Annex B — Rule Identity Derivation

This annex defines deterministic rule identity derivation requirements for the Trust-State Standard.

1. Scope

Rule identity ensures that invariant logic used during evaluation is cryptographically bound to conformity artifacts and replay validation.

All implementations SHALL derive rule identity exactly as defined herein.

2. Canonical Rule Representation

A rule definition SHALL be expressed as a structured object subject to canonical serialization as defined in Annex A.

• All rule fields SHALL be serialized deterministically.
• Rule logic expressions SHALL be preserved exactly as defined.
• No implicit defaults SHALL be assumed.

3. Rule Hash Derivation

Rule identity SHALL be defined as:

RULE_HASH = SHA256(canonical_rule_byte_sequence)

The canonical_rule_byte_sequence SHALL be the UTF-8 encoded byte sequence produced under Annex A.

4. Determinism Requirement

Given identical rule structure and content, independent implementations MUST derive byte-identical canonical representations and identical RULE_HASH values.

Any variation in canonical representation or hash output SHALL constitute non-conformance.

5. Rule Versioning

Modification of any rule field, logic expression, or structural component SHALL result in a new canonical byte sequence and therefore a new RULE_HASH.

Rule identity SHALL NOT be overridden, aliased, or substituted.

6. Binding Requirement

RULE_HASH SHALL be embedded within conformity artifacts and used as a mandatory input to deterministic replay validation.