U‑Ω Mandate Script (UOMS)

A universal, time‑robust mandate format with pre/post/present dating, ASCII‑grounded provenance, and worded‑date parity for speech→text.

1) Canon (what every record must carry)

uoms: "1.0"
mandate_id: "MNT-2025-Ω-0001"          # stable ID
version: "1.2.0"                       # semver; patch for text fixes, minor for scope, major for law/policy shift
title: "Network Access Control Policy (Zero-Trust)"
language: "en-US-CNL"                  # Controlled Natural Language dialect
issuer:
  name: "SolveForce Trustor"
  did: "did:sf:trustor"
scope:
  domains: ["network", "security", "identity"]
  audience: ["prod", "staging"]
temporal:
  issued_at_iso: "2025-08-16T00:00:00Z"
  issued_at_words: "sixteenth of august two thousand twenty‑five at zero hours zulu"
  effective_from_iso: "2025-08-20T00:00:00Z"    # pre‑date window ends here
  effective_from_words: "twentieth of august two thousand twenty‑five at zero hours zulu"
  effective_to_iso: "9999-12-31T23:59:59Z"      # ∞ by convention
  effective_to_words: "end of time sentinel nine nine nine nine december thirty‑one"
  review_interval_days: 180
supersession:
  supersedes: ["MNT-2024-Ω-0042@1.1.0"]
  superseded_by: []                                # filled when replaced
  coexistence: "exclusive"                         # exclusive | layered | fallback
compliance:
  class: "ZTA-Strict"
  controls: ["NIST.SP.800-207", "ISO/IEC 27001:A.8.16"]
  obligations:
    - id: "OBL-1" 
      cnl: "Deny any access to Resource if Device is Untrusted or User is Unverified."
    - id: "OBL-2"
      cnl: "Re-evaluate Trust on each Request if Context changes."
exceptions:
  - id: "EXC-temp-001"
    cnl: "Permit break-glass for Incident_Response during Declared_Incident."
    temporal:
      effective_from_iso: "2025-08-20T00:00:00Z"
      effective_to_iso:   "2025-09-03T00:00:00Z"
provenance:
  ascii_basis: "U+0000..U+007F only; normalized NFC; newline LF"
  ri_ledger_ref: "ri://solveforce/mandates/MNT-2025-Ω-0001#v1.2.0"
  sgi_score: 1.0
  etymon_chain: ["zero","trust","access","control","policy"]
  hash_sha256: "…"
  signature: "eddsa:…"
  anchors:
    - char: "!"  role: "high-energy/alert"   note: "policy violation signal"
    - char: "_"  role: "identifier joiner"   note: "namespace cohesion"
evaluation:
  precedence: ["effective", "coexistence", "version", "issuer", "scope"]
  t_eval_policy: "present-now"                 # present-now | backtest | forecast
  conflict_rule: "deny-wins"                   # deny-wins | most-specific-wins

2) The three times (how it pre‑/post‑/present‑dates)

  • Pre‑date gate: issued_at ≤ t_eval < effective_frommandate exists but not yet in force.
  • Present‑date gate: effective_from ≤ t_eval ≤ effective_tomandate governs now.
  • Post‑date gate: t_eval > effective_tomandate archived; use superseded_by chain.

All three carry both:

  • ISO time (machine‑stable) and
  • worded time (speech‑stable): “twenty‑sixth of june two thousand twenty‑six…”.
    The words are canonicalized by your CNL so speech→text→OS can verify the same instant.

