[{"data":1,"prerenderedAt":532},["ShallowReactive",2],{"docs:\u002Fdocs\u002Fconcepts\u002Foverview":3},{"id":4,"title":5,"body":6,"description":523,"extension":524,"meta":525,"navigation":526,"path":528,"seo":529,"stem":530,"__hash__":531},"docs\u002Fdocs\u002Fconcepts\u002Foverview.md","Concepts overview",{"type":7,"value":8,"toc":513},"minimark",[9,18,23,30,33,75,82,89,93,104,107,143,146,177,200,204,211,221,228,239,245,249,256,259,281,296,308,312,319,322,350,368,372,375,392,398,402],[10,11,12,13,17],"p",{},"Iqrar is the combination of five cryptographic primitives, designed so that ",[14,15,16],"strong",{},"integrity of committed facts is verifiable end-to-end without trusting Iqrar's infrastructure",". Each primitive corresponds to an independent patent claim chain.",[19,20,22],"h2",{"id":21},"_1-foundation-registry","1. Foundation registry",[10,24,25,26,29],{},"A registry is a signed artifact listing every authority — regulators, the foundation itself — and their public keys. The registry is signed by a threshold of ",[14,27,28],{},"foundation root keys"," (initial v1: 1-of-1; pre-Provisional B: 3-of-5).",[10,31,32],{},"Authorities each have:",[34,35,36,56,68],"ul",{},[37,38,39,42,43,47,48,51,52,55],"li",{},[14,40,41],{},"Scope"," — the jurisdictions they are entitled to author rules for (DFSA: ",[44,45,46],"code",{},"AE",", ",[44,49,50],{},"AE-DIFC","; ESMA: ",[44,53,54],{},"EU",").",[37,57,58,61,62,47,65,55],{},[14,59,60],{},"Capabilities"," — what they may issue (",[44,63,64],{},"rule_bundle",[44,66,67],{},"directive",[37,69,70,71,74],{},"A ",[14,72,73],{},"public key"," the SDK pins on first boot.",[10,76,77,78,81],{},"Once the SDK has pinned a registry, ",[14,79,80],{},"unsigned rules are refused",". Verification is sticky.",[10,83,84,85,88],{},"The registry replaces the trust model where a single vendor can change rules unilaterally with a multi-party governance pattern where rule-authoring authority is structurally separate from infrastructure operation. This is patent claim ",[14,86,87],{},"§8.1"," in combination with §5.2.",[19,90,92],{"id":91},"_2-signed-rule-bundles-runtime-directives","2. Signed rule bundles + runtime directives",[10,94,95,96,99,100,103],{},"Every rule update an agent receives is a ",[14,97,98],{},"signed bundle"," containing a ruleset (regulatory obligations, tier classifiers, principles) plus an optional list of ",[14,101,102],{},"directives"," — runtime instructions the regulator can issue without redeploying agents.",[10,105,106],{},"Directive types:",[34,108,109,127,135],{},[37,110,111,116,117,120,121,120,124,55],{},[14,112,113],{},[44,114,115],{},"verbosity"," — elevate audit detail (",[44,118,119],{},"off"," \u002F ",[44,122,123],{},"normal",[44,125,126],{},"debug",[37,128,129,134],{},[14,130,131],{},[44,132,133],{},"sample_rate"," — change what fraction of events are persisted in full.",[37,136,137,142],{},[14,138,139],{},[44,140,141],{},"operational_pause"," — suspend a named capability for the directive's window.",[10,144,145],{},"Each directive carries:",[34,147,148,155,161,171],{},[37,149,150,151,154],{},"An ",[14,152,153],{},"issuer kid"," matching an authority in the pinned registry.",[37,156,70,157,160],{},[14,158,159],{},"target"," (jurisdiction, agent ID, or capability set).",[37,162,70,163,166,167,170],{},[14,164,165],{},"time window"," (",[44,168,169],{},"{start, end?