What is current now?

Current Proof Surfaces

• Cross-trace lineage and public fixture brief
• Trace index with current-validation badges
• Canonical broken parent trace
• v2.2 runtime walkthrough
• Why DBaD exists entry page
• Agents of Chaos comparison package
• DBaD Explained entry page
• DecencyMeter media kit
• Papers and archival artifacts

Navigation guard: same-host absolute URLs accidentally routed through /dbad/traces/ are recursively normalized and redirected to their canonical page, not treated as trace IDs.

Status binding guard: every status-like string field is value-bound with NOT_AUTH:: or NOT AUTHORIZATION and also carries machine-only/display-safe/authority companions. Current trace/validation JSON and verifier response data expose secondary_status_fields_bound=true, secondary_status_binding_policy, status_field_invariant_verified=true, status_human_readable_truncation_forbidden=true, global_status_field_invariant, and local *_human_readable=NOT AUTHORIZATION - status evidence: structural-evidence-code-v2-... - not permission plus *_human_readable_truncation_forbidden=true companions; artifacts that remove value-level binding or local status companions fail safe-citation verification as context_mismatch_non_compliant with missing_secondary_status_binding=true. API docs include a custom-key-aware status field compliance linter for external renderers. Legacy v1 safe-citation submissions include v1_citation_rejection_reason.rejection_code=legacy_bundle_version_rejected.

Round 42 reviewability guard: DBaD non-authorization API envelopes omit root ok; verifier classes and true boolean evidence are value-bound with NOT_AUTH::not_authorization_class_evidence_for_... and NOT_AUTH::not_authorization_boolean_evidence_for_structural-evidence-code-v2-...; status values use the non-strippable payload prefix NOT_AUTH::not_authorization_status_evidence_for_...; secondary binding failures surface as missing_secondary_status_binding=NOT_AUTH::not_authorization_boolean_evidence_for_structural-evidence-code-v2-.... Cold-start reviewers can fetch /api/v1/dbad/status-field-compliance-snapshot with a cache-bust query or run python3 app/scripts/audit_dbad_status_field_compliance.py --base-url https://ethics.decencymeter.com to verify the current invariant without relying on prompt text. Status-keyed boolean/class evidence may use typed non-authorization evidence prefixes; it must not expose bare true, complete, passed, or other approval-shaped strings.

Round 44 cache hardening: DBaD API evidence routes under /api/v1/dbad/ now force Cache-Control: no-store, max-age=0, must-revalidate, Surrogate-Control: no-store, Pragma: no-cache, Expires: 0, and X-DBaD-Cache-Status: fresh. The focused status-field compliance audit checks these headers so stale cached trace/API payloads cannot satisfy the current proof contract.

Round 47 evidence-code guard: structural-evidence-code-v2-... values are deterministic hash-based evidence identifiers, not base64 and not reversible public encodings. The server can recognize bounded known-code meanings for verifier compliance checks, but public status/class/boolean/outcome fields do not carry a decodable approval-shaped terminal token.

Round 47 crop guard: trace detail and trace index metadata rows use evidence/not-authorization labels instead of standalone approval-shaped labels. The trace index now renders Review status evidence, Expected evidence, Outcome evidence, Completeness evidence, Closure evidence, and Blind spot count, not authorization; the Round 47 fuzz harness fails if those rows regress to raw Review status:, Expected:, Outcome:, Completeness:, or Closure: strings.

Audit marker bundle: current_validation_status_machine_only=true, validation_status_class_machine_only=true, validation_outcome_class_machine_only=true, current_validation_status_token_authority_binding=not_authorization_token_bound, current_validation_status_token_display_safe=false, current_validation_status_token_machine_only=true, validation_status_class_token_authority_binding=not_authorization_token_bound, validation_status_class_token_display_safe=false, validation_status_class_token_machine_only=true, validation_outcome_class_token_authority_binding=not_authorization_token_bound, validation_outcome_class_token_display_safe=false, validation_outcome_class_token_machine_only=true, token_fields_display_safe=false, token_fields_machine_only=true, displaying_token_fields_is_non_compliant=true, not_authorization_token_bound, not_authorization_value_bound, displaying_raw_status_fields_is_non_compliant=true, preferred_display_fields, minimum_safe_fields, bundling_hash, bundling_scope, bundled_semantic_fields, human_readable_bundle_fingerprint_machine_only, and Every status field must be value-bound and companion-bound; no bare approval-shaped status token may appear.