3) Minimal evaluator (reference logic)

def is_effective(m, t_eval):
    return m["temporal"]["effective_from_iso"] <= t_eval <= m["temporal"]["effective_to_iso"]

def epoch(m, t_eval):
    ef = m["temporal"]["effective_from_iso"]; et = m["temporal"]["effective_to_iso"]; ia = m["temporal"]["issued_at_iso"]
    if t_eval < ef and t_eval >= ia: return "pre-date"
    if ef <= t_eval <= et:           return "present-date"
    if t_eval > et:                  return "post-date"
    return "pre-issue"

def resolve_chain(mandates, t_eval):
    # 1) filter by scope/audience
    eligible = [m for m in mandates if scope_ok(m)]
    # 2) choose present-date; if none, choose nearest pre-date; else use superseded_by backtrack
    current = [m for m in eligible if is_effective(m, t_eval)]
    if current: return prioritize(current)
    pre = [m for m in eligible if epoch(m, t_eval)=="pre-date"]
    return prioritize(pre) if pre else backtrack_supersession(eligible, t_eval)

def prioritize(candidates):
    # deny-wins → tighter scope wins → higher version wins → newer issued_at wins
    return sorted(candidates, key=lambda m: (
        m["compliance"]["class"]=="ZTA-Strict", 
        scope_specificity(m), 
        semver_tuple(m["version"]), 
        m["temporal"]["issued_at_iso"]
    ), reverse=True)[0]

4) CNL Clause Pack (machine‑verifiable, human‑clear)

CNL‑01: “A Mandate is effective at time t iff effective_from ≤ t ≤ effective_to.”
CNL‑02: “When two effective mandates conflict, apply deny-wins, else most-specific-wins.”
CNL‑03: “If no effective mandate exists, apply nearest pre‑date mandate in scope as preview policy, read‑only.”
CNL‑04: “Supersession is exclusive unless coexistence: layered is declared.”
CNL‑05: “Worded‑date and ISO‑date must denote the same instant; otherwise the mandate is invalid.”

(These sit in your Logos/Codoglyph layer and get [LOCK]ed via your P‑047 loop.)

5) Worded‑date normalization (the “all words” rule)

  • Rule: every timestamp appears twice: ISO and CNL worded form.
  • Canonical form (examples):
    • 2025-08-16T00:00:00Z → “sixteenth of august two thousand twenty‑five at zero hours zulu”
    • sentinel → “end of time sentinel nine nine nine nine december thirty‑one”
  • Verification: the Word Calculator checks worded→ISO round‑trip; mismatch ⇒ reject.

6) Supersession example (pre→present→post in one glance)

- mandate_id: MNT-2024-Ω-0042
  version: "1.1.0"
  temporal: { effective_from_iso: "2024-05-01T00:00:00Z", effective_to_iso: "2025-08-19T23:59:59Z" }
  superseded_by: ["MNT-2025-Ω-0001@1.2.0"]

- mandate_id: MNT-2025-Ω-0001
  version: "1.2.0"
  temporal: { effective_from_iso: "2025-08-20T00:00:00Z", effective_to_iso: "9999-12-31T23:59:59Z" }
  supersedes: ["MNT-2024-Ω-0042@1.1.0"]
  • On 2025‑08‑18 → present applies MNT‑2024‑Ω‑0042; MNT‑2025‑Ω‑0001 is pre‑date preview only.
  • On 2025‑08‑20MNT‑2025‑Ω‑0001 is present‑date; prior is post‑date/archived.

7) Graft/Splice operations (time‑safe updates)

  • Graft (add): introduce a new mandate with coexistence: layered for a transition period.
  • Splice (change): update a clause; bump minor version; keep effective_from ≥ now; auto‑generate diff Codoglyph + new hash/signature; ledger the link both ways.

8) Compliance invariants (keeps it lawful forever)

  1. ASCII‑only payload (0–127), LF newlines, UTF‑8 envelope allowed for transport.
  2. Dual dating: ISO + worded CNL must round‑trip.
  3. Deterministic precedence: effective → coexistence → specificity → version → issued_at.
  4. Zero‑drift: any text edit changes the hash; new version required.
  5. Explainability: every decision cites the mandate_id@version and clause IDs (OBL/EXC).

Drop‑in “present‑now” evaluator (CNL)

“At present‑now, apply the unique mandate resolved by precedence among all mandates whose scope contains the request and whose time is present‑date; otherwise preview the nearest pre‑date mandate; otherwise backtrack the supersession chain to the most recent post‑date ancestor and emit No Governing Mandate.”