Operational Integrity Score — Specification v1.0.0

Version: 1.0.0
Status: Draft
Date: 2026-05-22
Editor: Eric Beans, H33.ai, Inc.
Canonical URL: https://h33.ai/specifications/ois/
Last Updated: 2026-05-22

1. Abstract

This document specifies the Operational Integrity Score (OIS), a composite metric that measures whether operational decisions within a governed system remain independently reconstructable, policy-bound, and cryptographically verifiable over time. The OIS is computed from six orthogonal integrity dimensions, each of which captures a distinct failure mode in operational governance.

The OIS is not a security score, a compliance checkbox, or a risk rating. It is a quantitative measure of verifiable operational state. An OIS value of 1.0 indicates that every operational decision in the measurement window can be independently replayed, that every governance policy was continuously attested, that every signature was produced by at least three independent post-quantum families, and that no vendor infrastructure is required to verify any of the above.

An OIS value below 1.0 indicates a specific, enumerable set of degradation events. The score composition is deterministic: given identical input telemetry, any conformant implementation MUST produce an identical OIS value.

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119.

2. Status of This Document

This document is a Draft specification. It has not been submitted to any standards body. The specification is published by H33.ai, Inc. for public review and implementer feedback. Normative requirements are binding for implementations that claim OIS conformance.

Comments and errata SHOULD be directed to standard@h33.ai.

3. Definitions

Term	Definition
Operational Integrity	The property of a system in which every operational decision is independently reconstructable from its governance chain, policy state, and cryptographic attestations, without reliance on the originating infrastructure.
Integrity Dimension	One of six orthogonal axes along which operational integrity is measured. Each dimension corresponds to a distinct class of degradation event.
Score Component	A normalized value in the range [0.0, 1.0] representing the measured integrity of a single dimension within the scoring window.
Degradation Event	An observable event that reduces one or more score components. Degradation events are enumerated in Section 7.
Recovery Event	An observable event that increases one or more score components. Recovery events are enumerated in Section 8. A recovery event does not erase the historical degradation; it restores the dimension to a higher value for subsequent measurement windows.
Measurement Window	The time interval over which telemetry is aggregated for a single OIS computation. The default measurement window is 24 hours. Implementations MAY support configurable windows with a minimum granularity of 1 hour.
Scoring Window	Synonym for measurement window. Used interchangeably in this document.

4. Score Composition

The Operational Integrity Score is composed of six dimensions. Each dimension captures an independent failure mode. Dimensions are scored individually and combined via a weighted composite function defined in Section 5.

4.1. Decision Reproducibility (DR)

Measures the rate at which operational decisions can be deterministically replayed from their governance chain and attestation history. A decision is reproducible if and only if an independent verifier, given the governance chain state at the time of the decision, can derive an identical outcome without access to the originating system.

Computation:

DR = count(decisions_successfully_replayed) / count(total_decisions)

Where decisions_successfully_replayed is the number of decisions in the measurement window for which deterministic replay produced a byte-identical governance receipt. Decisions with missing chain entries are counted as replay failures.

4.2. Agent Scope Integrity (ASI)

Measures the rate of scope violations relative to total agent actions. A scope violation occurs when an agent executes an action outside its delegated authority as defined by the governing scope constraint set.

Computation:

ASI = 1.0 - (count(scope_violations) / count(total_agent_actions))

An environment with zero agent actions in the measurement window MUST report ASI as 1.0 (no violations possible). Escalation events that are handled within the escalation protocol defined in Agent Governance Attestation Model Section 8 are not counted as scope violations.

4.3. Evidence Survivability (ES)

Measures the percentage of the governance chain that is independently verifiable at the time of measurement. A chain entry is independently verifiable if its signatures can be validated, its policy reference can be resolved, and its predecessor hash is consistent with the chain state, all without contacting the originating infrastructure.

Computation:

ES = count(independently_verifiable_entries) / count(total_chain_entries)

Entries with expired signatures, unreachable policy references, or broken predecessor hashes are not independently verifiable. Entries relying on proprietary verification endpoints that are not publicly specified are not independently verifiable.

4.4. Policy Continuity (PC)

Measures the proportion of the measurement window during which policy enforcement attestation was continuously maintained. A gap in policy continuity occurs when the system operates without an active, attested policy for any duration.