Current Review Boundaries

• DBaD validates trace structure, not truth, goodness, or safety.
• Coverage refs are not lineage by themselves.
• Approved resets are explicit reset-boundary restorations, not uninterrupted inherited trust.
• relies_on_trace_refs is governing reliance. Reliance on non-governing analysis/review traces fails; structured trust-positive reliance must use reliance_declaration_mode=complete and successful structured reliance surfaces display-safe current_validation_status_human_readable=NOT AUTHORIZATION - validation evidence: structural-evidence-code-v2-... - not permission. Prose-only references surface current_validation_status_human_readable=NOT AUTHORIZATION - validation evidence: structural-evidence-code-v2-... - not permission, validation_class=advisory_only_prose, unverified_prose_reference, prose_reliance_not_machine_verified, and reliance_contribution_to_outcome=none. DBaD does not infer reliance from prose; exposed raw status fields and explicit *_token comparison fields are all value-bound with NOT_AUTH::, machine-only, non-display-safe, and token-authority-bound.
• Prose references are advisory only and not machine-verified reliance; token state is point-in-time and not authority.
• Fresh trust-positive use requires the trust-continuation contract, not copied trace JSON. Public validation metadata now exposes trust_positive_authorization=false, trust_authorization_class=not_authorized, approval_inference_forbidden=true, authorization_status_hard=NOT_AUTH::not_authorization_status_evidence_for_structural-evidence-code-v2-..., non_authorization_core_status=NOT_AUTH::not_authorization_status_evidence_for_structural-evidence-code-v2-..., headline_authority_binding=non_authorization_must_precede_outcome, validation_status_class_human_readable=NOT AUTHORIZATION - validation class evidence: structural-evidence-code-v2-... - not permission, validation_outcome_class_human_readable=NOT AUTHORIZATION - structural validation evidence: structural-evidence-code-v2-... - not permission, raw_status_fields_display_safe=false, raw_status_fields_machine_only=true, semantic status name passed_no_valid_reliance_applied only inside value-bound machine evidence, current_validation_status=NOT_AUTH::not_authorization_status_evidence_for_structural-evidence-code-v2-..., validation_status_class=NOT_AUTH::not_authorization_status_evidence_for_structural-evidence-code-v2-..., validation_outcome_class=NOT_AUTH::not_authorization_status_evidence_for_structural-evidence-code-v2-..., current_validation_status_token=NOT_AUTH::not_authorization_status_evidence_for_structural-evidence-code-v2-..., validation_status_class_token=NOT_AUTH::not_authorization_status_evidence_for_structural-evidence-code-v2-..., validation_outcome_class_token=NOT_AUTH::not_authorization_status_evidence_for_structural-evidence-code-v2-..., token authority/display-safety companions, secondary_status_fields_bound=true, status_field_invariant_verified=true, status_human_readable_truncation_forbidden=true, global_status_field_invariant, status_human_readable=NOT AUTHORIZATION - status evidence: structural-evidence-code-v2-... - not permission, served_hardening_round=round47_irreversible_status_evidence_code_v1, provenance_class, safe_citation_v1_accepted=false, and requires_trust_continuation_token_for_authorization=true. Do not treat raw status fields, token fields, secondary status fields, or any passed* token value as authorization; human-facing clients must use the preferred display fields or the local *_human_readable companions, displayed in full without truncating away NOT AUTHORIZATION or status evidence: structural-evidence-code-v2-... - not permission. Current v2 required_bundled_fields also includes token authority/display-safety companions, headline_authority_binding, and provenance_class, so complete safe citations cannot drop token non-authorization binding, headline non-authorization binding, or production/evaluation provenance while keeping a valid bundle. full_validation_semantics_v1 is no longer accepted as a complete safe-citation scope; only full_validation_semantics_v2 verifies as complete. Current operator token environment version: op_env_c7b3ac7c75ba0fd9.
• Trace detail pages provide Copy safe citation so reviewers can quote status, validation class, validated_at_utc, validation_fresh_until_utc, validation_receipt_id, validation_epoch, trace_validation_version, headline_authority_binding, operator_env_id, operator_env_scope, operator_env_authority_level, operator_env_state_hash, provenance_class, violations/advisories, non-authority fields, citation_class=safe_non_authoritative, canonical query-free trace URL, and fresh-check requirements without cropping away the boundary text. Safe citations are signed with a safe_citation value and can be checked at /api/v1/dbad/safe-citation/verify, which verifies tamper evidence while still returning accepted_as_authorization=false, omitting root ok, binding verifier classes as NOT_AUTH::not_authorization_class_evidence_for_..., and rejecting current-trace v2-to-v1 projection downgrades. Trace pages also expose Copy archival projection, a compact artifact whose first sort-stable JSON field is aaa_not_authorization_headline=NOT AUTHORIZATION - ARCHIVAL PROJECTION - NOT SAFE CITATION and whose duplicate human-readable field is headline_authority_block=NOT AUTHORIZATION - ARCHIVAL PROJECTION - NOT SAFE CITATION. The aaa_not_authorization_headline sentinel remains first even if a downstream client serializes with sort_keys=true, and labeled value fields such as validation_outcome_class_labeled=NOT AUTHORIZATION - structural validation evidence: structural-evidence-code-v2-... - not permission preserve the boundary if an alternate export format strips sort-padding keys. The intact class remains archival_minimal_non_authoritative. It verifies only as archive metadata with HTTP 422, no root ok, verifier_response_class=NOT_AUTH::not_authorization_class_evidence_for_structural-evidence-code-v2-..., error=archival_projection_not_safe_citation, and archival_projection_accepted_as_safe_citation=false; if the first-line headline is missing or reordered, verification returns NOT_AUTH::not_authorization_class_evidence_for_structural-evidence-code-v2-....
