From 06f414e0d83ff418a92ac3a4b4b87f61b5f340c9 Mon Sep 17 00:00:00 2001
From: Robert DeLanghe <1240090+bdelanghe@users.noreply.github.com>
Date: Sun, 28 Jun 2026 21:54:21 -0400
Subject: [PATCH] feat(claims): ground the two PARTIAL honesty claims after
 verifying the code
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Continues prx-qhuv. Verified both PARTIAL claims against the actual linked
repos before grounding any term (cross-repo evidence check, not assumption):

- Provenance claim: ocap-provenance/slsa.ts emits in-toto Statement v1 + SLSA
  Provenance v1; prx verify.ts/merge-guard.ts verify; anchored-chain is the
  content-addressed derivation ledger; workflow.ts canEnterReadyToMerge fails
  closed on unsigned. GAP (why PARTIAL): emission/enforcement is opt-in until
  Sigstore lands.
- Broker claim: keeperd/daemon.ts holds the key and performs the push; the
  agent holds only a socket; claude-box CAPABILITIES.md is credential-free.
  GAP (why PARTIAL): macOS TCP transport is weaker than unix-socket possession;
  not sandbox-hardened.

Each grounding term is tagged PARTIAL with its verified file + the named gap,
so the source stays honest; the visible PARTIAL grade carries the gap. The two
ASPIRATIONAL claims (converge, contracts-honest) stay body — bets, not grounded.

audit-gate --strict 0 errors, content.mjs 23/23, build/structure/semantic/shacl
green locally.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
---
 content/grounding.json    | 13 +++++++++++--
 content/marketing.feature |  8 ++++++++
 content/strings.json      |  4 +++-
 data/audit/catalog.json   | 10 ++++++++++
 data/audit/grounding.json |  9 ++++++++-
 5 files changed, 40 insertions(+), 4 deletions(-)

