A.7 Protocol Services, Operators, and Auditability

Protocol Service Operator (PSO)

An entity that runs one or more deterministic protocol services (e.g., orchestration, integrity checks, dataset assembly, delivery) under published service specifications. PSOs emit signed service events. PSOs do not determine final acceptance; final outcomes are produced through PHK and recorded via PHK Receipts.

Service Specification

A versioned definition of how a protocol service must behave (inputs, allowed outputs, receipt format, constraints). Service specs are referenced by hash to enable auditability and reproducibility across multiple operators.

Signed Service Event

A cryptographically signed record produced by a protocol service (e.g., assignment event, guard report, dataset assembly report, delivery receipt) referencing the campaign configuration hash and relevant spec hashes. Signed service events support auditability but do not override PHK finality.

Implementation note: Bootstrap/testnet operator-assisted actions, when present, must be explicitly logged and never substitute for PHK outcomes. Current live behavior is documented in App Status.

Validation Guard (Optional)

An automated integrity service that computes risk indicators and flags suspicious contributions. It does not finalize outcomes; validators do. Cluster-confidence or anomaly outputs from the guard can justify operational restrictions or audits, but not canonical fraud findings on their own.

Spec Registry

An on-chain registry that stores approved service specification hashes, and optional version compatibility windows, for protocol services. Enables multiple operators to run identical deterministic workflows under publicly verifiable spec versions.