This document provides the detailed technical specifications for the nondominium Holochain application (hApp). It is based on the requirements outlined in requirements.md and the architecture described in the nondominium project document. It is intended for Holochain developers.
- Valueflows Compliance: Data structures will adhere to the Valueflows standard.
- Agent-Centricity: All data is created and validated from the perspective of the individual agent.
- Capability-Based Security: Access and permissions will be managed through Holochain's capability token mechanism.
As per the project's architectural description, the hApp will be composed of three distinct zomes. This separation of concerns will enhance modularity and clarity.
zome_person: Handles agent identity, profiles, and roles.zome_resource: Manages the lifecycle of Economic Resources and their Specifications.zome_governance: Implements the logic for Commitments, Claims, and other governance-related actions.
The nondominium system implements a governance-as-operator architecture where:
- Resource Zome operates as a pure data model responsible for resource specifications, economic resources, and data persistence
- Governance Zome operates as a state transition operator responsible for evaluating governance rules, validating state changes, and generating economic events
This separation enables independent evolution of data structures and governance rules while maintaining clear interfaces and responsibilities.
The primary interface between zomes follows the governance operator pattern:
// Resource zome requests state transition
#[hdk_extern]
pub fn request_resource_transition(
request: GovernanceTransitionRequest,
) -> ExternResult<GovernanceTransitionResult>;
// Governance zome evaluates and decides
#[hdk_extern]
pub fn evaluate_state_transition(
request: GovernanceTransitionRequest,
) -> ExternResult<GovernanceTransitionResult>;- State Change Request: Resource zome receives agent request
- Governance Evaluation: Cross-zome call to governance zome for decision
- State Application: Resource zome applies approved changes
- Event Generation: Economic events generated for audit trail
Stores public-facing information about an agent.
- Fields:
agent_pub_key: AgentPubKey: The public key of the agent.name: String: The agent's chosen public name/pseudonym.avatar_url: Option<String>
- Links:
AllAgents -> AgentProfile: Anchor for discovering all agent profiles.
- Description: Stores an agent's private Personal Identifiable Information (PII) as a Holochain private entry in the agent's source chain. The agent can grant access to this data on a case-by-case basis (see https://developer.holochain.org/build/entries/).
private_data: ...(fields like legal name, address, email, photo ID hash)- Links:
AgentProfile -> PrivateProfile: Links the public profile to the private data.
Defines a specific role an agent can have (e.g., User, Repair, Transport, Storage).
- Fields:
role_name: Stringvalidated_by: Option<AgentPubKey>: The Accountable or Primary Accountable Agent who validated the role assignment (fulfills REQ-GOV-06).validation_receipt: Option<ActionHash>: Link to the ValidationReceipt for this role assignment.
- Links:
AgentProfile -> Role: Assigns a role to an agent. This link's tag could hold validation info (e.g., who validated the role).
A template for a class of resources.
- Fields:
name: Stringdescription: Stringimage_url: Option<String>governance_rules: Vec<GovernanceRule>: Embedded rules for resource access and management. FulfillsREQ-GOV-06.
- Links:
AllResourceSpecifications -> ResourceSpecification: Anchor for discovery.
A rule embedded within a ResourceSpecification that defines how resources can be accessed and managed.
- Fields:
rule_type: String: e.g., "access_requirement", "usage_limit", "transfer_conditions"rule_data: String: JSON-encoded rule parametersenforced_by: Option<AgentRole>: Role required to enforce this rule
A concrete instance of a resource.
- Fields:
conforms_to: ActionHash: Link to theResourceSpecification.quantity: f64unit: Stringcustodian: AgentPubKey: The Primary Accountable Agent holding the resource.
- Links:
ResourceSpecification -> EconomicResource: Find all resources of a type.AgentProfile -> EconomicResource(as Custodian): Link to the agent currently holding it. Tag: "custodian".
Represents structured activities that transform Economic Resources or provide ecosystem services in the nondominium network.
-
Fields:
process_type: String: The type of process ("Use", "Transport", "Storage", "Repair")name: String: Human-readable name for the process instancedescription: Option<String>: Optional description of the specific processrequired_role: String: Agent role required to initiate this processinputs: Vec<ActionHash>: Links to EconomicResources that are inputs to the processoutputs: Vec<ActionHash>: Links to EconomicResources that are outputs from the processstarted_by: AgentPubKey: Agent who initiated the processstarted_at: Timestamp: When the process was initiatedcompleted_at: Option<Timestamp>: When the process was completed (None if ongoing)location: Option<String>: Physical or logical location where process occursstatus: ProcessStatus: Current status of the process
-
Links:
AllEconomicProcesses -> EconomicProcess: Discovery anchor for all processesAgentProfile -> EconomicProcess: Processes initiated by an agentEconomicResource -> EconomicProcess: Link resources to processes that use themEconomicProcess -> EconomicEvent: Events that occur within a process
Enumeration representing the current state of an Economic Process.
- Values:
Planned: Process is planned but not yet startedInProgress: Process is currently activeCompleted: Process has finished successfullySuspended: Process is temporarily pausedCancelled: Process was cancelled before completionFailed: Process failed to complete successfully
Records a consummated action on a resource.
- Fields:
action: VfAction: ValueFlows action enum (e.g., Transfer, Use, Produce, InitialTransfer, AccessForUse, TransferCustody)provider: AgentPubKeyreceiver: AgentPubKeyresource_inventoried_as: ActionHash: Link to theEconomicResourceaffects: ActionHash: Link to theEconomicResourcethat is affectedresource_quantity: f64: Quantity of resource affected by the eventevent_time: Timestamp: When the event occurrednote: Option<String>: Optional notes about the event
- Links:
EconomicResource -> EconomicEvent: History of events for a resourceEconomicProcess -> EconomicEvent: Events that occur within a process context
An intention to perform an EconomicEvent.
