Skip to main content

Product documentation

Canonical Claim Set

The canonical claim set is the authoritative list of enforcement claims Syndicate Code makes about its control plane. Each claim has a defined status, evidence strength, and set of conditions under which it is invalid.

The canonical claim set is the authoritative list of enforcement claims Syndicate Code makes about its control plane. Each claim has a defined status, evidence strength, and set of conditions under which it is invalid.

Claims are versioned. Status and evidence strength reflect the current verified state, not aspirational behavior. Partial claims remain visibly labeled as partial.

CLAIM: policy-outside-runtime
The control plane attempts to enforce policy before tool execution in verified code paths.
Status: partial
Evidence strength: moderate
Last verified: 2026-03-19
Product version: 0.5.0
Source: product-repo:internal/policy/evaluator.go

Runtime output is treated as untrusted proposal input. Capability checks and policy evaluation gate side effects before tool execution in the traced code path.

Invalid when:

  • Execution path bypasses policy evaluation before side effects
  • Offline or degraded mode disables the control plane gate
  • Code paths outside the traced verification scope are not enforced
  • Subprocess spawns outside the tool boundary enforcement
Proof artifact: /proof/policy-enforcement-gate
CLAIM: approval-argument-binding
The control plane attempts to bind approvals to exact normalized action arguments in verified execution paths.
Status: partial
Evidence strength: moderate
Last verified: 2026-03-19
Product version: 0.5.0
Source: product-repo:internal/canonicalization/fingerprint.go

Control plane computes a digest of the normalized action payload and rejects execution when digest, scope, or expiry does not match approval state.

Invalid when:

  • Normalized argument digest differs from stored approval digest
  • Approval is expired, revoked, or scope-mismatched
  • Execution path bypasses approval check
  • Normalization differs between proposal and execution time
Proof artifact: /proof/approval-argument-match-event
CLAIM: event-attribution-replayability
Execution events attempt to record actor, approval id, policy decision metadata, and run identifiers for incident analysis.
Status: planned
Evidence strength: illustrative
Last verified: 2026-03-19
Product version: 0.5.0
Source: product-repo:internal/db/store.go

Event envelopes attempt to record actor, approval id, policy decision metadata, and run identifiers for deterministic reconstruction. Cross-session chain linkage shipped in v0.4.0. Full deterministic replay remains planned.

Invalid when:

  • Required attribution fields are omitted from event envelopes
  • Event recorded after state change rather than at transition point
  • Hash chain gaps prevent reconstruction
  • Event emission fails silently in degraded mode
Proof artifact: /proof/replay-lineage-envelope

Verification contract

No claim is published without at least one artifact reference. Planned claims remain visibly labeled. Status reflects verified state, not intent.

Canonical Claim Set | Syndicate Code