Skip to content

Commit 0e53935

Browse files
CMCDragonkaiCMCDragonkai
committed
fix: moved some notes on recipt rails diagrams
1 parent 95bbeb3 commit 0e53935

File tree

1 file changed

+4
-3
lines changed

1 file changed

+4
-3
lines changed

docs/theory/receipt-rails-operational-flow.md

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -137,18 +137,17 @@ sequenceDiagram
137137
alt Principal-side CEP (placement=P, bridging=true) [PS-BA]
138138
Note over P: If P and R are the same trust boundary<br>this is effectively native (colocated)<br>bridging=false, PoAR still on P's sigchain
139139
S ->> P: Present capability (Presentation)
140+
Note over P: Σ = verify(Presentation, Grant, Bind, channel, ttl,<br>attenuation?, lease?, allowed-surface?)
140141
break Verification fails at P
141142
Note over P: Deny path<br>Mint DenyReceipt with reason code<br>(binding_mismatch, lease_stale, surface_violation, rate_limit)
142143
Note over P: Write DenyReceipt on P's sigchain
143144
P ->> S: Deliver DenyReceipt
144145
end
145146
alt Mediate at P
146-
Note over P: Verify Presentation + Bind + fresh LeaseRef<br>Record requestDigest vs Allowed-Surface
147147
P ->> R: ToA API call
148148
R -->> P: Result
149149
P -->> S: Result (if requester expects data)
150150
else Derive at P
151-
Note over P: Verify Presentation + Bind + fresh LeaseRef
152151
P ->> S: Short-scope token (session-bound)
153152
S ->> R: ToA API call (using token)
154153
R -->> S: Result
@@ -163,19 +162,20 @@ sequenceDiagram
163162
164163
else Resource-side CEP (placement=R, bridging=false) [native]
165164
S ->> R: Present capability (Presentation)
165+
Note over R: Σ = verify(Presentation, Grant, Bind, channel, ttl,<br>attenuation?)
166166
break Verification fails at R
167167
Note over R: Deny path<br>Mint DenyReceipt with reason code<br>(binding_mismatch, lease_stale, surface_violation, rate_limit)
168168
Note over R: Write DenyReceipt on R's sigchain
169169
R ->> S: Deliver DenyReceipt
170170
end
171-
Note over R: Enforce at Resource CEP
172171
R -->> S: Result (if requester expects data)
173172
Note over R: Write Access PoAR on R's sigchain
174173
R ->> S: Deliver PoAR
175174
176175
else Subject-side CEP (placement=S, bridging=false) [SSA wallet/session]
177176
Note over S: S does not hold long-lived upstream lease.
178177
S ->> S: Present capability (internal Presentation)
178+
Note over S: Σ = verify(Presentation, Grant, Bind, channel, ttl,<br>attenuation?)
179179
break Verification fails at S
180180
Note over S: Deny path<br>Mint DenyReceipt with reason code<br>(binding_mismatch, lease_stale, surface_violation, rate_limit)
181181
Note over S: Write DenyReceipt on S's sigchain
@@ -189,6 +189,7 @@ sequenceDiagram
189189
190190
else Subject-side CEP (placement=S, bridging=true) [SS-BA, rare]
191191
S ->> S: Present capability (internal Presentation)
192+
Note over S: Σ = verify(Presentation, Grant, Bind, channel, ttl,<br>attenuation?, lease?, allowed-surface? for mediate)
192193
break Verification fails at S
193194
Note over S: Deny path<br>Mint DenyReceipt with reason code<br>(binding_mismatch, lease_stale, surface_violation, rate_limit)
194195
Note over S: Write DenyReceipt on S's sigchain

0 commit comments

Comments
 (0)