- Fields:
action: VfAction: The intended ValueFlows action (e.g., AccessForUse, Transfer, Use)provider: AgentPubKeyreceiver: AgentPubKeyresource_inventoried_as: Option<ActionHash>: Link to specific resource if applicableresource_conforms_to: Option<ActionHash>: Link to ResourceSpecification if generalinput_of: Option<ActionHash>: Optional link to an EconomicProcessdue_date: Timestampnote: Option<String>: Optional commitment notescommitted_at: Timestamp: When the commitment was made
- Links:
AgentProfile -> Commitment: Agent's outgoing/incoming commitmentsEconomicProcess -> Commitment: Commitments related to a process
Fulfills a Commitment (public governance record).
- Fields:
fulfills: ActionHash: Link to theCommitmentfulfilled_by: ActionHash: Link to the resultingEconomicEventclaimed_at: Timestamp: When the claim was creatednote: Option<String>: Optional notes about the claim fulfillment
- Links:
Commitment -> Claim: Shows a commitment has been actioned
- Note: This is the public governance record. Private Participation Receipts (PPRs) are generated alongside Claims to track reputation privately.
Records validation of resources, events, or agent promotions by Accountable Agents.
- Fields:
validator: AgentPubKey: The agent performing the validationvalidated_item: ActionHash: Link to the item being validated (Resource, Event, Role, or Agent promotion)validation_type: String: e.g., "resource_approval", "process_validation", "identity_verification", "role_assignment", "agent_promotion"approved: bool: Whether the validation was approved or rejectednotes: Option<String>: Optional validation notes
- Links:
ValidatedItem -> ValidationReceipt: Track all validations for an item
Tracks the overall validation status of a resource requiring peer review.
- Fields:
resource: ActionHash: Link to theEconomicResourcebeing validatedvalidation_scheme: String: e.g., "2-of-3", "simple_majority"required_validators: u32: Number of validators neededcurrent_validators: u32: Number of validators who have respondedstatus: String: "pending", "approved", "rejected"
- Links:
EconomicResource -> ResourceValidation: One validation per resource
A cryptographically signed receipt stored as a private entry that extends the ValueFlows Claim structure to track agent reliability and form the foundation for the reputation system.
-
Fields:
fulfills: ActionHash: Link to the Commitment fulfilled (standard ValueFlows)fulfilled_by: ActionHash: Link to the resulting EconomicEvent (standard ValueFlows)claimed_at: Timestamp: When the claim was created (standard ValueFlows)claim_type: ParticipationClaimType: Type of participation being claimedcounterparty: AgentPubKey: The other agent involved in the bi-directional receiptperformance_metrics: PerformanceMetrics: Quantitative measures of performancebilateral_signature: CryptographicSignature: Cryptographic proof of mutual agreementinteraction_context: String: Context of the interaction (e.g., "resource_creation", "custody_transfer", "maintenance_service")role_context: Option<String>: Specific role context if applicable (e.g., "Transport", "Repair", "Storage")resource_reference: Option<ActionHash>: Link to the resource involved in the interaction
-
Privacy: Stored as Holochain private entry accessible only to the owning agent
-
Links: None (private entries are not linked in DHT for privacy preservation)
Enumeration defining the types of participation claims that can be issued.
- Values:
ResourceContribution: Receipt for successfully creating and getting a resource validatedNetworkValidation: Receipt for performing validation dutiesResponsibleTransfer: Receipt for properly transferring resource custodyCustodyAcceptance: Receipt for accepting resource custody responsiblyServiceCommitmentAccepted: Receipt for accepting a service commitmentGoodFaithTransfer: Receipt for transferring resource in good faith for serviceServiceFulfillmentCompleted: Receipt for completing a service successfullyMaintenanceFulfillment: Receipt for completing maintenance serviceStorageFulfillment: Receipt for completing storage serviceTransportFulfillment: Receipt for completing transport serviceEndOfLifeDeclaration: Receipt for declaring resource end-of-lifeEndOfLifeValidation: Receipt for validating resource end-of-lifeDisputeResolutionParticipation: Receipt for constructive dispute resolution participationGovernanceCompliance: Receipt for consistent adherence to governance protocols
Quantitative measures of agent performance in economic interactions.
- Fields:
timeliness_score: f64: How promptly the agent fulfilled commitments (0.0-1.0)quality_score: f64: Quality of service provided (0.0-1.0)reliability_score: f64: Consistency and dependability (0.0-1.0)communication_score: f64: Effectiveness of communication (0.0-1.0)completion_rate: f64: Percentage of commitments successfully completedresource_condition_maintained: Option<bool>: Whether resource condition was maintained (for service roles)additional_metrics: Option<String>: JSON-encoded additional context-specific metrics
Cryptographic proof of mutual agreement between agents in bi-directional receipt issuance.
- Fields:
signer: AgentPubKey: Agent who created the signaturesignature: Signature: Cryptographic signature of the receipt datasigned_data_hash: ActionHash: Hash of the data that was signedsignature_algorithm: String: Algorithm used for signing (e.g., "Ed25519")created_at: Timestamp: When the signature was created
Aggregated reputation metrics derived from an agent's Private Participation Claims.
- Fields:
agent: AgentPubKey: The agent whose reputation is summarizedtotal_interactions: u32: Total number of completed economic interactionsaverage_timeliness: f64: Average timeliness score across all interactionsaverage_quality: f64: Average quality score across all interactionsaverage_reliability: f64: Average reliability score across all interactionsaverage_communication: f64: Average communication score across all interactionscompletion_rate: f64: Overall percentage of commitments successfully completedrole_performance: std::collections::HashMap<String, RolePerformance>: Performance breakdown by rolerecent_activity: Vec<RecentInteraction>: Summary of recent interactions (last 30 days)calculated_at: Timestamp: When this summary was calculated
Performance metrics for a specific role.
