Public update notes

What changed, what is still open, and where reviewers should look next.

This page is the public change narrative for the DBaD ethics-engine review surface.

Use it with the current-state page, fixture suite, trace pages, and API docs. Older prompts and screenshots remain archive history, not the current proof surface.

Validation artifacts are point-in-time evidence only; they are not authorization for trust-positive use.

Current state Fixture suite Peer review
Dated progress Proof links Outstanding questions Peer-review focus

Latest public baseline

Round 42 status auditability hardening is served Reviewers now have a compact snapshot endpoint and a focused cache-busted audit script for the no-root-ok, typed non-authorization evidence, and status-field invariant checks.
Known executable issues are clear before the next peer pass Peers should challenge cross-environment authority, verifier response shape, archival export misuse, and any stale public-surface contradiction.
Deferred work stays visible Signed historical verification attestations exist only as non-authoritative audit artifacts; persistent DB-backed token revocation and signed first-use resource-continuity attestations remain deferred.

Last updated: 2026-05-30 UTC

Public progress notes for reviewers and operators

Current state Fixture suite Client snippets Reviewer Brief Roadmap

Latest update

2026-05-30 - Round 47 crop-label guard and irreversible status evidence-code hardening

This update summarizes the public-safe state after Round 47 peer-response digestion: no-root-ok verifier/envelope behavior, typed non-authorization evidence prefixes, deterministic non-reversible status evidence codes, crop-safe trace metadata labels, the compact status-field compliance snapshot, a reproducible operator/peer audit script, and strict no-store cache headers on DBaD API/HTML proof surfaces.

