nucleus-flow-projection 0.1.0

Flow projection lifter for the Nucleus substrate. Lifts a Denning-lattice FlowTracker snapshot into a Projection::Flow body that the substrate Receipt envelope can carry. Verifier checks well-formedness and exposes the session integrity / confidentiality / authority ceilings to downstream consumers.
Documentation

nucleus-flow-projection

Crates.io Docs.rs

Flow projection lifter for the Nucleus substrate. Lifts a Denning-lattice FlowTracker snapshot into the typed body of a Projection::Flow variant. Verifier enforces well-formedness and exposes the session's confidentiality / integrity / authority / taint ceilings to downstream consumers.

Wire shape

{
  "kind": "flow",
  "body": {
    "version": 1,
    "node_count": 4,
    "session_confidentiality_ceiling": "internal",
    "session_integrity_ceiling": "adversarial",
    "session_authority_ceiling": "no_authority",
    "session_taint_ceiling": "ai_generated",
    "has_adversarial_bid": true,
    "has_ai_derived": true,
    "has_confidential_data": false
  }
}

has_adversarial_bid = true is the convenience signal that the auction-hub's G8 IFC observation found at least one bid lacking a signed externality profile — downstream consumers should refuse to trust the clearing.

Verifier invariants

  1. Body version matches FLOW_BODY_VERSION (1).
  2. All four lattice levels are in their stable vocabularies (CONF_LEVELS, INTEG_LEVELS, AUTHORITY_LEVELS, TAINT_LEVELS).
  3. CONSISTENCY: has_adversarial_bid == true implies session_integrity_ceiling == "adversarial" (Biba min-over semantics).

License

Dual-licensed under MIT OR Apache-2.0.