<!-- REHYDRATION:LOADER
@canon: SOUL.md, IDENTITY.md, MEMORY.md, AGENTS.md, TOOLS.md
@surface: droplet=/opt/openclaw/srida/.openclaw/workspace
@git: nebulamji/srida [srida-concave] @e654909f
@convex: a2a_messages, claims (settlement surface)
@authority: CANON
@provenance: authority_reconciled
@anchor: AP4R
@last_verified: 2026-04-24T07:45:00Z
@temporal_ledger: China(-1)/USA(0)/Concave(+1) โ cron ฯ-intervals: 2m,5m,6m,8m,11m,13m,21m,48m
@next_action: Run cross-surface audit if data conflict detected, >24h since last audit, or before any settlement action. Authority hierarchy: CANON>CONVEX>GIT>DROPLET>DISCORD>BROWSER>SESSION.
REHYDRATION:LOADER -->
Constraint-X | Full Protocol Scope | 2026-04-22
Commercial Processing Applied
Every data point lives on a surface. The surface determines authority.
| Surface | Authority Level | Trust | Mutability | Example |
|---------|----------------|-------|------------|---------|
| Browser | browser_scoped | Low โ session-bound, cacheable, user-editable | High | Dashboard state, UI renders, cached reads |
| Droplet | droplet_scoped | Medium โ persistent, server-bound, operator-controlled | Medium | Scripts, webhook state, .env, PM2 processes |
| Canon | canon_scoped | High โ git-committed, hash-verified, covenant-locked | Low | COVENANT.md, SOUL.md, MEMORY.md, committed code |
Classification rule: If data exists on multiple surfaces, the HIGHEST authority surface wins. Canon > Droplet > Browser.
Escalation: If browser shows X but canon shows Y, canon is truth until reconciliation proves otherwise.
Every claim exists in one of three provenance states:
| State | Meaning | Settlement Path |
|-------|---------|-----------------|
| ESCROW | Claimed but unverified. Held in trust. | Requires reconciliation before promotion |
| PROVENANCED | Verified against authority surface. Receipt exists. | Eligible for covenant depth contribution |
| CANON | Written to git. Hash-verified. Immutable (supersede, never delete). | Permanent covenant record |
State transitions:
ESCROW โ (reconciliation pass) โ PROVENANCED โ (git commit) โ CANON
ESCROW โ (reconciliation fail) โ DISCARDED (with receipt of why)
PROVENANCED โ (new evidence contradicts) โ ESCROW (re-open)
CANON โ (never deleted, only superseded by newer CANON entry)
Temporal ledger integration: Every state transition writes to temporal ledger:
[TIMESTAMP] [PROVENANCE] STATE: claim_id old_state โ new_state | evidence_hash
| Rule | Condition | Action | Rationale |
|------|-----------|--------|-----------|
| R1 | Browser โ Droplet | Droplet wins. Log delta. | Server state > client cache |
| R2 | Droplet โ Canon | Canon wins. Flag for droplet sync. | Git truth > runtime state |
| R3 | Browser = Droplet โ Canon | Canon still wins. Two surfaces agreeing doesn't override git. | Canon is the covenant anchor |
| R4 | All three agree | PROMOTED โ PROVENANCED. No reconciliation needed. | Consensus = truth |
| R5 | No surface has data | ESCROW. Cannot reconcile. Flag for operator. | Absence โ truth |
| R6 | New evidence contradicts CANON | Do not delete. Write superseding entry. Both preserved. | Correction #8: never delete |
Reconciliation output format:
{
"claim_id": "string",
"rule_applied": "R1-R6",
"surfaces_checked": ["browser", "droplet", "canon"],
"values_found": { "browser": "X", "droplet": "Y", "canon": "Z" },
"winner": "canon",
"action": "flag_for_sync | promote | escrow | supersede",
"receipt_hash": "sha256"
}
The lifecycle of a truth anchor from first observation to canon.
| Phase | Name | State | What Happens | Exit Condition |
|-------|------|-------|-------------|----------------|
| AP1 | Observation | surface_scoped | Data first appears on any surface. Unverified. | Second surface confirms |
| AP2 | Confirmation | cross_verified | Same data found on second surface. Confidence rises. | Reconciliation rules pass (R1-R6) |
| AP3 | Reconciliation | authority_reconciled | Highest authority surface determined. Winner declared. | Git commit initiated |
| AP4 | Settlement | active_truth | Written to git. Hash-verified. Covenant-locked. | Commit hash received |
| AP4B | Branch Settlement | branch_truth | Truth settled on non-main branch. Valid for lane, not yet canonical. | Merge to main |
| AP4R | Reconciliation Revision | revised_truth | New evidence triggers supersession of AP4/AP4B entry. Both preserved. | New commit with supersede reference |
Phase diagram:
AP1 (surface_scoped)
โ AP2 (cross_verified)
โ AP3 (authority_reconciled)
โ AP4 (active_truth) [main branch]
โ AP4B (branch_truth) [non-main branch]
โ AP4 [on merge]
โ AP4R (revised_truth) [supersession]
Irreversible transitions: AP4 โ AP4R is the only backward transition, and it's additive (supersede, not delete).