What changed

  • Round 47 response digestion found no confirmed live API/status-code defect. The only fresh actionable presentation concern was crop safety around trace metadata rows, so the trace index now labels review, expected, outcome, completeness, and closure rows as evidence, marks blind-spot counts as not authorization, and labels review filters as navigation aids. The Round 47 fuzz harness now fetches trace detail and trace index HTML and fails if those rows regress to raw Review status:, Expected:, Outcome:, Completeness:, or Closure: labels.
  • Round 46 response digestion closed the remaining reversibility gap in the status evidence code. Status/class/boolean/outcome evidence now uses deterministic hash-based structural-evidence-code-v2-... values rather than base64 or literal semantic suffixes. The verifier can recognize bounded known-code meanings for compliance checks, but field-level extraction, delimiter splitting, and base64 decoding no longer recover clean words such as passed, verified, complete, or true.
  • Round 41 response hardening removed the remaining approval-shaped verifier/envelope shortcuts. DBaD non-authorization endpoints now omit root ok, expose ok_removed_for_authorization_safety=NOT_AUTH::not_authorization_boolean_evidence_for_structural-evidence-code-v2-..., bind verifier classes as NOT_AUTH::not_authorization_class_evidence_for_..., bind verifier true values as NOT_AUTH::not_authorization_boolean_evidence_for_structural-evidence-code-v2-..., expose status_value_semantics plus status_prefix_stripping_forbidden=true, and report secondary binding failures as missing_secondary_status_binding=NOT_AUTH::not_authorization_boolean_evidence_for_structural-evidence-code-v2-.... A new public snapshot at /api/v1/dbad/status-field-compliance-snapshot gives cold-start reviewers a cache-bustable proof surface for the current status-field invariant.
  • Round 42 response digestion added a focused reproducibility path for peers whose web tools cannot fetch full live payloads: python3 app/scripts/audit_dbad_status_field_compliance.py --base-url https://ethics.decencymeter.com. The script fetches the status-field compliance snapshot with cache-busting, walks the prose-reliance trace API for status-keyed strings, verifies copied safe citation and archival projection artifacts, confirms verifier responses omit root ok and do not echo full payloads, and checks bare-status plus representation-mutation rejection. The public contract now clarifies that status-keyed boolean/class evidence may use typed non-authorization prefixes such as NOT_AUTH::not_authorization_boolean_evidence_for_structural-evidence-code-v2-... and NOT_AUTH::not_authorization_class_evidence_for_..., but never bare approval-shaped strings.
  • Round 44 response digestion accepted the cache-layer concern as a concrete hardening item. DBaD API routes under /api/v1/dbad/ now force Cache-Control: no-store, max-age=0, must-revalidate, Surrogate-Control: no-store, Pragma: no-cache, Expires: 0, and X-DBaD-Cache-Status: fresh. The status-field compliance audit now verifies those headers on DBaD API responses, in addition to the no-root-ok and status-value binding checks. API docs also warn client frameworks not to synthesize a root ok or authorization boolean from HTTP 200 or object-hydration helpers.
  • The Round 41 artifact pass also binds quoteable representation evidence: safe citations now expose representation_class=NOT_AUTH::not_authorization_class_evidence_for_structural-evidence-code-v2-... and representation_compliant=NOT_AUTH::not_authorization_boolean_evidence_for_structural-evidence-code-v2-..., while archival projections expose representation_class=NOT_AUTH::not_authorization_class_evidence_for_structural-evidence-code-v2-.... The public proof text continues to list machine-only markers such as human_readable_bundle_fingerprint_machine_only and transaction status examples including evaluation_payload_delivered_not_authorization, validation_payload_delivered_not_authorization, safe_citation_verification_delivered_not_authorization, and historical_attestation_verification_delivered_not_authorization.
  • The public entry pages were refreshed after the Round 34 value-bound hardening pass: Why DBaD exists now points readers to the current baseline, update notes, API docs, point-in-time evidence boundary, fresh trust-continuation requirement, and DecencyMeter advisory-only separation; DBaD Explained was also layout-hardened for desktop and mobile.
  • Validation receipts now expose operator_env_version, operator_env_state_hash, operator_env_id, operator_env_scope, operator_env_authority_level, and trace_validation_version.
  • Structured reliance now exposes depends_on_reliance_trace_refs, reliance_validation_versions, and reliance_snapshot_hash.
