HATS Attestation Schema — v1.0.0

Version: 1.0.0
Status: Production
Last Updated: 2026-05-22
Canonical URL: https://h33.ai/schemas/hats-attestation/
Schema Draft: JSON Schema draft 2020-12
Editor: Eric Beans, H33.ai, Inc.

1. Overview

A HATS attestation payload is the primary structured record produced by the HATS (H33 Attestation & Trust Standard) protocol. It encodes a complete governance graph, the cryptographic root hash binding that graph, the set of post-quantum signers that attested it, and the verification status at time of production.

This schema defines the JSON representation of that payload. Producers (attestation engines, governance pipelines) MUST emit payloads conforming to this schema. Consumers (verifiers, auditors, downstream systems) SHOULD validate incoming payloads against this schema before processing.

The payload is designed for machine consumption. It contains no presentation-layer fields. Human-readable representations are derived from this payload, never the reverse.

2. Definitions

Attestation Payload: A JSON object conforming to this schema that represents a single HATS attestation event. Contains the governance graph, root hash, signer set, and verification status.
Governance Graph: A directed acyclic graph (DAG) of governance nodes connected by edges. Each node represents a discrete governance decision, control evaluation, or policy checkpoint. Each edge represents a causal or dependency relationship.
Root Hash: A SHA3-256 digest computed over the canonical serialization of the governance graph. Serves as the binding commitment between the graph structure and any external anchors (chain, H33-74 receipt).
Signer Set: The set of post-quantum signature algorithms used to attest the payload. A conformant signer set includes ML-DSA-65, FALCON-512, and SLH-DSA-SHA2-128f-simple.
Verification Status: An enumeration indicating the result of the most recent verification pass over the payload. One of: INTACT, PARTIAL, DIVERGENT, BROKEN.
Proof Profile: A string identifier specifying the cryptographic profile under which the attestation was produced. Determines hash function, signature algorithms, and serialization rules.

3. JSON Schema Definition

The following is the formal JSON Schema (draft 2020-12) for a HATS attestation payload.

{
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "$id": "https://h33.ai/schemas/hats-attestation/v1.0.0",
  "title": "HATS Attestation Payload",
  "description": "A complete HATS attestation record.",
  "type": "object",
  "required": [
    "schema_version",
    "transcript_version",
    "governance_graph",
    "root_hash",
    "timestamp",
    "signer_set",
    "verification_status",
    "proof_profile"
  ],
  "properties": {
    "schema_version": {
      "type": "string",
      "const": "1.0.0",
      "description": "Schema version. Fixed to 1.0.0 for this schema."
    },
    "transcript_version": {
      "type": "integer",
      "minimum": 1,
      "description": "Monotonically increasing transcript version for this governance chain."
    },
    "governance_graph": {
      "type": "object",
      "required": ["nodes", "edges"],
      "properties": {
        "nodes": {
          "type": "array",
          "items": { "$ref": "#/$defs/GovernanceNode" },
          "minItems": 1
        },
        "edges": {
          "type": "array",
          "items": { "$ref": "#/$defs/GovernanceEdge" }
        }
      }
    },
    "root_hash": {
      "type": "string",
      "pattern": "^[a-f0-9]{64}$",
      "description": "SHA3-256 hex digest of the canonical governance graph serialization."
    },
    "timestamp": {
      "type": "string",
      "format": "date-time",
      "description": "ISO 8601 timestamp of attestation production."
    },
    "signer_set": {
      "type": "object",
      "required": ["ml_dsa", "falcon", "slh_dsa"],
      "properties": {
        "ml_dsa": { "$ref": "#/$defs/SignerEntry" },
        "falcon": { "$ref": "#/$defs/SignerEntry" },
        "slh_dsa": { "$ref": "#/$defs/SignerEntry" }
      }
    },
    "verification_status": {
      "type": "string",
      "enum": ["INTACT", "PARTIAL", "DIVERGENT", "BROKEN"]
    },
    "proof_profile": {
      "type": "string",
      "description": "Cryptographic proof profile identifier."
    },
    "metadata": {
      "type": "object",
      "description": "Optional metadata. Schema-free. Not covered by root_hash."
    }
  },
  "$defs": {
    "GovernanceNode": {
      "type": "object",
      "required": ["node_id", "node_type", "hash", "timestamp"],
      "properties": {
        "node_id": { "type": "string", "format": "uuid" },
        "node_type": {
          "type": "string",
          "enum": ["DECISION", "CONTROL", "POLICY", "ATTESTATION", "CHECKPOINT"]
        },
        "hash": { "type": "string", "pattern": "^[a-f0-9]{64}$" },
        "timestamp": { "type": "string", "format": "date-time" },
        "payload": { "type": "object" },
        "parent_ids": {
          "type": "array",
          "items": { "type": "string", "format": "uuid" }
        }
      }
    },
    "GovernanceEdge": {
      "type": "object",
      "required": ["source", "target", "edge_type"],
      "properties": {
        "source": { "type": "string", "format": "uuid" },
        "target": { "type": "string", "format": "uuid" },
        "edge_type": {
          "type": "string",
          "enum": ["DEPENDS_ON", "CAUSES", "ATTESTS", "SUPERSEDES"]
        }
      }
    },
    "SignerEntry": {
      "type": "object",
      "required": ["algorithm", "public_key_hash", "signature_hex"],
      "properties": {
        "algorithm": { "type": "string" },
        "public_key_hash": { "type": "string", "pattern": "^[a-f0-9]{64}$" },
        "signature_hex": { "type": "string", "pattern": "^[a-f0-9]+$" }
      }
    }
  },
  "additionalProperties": false
}