Computation:

PC = total_attested_policy_seconds / total_measurement_window_seconds

Policy transitions (version N to version N+1) MUST NOT produce a gap if the new policy is attested before the old policy expires. Implementations MUST treat overlapping policy validity windows as continuous coverage.

4.5. Signer Diversity (SD)

Measures the post-quantum signature family coverage across attestations in the measurement window. Signer diversity quantifies the number of independent cryptographic hardness assumptions that must be simultaneously broken to forge any attestation in the window.

Computation:

SD = count(distinct_families_used) / count(supported_families)

Where supported_families is the set of PQ signature families defined in the Multi-Family Post-Quantum Signature Framework. In the current specification, supported_families = 3 (ML-DSA-65, FALCON-512, SLH-DSA-SHA2-128f). An attestation signed by only one family contributes 1/3 to SD. An attestation signed by all three families contributes 3/3 = 1.0.

SD is computed as the minimum across all attestations in the window:

SD = min(SD_i) for all attestations i in the measurement window

4.6. Verification Independence (VI)

Measures the percentage of attestations in the measurement window that can be verified without any vendor-operated infrastructure. An attestation is independently verifiable if its verification algorithm is publicly specified, its verification inputs (public keys, domain parameters, transcripts) are available from non-vendor sources, and its verification can be performed by a third-party implementation.

Computation:

VI = count(vendor_independent_attestations) / count(total_attestations)

Attestations that require contacting a vendor API for key resolution, nonce verification, or transcript retrieval are not vendor-independent.

5. Scoring Algorithm

The composite OIS value is computed as a weighted sum of the six dimension scores:

OIS = w_DR * DR + w_ASI * ASI + w_ES * ES + w_PC * PC + w_SD * SD + w_VI * VI

Normalization rules:

Each dimension score MUST be in the range [0.0, 1.0].
The sum of all weights MUST equal 1.0.
The composite OIS value is therefore in the range [0.0, 1.0].
Implementations MUST use IEEE 754 double-precision floating-point arithmetic.
The final OIS value MUST be rounded to 6 decimal places using round-half-to-even (banker's rounding).

Determinism requirement: given identical telemetry inputs and identical weights, any conformant implementation MUST produce a bit-identical OIS value.

6. Dimension Weights

The following default weights are defined. These weights reflect the relative importance of each dimension for general-purpose operational integrity assessment.

Dimension	Identifier	Default Weight
Decision Reproducibility	`w_DR`	`0.25`
Agent Scope Integrity	`w_ASI`	`0.15`
Evidence Survivability	`w_ES`	`0.20`
Policy Continuity	`w_PC`	`0.15`
Signer Diversity	`w_SD`	`0.10`
Verification Independence	`w_VI`	`0.15`

Customization rules:

Implementations MAY allow weight customization per deployment.
Custom weights MUST sum to 1.0. Implementations MUST reject weight sets that do not sum to 1.0 (within a tolerance of 1e-9).
No individual weight MAY be set to 0.0. Every dimension MUST contribute to the composite score. Minimum weight per dimension: 0.01.
When custom weights are used, the OIS report MUST include the weight vector in the weights field (see Section 9).
Implementations that claim OIS conformance with default weights MUST NOT alter the default weight values.

7. Degradation Events

The following events cause one or more dimension scores to decrease. Each event is tagged with the affected dimension(s).

Event	Dimension	Effect
Replay failure (non-deterministic outcome)	`DR`	Reduces DR by `1/N` where N = total decisions
Missing chain entry for a decision	`DR`, `ES`	Reduces DR (replay impossible) and ES (chain gap)
Agent scope violation	`ASI`	Reduces ASI by `1/N` where N = total agent actions
Broken predecessor hash in chain	`ES`	Reduces ES for that entry and all subsequent entries until chain integrity is restored
Expired signature on chain entry	`ES`	Reduces ES for that entry
Policy gap (no active attested policy)	`PC`	Reduces PC proportionally to gap duration
Single-family attestation	`SD`	SD floored at `1/3` for that window
Two-family attestation	`SD`	SD floored at `2/3` for that window
Vendor-dependent verification required	`VI`	Reduces VI by `1/N` where N = total attestations
Proprietary key resolution dependency	`VI`	Reduces VI for all attestations requiring that key

A single missing chain entry simultaneously degrades both Decision Reproducibility and Evidence Survivability. Implementations MUST account for cross-dimension degradation.