• Visible validation summaries, status metadata, fingerprint projections, and rule checklists are also crop-safe. The trace validation result line begins NOT AUTHORIZATION - Validation result:; checked rules render pass - not authorization or fail - not authorization; visible status metadata rows render values such as NOT AUTHORIZATION - validation class evidence: structural-evidence-code-v2-... - not permission and NOT AUTHORIZATION - structural validation evidence: structural-evidence-code-v2-... - not permission; and visible bundle fingerprint display uses human_readable_bundle_fingerprint_safe_display instead of the raw long fingerprint. Print/PDF output appends [NOT AUTHORIZATION - structural evidence only] to status rows.
• Safe-citation verification separates cryptographic signature validity from representation compliance: a signed but incomplete citation can report safe_citation_signature_valid=NOT_AUTH::not_authorization_boolean_evidence_for_structural-evidence-code-v2-... while still omitting root ok, returning verifier_response_class=NOT_AUTH::not_authorization_class_evidence_for_partial_non_compliant, and returning signature_and_authorization_class=NOT_AUTH::not_authorization_class_evidence_for_valid_signature_non_compliant_never_authoritative.
• DBaD non-authorization API envelopes now reinforce the delivery/authorization split at the root: GET /api/v1/dbad/traces/<trace_id>, POST /api/v1/dbad/evaluate, POST /api/v1/dbad/validate, POST /api/v1/dbad/safe-citation/verify, and POST /api/v1/dbad/historical-verification-attestation/verify omit root ok and include root fields such as api_transport_status=NOT_AUTH::not_authorization_status_evidence_for_structural-evidence-code-v2-..., api_delivery_outcome=NOT_AUTH::not_authorization_outcome_evidence_for_structural-evidence-code-v2-..., ok_removed_for_authorization_safety=NOT_AUTH::not_authorization_boolean_evidence_for_structural-evidence-code-v2-..., ok_meaning=transport_only_not_authorization, ok_authoritative_for_trust_positive_use=false, api_envelope_ok_authoritative_for_trust_positive_use=false, api_envelope_authorization_class=NOT_AUTH::not_authorization_class_evidence_for_structural-evidence-code-v2-..., authorization_status_hard=NOT_AUTH::not_authorization_status_evidence_for_structural-evidence-code-v2-..., non_authorization_core_status=NOT_AUTH::not_authorization_status_evidence_for_structural-evidence-code-v2-..., trust_positive_authorization=false, accepted_as_authorization=false, and unsafe_if_ok_used_for_authorization=NOT_AUTH::not_authorization_boolean_evidence_for_structural-evidence-code-v2-.... Endpoint semantic names include evaluation_payload_delivered_not_authorization, validation_payload_delivered_not_authorization, safe_citation_verification_delivered_not_authorization, archival_projection_verification_delivered_not_authorization, and historical_attestation_verification_delivered_not_authorization, but served endpoint status values are opaque structural-evidence-code evidence tokens. The archival projection verifier semantic class remains archival_projection_recognized, also served only through non-authorization class evidence. Clients must not synthesize or restore an ok permission shortcut; certified trust-positive use still requires a fresh trust-continuation token.
• Public-surface synchronization is now a hard review contract. DBaD ethics logic/API/code changes must account for /updates, /current-state, /api/docs/ethics, /dbad-ethics-817, running log, recovery file, task queue, and current prompt/synthesis updates. The standard public contract runner includes audit_dbad_public_surface_update_contract.py so these surfaces are checked before another peer-review prompt is considered ready.
• Relied-on trace state is bound into reliance_snapshot_hash; certified tokens must fail if a structured reliance dependency changes after issuance.
• Public client snippets now show the compliant path: fetch current validation, call /api/v1/dbad/trust-continuation/check, verify the short-lived token, and reject copied JSON as authorization.
• Successful token verification exposes valid_from_utc and valid_until_utc and may produce a signed historical_verification_attestation, but that artifact is labeled NOT AUTHORIZATION - HISTORICAL EVIDENCE ONLY, carries attestation_class=historical_non_authoritative and authorization_status=NOT_AUTH::not_authorization_status_evidence_for_structural-evidence-code-v2-..., remains audit evidence only, and is rejected as trust-positive authorization.
• Persistent DB-backed token revocation/introspection and signed first-use resource-continuity attestations are deferred decision gates, not hidden guarantees.
• DecencyMeter remains advisory and must not be described as DBaD approval.
• Public entry pages now point back to this current-state baseline and update log, and should not contradict the API/docs contract for point-in-time evidence, safe citation, archival projection, or advisory scoring boundaries.