4. Field Definitions

Field	Type	Required	Description	Constraints
`schema_version`	string	Yes	Schema version identifier. Fixed to `"1.0.0"` for this version.	Constant: `"1.0.0"`
`transcript_version`	integer	Yes	Monotonically increasing version for this governance chain. Each new attestation in the same chain increments this value.	Minimum: 1
`governance_graph`	object	Yes	The governance graph containing nodes and edges.	Must contain `nodes` (min 1) and `edges` arrays.
`root_hash`	string	Yes	SHA3-256 hex digest of the canonical governance graph serialization.	Exactly 64 lowercase hex characters.
`timestamp`	string	Yes	ISO 8601 timestamp of when the attestation was produced.	Must include timezone offset or Z.
`signer_set`	object	Yes	The three PQ signature entries that signed this attestation.	Must contain `ml_dsa`, `falcon`, `slh_dsa`.
`verification_status`	string	Yes	Result of the most recent verification pass.	Enum: INTACT, PARTIAL, DIVERGENT, BROKEN
`proof_profile`	string	Yes	Cryptographic proof profile identifier (e.g., `"HATS-PROFILE-PQ-SHA3-256-v1"`).	Non-empty string.
`metadata`	object	No	Optional metadata. Not covered by `root_hash`. Intended for non-cryptographic annotations.	Schema-free object.

5. Governance Node Schema

Each node in the governance_graph.nodes array represents a discrete governance event. Nodes are identified by UUID and typed by their role in the governance DAG.

Field	Type	Required	Description
`node_id`	string (UUID)	Yes	Unique identifier for this node. UUID v4 format.
`node_type`	string (enum)	Yes	DECISION, CONTROL, POLICY, ATTESTATION, or CHECKPOINT.
`hash`	string (hex64)	Yes	SHA3-256 digest of this node's canonical content.
`timestamp`	string (ISO 8601)	Yes	When this governance event occurred.
`payload`	object	No	Node-specific payload. Structure varies by `node_type`.
`parent_ids`	array of UUIDs	No	IDs of parent nodes in the DAG. Empty or absent for root nodes.

5.1. Node Type Semantics

DECISION — A governance decision made by a human or automated agent. The payload contains the decision rationale and outcome.
CONTROL — A control evaluation result. The payload contains the control identifier, evaluation result (pass/fail), and evidence references.
POLICY — A policy definition or update. The payload contains the policy document hash and version.
ATTESTATION — A cryptographic attestation event. The payload contains the attested computation reference and H33-74 receipt identifier.
CHECKPOINT — A periodic state checkpoint. The payload contains the cumulative state hash up to this point in the governance chain.

6. Governance Edge Schema

Each edge in the governance_graph.edges array represents a directed relationship between two nodes.

Field	Type	Required	Description
`source`	string (UUID)	Yes	The originating node ID. Must reference a valid `node_id` in the `nodes` array.
`target`	string (UUID)	Yes	The destination node ID. Must reference a valid `node_id` in the `nodes` array.
`edge_type`	string (enum)	Yes	DEPENDS_ON, CAUSES, ATTESTS, or SUPERSEDES.