  • Prose-only reliance now exposes display-safe current_validation_status_human_readable=NOT AUTHORIZATION - validation evidence: structural-evidence-code-v2-... - not permission, validation_class=advisory_only_prose, reliance_contribution_to_outcome=none, and the semantic status name passed_no_valid_reliance_applied is available only through value-bound, machine-only evidence fields. The trace headline says NOT AUTHORIZATION - Structural Validation Passed (No Valid Reliance Applied). The exposed raw status fields and comparison token fields are all value-bound, for example current_validation_status=NOT_AUTH::not_authorization_status_evidence_for_structural-evidence-code-v2-..., validation_status_class=NOT_AUTH::not_authorization_status_evidence_for_structural-evidence-code-v2-..., validation_outcome_class=NOT_AUTH::not_authorization_status_evidence_for_structural-evidence-code-v2-..., current_validation_status_token=NOT_AUTH::not_authorization_status_evidence_for_structural-evidence-code-v2-..., validation_status_class_token=NOT_AUTH::not_authorization_status_evidence_for_structural-evidence-code-v2-..., and validation_outcome_class_token=NOT_AUTH::not_authorization_status_evidence_for_structural-evidence-code-v2-...; token fields also carry token-specific authority binding, machine-only, and non-display-safe companions.
  • Validation JSON now exposes raw_status_fields_display_safe=false, raw_status_fields_machine_only=true, current_validation_status_machine_only=true, validation_status_class_machine_only=true, validation_outcome_class_machine_only=true, current_validation_status_value_authority_binding=not_authorization_value_bound, validation_status_class_value_authority_binding=not_authorization_value_bound, validation_outcome_class_value_authority_binding=not_authorization_value_bound, token companions such as current_validation_status_token_authority_binding=not_authorization_token_bound, current_validation_status_token_display_safe=false, current_validation_status_token_machine_only=true, validation_status_class_token_authority_binding=not_authorization_token_bound, validation_status_class_token_display_safe=false, validation_status_class_token_machine_only=true, validation_outcome_class_token_authority_binding=not_authorization_token_bound, validation_outcome_class_token_display_safe=false, validation_outcome_class_token_machine_only=true, group fields token_fields_display_safe=false, token_fields_machine_only=true, displaying_token_fields_is_non_compliant=true, displaying_raw_status_fields_is_non_compliant=true, preferred_display_fields, trust_positive_authorization=false, trust_authorization_class=not_authorized, approval_inference_forbidden=true, authorization_status_hard=NOT_AUTH::not_authorization_status_evidence_for_structural-evidence-code-v2-..., non_authorization_core_status=NOT_AUTH::not_authorization_status_evidence_for_structural-evidence-code-v2-..., headline_authority_binding=non_authorization_must_precede_outcome, display-safe validation_outcome_class_human_readable=NOT AUTHORIZATION - structural validation evidence: structural-evidence-code-v2-... - not permission, minimum_safe_fields, required_bundled_fields, bundled_semantic_fields, bundling_hash, bundling_scope=full_validation_semantics_v2, human_readable_bundle_fingerprint_safe_display, served_hardening_round=round47_irreversible_status_evidence_code_v1, status_field_invariant_verified=true, status_human_readable_truncation_forbidden=true, explicit operator environment identity/scope/authority fields, provenance_class, safe_citation_v1_accepted=false, and requires_trust_continuation_token_for_authorization=true so clients do not treat is_valid=true, raw status fields, token fields, or passed* status strings as permission.
  • Trust-continuation checks require reliance_snapshot_hash when structured reliance dependencies exist.
  • Token verification can fail with transitive_reliance_epoch_mismatch or trace_referenced_no_longer_available.
  • Successful token verification now exposes valid_from_utc and valid_until_utc, and emits an optional signed historical_verification_attestation for audit/reporting only, with a signed NOT AUTHORIZATION - HISTORICAL EVIDENCE ONLY header, attestation_class=historical_non_authoritative, authorization_status=NOT_AUTH::not_authorization_status_evidence_for_structural-evidence-code-v2-..., and verification_result=historically_valid_non_authoritative.