}"," in milliseconds).",[37,172,150,173,176],{},[14,174,175],{},"action"," (one of the types above).",[10,178,179,180,183,184,120,187,120,190,120,193,196,197,199],{},"The SDK independently verifies every directive against the registry, refuses any whose ",[14,181,182],{},"scope does not encompass the agent's jurisdiction",", and emits ",[44,185,186],{},"directive.received",[44,188,189],{},"directive.applied",[44,191,192],{},"directive.skipped",[44,194,195],{},"directive.rejected"," events into the audit chain so the SDK-side enforcement decision is itself recorded. Patent ",[14,198,87],{}," full.",[19,201,203],{"id":202},"_3-per-event-hash-chain-merkle-tree-sigstore-rekor","3. Per-event hash chain → Merkle tree → Sigstore Rekor",[10,205,206,207,210],{},"Every telemetry event the worker accepts is appended to its agent's ",[14,208,209],{},"per-agent tamper-evident hash chain",":",[212,213,218],"pre",{"className":214,"code":216,"language":217},[215],"language-text","entry_hash[n] = sha256( entry_hash[n-1] || event_hash[n] || seq[n] )\n","text",[44,219,216],{"__ignoreMap":220},"",[10,222,223,224,227],{},"The chain is append-only by construction. Any tampering with a historical event invalidates every chain entry after it. Patent ",[14,225,226],{},"§8.3(a)",".",[10,229,230,231,234,235,238],{},"A cron task running every minute reads each agent's chain since their last commitment, computes an RFC 6962-style ",[14,232,233],{},"Merkle root"," over the entries, signs the root with a foundation key, and ",[14,236,237],{},"submits the signed STH (Signed Tree Head) to Sigstore Rekor"," — a public transparency log used by the open-source supply-chain world.",[10,240,241,242,227],{},"The Rekor entry URL is then returned in any inclusion-proof response, so a regulator can verify integrity against a log Iqrar does not control. Patent ",[14,243,244],{},"§8.3(b)",[19,246,248],{"id":247},"_4-source-boundary-channel-encryption","4. Source-boundary channel encryption",[10,250,251,252,255],{},"Telemetry events are not encrypted only in transit — they are ",[14,253,254],{},"encrypted at the SDK boundary, per recipient",", before they enter Iqrar's routing infrastructure.",[10,257,258],{},"For each event the SDK:",[260,261,262,265,268,271],"ol",{},[37,263,264],{},"Generates an ephemeral ECDH-P-256 keypair (forward secrecy per event).",[37,266,267],{},"Derives a per-recipient symmetric key via HKDF-SHA256.",[37,269,270],{},"Encrypts the payload with AES-256-GCM, once per recipient.",[37,272,273,274,277,278,227],{},"Posts the resulting ",[44,275,276],{},"EncryptedEvent"," envelope to ",[44,279,280],{},"\u002Ftelemetry\u002Fchanneled",[10,282,283,284,287,288,291,292,295],{},"The worker stores ciphertext segments by ",[44,285,286],{},"recipient_kid"," and is ",[14,289,290],{},"structurally unable to decrypt"," — it has no recipient private keys. Operators retrieve their segments at ",[44,293,294],{},"\u002Frecipients\u002F\u003Ckid>\u002Fevents",", regulators retrieve theirs at the same endpoint with their own kid.",[10,297,298,299,304,305,199],{},"Crucially, the SDK emits a ",[14,300,301],{},[44,302,303],{},"channel.classified"," audit event for every channeled emission, recording which recipients each segment was addressed to. A downstream filtering attack — where the worker silently drops some recipients' segments — becomes detectable, because the regulator can compare what they received against what the SDK committed. Patent ",[14,306,307],{},"§8.2",[19,309,311],{"id":310},"_5-predicate-scoped-audit-challenges","5. Predicate-scoped audit challenges",[10,313,314,315,318],{},"A regulator can issue a ",[14,316,317],{},"signed challenge"," containing a predicate over the agent population (jurisdiction, capability set, time window, action type) and a deterministic sampling rule.",[10,320,321],{},"The worker:",[260,323,324,327,330,333,340,343],{},[37,325,326],{},"Verifies the challenge signature against the pinned registry.",[37,328,329],{},"Scope-checks the predicate against the issuer's recorded jurisdiction.",[37,331,332],{},"Resolves matching agents, loads their audit-chain entries within the window.",[37,334,335,336,339],{},"Applies a ",[14,337,338],{},"deterministic SHA-256-PRF sample"," the