# Aggregation-Only Contract (AOC) Invariants

Last updated: 2025-11-25 (DOCS-ATTEST-75-002)

## Core invariants (all components)
- **Tenant isolation**: Every API call requires `X-Stella-Tenant`; storage and caches are keyed by tenant.
- **Append-only inputs**: Evidence, advisories, and attestations are stored immutably; no in-place edits.
- **Determinism**: Sorting and pagination are stable; timestamps are UTC ISO-8601; hashes are lowercase hex.
- **No consensus**: Components enforce validation/verification only; no severity or policy decisions inside AOC services.
- **Offline-first**: All external data (feeds, keys, checkpoints) must be supplied via bundled inputs; no live fetches when sealed.

## Attestor-specific invariants
- **Trust roots**: Verification keys are loaded exclusively from the bundled trust store; network key discovery is disabled in sealed mode.
- **DSSE only**: Inputs must be DSSE envelopes; detached signatures are rejected with a deterministic error code.
- **Transparency optional, explicit**: If a mirrored checkpoint is provided, inclusion proof is validated; otherwise results record `transparency=skipped` without failing the request.
- **Rationale trail**: Each verification emits a rationale list (e.g., `key.match`, `transparency.included`, `transparency.skipped`) so results are replayable.
- **Immutability**: Verified statements and rationale are recorded append-only in the delivery/verification ledger; retries must not overwrite prior entries.

## Guardrails for implementers
- Never permit unsigned or partially signed payloads to proceed past parsing.

## Pending Update
- Add risk scoring provenance guarantees (DOCS-RISK-68-002) once Export/Risk inputs land; due 2025-12-11 per sprint action tracker. Include deterministic hash list for any new examples or schemas.
- Reject any outbound HTTP/S fetch during verification when `Attestor__Offline__Enabled=true`.
- Keep secret material out of logs; log statement digests and key ids only.
- Round numeric scores/weights only at the presentation boundary; internal math stays high-precision.

## Audit checklist
- [ ] Tenant header enforced on every endpoint.
- [ ] Trust bundle hash matches the signed manifest on disk.
- [ ] Transparency verification results are captured per request.
- [ ] Ledger entries are append-only and carry rationale + trace ids.