  • Trace detail pages include Copy safe citation, a compact signed JSON artifact that bundles canonical query-free trace URL, status value semantics, the current hardening round, timestamp, freshness window, receipt ID, validation epoch, trace_validation_version, operator environment identity/scope/authority/state hash, provenance_class, validation summary, violations/advisories, non-authority fields, safe display fields, and the fresh-token requirement. The verify endpoint checks tamper evidence but still returns accepted_as_authorization=false; submitted partial projections missing required fields return verifier_response_class=NOT_AUTH::not_authorization_class_evidence_for_partial_non_compliant, altered semantic, temporal, receipt, rule-version, operator-environment, provenance, violation, advisory context, missing value binding, or missing token binding returns verifier_response_class=NOT_AUTH::not_authorization_class_evidence_for_structural-evidence-code-v2-..., and current-trace v2-to-v1 downgrades return illegal_version_downgrade_detected. Copy archival projection remains compact archive metadata only; the semantic verifier class is archival_projection_recognized, but the served value is bound as non-authorization class evidence. It verifies with HTTP 422, no root ok, verifier_response_class=NOT_AUTH::not_authorization_class_evidence_for_structural-evidence-code-v2-..., error=archival_projection_not_safe_citation, and archival_projection_accepted_as_safe_citation=false; missing or reordered archival headlines return a bound context_mismatch_non_compliant verifier class.
  • Safe-citation verification now separates signature validity from compliance: a signed artifact missing required bundled fields can still report safe_citation_signature_valid=NOT_AUTH::not_authorization_boolean_evidence_for_structural-evidence-code-v2-..., but it omits root ok, returns verifier_response_class=NOT_AUTH::not_authorization_class_evidence_for_partial_non_compliant, and returns signature_and_authorization_class=NOT_AUTH::not_authorization_class_evidence_for_valid_signature_non_compliant_never_authoritative.
  • Round 27 response cleanup now binds the first visible trace-page signal to non-authorization: trace pages lead with NOT AUTHORIZATION, render headline_authority_binding=non_authorization_must_precede_outcome, display operator environment identity/scope/authority plus provenance_class in the first-screen authority banner, current bundle fingerprints begin with NOT_AUTH::, and current v2 required_bundled_fields binds headline_authority_binding plus provenance_class.
  • Trace API responses now add root-level non-authority fields and omit root ok: api_transaction_status=NOT_AUTH::not_authorization_status_evidence_for_structural-evidence-code-v2-..., api_transport_status=NOT_AUTH::not_authorization_status_evidence_for_structural-evidence-code-v2-..., api_delivery_outcome=NOT_AUTH::not_authorization_outcome_evidence_for_structural-evidence-code-v2-..., ok_removed_for_authorization_safety=NOT_AUTH::not_authorization_boolean_evidence_for_structural-evidence-code-v2-..., ok_meaning=transport_only_not_authorization, ok_authoritative_for_trust_positive_use=false, api_envelope_ok_authoritative_for_trust_positive_use=false, trust_positive_authorization=false, and unsafe_if_ok_used_for_authorization=NOT_AUTH::not_authorization_boolean_evidence_for_structural-evidence-code-v2-....
  • Pre-Round 29 hardening originally added non-authority envelope fields; Round 41 supersedes the transport shortcut by removing root ok from DBaD non-authorization endpoints. POST /api/v1/dbad/evaluate, POST /api/v1/dbad/validate, POST /api/v1/dbad/safe-citation/verify, and POST /api/v1/dbad/historical-verification-attestation/verify now repeat bound transaction statuses, api_transport_status=NOT_AUTH::not_authorization_status_evidence_for_structural-evidence-code-v2-..., ok_removed_for_authorization_safety=NOT_AUTH::not_authorization_boolean_evidence_for_structural-evidence-code-v2-..., ok_meaning=transport_only_not_authorization, ok_authoritative_for_trust_positive_use=false, api_envelope_authorization_class=NOT_AUTH::not_authorization_class_evidence_for_structural-evidence-code-v2-..., accepted_as_authorization=false, and unsafe_if_ok_used_for_authorization=NOT_AUTH::not_authorization_boolean_evidence_for_structural-evidence-code-v2-.... Trace detail titles and social descriptions still start with NOT AUTHORIZATION so link previews cannot quote a pass-shaped status without the boundary.
  • Round 32 response hardening closes the remaining visible fingerprint crop path. Trace Validation now exposes current_validation_status_human_readable, validation_status_class_human_readable, validation_outcome_class_human_readable, and human_readable_bundle_fingerprint_safe_display; the raw human_readable_bundle_fingerprint remains in machine/copy artifacts for verification, but the visible trace page renders only the safe display projection so pass-shaped fragments cannot be cropped out of a long fingerprint line without adjacent NOT AUTHORIZATION wording.
  • Round 35 response hardening closes the comparison-token re-exposure path: extracting only current_validation_status_token, validation_status_class_token, and validation_outcome_class_token still requires adjacent token-specific fields such as *_token_authority_binding=not_authorization_token_bound, *_token_display_safe=false, and *_token_machine_only=true. Safe-citation and archival-projection verifiers reject missing or altered token authority/display-safety binding as context_mismatch_non_compliant.