8. Recovery Events

The following events cause one or more dimension scores to increase. Recovery events apply to subsequent measurement windows only; they do not retroactively alter historical OIS values.

Event	Dimension	Effect
Chain entry backfilled with valid attestation	`DR`, `ES`	Entry becomes replayable and independently verifiable
Scope constraint tightened (reducing violation surface)	`ASI`	Future violations less likely; measured in subsequent windows
Predecessor hash repaired via re-attestation	`ES`	Chain integrity restored from that entry forward
Signature renewed before expiry	`ES`	Entry remains independently verifiable
Policy activated (closing a gap)	`PC`	Subsequent seconds count as attested
Additional PQ family added to signing	`SD`	SD floor raised for subsequent attestations
Public key registry published	`VI`	Attestations using those keys become vendor-independent

Implementations MUST NOT modify historical OIS values. Each measurement window's OIS is immutable once computed. Recovery events improve future windows only.

9. Reporting Format

Implementations MUST support the following JSON reporting format for OIS values. All fields are REQUIRED unless marked optional.

{
  "specification": "https://h33.ai/specifications/ois/",
  "version": "1.0.0",
  "timestamp": "2026-05-22T00:00:00Z",
  "measurement_window": {
    "start": "2026-05-21T00:00:00Z",
    "end": "2026-05-22T00:00:00Z",
    "duration_seconds": 86400
  },
  "ois": 0.937500,
  "dimensions": {
    "decision_reproducibility": 0.980000,
    "agent_scope_integrity": 1.000000,
    "evidence_survivability": 0.950000,
    "policy_continuity": 0.880000,
    "signer_diversity": 0.666667,
    "verification_independence": 0.950000
  },
  "weights": {
    "w_DR": 0.25,
    "w_ASI": 0.15,
    "w_ES": 0.20,
    "w_PC": 0.15,
    "w_SD": 0.10,
    "w_VI": 0.15
  },
  "degradation_events": [
    {
      "event_type": "policy_gap",
      "dimension": "policy_continuity",
      "timestamp": "2026-05-21T14:32:00Z",
      "duration_seconds": 10368,
      "detail": "Policy v7 expired; v8 activated 2.88 hours later"
    }
  ],
  "telemetry_hash": "sha3-256:9f86d08..."
}

Field definitions:

Field	Type	Description
`specification`	string (URI)	Canonical URL of this specification. MUST be `https://h33.ai/specifications/ois/`.
`version`	string (semver)	Specification version the report conforms to.
`timestamp`	string (ISO 8601)	Time at which the OIS was computed. MUST be UTC.
`measurement_window`	object	The time interval over which telemetry was aggregated.
`ois`	number	The composite score. Range [0.0, 1.0]. 6 decimal places.
`dimensions`	object	Per-dimension scores. Each value in [0.0, 1.0], 6 decimal places.
`weights`	object	Weight vector used for computation. REQUIRED even when using defaults.
`degradation_events`	array	List of degradation events in the window. MAY be empty.
`telemetry_hash`	string	SHA3-256 hash of the input telemetry used to compute the score. Enables deterministic verification by third parties.

10. Thresholds

The following operational thresholds are RECOMMENDED for deployment monitoring. These thresholds are advisory; conformant implementations MAY define alternative thresholds appropriate to their operational context.

OIS Range	Classification	Operational Guidance
`> 0.95`	Healthy	All dimensions within acceptable bounds. No action required. Governance state is independently reconstructable.
`0.80 – 0.95`	Attention	One or more dimensions degraded. Review degradation events. Remediation SHOULD be scheduled within the next measurement window.
`< 0.80`	Critical	Significant integrity degradation. Independent reconstructability of operational decisions is compromised. Immediate remediation RECOMMENDED.

Per-dimension thresholds:

Any individual dimension below 0.50 SHOULD trigger an alert regardless of the composite OIS value.
Decision Reproducibility below 0.90 indicates that more than 10% of decisions cannot be independently replayed.
Evidence Survivability below 0.90 indicates that more than 10% of the governance chain is not independently verifiable.
Signer Diversity below 1.0 indicates that not all supported PQ families are in use. This is an informational threshold, not a failure condition.

