{
  "schema_version": "1.0.0",
  "generator": "build-conformance.mjs",
  "description": "Public conformance contract for consumers of the Apeiris corpus: the identifier grammar, the closed controlled vocabularies (derived live from the data), what each value means, the integrity model, the evidence ontology, and the invariants a correct consumer must respect. Regenerated deterministically by npm run rehash and pinned in manifest.json.",
  "corpus": {
    "domains": 12,
    "controls": 605,
    "sources": 300,
    "prefixes": 72,
    "manifest_schema_version": "1.0.0"
  },
  "identifiers": {
    "control_uri": "apeiris://<domain>/controls/<PREFIX>-<NN>",
    "example": "apeiris://model/controls/CR-08",
    "prefix_rule": "72 two-letter control families (12 domains x 6 layers), globally unique \u2014 no cross-domain collision.",
    "canonical_id_on_every_control": true,
    "note": "Always use the apeiris:// URI across domain boundaries; never a bare id."
  },
  "controlled_vocabularies": {
    "control.blocking_effect": [
      "advisory",
      "blocks-deployment",
      "blocks-runtime-action",
      "requires-review"
    ],
    "control.normative_status": [
      "best-practice",
      "binding-law",
      "certification-standard",
      "industry-framework",
      "regulation",
      "supervisory-guidance",
      "voluntary-standard"
    ],
    "frameworks[].fit": [
      "adjacent",
      "direct",
      "partial",
      "supporting"
    ],
    "frameworks[].basis": [
      "anchored",
      "asserted"
    ],
    "frameworks[].relation": [
      "defends_against",
      "equivalent_to",
      "informs",
      "satisfies"
    ],
    "frameworks[].mapping_confidence": [
      "high",
      "low",
      "medium"
    ],
    "frameworks[].direction": [
      "bidirectional",
      "control-mitigates-risk",
      "control-supports-requirement",
      "out-of-scope",
      "tangential"
    ],
    "frameworks[].normative_force": [
      "best-practice",
      "binding-law",
      "certification-standard",
      "industry-framework",
      "informative-reference",
      "regulation",
      "supervisory-guidance",
      "voluntary-standard"
    ],
    "coverage.coverage": [
      "direct",
      "partial"
    ]
  },
  "vocabulary_meaning": {
    "fit": {
      "direct": "The control's evidence directly satisfies the requirement.",
      "supporting": "The control materially supports the requirement but is not the whole of it.",
      "partial": "The control addresses part of the requirement; additional evidence is needed.",
      "adjacent": "The control is related but does not by itself address the requirement."
    },
    "basis": {
      "anchored": "The framework's taxonomy was captured from its primary text and this cited id is validated against that anchor in CI. A fabricated id fails the build.",
      "asserted": "The framework is cited but not yet ingested as an anchor, so the id is not machine-validated. Treat as a claim pending anchor capture."
    },
    "relation": {
      "satisfies": "The mapped target is an OBLIGATION (binding law, regulation, transposed directive, or supervisory guidance) and this control is evidence toward satisfying it \u2014 subject to the evidence actually being produced (see fit; mapped is not satisfied).",
      "equivalent_to": "The mapped target is a CONTROL or requirement in another standard (ISO, NIST, OWASP, CSA, vendor control catalogs, ATLAS mitigations) that this control is equivalent or comparable to.",
      "defends_against": "The mapped target is a THREAT or attack technique (MITRE ATLAS technique, NIST AI 100-2 adversarial-ML taxonomy, OWASP Top-10 risk, PLOT4ai) that this control defends against \u2014 not a requirement the control satisfies.",
      "informs": "The mapped target is soft guidance or a set of principles (best-practice guidance, AI principles) that informs the control's design rather than imposing a testable obligation."
    },
    "coverage": {
      "direct": "Apeiris controls directly address this framework obligation.",
      "partial": "Partial coverage \u2014 the obligation's notes state the gap.",
      "none": "Not addressed by Apeiris controls.",
      "out_of_scope": "Outside the scope of Apeiris domain controls (with reasoning)."