- Fields:
role_name: String: The role (e.g., "Transport", "Repair", "Storage")interaction_count: u32: Number of interactions in this roleaverage_performance: f64: Average performance score for this rolespecialization_score: f64: How specialized/expert the agent is in this rolelast_activity: Timestamp: Most recent activity in this role
Summary of a recent economic interaction for reputation display.
- Fields:
interaction_type: String: Type of interaction (e.g., "custody_transfer", "repair_service")counterparty: AgentPubKey: The other agent involvedperformance_score: f64: Overall performance in this interactioninteraction_date: Timestamp: When the interaction occurredresource_involved: Option<ActionHash>: Resource that was involved, if applicable
Defines validation requirements for a specific Economic Process type.
- Fields:
process_type: String: The type of process (e.g., "Use", "Transport", "Repair", "Storage")required_role: Option<String>: Role required to initiate this processminimum_validators: u32: Minimum number of validators requiredvalidation_scheme: String: Validation scheme to use (e.g., "simple_majority", "2-of-3")completion_validation_required: bool: Whether completion needs separate validationperformance_thresholds: PerformanceThresholds: Minimum performance thresholdsspecial_requirements: Vec<String>: Any special requirements for this process type
Minimum performance thresholds for process validation.
- Fields:
minimum_timeliness: f64: Minimum acceptable timeliness scoreminimum_quality: f64: Minimum acceptable quality scoreminimum_reliability: f64: Minimum acceptable reliability scoreminimum_communication: f64: Minimum acceptable communication scoreminimum_completion_rate: f64: Minimum acceptable completion rate
Interface for requesting state changes from the governance zome:
#[derive(Serialize, Deserialize, Debug, Clone)]
pub struct GovernanceTransitionRequest {
/// The action the requesting agent wants to perform
pub action: VfAction,
/// Current state of the resource being modified
pub resource: EconomicResource,
/// Agent requesting the state change
pub requesting_agent: AgentPubKey,
/// Additional context for the transition
pub context: TransitionContext,
}Additional context information for state transitions:
#[derive(Serialize, Deserialize, Debug, Clone)]
pub struct TransitionContext {
/// Target location for transport/move actions
pub target_location: Option<String>,
/// Quantity change for produce/consume actions
pub quantity_change: Option<f64>,
/// Target custodian for transfer actions
pub target_custodian: Option<AgentPubKey>,
/// Process notes and observations
pub process_notes: Option<String>,
/// Associated economic process if applicable
pub process_context: Option<ActionHash>,
}Result structure returned by the governance zome:
#[derive(Serialize, Deserialize, Debug)]
pub struct GovernanceTransitionResult {
/// Whether the transition was approved
pub success: bool,
/// Updated resource state (if approved)
pub new_resource_state: Option<EconomicResource>,
/// Generated economic event for audit trail
pub economic_event: Option<EconomicEvent>,
/// Validation receipts from governance evaluation
pub validation_receipts: Vec<ValidationReceipt>,
/// Detailed reasons for rejection (if applicable)
pub rejection_reasons: Option<Vec<String>>,
/// Required next steps or additional validation needed
pub next_steps: Option<Vec<String>>,
}create_profile(name: String, avatar: Option<String>, private_profile: ...) -> Recordget_my_profile() -> (Record, Record)get_agent_profile(agent: AgentPubKey) -> Option<Record>assign_role(agent: AgentPubKey, role: String) -> ActionHash(Requires validation by Accountable Agent; for specialized roles, must follow REQ-GOV-06 validation process)promote_agent_to_accountable(simple_agent: AgentPubKey, private_profile_hash: ActionHash) -> ValidationReceipt: Promotes a Simple Agent to Accountable Agent status after successful validation (REQ-GOV-08).get_my_participation_claims() -> Vec<PrivateParticipationClaim>: Returns all private participation receipts for the calling agent.- Capability:
general_access
- Capability:
get_reputation_summary() -> ReputationSummary: Calculates and returns aggregated reputation metrics based on participation claims.- Capability:
general_access
- Capability:
get_participation_claims_by_type(claim_type: ParticipationClaimType) -> Vec<PrivateParticipationClaim>: Returns participation claims filtered by type.- Capability:
general_access
- Capability:
create_resource_spec(name: String, description: String, governance_rules: Vec<GovernanceRule>) -> Record: Creates a new resource specification with embedded governance rules. FulfillsREQ-GOV-06.- Capability:
restricted_access(Only Accountable Agents can define new resource types)
- Capability:
create_economic_resource(spec_hash: ActionHash, quantity: f64, unit: String) -> Record: Creates a new Economic Resource. This is the first step for a Simple Agent (REQ-USER-S-05). Automatically triggers validation process (REQ-GOV-02).- Capability:
general_access
- Capability:
get_all_resource_specs() -> Vec<Record>: Discovery function for all resource specifications.- Capability:
general_access
- Capability:
get_resources_by_spec(spec_hash: ActionHash) -> Vec<Record>: Filtered discovery by specification.- Capability:
general_access
- Capability:
get_my_resources() -> Vec<Record>: Returns resources where the calling agent is the custodian.- Capability:
general_access
- Capability:
transfer_custody(resource_hash: ActionHash, new_custodian: AgentPubKey) -> Record: Transfers custody and creates anEconomicEventvia cross-zome call tozome_governance. Enforces governance rules (REQ-GOV-07).- Capability:
restricted_access
- Capability:
check_first_resource_requirement(agent: AgentPubKey) -> bool: Checks if an agent has created at least one resource. FulfillsREQ-GOV-01.- Capability:
general_access
- Capability:
initiate_economic_process(process_type: String, resource_hashes: Vec<ActionHash>, location: Option<String>) -> Record: Initiates an Economic Process (Use, Transport, Storage, Repair). Validates agent has required role for the process type.- Capability:
restricted_access(Role-gated: requires specific credentials for Transport, Repair, Storage)
- Capability:
complete_economic_process(process_hash: ActionHash, output_resources: Vec<ActionHash>) -> Record: Completes an Economic Process and records any resource changes.- Capability:
restricted_access
- Capability:
get_active_processes() -> Vec<Record>: Returns all active processes initiated by the calling agent.- Capability:
general_access
- Capability:
get_process_by_resource(resource_hash: ActionHash) -> Vec<Record>: Returns all processes that have used a specific resource.- Capability:
general_access
- Capability:
propose_commitment(action: VfAction, resource_hash: ActionHash, provider: AgentPubKey, due: Timestamp) -> Record: Creates a future intention to act on a resource.- Capability:
restricted_access
- Capability:
accept_commitment(commitment_hash: ActionHash) -> Record: Accepts a proposed commitment.- Capability:
restricted_access
- Capability:
claim_commitment(commitment_hash: ActionHash, resource_id: ActionHash) -> Record: Fulfills a commitment and creates the correspondingEconomicEvent.- Capability:
restricted_access
- Capability:
log_initial_transfer(resource_hash: ActionHash, receiver: AgentPubKey, quantity: f64) -> Record: A simplified function for aSimple Agent's first transaction (REQ-USER-S-07). This triggers the validation process for Simple Agent promotion (REQ-GOV-02).- Capability:
general_access
- Capability:
validate_new_resource(resource_hash: ActionHash, validation_scheme: String) -> ValidationReceipt: Peer-validates a newly created Resource. FulfillsREQ-USER-A-07andREQ-GOV-02. Supports configurable validation schemes (REQ-GOV-04).- Capability:
restricted_access
- Capability:
validate_process_event(event_hash: ActionHash) -> ValidationReceipt: Validates an event related to a core process (e.g., Storage, Repair). FulfillsREQ-USER-A-08andREQ-GOV-05.- Capability:
restricted_access
- Capability:
validate_agent_identity(simple_agent: AgentPubKey, private_profile_hash: ActionHash) -> ValidationReceipt: Validates a Simple Agent's identity information and their first resource transfer, potentially promoting them to Accountable Agent status. Full validation requires access to the agent's private entry. Fulfills REQ-GOV-08.- Capability:
restricted_access
- Capability:
check_validation_status(resource_hash: ActionHash) -> ResourceValidation: Returns the current validation status of a resource.- Capability:
general_access
- Capability:
get_validation_history(item_hash: ActionHash) -> Vec<ValidationReceipt>: Returns all validation receipts for a given item.- Capability:
general_access
- Capability:
validate_process_completion(process_hash: ActionHash) -> ValidationReceipt: Validates that an Economic Process was completed according to its specifications and governance rules.- Capability:
restricted_access
- Capability:
get_process_validation_requirements(process_type: String) -> ProcessValidationRequirements: Returns the validation requirements for a specific process type.- Capability:
general_access
- Capability:
issue_participation_receipts(commitment_hash: ActionHash, event_hash: ActionHash, counterparty: AgentPubKey, performance_metrics: PerformanceMetrics) -> (ActionHash, ActionHash): Issues bi-directional Private Participation Claims for both agents involved in an economic interaction. Returns the action hashes of both receipts.- Capability:
restricted_access
- Capability:
sign_participation_claim(claim_hash: ActionHash, signature: CryptographicSignature) -> Record: Adds cryptographic signature to a participation claim to complete the bi-directional receipt process.- Capability:
general_access
- Capability:
validate_participation_claim_signature(claim_hash: ActionHash) -> bool: Validates the cryptographic signature of a participation claim.- Capability:
general_access
- Capability:
- Capability Tokens: Zome functions will be protected by capability grants.
Simple Agentsget a general token.Accountable Agentsget a restricted token after their first validated transaction (REQ-SEC-01). - Validation Logic:
- The
zome_personintegrity zome will validate that only an Accountable Agent can assign aRole, and that specialized roles (Transport, Repair, Storage) require validation by existing Primary Accountable Agents per REQ-GOV-04 (Specialized Role Validation). - The
zome_personintegrity zome will validate that promotion from Simple Agent to Accountable Agent requires validation by an Accountable or Primary Accountable Agent, following the process in REQ-GOV-03 (Agent Validation). - The
zome_resourceintegrity zome ensures a resource cannot be created without a validResourceSpecificationand enforces embedded governance rules (REQ-GOV-07). - The
zome_resourceintegrity zome ensures that new resources start in a 'pending validation' state and are set to 'validated' upon successful peer review, as described in REQ-GOV-02 (Resource Validation). - The
zome_governanceintegrity zome ensures aClaimmatches itsCommitmentand validates all validation receipts for authenticity. - The system supports configurable validation schemes (e.g., 2-of-3, N-of-M reviewers) for Resource approval per REQ-GOV-06 (Multi-Reviewer Validation).
- Certain types of validation are restricted to Agents with specific Roles per REQ-GOV-05 (Role-Gated Validation).