diff --git a/content/grounding.json b/content/grounding.json
index 32b4171..cfddf62 100644
--- a/content/grounding.json
+++ b/content/grounding.json
@@ -1,5 +1,6 @@
 {
-  "_source": "Grounded facts bounded.tools genuinely backs — the source for string-audit's claim->grounding check (emitted to data/audit/grounding.json by emit-catalog). Each key is a lowercase phrase a `claim`-typed symbol may assert; the value records WHY it is backed. ONLY genuinely-backed facts belong here: adding an unbacked term to pass the gate is the exact overclaim this check exists to prevent. Scope: ENFORCED graded claims + blocking-gate conformance evidence. PARTIAL/ASPIRATIONAL claims are NOT grounded — they stay `body`, never typed `claim`.",
+  "_source": "Grounded facts bounded.tools genuinely backs — the source for string-audit's claim->grounding check (emitted to data/audit/grounding.json by emit-catalog). Each key is a lowercase phrase a `claim`-typed symbol may assert; the value records WHY it is backed. ONLY genuinely-backed facts belong here: adding an unbacked term to pass the gate is the exact overclaim this check exists to prevent. ENFORCED terms are CI-proven on this build. PARTIAL terms name mechanisms VERIFIED code-complete in the linked repos (file cited); their activation/transport gap is carried by the visible PARTIAL grade — do not promote them to unconditional. ASPIRATIONAL claims (prx/claude-box converge; contracts stay honest) are bets — NOT grounded, kept `body`.",
+
   "docs generate from source": "ENFORCED — gen-blog / gen-conformance generate from source; --check staleness gates fail CI on drift",
   "fail ci on drift": "ENFORCED — the committed catalog/structure/blog --check gates block the build on drift",
   "behaviour specs execute": "ENFORCED graded claim — guest-room's behaviour specs run against the engine (evidence-linked)",
@@ -7,5 +8,13 @@
   "reproducible build": "conformance-evidence.reproducibleBuild — blocking gate",
   "sbom": "conformance-evidence.sbom — SPDX SBOM generated and completeness-checked",
   "signed release manifest": "conformance-evidence.signedReleaseManifest — blocking gate",
-  "content digests": "conformance-evidence.contentDigests — RFC 9530, blocking gate"
+  "content digests": "conformance-evidence.contentDigests — RFC 9530, blocking gate",
+
+  "in-toto": "PARTIAL — ocap-provenance/slsa.ts emits in-toto Statement v1 envelopes; gap: emission opt-in until Sigstore lands",
+  "slsa": "PARTIAL — ocap-provenance uses SLSA Provenance v1 (slsa.ts, SLSA-MAPPING.md); verified by prx verifySlsaDerivation; gap: enforcement conditional",
+  "signed per-actor": "PARTIAL — prx signer.ts derives a per-actor key; effect-ownership.ts attributes via builder.id; gap: prod default fail-open until Sigstore",
+  "content-addressed in a derivation ledger": "PARTIAL — anchored-chain derivation-store.ts (digest-keyed, derivationsByOutput); gap: ledger may be null on read-only replicas",
+  "fail-closed at the merge gate": "PARTIAL — prx workflow.ts canEnterReadyToMerge blocks on unsigned, merge-guard.ts; gap: only runs when requireSignedDerivations() is set",
+  "broker daemon": "PARTIAL — keeperd/daemon.ts holds the key and performs the push; agent holds only a socket (claude-box CAPABILITIES.md); gap: macOS TCP transport weaker than unix-socket possession",
+  "never holds the credential": "PARTIAL — claude-box ROOM.md/CAPABILITIES.md: container is credential-free, keeperd/contract.ts never returns key material; gap: not sandbox-hardened (TCB = daemon + container boundary)"
 }
diff --git a/content/marketing.feature b/content/marketing.feature
index de30202..7f904b7 100644
--- a/content/marketing.feature
+++ b/content/marketing.feature
@@ -75,3 +75,11 @@ Feature: bounded.tools marketing micro-copy
   @marketing
   Scenario: The behaviour-specs claim (enforced) is consistent
     Then surfaces present the claim "guest-room's behaviour specs execute against the engine."
+
+  @marketing
+  Scenario: The provenance claim (partial) is consistent
+    Then surfaces present the claim "A git-write carries a verifiable in-toto / SLSA provenance derivation — signed per-actor, content-addressed in a derivation ledger, checked fail-closed at the merge gate."
+
+  @marketing
+  Scenario: The broker-credential claim (partial) is consistent
+    Then surfaces present the claim "The agent never holds the credential — a broker daemon does."
diff --git a/content/strings.json b/content/strings.json
index 17b1a79..b307ebd 100644
--- a/content/strings.json
+++ b/content/strings.json
@@ -17,5 +17,7 @@
   "bet-grade-label": { "$value": "This claim, graded:", "$description": "Inline grade label on the bet." },
   "bio-talk": { "$value": "If your team is chewing on the same problem, I'd like to talk.", "$description": "Colophon bio — contact prompt." },
   "claim-docs": { "$value": "Docs generate from source and fail CI on drift.", "$description": "Honesty claim (ENFORCED) — typed `claim`, grounded in content/grounding.json." },
-  "claim-specs": { "$value": "guest-room's behaviour specs execute against the engine.", "$description": "Honesty claim (ENFORCED) — typed `claim`, grounded in content/grounding.json." }
+  "claim-specs": { "$value": "guest-room's behaviour specs execute against the engine.", "$description": "Honesty claim (ENFORCED) — typed `claim`, grounded in content/grounding.json." },
+  "claim-provenance": { "$value": "A git-write carries a verifiable in-toto / SLSA provenance derivation — signed per-actor, content-addressed in a derivation ledger, checked fail-closed at the merge gate.", "$description": "Honesty claim (PARTIAL) — mechanisms verified in ocap-provenance/prx/anchored-chain; grounded; gap carried by the PARTIAL grade." },
+  "claim-broker": { "$value": "The agent never holds the credential — a broker daemon does.", "$description": "Honesty claim (PARTIAL) — verified in keeperd/daemon.ts + claude-box CAPABILITIES.md; grounded; macOS transport gap carried by the PARTIAL grade." }
 }
diff --git a/data/audit/catalog.json b/data/audit/catalog.json
index 6bcdab4..7bbc0d6 100644
--- a/data/audit/catalog.json
+++ b/data/audit/catalog.json
@@ -1029,11 +1029,21 @@
     "$type": "body",
     "$description": "micro-copy token — content/strings.json#byline"
   },
+  "content/strings.json#claim-broker": {
+    "$value": "The agent never holds the credential — a broker daemon does.",
+    "$type": "claim",
+    "$description": "micro-copy token — content/strings.json#claim-broker"
+  },
   "content/strings.json#claim-docs": {
     "$value": "Docs generate from source and fail CI on drift.",
     "$type": "claim",
     "$description": "micro-copy token — content/strings.json#claim-docs"
   },
+  "content/strings.json#claim-provenance": {
+    "$value": "A git-write carries a verifiable in-toto / SLSA provenance derivation — signed per-actor, content-addressed in a derivation ledger, checked fail-closed at the merge gate.",
+    "$type": "claim",
+    "$description": "micro-copy token — content/strings.json#claim-provenance"
+  },
   "content/strings.json#claim-specs": {
     "$value": "guest-room's behaviour specs execute against the engine.",
     "$type": "claim",
diff --git a/data/audit/grounding.json b/data/audit/grounding.json
index a8c2d7c..a28b6e3 100644
--- a/data/audit/grounding.json
+++ b/data/audit/grounding.json
@@ -6,5 +6,12 @@
   "reproducible build",
   "sbom",
   "signed release manifest",
-  "content digests"
+  "content digests",
+  "in-toto",
+  "slsa",
+  "signed per-actor",
+  "content-addressed in a derivation ledger",
+  "fail-closed at the merge gate",
+  "broker daemon",
+  "never holds the credential"
 ]