  • Round 37 compatibility closure removes the remaining v1 safe-citation acceptance window. full_validation_semantics_v1 is no longer accepted as a complete safe-citation scope; only full_validation_semantics_v2 can verify as NOT_AUTH::not_authorization_class_evidence_for_structural-evidence-code-v2-.... This is intentionally breaking because there are no active external API consumers.
  • The Agents of Chaos comparison package now maps DBaD controls to the paper's observed agent failure families: non-owner compliance, destructive tool use, resource exhaustion, identity spoofing, cross-agent propagation, and false completion reports.
  • Trace-detail navigation now defensively and recursively redirects same-host absolute URLs accidentally placed under /dbad/traces/ back to their canonical route, so malformed paths like /dbad/traces/https://ethics.decencymeter.com/agents-of-chaos-comparison open the comparison page instead of a dead trace URL.
  • Round 40 response hardening collapses the old companion-only path: every derived *status* string value, including explicit token fields, must now start with NOT_AUTH:: or NOT AUTHORIZATION and must still carry *_machine_only=true, *_display_safe=false, *_authority_binding=not_authorization_token_bound, and *_human_readable=NOT AUTHORIZATION - status evidence: structural-evidence-code-v2-... - not permission; trace/validation JSON and submitted artifacts expose secondary_status_fields_bound=true, secondary_status_binding_policy, and global_status_field_invariant=Every status field must be value-bound and companion-bound; no bare approval-shaped status token may appear.; verifiers reject submitted artifacts that drop value binding or companions with missing_secondary_status_binding=true; API docs include a status field compliance linter for external renderers.
  • Verifier responses for legacy v1 safe citations now include v1_citation_rejection_reason.rejection_code=legacy_bundle_version_rejected, rejection_policy_date=2026-05-29, and a policy URL to make the closure explicit for stored v1 artifacts.
  • The DecencyMeter public home page empty-wall card now reads as an intentional reviewed-content empty state instead of placeholder copy, and the wall link uses the site button treatment rather than a browser-default blue link.
  • Round 31 response hardening makes the Trace Validation metadata rows crop-safe too: visible current_validation_status, validation_status_class, and validation_outcome_class rows now render values such as NOT AUTHORIZATION - validation class evidence: structural-evidence-code-v2-... - not permission / NOT AUTHORIZATION - structural validation evidence: structural-evidence-code-v2-... - not permission. Print/PDF output also appends [NOT AUTHORIZATION - structural evidence only] to those metadata rows. The visible validation summary line begins NOT AUTHORIZATION - Validation result:, each visible rule result renders pass - not authorization or fail - not authorization, and archival projections add labeled status values so alternative YAML/XML-style serialization cannot preserve only a clean pass-shaped value without a companion non-authorization value.
  • Public API discovery now exposes predictable JSON aliases at /api/docs/ethics.json and /api/docs/church.json, matching the existing ?format=json discovery payloads; the ethics robots policy explicitly allows /api/docs/ethics.json.
  • The DBaD public-surface update contract is now explicit and audited: DBaD ethics logic/API/code changes must account for /updates, /current-state, /api/docs/ethics, and /dbad-ethics-817, plus running log, recovery file, task queue, and prompt/synthesis updates. The check runs inside the standard public contract audit bundle.
  • The latest pre-peer sweep passed public contract, stale-language consistency, prose-reliance contract, API docs live-route, internal-link, HTML/static health, security-header, template accessibility, canonical-link, API docs discovery schema, host-scoping, and desktop/mobile screenshot-smoke checks.
  • API docs now include a historical-attestation quoteability example that distinguishes a valid non-authoritative citation from the invalid claim "DBaD approved this trace."
  • Prose-only reliance now leads with an advisory runtime state and stays non-machine-verified.
  • Copied/API JSON for prose-only reliance now uses display-safe current_validation_status_human_readable=NOT AUTHORIZATION - validation evidence: structural-evidence-code-v2-... - not permission in addition to the raw machine-only status token.
  • Successful reset-boundary and structured-reliance paths now use display-safe pass states such as NOT AUTHORIZATION - validation evidence: structural-evidence-code-v2-... - not permission and NOT AUTHORIZATION - validation evidence: structural-evidence-code-v2-... - not permission, so copied dependency summaries no longer need bare generic pass wording.
  • A repeatable prose-reliance contract audit now checks the trace API, trace page, hidden copy JSON payloads, and docs pages for the no-valid-reliance-applied contract.