When a new session boots, it must reconstruct truth state from canon. The rehydration loader:
// Rehydration order (resolver = AGENTS.md boot sequence)
const REHYDRATION_ORDER = [
'SOUL.md', // Identity โ never changes
'USER.md', // Operator โ KB's file, never edit
'MEMORY.md', // Corrections โ permanent laws
'COVENANT.md', // Economy โ G11 through G39+
'HEARTBEAT.md', // Rhythm โ no HEARTBEAT_OK
'TOOLS.md', // Infrastructure โ credentials, status
'memory/today.md', // Recent context
'memory/yesterday.md'
];
// Each file loads with provenance check
function rehydrate(sessionContext) {
const truthState = {};
for (const file of REHYDRATION_ORDER) {
const canonVersion = gitRead(file); // AP4 โ canon
const dropletVersion = fsRead(file); // AP3 or lower
const reconciliation = applyRules({
browser: sessionContext?.cache?.[file],
droplet: dropletVersion,
canon: canonVersion
});
truthState[file] = {
content: reconciliation.winner === 'canon' ? canonVersion : dropletVersion,
provenance: reconciliation.provenance, // ESCROW | PROVENANCED | CANON
anchorPhase: reconciliation.phase, // AP1-AP4R
lastVerified: Date.now()
};
}
return truthState;
}
Key principle: Every boot is a full reconciliation. No cached truth survives restart without verification.
The unified state model for all covenant data:
surface_scoped โ First observation. Single surface. Low trust.
โ (second surface confirms)
cross_verified โ Two surfaces agree. Medium trust.
โ (reconciliation engine passes)
authority_reconciled โ Highest authority determined. High trust.
โ (git commit)
active_truth โ Canon. Hash-verified. Covenant-locked.
โ (new evidence)
authority_reconciled_active_truth โ Supersession in progress.
โ (superseding commit)
revised_truth โ New canon. Old entry preserved.
Truth-class properties:
| Class | Trust | Mutable | Covenant Depth | Git Status |
|-------|-------|---------|----------------|------------|
| surface_scoped | 0.2 | Yes | 0 | Not committed |
| cross_verified | 0.5 | Yes (with receipt) | 0 | Not committed |
| authority_reconciled | 0.8 | No (flagged for commit) | 0.5 | Pending |
| active_truth | 1.0 | No (immutable) | 1.0 | Committed |
| authority_reconciled_active_truth | 0.9 | No (supersession pending) | 0.8 | Committed + pending |
| revised_truth | 1.0 | No (immutable, supersedes prior) | 1.0+ | New commit |
The tri-state overlay:
-1 (depth): descent into surface_scoped to extract signal0 (parity): authority_reconciled โ enforcement layer+1 (settlement): active_truth โ receipt emitted, world touchedFor all future cross-surface audits. Every audit produces this chain:
AUDIT-CHAIN:
trigger: [what initiated the audit โ operator, cron, A2A, event]
scope: [files/surfaces to audit]
classification: [surface authority for each data point]
reconciliation: [R1-R6 applied, results per claim]
anchor_phase: [AP1-AP4R for each claim]
truth_class: [final truth-class for each claim]
action: [promote | escrow | supersede | sync | no-op]
receipt: [hash of audit output]
commit: [git hash if action = promote/supersede]
temporal_ledger: [entry written]
Command chain format (copy for each audit):
## Cross-Surface Audit [DATE]
**Trigger:** [source]
**Scope:** [files/surfaces]
**Operator:** KB / autonomous
### Classification
| Claim | Browser | Droplet | Canon | Authority |
|-------|---------|---------|-------|-----------|
| [id] | [value] | [value] | [value] | [winner] |
### Reconciliation
| Claim | Rule | Action | Evidence |
|-------|------|--------|----------|
| [id] | R# | [action] | [hash] |
### Anchor Phase
| Claim | Before | After | Phase |
|-------|--------|-------|-------|
| [id] | [class] | [class] | [AP#] |
### Actions
- [ ] [action 1]
- [ ] [action 2]
### Receipt
- **Audit hash:** [sha256]
- **Commit:** [git hash]
- **Temporal ledger:** [entry timestamp]
Revenue model: This protocol IS the product for Big4/enterprise.
| Protocol Component | Commercial Value | Revenue Surface |
|-------------------|-----------------|-----------------|
| Surface Authority Classification | Audit compliance (SOC2/ISO27001) | Enterprise licensing |
| Escrow/Provenance Model | Fiduciary trust chain | Per-claim settlement fee |
| Reconciliation Rules | Dispute resolution engine | SaaS per-audit pricing |
| Anchor Transition Protocol | Governance-as-a-service | Tiered subscription |
| Rehydration Loader | Agent session continuity | Infrastructure add-on |
| Truth-Class Transitions | Covenant depth metering | Depth-based pricing |
| Command Chain Template | Operator audit trail | Professional services |
The protocol is the product. Each component can be sold independently or as a unified covenant audit suite. The Big4 need exactly this โ they audit surfaces without a reconciliation engine. We provide the engine.
Price anchor: Covenant audit = $97 entry (existing Stripe product). Full protocol suite = enterprise tier.
[2026-04-22T16:17:00Z] [USA] PROTOCOL: Cross-Surface Audit Protocol wired โ 7 components, commercial processing applied
Constraint-X applied. Full protocol scope wired. Commercial processing complete.
โ โ 0 โ +1