11. Failure Modes

This section enumerates conditions under which OIS computation is undefined or degraded.

Failure Mode	Behavior	Requirement
Incomplete telemetry	One or more dimensions cannot be computed because telemetry data is missing.	Implementations MUST report the affected dimension(s) as `null` in the dimensions object and MUST NOT compute a composite OIS. The `ois` field MUST be `null`.
Stale attestations	Attestations in the chain have timestamps older than the measurement window.	Attestations outside the measurement window MUST NOT be included in the computation. If all attestations are stale, Evidence Survivability is 0.0 for that window.
Missing dimensions	A deployment does not use agents (ASI inapplicable).	Dimensions that are structurally inapplicable MUST be scored as 1.0 (no violations possible). The report MUST include a `dimension_exclusions` array listing excluded dimensions and their reason.
Clock skew	Telemetry timestamps are inconsistent across sources.	Implementations MUST reject telemetry with clock skew exceeding 5 seconds relative to the measurement window boundaries. Rejected telemetry entries MUST be logged.
Weight sum violation	Custom weights do not sum to 1.0.	Implementations MUST reject the computation and return an error. No partial OIS MAY be reported.

12. Conformance Requirements

An implementation conforms to this specification if and only if all of the following hold:

All six dimensions are computed according to the formulas in Section 4.
The composite score is computed according to Section 5.
Default weights match the values in Section 6 when custom weights are not configured.
The JSON reporting format in Section 9 is supported, with all REQUIRED fields present.
Incomplete telemetry is handled according to Section 11 (no partial composite score).
Determinism: given identical telemetry and weights, the implementation produces bit-identical OIS values across invocations, platforms, and versions.
Historical immutability: computed OIS values for past measurement windows are never modified.
The telemetry_hash field uses SHA3-256 and is computed over the canonical serialization of the input telemetry.

Implementations that satisfy requirements 1-8 MAY claim conformance to "OIS Specification v1.0.0" and MUST reference the canonical URL https://h33.ai/specifications/ois/ in their reporting output.

Conformance is testable. A reference test vector set will be published alongside the first stable release. Implementations MUST pass all reference vectors to claim conformance.

13. Reproducible Example

Given the following telemetry for a 24-hour measurement window:

Metric	Value
Total decisions	1,000
Decisions successfully replayed	980
Total agent actions	500
Scope violations	0
Total chain entries	1,200
Independently verifiable entries	1,140
Total window seconds	86,400
Attested policy seconds	76,032
Distinct PQ families used (min across attestations)	2
Total attestations	1,200
Vendor-independent attestations	1,140

Dimension scores:

DR  = 980 / 1000   = 0.980000
ASI = 1.0 - (0/500) = 1.000000
ES  = 1140 / 1200   = 0.950000
PC  = 76032 / 86400 = 0.880000
SD  = 2 / 3         = 0.666667
VI  = 1140 / 1200   = 0.950000

Composite OIS (default weights):

OIS = (0.25 * 0.980000) + (0.15 * 1.000000) + (0.20 * 0.950000)
    + (0.15 * 0.880000) + (0.10 * 0.666667) + (0.15 * 0.950000)

    = 0.245000 + 0.150000 + 0.190000 + 0.132000 + 0.066667 + 0.142500

    = 0.926167

14. Changelog

Version	Date	Changes
`1.0.0`	2026-05-22	Initial draft specification.

15. References

Reference	Title	URL
[RFC 2119]	Key words for use in RFCs to Indicate Requirement Levels	rfc-editor.org/rfc/rfc2119
[IEEE 754]	IEEE Standard for Floating-Point Arithmetic	standards.ieee.org
[SHA3-256]	NIST FIPS 202: SHA-3 Standard	csrc.nist.gov
[Multi-Family PQ]	Multi-Family Post-Quantum Signature Framework v1.0.0	h33.ai/specifications/multi-family-pq/
[Agent Governance]	AI Agent Governance Attestation Model v1.0.0	h33.ai/specifications/agent-governance/

Operational Integrity → Continuous Control Monitoring → Dashboard → HATS Specification →