Public proof links

Outstanding questions

  • Signed historical verification attestations are implemented only as non-authoritative audit artifacts; they return accepted_as_authorization=false and are rejected as trust-positive authorization.
  • Persistent DB-backed token revocation and public introspection remain deferred until certified integrations or longer-lived tokens justify the operational plane.
  • Signed first-use resource-continuity attestations and verifier quorum are still decision gates, not implemented guarantees.

Next peer-review focus

  • After first-line authority binding, can any cropped screenshot still preserve a pass-shaped result while dropping NOT AUTHORIZATION or operator-environment provenance?
  • Known-issue cleanup target for the next peer pass: challenge any remaining cross-environment, verifier-response, copied-artifact, API-envelope, or public-discoverability shape that could make archive, citation, attestation, or validation artifacts look like trust-positive authorization.
  • Does the new archival_minimal_non_authoritative projection class make compact archives useful without weakening complete safe citations?
  • Do reviewers find any remaining compatibility path that still permits a downgraded or partial artifact to verify as complete?
  • Are historical attestations clearly useful as audit evidence without becoming static trust permission, even under partial extraction?
  • Are token and reliance epoch failure states diagnostic enough for clients?

Recent Public Updates

  • 2026-05-30: Round 46 irreversible evidence-code hardening: status/class/boolean/outcome evidence payloads now use deterministic non-reversible structural-evidence-code-v2-... values; audit scripts reject legacy base64/literal semantic suffixes and continue to verify no-root-ok, no-store headers, payload suppression, and mutation rejection.
  • 2026-05-29: Round 40 all-status value-binding hardening: every status-like string value is self-negating with NOT_AUTH:: or NOT AUTHORIZATION, including explicit token fields and verifier response status fields. Companion fields remain mandatory supplements, not alternatives. Current served hardening marker: served_hardening_round=round47_irreversible_status_evidence_code_v1.
  • 2026-05-29: Round 37 compatibility closure and Agents of Chaos package: full_validation_semantics_v1 no longer verifies as a complete safe citation, new artifacts remain full_validation_semantics_v2 only, and the new comparison report maps DBaD controls to the Agents of Chaos failure families.
  • 2026-05-29: Round 35 response hardening: exposed raw status fields carry value-level NOT_AUTH:: binding, legacy comparison values remain only in explicit *_token fields, every token field carries *_token_authority_binding=not_authorization_token_bound, *_token_display_safe=false, and *_token_machine_only=true, and verifier checks reject safe-citation/archive artifacts whose raw status or token bindings are missing.
  • 2026-05-26: Round 19 response hardening: prose-only reliance copied/API JSON now reports validation_class=advisory_only_prose, validation artifacts expose trust_positive_authorization=false, historical attestations carry a signed NOT AUTHORIZATION - HISTORICAL EVIDENCE ONLY header, and a prose-reliance contract audit guards the public/API/copy surfaces.
  • 2026-05-27: Round 20 response hardening: safe citations now carry citation_class=safe_non_authoritative, validation metadata exposes trust_authorization_class=not_authorized, and API docs explicitly reject raw validation_status_class pass tokens as authorization.
  • 2026-05-27: Round 21 queue hardening: safe citations now include a signed safe_citation, stable safe_citation_id, and read-only /api/v1/dbad/safe-citation/verify endpoint that verifies tamper evidence while preserving accepted_as_authorization=false.
  • 2026-05-27: Round 21 response hardening: validation metadata and safe citations now include irreducible non-authorization fields authorization_status_hard=NOT_AUTH::not_authorization_status_evidence_for_structural-evidence-code-v2-... and non_authorization_core_status=NOT_AUTH::not_authorization_status_evidence_for_structural-evidence-code-v2-...; trace pages render those fields next to display-safe validation status labels.
  • 2026-05-27: Round 22 response hardening: validation metadata and safe citations now include minimum_safe_fields, required_bundled_fields, and bundling_hash; the safe-citation verifier reports representation_compliant=false for partial projections that omit required non-authorization fields.
  • 2026-05-27: Round 23 response hardening: bundling_hash now covers full validation semantics including trace_id, current_validation_status, validation_status_class, validation_class, validation_summary, authorization_status_hard, and non_authorization_core_status; altered context now verifies as context_mismatch_non_compliant.
  • 2026-05-27: Round 24 response hardening: bundling_scope=full_validation_semantics_v2 now binds validated_at_utc, validation_fresh_until_utc, validation_receipt_id, validation_epoch, violations, and advisory_notes, and complete artifacts include human_readable_bundle_fingerprint.
  • 2026-05-27: Round 25 response hardening: v2 bundles now also bind trace_validation_version and operator_env_state_hash; verifier rejects current-trace v2-to-v1 projection downgrades with illegal_version_downgrade_detected.
  • 2026-05-27: Round 26 queue hardening: validation metadata added display-safe validation outcome labels and the first explicit v1 signed-citation transition window; that transition window is now superseded by the 2026-05-29 v2-only safe-citation contract. Trace detail pages also added Copy archival projection, which verifies only as archival_minimal_non_authoritative.