6.1. Edge Type Semantics

DEPENDS_ON — Target node is a dependency of source node. Source cannot be valid without target.
CAUSES — Source node causally precedes target node in the governance sequence.
ATTESTS — Source node cryptographically attests the content of target node.
SUPERSEDES — Source node replaces target node. Target is deprecated but retained in the graph for auditability.

7. Cryptographic Assumptions

The HATS attestation payload relies on the following cryptographic primitives and their associated hardness assumptions:

SHA3-256 (NIST FIPS 202) — Used for root_hash and individual node hash fields. Collision resistance assumed.
ML-DSA-65 (NIST FIPS 204) — Module-Lattice Digital Signature Algorithm. Security relies on the hardness of MLWE.
FALCON-512 (NIST PQC Round 3) — NTRU-lattice-based signature. Security relies on the hardness of NTRU lattice problems.
SLH-DSA-SHA2-128f-simple (NIST FIPS 205) — Stateless Hash-Based Digital Signature Algorithm. Security relies only on the collision resistance of the underlying hash function.

An attacker must break all three independent hardness assumptions simultaneously to forge a valid signer set.

8. Canonical Valid Example

Valid HATS Attestation Payload
{
  "schema_version": "1.0.0",
  "transcript_version": 42,
  "governance_graph": {
    "nodes": [
      {
        "node_id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
        "node_type": "POLICY",
        "hash": "c3ab8ff13720e8ad9047dd39466b3c8974e592c2fa383d4a3960714caef0c4f2",
        "timestamp": "2026-05-22T10:00:00Z",
        "payload": { "policy_version": "2.1.0", "policy_id": "PQ-SIGN-REQUIRE-3KEY" }
      },
      {
        "node_id": "b2c3d4e5-f6a7-8901-bcde-f12345678901",
        "node_type": "CONTROL",
        "hash": "7d793037a0760186574b0282f2f435e7",
        "timestamp": "2026-05-22T10:00:05Z",
        "payload": { "control_id": "CTRL-PQ-001", "result": "PASS" },
        "parent_ids": ["a1b2c3d4-e5f6-7890-abcd-ef1234567890"]
      },
      {
        "node_id": "c3d4e5f6-a7b8-9012-cdef-123456789012",
        "node_type": "ATTESTATION",
        "hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
        "timestamp": "2026-05-22T10:00:10Z",
        "payload": { "receipt_id": "H74-2026-05-22-00042" },
        "parent_ids": ["b2c3d4e5-f6a7-8901-bcde-f12345678901"]
      }
    ],
    "edges": [
      {
        "source": "b2c3d4e5-f6a7-8901-bcde-f12345678901",
        "target": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
        "edge_type": "DEPENDS_ON"
      },
      {
        "source": "c3d4e5f6-a7b8-9012-cdef-123456789012",
        "target": "b2c3d4e5-f6a7-8901-bcde-f12345678901",
        "edge_type": "ATTESTS"
      }
    ]
  },
  "root_hash": "a3f8c1d2e4b5f67890abcdef1234567890abcdef1234567890abcdef12345678",
  "timestamp": "2026-05-22T10:00:10Z",
  "signer_set": {
    "ml_dsa": {
      "algorithm": "ML-DSA-65",
      "public_key_hash": "d4e5f6a7b8c9d0e1f2a3b4c5d6e7f8a9b0c1d2e3f4a5b6c7d8e9f0a1b2c3d4",
      "signature_hex": "3045022100...truncated"
    },
    "falcon": {
      "algorithm": "FALCON-512",
      "public_key_hash": "e5f6a7b8c9d0e1f2a3b4c5d6e7f8a9b0c1d2e3f4a5b6c7d8e9f0a1b2c3d4e5",
      "signature_hex": "3082...truncated"
    },
    "slh_dsa": {
      "algorithm": "SLH-DSA-SHA2-128f-simple",
      "public_key_hash": "f6a7b8c9d0e1f2a3b4c5d6e7f8a9b0c1d2e3f4a5b6c7d8e9f0a1b2c3d4e5f6",
      "signature_hex": "3081...truncated"
    }
  },
  "verification_status": "INTACT",
  "proof_profile": "HATS-PROFILE-PQ-SHA3-256-v1"
}

9. Canonical Invalid Example

The following payload is invalid for the annotated reasons.