regulator can independently recompute.",[37,341,342],{},"Builds a Merkle inclusion proof for each sampled entry against the smallest STH that covers it.",[37,344,345,346,349],{},"Returns ",[44,347,348],{},"{ proofs[], rekor_url }"," — every proof verifiable locally.",[10,351,352,353,356,357,360,361,364,365,227],{},"When the challenge is bound to a directive (via ",[44,354,355],{},"bound_directive_id","), the response also includes the ",[14,358,359],{},"directive's own audit-chain lifecycle entries"," with inclusion proofs — so the regulator can verify directive application alongside the action records the directive shaped. Patent ",[14,362,363],{},"§8.3"," full, including the sub-claim that the ",[14,366,367],{},"investigative chain is itself committed and verifiable",[19,369,371],{"id":370},"how-they-compose","How they compose",[10,373,374],{},"The five primitives compose into a single property: a regulator can verify, end-to-end, that:",[260,376,377,380,383,386,389],{},[37,378,379],{},"The rules an agent follows are exactly the rules that authority signed.",[37,381,382],{},"Any runtime directive that authority issued reached the agent and was applied.",[37,384,385],{},"The agent's recorded actions during that directive's window are exactly the actions Iqrar's infrastructure has committed.",[37,387,388],{},"None of those records have been tampered with — any change invalidates the inclusion proof against the public Rekor log.",[37,390,391],{},"The regulator's own copy of the agent's telemetry, addressed to their channel, is a faithful subset of what the SDK committed.",[10,393,394,397],{},[14,395,396],{},"Without trusting Iqrar's infrastructure."," That is the design's central commitment.",[19,399,401],{"id":400},"where-this-lives-in-the-spec","Where this lives in the spec",[403,404,405,421],"table",{},[406,407,408],"thead",{},[409,410,411,415,418],"tr",{},[412,413,414],"th",{},"Aspect",[412,416,417],{},"Spec section",[412,419,420],{},"Stage shipped",[422,423,424,436,447,458,469,480,491,502],"tbody",{},[409,425,426,430,433],{},[427,428,429],"td",{},"Foundation registry + signed bundles + directives",[427,431,432],{},"§5.2, §5.4, §8.1",[427,434,435],{},"Stage 0",[409,437,438,441,444],{},[427,439,440],{},"Per-agent identity keys",[427,442,443],{},"§5.6, §8.3(b)",[427,445,446],{},"Stage 1",[409,448,449,452,455],{},[427,450,451],{},"Per-event hash chain",[427,453,454],{},"§5.3, §8.3(a)",[427,456,457],{},"Stage 2",[409,459,460,463,466],{},[427,461,462],{},"Merkle commitment + Rekor anchoring",[427,464,465],{},"§5.3, §8.3(b)",[427,467,468],{},"Stage 3",[409,470,471,474,477],{},[427,472,473],{},"Predicate-scoped challenge protocol",[427,475,476],{},"§5.3, §8.3",[427,478,479],{},"Stages 4 + 7",[409,481,482,485,488],{},[427,483,484],{},"Multi-jurisdiction at runtime",[427,486,487],{},"§6.2",[427,489,490],{},"Stage 5",[409,492,493,496,499],{},[427,494,495],{},"Source-boundary channel encryption",[427,497,498],{},"§5.5, §8.2",[427,500,501],{},"Stage 6",[409,503,504,507,510],{},[427,505,506],{},"Directive ↔ challenge binding",[427,508,509],{},"§8.3 sub-claim",[427,511,512],{},"Stage 7",{"title":220,"searchDepth":514,"depth":514,"links":515},2,[516,517,518,519,520,521,522],{"id":21,"depth":514,"text":22},{"id":91,"depth":514,"text":92},{"id":202,"depth":514,"text":203},{"id":247,"depth":514,"text":248},{"id":310,"depth":514,"text":311},{"id":370,"depth":514,"text":371},{"id":400,"depth":514,"text":401},"The five inventive aspects of the Iqrar design — what is signed, what is committed, what is encrypted, what is verifiable. Each maps to a patent claim chain.","md",{},{"order":527},20,"\u002Fdocs\u002Fconcepts\u002Foverview",{"title":5,"description":523},"docs\u002Fconcepts\u002Foverview","OfiQDIlubJRngWpgc11eAV-p-01cRrGGlrA88D1hZBw",1781253131675]