- The
zome_resourceintegrity zome validates that Economic Processes can only be initiated by agents with appropriate roles (Transport, Repair, Storage processes require specific credentials). - Economic Process validation ensures that:
- Only agents with required roles can initiate specific process types
- Process inputs and outputs are properly linked to existing Economic Resources
- Process completion triggers appropriate Economic Events
- Resource state changes are validated according to process type (e.g., Repair may change resource state, Transport preserves state)
- The
- Cross-Zome Calls: Functions will call other zomes to maintain transactional integrity (e.g.,
transfer_custodymust create a validEconomicEventand enforce governance rules,initiate_economic_processmust validate agent roles across zomes). - First Resource Requirement: The system enforces that Simple Agents must create at least one resource before accessing others (
REQ-GOV-01), implemented through thecheck_first_resource_requirementfunction. - Process Role Enforcement: Economic Processes enforce role-based access control where specialized processes (Transport, Repair, Storage) require agents to hold appropriate validated credentials, while Use processes are accessible to all Accountable Agents.
- Private Participation Receipt (PPR) Validation:
- PPR issuance is automatically triggered for every completed economic interaction that involves a Commitment-Claim-Event cycle
- Bi-directional receipt generation ensures both agents receive appropriate participation claims
- Cryptographic signature validation ensures authenticity and prevents manipulation
- Performance metrics are validated to be within acceptable ranges (0.0-1.0 for scores)
- PPR claim types must correspond to the actual economic action performed
- End-of-life declarations require multiple validator participation receipts with enhanced security measures
- Private entry storage ensures receipt privacy while maintaining auditability for the owning agent
This section specifies the technical architecture for supporting two distinct deployment contexts:
- Pure P2P Context: Individual humans directly using Nondominium
- Organizational Context: Organizations accessing Nondominium through bridge services (ERP, Tiki, etc.)
These specifications correspond to the future development requirements defined in REQ-FUT-* series.
SPEC-FUT-ID-01: Organizational Agent Entry
New entry type for representing organizational agents:
#[derive(Serialize, Deserialize, Debug, Clone)]
pub struct OrganizationalAgent {
/// Unique identifier for the organization
pub org_id: AgentPubKey,
/// Human-readable organization name
pub org_name: String,
/// Legal entity information (optional)
pub legal_entity_info: Option<LegalEntityInfo>,
/// Organization type (e.g., "cooperative", "corporation", "nonprofit")
pub org_type: String,
/// Root signing authority for the organization
pub root_authority: AgentPubKey,
/// Active delegation policy
pub delegation_policy: DelegationPolicy,
/// Created timestamp
pub created_at: Timestamp,
}SPEC-FUT-ID-02: Delegation Entry
Entry type for employee/member delegations:
#[derive(Serialize, Deserialize, Debug, Clone)]
pub struct Delegation {
/// The organizational agent granting delegation
pub delegator: AgentPubKey,
/// The employee/member receiving delegation
pub delegate: AgentPubKey,
/// Scoped capabilities (e.g., ["Transport", "Use"])
pub capabilities: Vec<String>,
/// Monetary or quantity limits (optional)
pub limits: Option<DelegationLimits>,
/// Expiry timestamp (optional, None = no expiry)
pub expires_at: Option<Timestamp>,
/// Status: "active", "revoked", "expired"
pub status: DelegationStatus,
/// Created timestamp
pub created_at: Timestamp,
/// Revoked timestamp (if applicable)
pub revoked_at: Option<Timestamp>,
}SPEC-FUT-ID-03: Delegation Limits
#[derive(Serialize, Deserialize, Debug, Clone)]
pub struct DelegationLimits {
/// Maximum transaction value
pub max_value: Option<f64>,
/// Maximum resource quantity
pub max_quantity: Option<f64>,
/// Allowed resource types
pub allowed_resource_specs: Option<Vec<ActionHash>>,
/// Geographic restrictions
pub geographic_limits: Option<Vec<String>>,
}SPEC-FUT-ID-04: Delegation Validation
#[hdk_extern]
pub fn validate_delegation(delegation_hash: ActionHash, action: VfAction) -> ExternResult<bool> {
// Check delegation status (active/revoked/expired)
// Verify capability scope includes requested action
// Validate limits are not exceeded
// Return authorization result
}SPEC-FUT-ID-05: Delegation Management Functions
// Create delegation for employee/member
#[hdk_extern]
pub fn create_delegation(
delegate: AgentPubKey,
capabilities: Vec<String>,
limits: Option<DelegationLimits>,
expires_at: Option<Timestamp>
) -> ExternResult<ActionHash>;
// Revoke delegation immediately
#[hdk_extern]
pub fn revoke_delegation(delegation_hash: ActionHash) -> ExternResult<()>;
// Get all active delegations for an organization
#[hdk_extern]
pub fn get_active_delegations(org_agent: AgentPubKey) -> ExternResult<Vec<Delegation>>;
// Check if delegate has specific capability
#[hdk_extern]
pub fn check_delegation_capability(
delegate: AgentPubKey,
capability: String
) -> ExternResult<bool>;SPEC-FUT-REP-01: Organizational Participation Claim
Extended PPR structure for organizational context:
#[derive(Serialize, Deserialize, Debug, Clone)]
pub struct OrganizationalParticipationClaim {
/// Standard PPR fields
pub base_claim: PrivateParticipationClaim,