Invalid HATS Attestation Payload
{
  "schema_version": "1.0.0",
  "transcript_version": 0,                        // ERROR: minimum is 1
  "governance_graph": {
    "nodes": [],                                   // ERROR: minItems is 1
    "edges": []
  },
  "root_hash": "ZZZZ",                            // ERROR: not 64 hex chars
  "timestamp": "May 22, 2026",                     // ERROR: not ISO 8601
  "signer_set": {
    "ml_dsa": {
      "algorithm": "ML-DSA-65",
      "public_key_hash": "abc123"                  // ERROR: not 64 hex chars
    }
                                                   // ERROR: missing falcon and slh_dsa
  },
  "verification_status": "OK",                     // ERROR: not a valid enum value
  "proof_profile": "HATS-PROFILE-PQ-SHA3-256-v1",
  "extra_field": true                              // ERROR: additionalProperties is false
}

A conformant validator MUST reject this payload with errors for each annotated violation.

10. Verification Flow

To verify a HATS attestation payload, a conformant verifier MUST perform the following steps in order:

Schema validation. Validate the payload against the JSON Schema defined in Section 3. Reject if validation fails.
Graph integrity. Verify that every source and target in edges references a valid node_id in nodes. Verify no cycles exist (the graph is a DAG).
Node hash verification. For each node, recompute SHA3-256(canonical_node_bytes) and compare to the node's hash field. Any mismatch means the node has been tampered with.
Root hash verification. Compute the root hash over the canonical graph serialization. Compare to root_hash. Mismatch indicates graph-level tampering.
Signature verification. Verify all three signatures in signer_set against the root_hash. All three MUST pass. If any signature fails, the attestation is BROKEN.
Temporal validation. Verify that all node timestamps are earlier than or equal to the payload timestamp. Verify transcript_version is greater than any previously seen version for this governance chain.
Set verification_status. Based on the results: INTACT (all pass), PARTIAL (graph valid, signatures incomplete), DIVERGENT (root hash mismatch), BROKEN (signature failure or structural corruption).

11. Failure Modes

Failure Code	Description	Severity	Recovery
`SCHEMA_INVALID`	Payload does not conform to the JSON Schema. Missing required fields, wrong types, or constraint violations.	Fatal	Fix payload at producer.
`ROOT_HASH_MISMATCH`	Recomputed root hash does not match `root_hash` field. Graph has been modified after signing.	Fatal	Discard payload. Request re-attestation.
`NODE_HASH_MISMATCH`	One or more node hashes do not match recomputed values. Individual nodes have been tampered with.	Fatal	Identify affected nodes. Request re-attestation.
`SIGNATURE_INVALID`	One or more signatures in `signer_set` fail verification.	Fatal	Do not trust. Investigate key compromise.
`SIGNATURE_MISSING`	Fewer than three signature families present in `signer_set`.	Fatal	Producer must sign with all three families.
`GRAPH_CYCLE`	The governance graph contains a cycle. DAG constraint violated.	Fatal	Fix graph at producer.
`DANGLING_EDGE`	An edge references a `node_id` not present in `nodes`.	Fatal	Include missing node or remove edge.
`TIMESTAMP_FUTURE`	Payload `timestamp` is in the future relative to verifier's clock (beyond allowed skew).	Warning	Check clock synchronization.
`VERSION_REGRESSION`	`transcript_version` is less than or equal to a previously verified version for this chain.	Fatal	Possible replay attack. Reject.

12. Conformance Requirements

12.1. Producers

An implementation that produces HATS attestation payloads MUST:

Emit payloads that pass validation against the JSON Schema in Section 3.
Compute root_hash as SHA3-256 over the canonical graph serialization (deterministic field ordering, UTF-8 encoding, no whitespace).
Compute each node hash as SHA3-256 over the node's canonical serialization (same rules).
Sign the root_hash with all three PQ signature families and populate signer_set accordingly.
Increment transcript_version monotonically for each new attestation in the same governance chain.
Set verification_status to "INTACT" at time of production (the producer has just verified its own output).

12.2. Consumers

An implementation that consumes HATS attestation payloads MUST:

Validate the payload against the JSON Schema before processing any field.
Verify all three signatures. If any signature fails, set local verification_status to "BROKEN" and halt processing.
Verify root_hash by recomputation. If mismatch, set verification_status to "DIVERGENT".
Reject payloads with transcript_version less than or equal to the last verified version (replay protection).

Consumers SHOULD verify individual node hashes. Consumers MAY process metadata for non-critical purposes but MUST NOT treat metadata as cryptographically bound.

Related Schemas & Specifications

Schema Index H33-74 Receipt Schema Governance Proof Bundle Verification Result OIS Score Payload H33-74 Specification HATS Standard