Example: Data Usage Attestation Layer¶
Sovereign agents that access data — model weights, training datasets, proprietary logs — must be able to prove what they accessed, how, and under which license. Without machine-verifiable attestation, an operator cannot audit post-hoc whether an agent respected a usage restriction.
v0.47 introduces a signed attestation layer for data access:
DataLicensePolicy: operator-issued allowlist of sources, access types, and volume caps.DataAccessIntent: agent-signed pre-execution declaration.DataAccessRecord: agent-signed post-execution record.DataUsageGate:BoundaryEnginegate that blocks execution before the intent clears the policy.
Out of scope: Payment, royalty calculation, and external settlement are not part of this layer.
DataAccessRecordis an attestation artefact; downstream systems decide what, if anything, to charge.
Step 1 — Create a license policy¶
The data licensor (e.g., the operator or data owner) defines which sources the agent may use:
genesis-mesh trust data policy \
--licensor-sovereign operator-1 \
--licensee-sovereign agent-a \
--allow-source model-weights-v3 \
--allow-source audit-logs-2026 \
--allow-access read \
--max-volume-bytes 104857600 \
--signing-key keys/operator.key \
--output policy.json
The policy is Ed25519-signed by the licensor and serialised to policy.json.
Step 2 — Declare intent before execution¶
Before the agent accesses any data it creates a signed intent:
genesis-mesh trust data intent \
--agent-sovereign agent-a \
--decision-id dec-abc123 \
--source "model-weights-v3:proprietary:operator-1" \
--access-type read \
--volume-bytes 52428800 \
--valid-for-seconds 600 \
--signing-key keys/agent.key \
--output intent.json
Step 3 — Verify intent against the policy¶
genesis-mesh trust data verify \
--intent intent.json \
--policy policy.json \
--public-key "$(cat keys/agent.pub)"
Output on success:
[OK] compliant — <intent-id>
If the intent declares a source not listed in allowed_source_ids, or uses a
prohibited classification tag, or exceeds the volume cap, the command exits 1
and prints a detailed violation list.
Step 4 — Create a record after execution¶
After the access completes the agent signs a post-execution record:
genesis-mesh trust data record \
--intent intent.json \
--source "model-weights-v3:proprietary:operator-1" \
--access-type read \
--volume-bytes 48234496 \
--signing-key keys/agent.key \
--output record.json
The record links back to intent_id so auditors can cross-reference pre- and
post-execution attestations.
Violation types¶
|
Meaning |
|---|---|
|
Source not in |
|
Access type not in |
|
Source has a tag listed in |
|
Declared or actual volume exceeds |
|
|
|
|
|
Missing or invalid signature on intent / record |
Using DataUsageGate in a BoundaryEngine¶
from genesis_mesh.trust.data_usage import DataUsageGate, create_data_access_intent
from genesis_mesh.trust.boundary import BoundaryEngine
intent = create_data_access_intent(
agent_sovereign_id="agent-a",
decision_id=boundary_decision.decision_id,
sources=[source_descriptor],
access_types=["read"],
signing_key=agent_sk,
estimated_volume_bytes=50_000_000,
)
engine = BoundaryEngine(
decision=boundary_decision,
gates=[DataUsageGate(intent, policy, [agent_pub_b64])],
)
result = engine.evaluate(context_record)
The gate returns GateResult(passed=True, detail="compliant") or
GateResult(passed=False, detail="<violation_reason>"). The engine fails
closed — any gate failure produces a block verdict.