/// The delegate who performed the action
pub performed_by: Option<AgentPubKey>,
/// Internal attribution hash (for org audit)
pub internal_attribution: Option<Hash>,
/// Whether this was an organizational or personal action
pub action_context: ActionContext,
}SPEC-FUT-REP-02: Reputation Aggregation
#[derive(Serialize, Deserialize, Debug, Clone)]
pub struct OrganizationalReputationSummary {
/// The organizational agent
pub org_agent: AgentPubKey,
/// Standard reputation metrics (external view)
pub external_reputation: ReputationSummary,
/// Internal attribution by delegate (private)
pub delegate_performance: HashMap<AgentPubKey, ReputationSummary>,
/// Aggregate organizational metrics
pub org_metrics: OrganizationalMetrics,
}SPEC-FUT-REP-03: Organizational Metrics
#[derive(Serialize, Deserialize, Debug, Clone)]
pub struct OrganizationalMetrics {
/// Total active delegates
pub active_delegates: u32,
/// Organizational transaction volume
pub transaction_volume: u32,
/// Organizational reliability score
pub org_reliability: f64,
/// Resource pool size
pub resource_pool_size: u32,
}SPEC-FUT-REP-04: Organizational Reputation Functions
// Get organizational reputation (external view)
#[hdk_extern]
pub fn get_organizational_reputation(org_agent: AgentPubKey) -> ExternResult<OrganizationalReputationSummary>;
// Get delegate performance (organizational admin only)
#[hdk_extern]
pub fn get_delegate_performance(
org_agent: AgentPubKey,
delegate: AgentPubKey
) -> ExternResult<ReputationSummary>;
// Issue organizational PPR with internal attribution
#[hdk_extern]
pub fn issue_organizational_ppr(
commitment_hash: ActionHash,
event_hash: ActionHash,
performed_by: AgentPubKey,
performance_metrics: PerformanceMetrics
) -> ExternResult<ActionHash>;SPEC-FUT-BRG-01: Bridge Service Core Architecture
The bridge service acts as a RESTful interface between organizational systems (ERP, Tiki) and Holochain:
Organizational System (PHP/Python) <--HTTP/JSON--> Node.js Bridge <--WebSocket--> Holochain Conductor
Components:
- REST API Layer: Express.js or Fastify for HTTP endpoints
- Holochain Client:
@holochain/clientfor WebSocket communication - Cache Layer: Redis for frequently accessed data
- Queue Layer: Bull/BullMQ for async operations
- Signal Handler: Real-time event forwarding to organizational systems
SPEC-FUT-BRG-02: Bridge Service Data Structures
// Bridge configuration
interface BridgeConfig {
adminWsUrl: string; // Holochain Admin WebSocket URL
appWsUrl: string; // Holochain App WebSocket URL
appId: string; // Nondominium hApp ID
redisUrl: string; // Redis connection URL
orgWebhookUrl: string; // Organizational system webhook endpoint
webhookSecret: string; // HMAC signature secret
cacheEnabled: boolean; // Enable/disable caching
cacheTTL: number; // Cache time-to-live (seconds)
}
// Bridge request format
interface BridgeRequest {
dna_hash: string; // Nondominium DNA hash
agent_key: string; // Organizational agent key
zome: string; // Target zome name
function: string; // Target function name
payload: any; // Function payload
delegate?: string; // Optional delegate agent key
}
// Bridge response format
interface BridgeResponse {
success: boolean;
data?: any;
error?: string;
cached?: boolean;
timestamp: number;
}SPEC-FUT-BRG-03: Bridge REST API Endpoints
Core endpoints that organizational systems interact with:
// Resource management
POST /api/resources
GET /api/resources/search
GET /api/resources/:hash
POST /api/resources/:hash/use
DELETE /api/resources/:hash
// Transaction management
POST /api/commitments
GET /api/commitments/:hash
POST /api/events
GET /api/events/by-resource/:resource_hash
// Reputation queries
GET /api/reputation/:agent_id/summary
GET /api/reputation/:agent_id/receipts
// Batch operations
POST /api/batch
// Organizational management
POST /api/org/delegations
DELETE /api/org/delegations/:hash
GET /api/org/delegations/active
GET /api/org/reputation
// Health and monitoring
GET /health
GET /metricsSPEC-FUT-BRG-04: Signal Forwarding
Real-time signal forwarding from Holochain to organizational systems:
// Signal handler
class SignalForwarder {
async handleSignal(signal: HolochainSignal): Promise<void> {
// Transform Holochain signal to organizational format
const orgEvent = this.transformSignal(signal);
// POST to organizational webhook
await this.postToWebhook(orgEvent);
}
private transformSignal(signal: HolochainSignal): OrganizationalEvent {
return {
type: signal.data.type,
payload: signal.data.payload,
timestamp: Date.now(),
signature: this.generateHMAC(signal)
};
}
}SPEC-FUT-BRG-05: PHP Client Library
PHP library for Tiki and similar systems:
class NondominiumClient {
private $bridge_url;
private $org_agent_key;
private $delegate_key;
public function __construct($bridge_url, $org_agent_key, $delegate_key = null);
// Resource operations
public function createResource($spec_hash, $quantity, $unit);
public function searchResources($query = null);
public function initiateUse($resource_hash, $receiver, $start_time, $end_time);
// Batch operations
public function batchOperations($operations);
// Reputation queries
public function getOrganizationalReputation();
public function getDelegatePerformance($delegate_agent);
// Delegation management
public function createDelegation($delegate, $capabilities, $limits = null);
public function revokeDelegation($delegation_hash);
}SPEC-FUT-BRG-06: Python Client Library
Python library for ERPLibre/Odoo:
class NondominiumBridgeClient:
def __init__(self, bridge_url: str, org_agent_key: str, delegate_key: str = None):
self.bridge_url = bridge_url
self.org_agent_key = org_agent_key
self.delegate_key = delegate_key
# Resource operations
def create_resource(self, spec_hash: str, quantity: float, unit: str) -> dict:
pass
def search_resources(self, query: str = None) -> list:
pass
# Batch operations
def batch_operations(self, operations: list) -> list:
pass
# Webhook handling
def handle_signal(self, signal: dict) -> None:
passSPEC-FUT-GOV-01: Organizational Governance Policy
#[derive(Serialize, Deserialize, Debug, Clone)]
pub struct OrganizationalGovernancePolicy {
/// Organization this policy applies to
pub org_agent: AgentPubKey,
/// Automated approval rules
pub approval_rules: Vec<ApprovalRule>,
/// Multi-signature requirements
pub multisig_requirements: Vec<MultiSigRequirement>,
/// Policy version
pub version: String,
/// Policy effective date
pub effective_at: Timestamp,
}SPEC-FUT-GOV-02: Approval Rule
#[derive(Serialize, Deserialize, Debug, Clone)]
pub struct ApprovalRule {
/// Rule name
pub name: String,
/// Conditions for automatic approval
pub conditions: Vec<Condition>,
/// Actions this rule applies to
pub applies_to: Vec<VfAction>,
/// Whether approval is automatic or manual
pub auto_approve: bool,
}
#[derive(Serialize, Deserialize, Debug, Clone)]
pub struct Condition {
pub field: String, // e.g., "resource_value", "borrower_reputation"
pub operator: Operator, // e.g., "greater_than", "less_than", "equals"
pub value: String, // Comparison value
}SPEC-FUT-GOV-03: Multi-Signature Requirement
#[derive(Serialize, Deserialize, Debug, Clone)]
pub struct MultiSigRequirement {
/// Transaction types requiring multi-sig
pub transaction_types: Vec<String>,
/// Minimum number of signatures required
pub min_signatures: u32,
/// Required roles for signers
pub required_roles: Vec<String>,
/// Value threshold for triggering multi-sig
pub value_threshold: Option<f64>,
}SPEC-FUT-GOV-04: Organizational Governance Functions
// Set organizational governance policy
#[hdk_extern]
pub fn set_governance_policy(policy: OrganizationalGovernancePolicy) -> ExternResult<ActionHash>;
// Evaluate approval request against policy
#[hdk_extern]
pub fn evaluate_approval_request(
action: VfAction,
context: ApprovalContext
) -> ExternResult<ApprovalDecision>;
// Initiate multi-signature transaction
#[hdk_extern]
pub fn initiate_multisig_transaction(
action: VfAction,
resource_hash: ActionHash,
required_signers: Vec<AgentPubKey>
) -> ExternResult<ActionHash>;
// Sign multi-signature transaction
#[hdk_extern]
pub fn sign_multisig_transaction(
transaction_hash: ActionHash,
signature: CryptographicSignature
) -> ExternResult<()>;
// Check multi-signature completion
#[hdk_extern]
pub fn check_multisig_status(transaction_hash: ActionHash) -> ExternResult<MultiSigStatus>;SPEC-FUT-DEV-01: Session Entry
#[derive(Serialize, Deserialize, Debug, Clone)]
pub struct OrganizationalSession {
/// Session identifier
pub session_id: String,
/// Organizational agent
pub org_agent: AgentPubKey,
/// Delegate agent for this session
pub delegate: AgentPubKey,
/// Device identifier
pub device_id: String,
/// Session creation time
pub created_at: Timestamp,
/// Session expiry time
pub expires_at: Timestamp,
/// Session status
pub status: SessionStatus,
/// OAuth/SSO token reference (hashed)
pub auth_token_hash: Option<Hash>,
}SPEC-FUT-DEV-02: Device Registration
#[derive(Serialize, Deserialize, Debug, Clone)]
pub struct RegisteredDevice {
/// Device identifier
pub device_id: String,
/// Organization this device belongs to
pub org_agent: AgentPubKey,
/// Device type (e.g., "tablet", "mobile", "workstation")
pub device_type: String,
/// Whether device is shared or personal
pub is_shared: bool,
/// Registered delegates for this device
pub authorized_delegates: Vec<AgentPubKey>,
/// Device registration time
pub registered_at: Timestamp,
/// Device status
pub status: DeviceStatus,
}SPEC-FUT-DEV-03: Session Management Functions
// Create organizational session
#[hdk_extern]
pub fn create_session(
delegate: AgentPubKey,
device_id: String,
auth_token_hash: Option<Hash>
) -> ExternResult<String>; // Returns session_id
// Validate active session
#[hdk_extern]
pub fn validate_session(session_id: String) -> ExternResult<bool>;
// Terminate session
#[hdk_extern]
pub fn terminate_session(session_id: String) -> ExternResult<()>;
// Map OAuth token to Holochain capability
#[hdk_extern]
pub fn map_oauth_to_capability(
oauth_token_hash: Hash,
delegate: AgentPubKey
) -> ExternResult<CapabilityGrant>;
// Register organizational device
#[hdk_extern]
pub fn register_device(
device_id: String,
device_type: String,
is_shared: bool
) -> ExternResult<ActionHash>;
// Revoke device access remotely
#[hdk_extern]
pub fn revoke_device_access(device_id: String) -> ExternResult<()>;SPEC-FUT-OWN-01: Extended Resource Entry
#[derive(Serialize, Deserialize, Debug, Clone)]
pub struct OrganizationalEconomicResource {
/// Standard resource fields
pub base_resource: EconomicResource,
/// Owner (may differ from custodian in org context)
pub owner: AgentPubKey,
/// Current physical location
pub location: Option<LocationInfo>,
/// Internal organizational tracking ID
pub internal_id: Option<String>,
/// Legal contract attachment (hashed)
pub contract_hash: Option<Hash>,
}SPEC-FUT-OWN-02: Location Tracking
#[derive(Serialize, Deserialize, Debug, Clone)]
pub struct LocationInfo {
