f2d0c4e...",
"configuration_hash": "sha256:ab62fd...",
"replayable": true
}

14. Error Handling

14.1. Failure Modes

Failure CodeDescriptionAction
MISSING_PAYLOADNeither payload nor payload URI providedReject
UNSUPPORTED_FORMATFormat not supportedQuarantine
INVALID_PAYLOAD_FORMATPayload cannot be parsedQuarantine
PAYLOAD_TOO_LARGEPayload exceeds configured sizeReject
MISSING_SOURCE_METADATARequired source metadata missingQuarantine
INVALID_ECO_NUMBER_FORMATECO Number format invalidQuarantine
SCHEMA_CANDIDATE_NOT_FOUNDNo schema candidate foundWarning or Quarantine depending on config

14.2. Quarantine Recommendation

TG-PARSE may recommend quarantine, but the final quarantine decision belongs to the downstream Decision Engine.

{
"source_event_id": "01JBF0W4Y5T2V5W3N5X7A1B2C",
"failure_code": "INVALID_PAYLOAD_FORMAT",
"quarantine_recommended": true,
"reason": "Input could not be parsed into a canonical TrustGate signal."
}

15. Performance Targets

MetricTarget
p50 Parse Latency< 10 ms
p95 Parse Latency< 25 ms
p99 Parse Latency< 50 ms
Throughput per Instance10,000 events/sec
Replay Consistency100%
Availability99.99%

16. Security Requirements

TG-PARSE SHALL enforce:

  • payload size limits;
  • strict content-type validation;
  • malicious payload detection;
  • JSON/XML parser hardening;
  • URI allowlist validation;
  • source authenticity preservation;
  • signature envelope preservation;
  • secure logging with PII masking.

TG-PARSE SHALL NOT log raw payloads unless explicitly enabled for a controlled forensic replay environment.


17. Federation Behaviour

When TG-PARSE receives a federated signal through AFLE or EGFS, it SHALL preserve:

  • originating ECO Number;
  • source DID;
  • federation transaction ID;
  • payload signature envelope;
  • originating DAL reference if present;
  • federation policy version;
  • cross-ECO routing context.

17.1. Federated Parse Context

{
"federation_id": "FED-2026-00077",
"source_eco": "ECO-A123",
"target_eco": "ECO-B456",
"source_did": "did:zayaz:ECO-A123",
"payload_type": "trust_signal",
"policy_version": "FAGF-2026.2"
}

18. AI Integration

TG-PARSE does not perform scoring or AI classification.

However, it may emit parse quality telemetry to DSAIL for long-term improvement of ingestion quality and connector reliability.

18.1. AI Feedback Event

{
"event_type": "trustgate.parse.quality.feedback",
"engine_meid": "MEID_SIGNAL_INGEST_PARSER",
"engine_cmi": "vera.TG-PARSE.ENGINE.SIGNAL.1_0_0",
"source_system": "mice_invoice_emissions",
"parse_success": true,
"parse_duration_ms": 14,
"warnings_count": 0,
"schema_candidates_count": 1
}

19. Testing Requirements

TG-PARSE SHALL include test suites for:

  • valid JSON payloads;
  • invalid JSON payloads;
  • XML inputs;
  • CSV inputs;
  • XBRL inputs;
  • OCR-derived JSON payloads;
  • payload URI resolution;
  • schema candidate inference;
  • canonical hashing;
  • replay determinism;
  • federation envelope preservation;
  • malicious payload rejection.

19.1. Minimal Test Vector

{
"name": "valid_invoice_json_payload",
"input": {
"event_id": "01JBF0W4Y5T2V5W3N5X7A1B2C",
"event_type": "trustgate.raw_signal",
"eco_number": "ECO-A123",
"payload_format": "json",
"payload": {
"invoice_id": "INV-203948"
}
},
"expected": {
"status": "SUCCESS",
"payload_format": "json",
"schema_candidates_min": 1
}
}

20. Developer Notes

TG-PARSE is intentionally narrow.

It parses and canonicalizes input structure but does not determine whether the content is valid, coherent, complete, trustworthy, or acceptable.

Those responsibilities belong to downstream engines:

ResponsibilityEngine
Unit normalizationTG-NORM
Context enrichmentTG-ENRICH
Business validationTG-VALID
Trust scoringTG-SCORE
Routing decisionTG-DECISION
Replay preparationTG-REPLAY
DAL anchoringTG-DAL

Keeping TG-PARSE narrow ensures deterministic replay, clear failure isolation, and simpler validation during incident investigations.




GitHub RepoRequest for Change (RFC)