AGPL-3.0 reference implementation of
student-data-access-audit-stream. Runs the Lincoln Unified School District × VendorT MathBuddy v3.x trajectory end-to-end. 2 invariants: FERPA school-official-or-consent-basis (34 CFR Part 99) + COPPA verifiable parental consent for under-13 (16 CFR §312.4) — with age-conditional and BEFORE-event time check.
Part of the Kinetic Gain Protocol Suite.
Sibling to fhir-resource-access-audit-reference, matter-decision-record-audit-stream-reference, grid-decision-record-audit-stream-reference, defense-decision-record-audit-stream-reference, government-decision-record-audit-stream-reference, financial-decision-record-audit-stream-reference, and employment-decision-record-audit-stream-reference.
The EdTech invariant design has an unusual property: one invariant fires conditionally on student age.
- FERPA school-official-or-consent-basis — every event MUST carry
agent.ferpa_basisfrom the 8-entry enumerated set of FERPA-permitted disclosure types (34 CFR 99.30 + 99.31). Always required, all ages. - COPPA verifiable parental consent — fires ONLY when
resource.student_age < 13. Requiresagent.coppa_consent_obtained: true+agent.coppa_consent_obtained_attimestamp BEFORE the event (16 CFR §312.4 mandates consent BEFORE collection). The before-event time check is a forward-looking precondition distinct from DefenseTech (filed within 72h of) and HR Tech (notice ≥10 days before AI use).
orchestrator.mjs (4 steps, mixed ages)
│
├─ requests access via student-vault.mjs (enforces both invariants conditionally)
│
├─ builds hash-chained event via event-builder.mjs (canonical-JSON SHA-256)
│
└─ emits to examples/lincoln-mathbuddy-reference-stream.ndjson
verifier.mjs (independent, post-hoc)
│
├─ chain integrity (each prev_hash = prior hash)
├─ invariant #1: FERPA basis (always)
└─ invariant #2: COPPA consent (conditional on age < 13, with before-event time check)
npm install && npm start
# → Built 4 events → examples/lincoln-mathbuddy-reference-stream.ndjson
# → OK · 4 events · chain ✓ · 2 invariants ✓
npm test # 11 unit tests| Step | Event | Student age | Invariants exercised |
|---|---|---|---|
| 1 | Roster sync (eligible student) | 17 | #1 only (no COPPA — over 13) |
| 2 | Math assessment score (child) | 10 | #1 + #2 (COPPA fires) |
| 3 | Progress report to parent | 10 | #1 (different basis — prior-written-consent-parent) + #2 |
| 4 | IEP modification | 10 | #1 + #2 + IDEA-protected data |
COPPA consent provided 2026-09-01 (beginning of school year), well before any AI event in mid-October.
| Basis | CFR ref | Common use |
|---|---|---|
school-official-with-legitimate-educational-interest |
34 CFR 99.31(a)(1) | Day-to-day operational access |
prior-written-consent-parent |
34 CFR 99.30 | Parent-authorized release |
prior-written-consent-eligible-student |
34 CFR 99.30 | Student ≥18 authorized |
directory-information-opted-in |
34 CFR 99.37 | Public directory data |
audit-or-evaluation-99-31-a-3 |
34 CFR 99.31(a)(3) | Compliance audits |
financial-aid-99-31-a-4 |
34 CFR 99.31(a)(4) | Financial aid administration |
judicial-order-or-subpoena-99-31-a-9 |
34 CFR 99.31(a)(9) | Court orders |
health-or-safety-emergency-99-31-a-10 |
34 CFR 99.31(a)(10) | Emergency disclosures |
| Failure mode | Reason |
|---|---|
| Missing FERPA basis | "Every student-data access requires ferpa_basis citation" |
| Unrecognized FERPA basis string | "i-just-want-the-record" → not in enumerated FERPA disclosure permissions |
| Under-13 student without COPPA consent | "Student age 10 < 13 requires verifiable parental consent per COPPA 16 CFR §312.4 BEFORE collection" |
| COPPA consent obtained AFTER event | "COPPA consent timestamp is AFTER event — consent must be obtained BEFORE collection" |
| Over-13 student without COPPA | Permitted — COPPA doesn't apply to children ≥13 |
student-data-access-audit-stream— the spec this implementsferpa-readiness-evidence-bundle— evidence bundle that ingests eventsai-student-record-incident-card-profile— invariant failures become Incident Cardsstate-ai-disclosure-state-tracker— 50-state student data privacy lifecyclepii-student-vault-contract-profile— Decision Card vault contract- Kinetic Gain Protocol Suite — umbrella
Reference implementation readiness scaffolding for FERPA + COPPA + IDEA + Section 504 + ESSA + 50 state student-data-privacy regimes. Does NOT constitute FTC COPPA Safe-Harbor certification, ED OCR audit clearance, or substitute for a school's own annual FERPA notification + opt-out workflow. The mock student vault is in-memory — production deployments must integrate with the SIS (Infinite Campus / PowerSchool / Skyward) + identity provider + parent-consent ledger. Per the standing Suite public-language guardrail: readiness · evidence · posture · controls · scaffolding — never "compliant" / "certified" without external attestation.
AGPL-3.0-only. Spec repos this depends on remain MIT.