    },
    "blocking_effect": {
      "advisory": "Informational; does not gate.",
      "requires-review": "Requires human review before proceeding.",
      "blocks-deployment": "Blocks deployment until satisfied.",
      "blocks-runtime-action": "Blocks the runtime action until satisfied."
    }
  },
  "integrity": {
    "content_addressing": "sha256",
    "per_domain": "manifest.domains[].sha256",
    "per_artifact": "manifest.artifact_checksums[path]",
    "signature": "Ed25519 over the RFC 8785 (JCS) canonical manifest, minus integrity.signature",
    "key_id": "ed25519-1f89c22423ab21b2",
    "public_key": "integration/keys/manifest-signing-ed25519.pub.json",
    "verify_page": "https://apeiris.ai/integration/verify/",
    "requirement": "Recompute each artifact's SHA-256 and compare to the manifest before trusting a fetched copy. Treat any mismatch \u2014 or a failed signature \u2014 as fail-closed and stop."
  },
  "evidence_ontology": {
    "schema": "apeiris-control-core/evidence.schema.json",
    "required_fields": [
      "evidence_id",
      "subject",
      "producer_verifier",
      "control_refs",
      "evidence_type",
      "scope",
      "collected_at",
      "collection_method",
      "integrity",
      "result",
      "confidence"
    ],
    "result_values": [
      "pass",
      "fail",
      "partial",
      "not-tested",
      "not-applicable",
      "exception-granted"
    ],
    "evidence_type_values": [
      "automated-test-result",
      "audit-log",
      "third-party-audit-report",
      "red-team-report",
      "configuration-snapshot",
      "policy-attestation",
      "evaluation-scorecard",
      "monitoring-alert-history",
      "incident-record",
      "model-card",
      "data-lineage-record",
      "human-review-record",
      "certification",
      "apeiris-assertion"
    ],
    "note": "Every attestation artifact carries the required fields; result is the pass/fail axis and evidence_type declares what kind of proof was collected.",
    "evidence_map": {
      "artifact": "integration/evidence_map.json",
      "description": "Each control's prose evidence_required[] projected into typed descriptors {id, description, evidence_type, verification}. evidence_type is one of the evidence_type_values above; verification is how the artifact is checked.",
      "verification_values": [
        "automated",
        "third-party",
        "human",
        "attested"
      ],
      "note": "Classification is machine-inferred and reviewable, not a hand-audited assignment. Use it to know what artifact to produce per control and how much of the fabric is machine-collectable (meta.automatable_pct)."
    }
  },
  "consumer_invariants": [
    "Recompute every artifact's SHA-256 against manifest.json before trusting it; a mismatch is fail-closed.",
    "Verify the manifest's Ed25519 signature against the published public key before trusting the manifest.",
    "Mapped is not satisfied: a frameworks[] entry states a typed relationship (relation = satisfies | equivalent_to | defends_against | informs) at a strength (fit), not that the obligation is met. Only relation=satisfies points at an obligation, and even then the evidence is what you must actually produce (see the control's evidence_required[]). A defends_against or equivalent_to entry is not an obligation at all.",
    "basis=asserted means the citation is not yet validated against a captured primary text \u2014 do not treat it as an audited crosswalk.",
    "Handle the full closed vocabularies above; treat a value outside a listed set as an error, not a default.",
    "Resolve controls across domains only by their apeiris:// URI; prefixes are globally unique but the URI carries the domain.",
    "This is a public knowledge layer and a planning aid \u2014 not a compliance determination, audit result, or runtime enforcement."
  ],
  "runnable_checks": {
    "integrity": "https://apeiris.ai/integration/verify/ (in-browser SHA-256 + Ed25519), or the curl recipe on https://apeiris.ai/integration/api/",
    "shape": "Fetch each artifact and assert the shapes + vocabularies above; the reference validators live in apeiris-control-core (npm run validate / npm test)."
  }
}