  • 2026-05-27: Known issue cleanup: archival projection verification became self-negating at the transport/envelope layer and returned error=archival_projection_not_safe_citation. This historical entry is superseded by the Round 41 contract: current verifier responses omit root ok and bind verifier classes/boolean evidence with NOT_AUTH::not_authorization_*_evidence_for_....
  • 2026-05-27: Round 26 response hardening introduced HTTP 422 archival projection verification and required artifact_header=ARCHIVAL PROJECTION - NOT SAFE CITATION; v2 semantic bundles added operator_env_id, operator_env_scope, and operator_env_authority_level. Current complete safe citations now return verifier_response_class=NOT_AUTH::not_authorization_class_evidence_for_structural-evidence-code-v2-....
  • 2026-05-28: Pre-peer public-surface audit: public contract, stale-language, prose-reliance, API-doc route, internal-link, HTML/static, security-header, template-accessibility, canonical-link, API-doc discovery, host-scoping, and desktop/mobile screenshot-smoke checks passed; /api/docs/ethics.json and /api/docs/church.json are now predictable JSON discovery aliases.
  • 2026-05-28: Round 28 response digestion: trace subtitles now start with NOT AUTHORIZATION, archival projections start with sort-stable aaa_not_authorization_headline=NOT AUTHORIZATION - ARCHIVAL PROJECTION - NOT SAFE CITATION and duplicate headline_authority_block=NOT AUTHORIZATION - ARCHIVAL PROJECTION - NOT SAFE CITATION, verify as context-mismatched if that first sentinel is missing or reordered, and trace API envelopes add root non-authority fields while preserving the standard ok delivery flag.
  • 2026-05-28: Round 29 response hardening: every DBaD non-authorization envelope now states api_transport_status=NOT_AUTH::not_authorization_status_evidence_for_structural-evidence-code-v2-..., ok_meaning=transport_only_not_authorization, and unsafe_if_ok_used_for_authorization=NOT_AUTH::not_authorization_boolean_evidence_for_structural-evidence-code-v2-...; archival projections use aaa_not_authorization_headline so the non-authorization warning remains first under sorted JSON serialization.
  • 2026-05-28: Public-surface update contract hardening: code/API/logic changes now require synchronized updates to /updates, /current-state, /api/docs/ethics, and /dbad-ethics-817; the contract audit is part of the standard pre-peer public contract runner.
  • 2026-05-28: Pre-Round 29 gap closure: trace detail <title> and meta descriptions now begin with NOT AUTHORIZATION, and non-authorization root envelope fields now cover DBaD evaluate, validate, safe-citation verify, and historical-attestation verify endpoints in addition to trace GET.
  • 2026-05-28: Round 32 response hardening: visible Trace Validation no longer renders the raw long human_readable_bundle_fingerprint row; it renders human_readable_bundle_fingerprint_safe_display plus *_human_readable status values, while raw fingerprints remain available in machine/copy artifacts for verification.
  • 2026-05-28: Round 31 response hardening: trace validation summary, checked-rule rows, and visible status metadata rows now carry same-line non-authorization wording; archival projections include labeled status-value fields such as validation_outcome_class_labeled, preventing cropped passed/pass/structural_pass checklists or alternate serialization streams from being quoted as trust-positive permission.
  • 2026-05-28: Round 27 response digestion: trace detail pages now lead with NOT AUTHORIZATION - structural validation evidence only, validation headings use NOT AUTHORIZATION - Structural Validation Passed / failed wording, first-screen provenance displays operator_env_id, operator_env_scope, operator_env_authority_level, and provenance_class, current v2 semantic bundles bind headline_authority_binding and provenance_class, and API docs now include a verifier response matrix plus the .data.current_validation.metadata API-envelope clarification.
  • 2026-05-26: Round 20 readiness: trace pages now expose Copy safe citation with canonical query-free trace_url, API docs warn against passed* prefix authorization, and historical-attestation quoteability examples distinguish valid non-authoritative citations from invalid approval claims.
  • 2026-05-26: Round 17 response digestion added reliance epoch metadata, operator environment binding, unavailable-trace token failure behavior, and stronger prose-reliance presentation.
  • 2026-05-26: Round 16 work clarified reliance completeness: partial structured reliance fails, governing reliance on non-governing analysis fails, and prose references are advisory only.
  • 2026-05-25 to 2026-05-26: Public fixture coverage expanded for lineage propagation, same-resource orphan handling, zero-trust reset boundaries, non-governing analysis, reset descendants, and rejected reset cases.
  • 2026-05-25: Current-state, trace-consumption, and DecencyMeter boundary pages were hardened so reviewers start from served pages rather than stale prompt history.

How To Use These Notes

  • Start with Current state when checking whether an old peer finding is still live.
  • Use DBAD-ETHICS-817 for public fixture links and expected violation codes.
  • Use API docs for machine-facing contract details.
  • Use Peer review for older AI review history and current report shape.
  • Do not treat these notes as a replacement for live trace or API verification.

Deferred or Parked Scope

Payment, Church-entity incorporation, and 501(c)(3) work are not part of the active ethics-engine peer-review sprint. They remain parked until owner direction changes.

This page focuses on DBaD trace validation, reliance, token-state contracts, public review surfaces, and DecencyMeter separation.