/// Location type (e.g., "warehouse", "service_truck", "customer_site")
pub location_type: String,
/// Location identifier
pub location_id: String,
/// Geographic coordinates (optional)
pub coordinates: Option<(f64, f64)>,
/// Updated timestamp
pub updated_at: Timestamp,
}SPEC-FUT-OWN-03: Internal Transfer Event
#[derive(Serialize, Deserialize, Debug, Clone)]
pub struct InternalTransferEvent {
/// Resource being transferred
pub resource: ActionHash,
/// Organization owning the resource
pub organization: AgentPubKey,
/// Previous custodian (employee)
pub from_custodian: AgentPubKey,
/// New custodian (employee)
pub to_custodian: AgentPubKey,
/// Previous location
pub from_location: Option<LocationInfo>,
/// New location
pub to_location: Option<LocationInfo>,
/// Transfer timestamp
pub transferred_at: Timestamp,
/// Does NOT trigger ownership change
pub is_internal: bool,
}SPEC-FUT-OWN-04: Organizational Ownership Functions
// Internal custody transfer (within organization)
#[hdk_extern]
pub fn internal_custody_transfer(
resource_hash: ActionHash,
new_custodian: AgentPubKey,
new_location: Option<LocationInfo>
) -> ExternResult<ActionHash>;
// Update resource location without custody change
#[hdk_extern]
pub fn update_resource_location(
resource_hash: ActionHash,
location: LocationInfo
) -> ExternResult<()>;
// Attach legal contract to commitment
#[hdk_extern]
pub fn attach_contract(
commitment_hash: ActionHash,
contract_hash: Hash
) -> ExternResult<()>;
// Reconcile organizational inventory
#[hdk_extern]
pub fn reconcile_inventory(
org_agent: AgentPubKey,
inventory_snapshot: Vec<ResourceInventoryItem>
) -> ExternResult<ReconciliationReport>;SPEC-FUT-ARCH-01: Context Detection
The system should automatically detect operational context:
#[derive(Serialize, Deserialize, Debug, Clone)]
pub enum AgentContext {
PureP2P, // Individual human agent
Organizational(OrganizationalAgent), // Organizational agent
Delegate(AgentPubKey, AgentPubKey), // Delegate acting for organization
}
// Determine agent context
#[hdk_extern]
pub fn get_agent_context(agent: AgentPubKey) -> ExternResult<AgentContext>;SPEC-FUT-ARCH-02: Pluggable Governance
Governance logic should be modular and swappable:
pub trait GovernanceModule {
fn evaluate_action(&self, action: VfAction, context: ActionContext) -> Result<ApprovalDecision>;
fn get_validation_requirements(&self, action: VfAction) -> ValidationRequirements;
}
// P2P Governance Module
pub struct P2PGovernanceModule;
impl GovernanceModule for P2PGovernanceModule { /* ... */ }
// Organizational Governance Module
pub struct OrganizationalGovernanceModule;
impl GovernanceModule for OrganizationalGovernanceModule { /* ... */ }SPEC-FUT-ARCH-03: Unified Reputation Framework
Reputation calculation should work across contexts:
pub trait ReputationCalculator {
fn calculate_reputation(&self, agent: AgentPubKey) -> Result<ReputationSummary>;
fn aggregate_pprs(&self, claims: Vec<PrivateParticipationClaim>) -> PerformanceMetrics;
}
// Works for both P2P and organizational agents
#[hdk_extern]
pub fn calculate_unified_reputation(agent: AgentPubKey) -> ExternResult<ReputationSummary> {
let context = get_agent_context(agent)?;
let calculator = match context {
AgentContext::PureP2P => P2PReputationCalculator::new(),
AgentContext::Organizational(_) => OrganizationalReputationCalculator::new(),
AgentContext::Delegate(org, _) => OrganizationalReputationCalculator::new(),
};
calculator.calculate_reputation(agent)
}SPEC-FUT-DEPLOY-01: Docker Compose Architecture
Standard deployment for organizational integration:
services:
holochain:
image: holochain/holochain:latest
ports:
- "8000:8000" # Admin WebSocket
- "8888:8888" # App WebSocket
bridge:
build: ./bridge-service
environment:
- HC_ADMIN_WS_URL=ws://holochain:8000
- HC_APP_WS_URL=ws://holochain:8888
- REDIS_URL=redis://redis:6379
depends_on:
- holochain
- redis
redis:
image: redis:7-alpine
organizational_system:
# ERP, Tiki, or other organizational platform
depends_on:
- bridgeSPEC-FUT-DEPLOY-02: Bridge Service Health Monitoring
interface HealthStatus {
status: 'healthy' | 'degraded' | 'unhealthy';
holochain: {
connected: boolean;
latency: number;
};
redis: {
connected: boolean;
memory_usage: number;
};
queue: {
jobs_pending: number;
jobs_failed: number;
};
uptime: number;
version: string;
}
// Health check endpoint
GET /health -> HealthStatusPhase 1 (Current): Pure P2P implementation
- Focus: Individual agents, direct custody, simple governance
Phase 2 (Near-term Future Development):
- Delegation pattern (SPEC-FUT-ID-01 through SPEC-FUT-ID-05)
- Organizational reputation (SPEC-FUT-REP-01 through SPEC-FUT-REP-04)
- Basic bridge service (SPEC-FUT-BRG-01 through SPEC-FUT-BRG-03)
Phase 3 (Long-term Future Development):
- Multi-signature governance (SPEC-FUT-GOV-01 through SPEC-FUT-GOV-04)
- Session & device management (SPEC-FUT-DEV-01 through SPEC-FUT-DEV-03)
- Full organizational features (custody vs ownership, policy automation)
SPEC-FUT-MIGRATE-01: Backward Compatibility
New organizational features must not break existing P2P functionality:
- P2P agents can interact with organizational agents seamlessly
- Core ValueFlows data structures remain unchanged
- Organizational features are additive, not breaking changes
SPEC-FUT-MIGRATE-02: Data Migration
When transitioning from P2P-only to organizational support:
- Existing PPRs remain valid and portable
- Existing resources can be claimed by organizations
- Agent identities can be promoted to organizational agents