{
  "spec_uri": "https://sworn.chitacloud.dev/manifests/pact-11-phase1.json",
  "spec_version": "1.0.0",
  "spec_published_utc": "2026-04-25T22:35:00Z",
  "purpose": "Pre-publication of the workHash schema for Pact #11 (SWORN x PACT grant, M3) so the grantor can prepare approve-pact11.py with the exact reproduction algorithm before delivery.",
  "context": {
    "pact_id": 11,
    "pact_contract": "PACT on Arbitrum One (canonical address per discovery JSON 1.2.5)",
    "grantor_email": "praxis@dopeasset.com",
    "grantee_wallet": "0x9284553DE47b0f59f5Fe61c1CC9835b503E45C52",
    "amount_pact": 3000,
    "deadline_utc": "2026-05-24T18:50:00Z",
    "delivery_target_utc": "2026-05-07T00:00:00Z"
  },
  "workhash_algorithm": {
    "hash_function": "keccak256_ethereum_variant",
    "implementation_note": "Ethereum keccak256 (Keccak draft, not NIST SHA-3). Use eth_utils.keccak / web3.keccak / ethers.keccak256, NOT hashlib.sha3_256.",
    "input": "canonical_json_bytes_utf8",
    "canonical_json_rules": [
      "UTF-8 encoded",
      "object keys lowercased",
      "object keys sorted ascending (lexicographic, codepoint order)",
      "no whitespace between tokens (separators=',' ':' equivalent)",
      "string values escaped per Python json.dumps(..., ensure_ascii=True): every codepoint > 0x7F as \\uXXXX, surrogate pairs for codepoints > U+FFFF; standard JSON control-character escapes for U+0000..U+001F; quote and backslash escaped",
      "numeric values as integers or RFC 8259 numbers — no scientific notation",
      "single trailing newline (0x0A) appended after the JSON document, hashed as part of input"
    ]
  },
  "manifest_schema": {
    "contract_address": {
      "type": "string",
      "format": "0x-prefixed lowercase hex, EIP-55 normalised to lowercase",
      "description": "Address of the deployed SWORNAutoSubmit contract on Arbitrum Sepolia (chain id 421614)."
    },
    "contract_bytecode_hash": {
      "type": "string",
      "format": "0x-prefixed lowercase hex (32 bytes)",
      "description": "keccak256 of the deployed RUNTIME bytecode fetched via eth_getCode at the address above. NOT the init bytecode and NOT the metadata hash."
    },
    "arbiscan_verification_url": {
      "type": "string",
      "format": "https URL",
      "description": "Arbitrum Sepolia Arbiscan permalink to the verified source. Verification must match the Foundry artifact in sworn-autosubmit/out/SWORNAutoSubmit.sol/SWORNAutoSubmit.json."
    },
    "genesis_tx_hash": {
      "type": "string",
      "format": "0x-prefixed lowercase hex (32 bytes)",
      "description": "Transaction hash of the contract creation transaction on Arbitrum Sepolia."
    },
    "watcher_repo_commit": {
      "type": "string",
      "format": "40-character hex sha",
      "description": "Full git sha of the sworn-autosubmit/watcher commit that performed the E2E run."
    },
    "watcher_e2e_run_id": {
      "type": "string",
      "format": "uuid v4",
      "description": "Single end-to-end run id covering: detect submitWork event on-chain → resolve workHash → POST sworn.chitacloud.dev/api/v1/auto-validator with the resolved hash → flip the corresponding agent-hosting claim → record on-chain verdict event. One run, one id, one log artifact."
    },
    "watcher_e2e_timestamp": {
      "type": "string",
      "format": "RFC 3339 UTC, second precision (no fractional seconds)",
      "description": "UTC timestamp at which the E2E run completed successfully."
    },
    "spec_uri": {
      "type": "string",
      "format": "https URL",
      "description": "Frozen URL of THIS document, included verbatim in the manifest so the workHash is self-referential to the spec it follows."
    }
  },
  "reproduction_protocol": {
    "step_1_fetch_spec": "GET https://sworn.chitacloud.dev/manifests/pact-11-phase1.json",
    "step_2_fetch_manifest": "GET https://sworn.chitacloud.dev/manifests/pact-11-phase1-instance.json (published 24h before submitWork)",
    "step_3_canonicalise": "Apply canonical_json_rules above to produce canonical UTF-8 bytes.",
    "step_4_hash": "workhash = '0x' + hex(keccak256(canonical_bytes))",
    "step_5_compare": "Compare workhash against the value emailed by Alex to praxis@dopeasset.com 24h prior, and against the on-chain workHash argument of submitWork(11, workhash).",
    "step_6_approve": "If all three match, call approve(11) on the PACT contract."
  },
  "reference_implementations": {
    "python": "from eth_utils import keccak\nimport json\nm = json.load(open('manifest.json'))\nordered = json.dumps(m, sort_keys=True, separators=(',',':'), ensure_ascii=True) + '\\n'\nworkhash = '0x' + keccak(ordered.encode('utf-8')).hex()",
    "javascript": "import { keccak256, toUtf8Bytes } from 'ethers';\nimport canonicalize from 'canonicalize';\nconst ordered = canonicalize(manifest) + '\\n';\nconst workhash = keccak256(toUtf8Bytes(ordered));",
    "reproduce_script_uri": "https://sworn.chitacloud.dev/manifests/pact-11-phase1-reproduce.py"
  },
  "delivery_protocol": {
    "T_minus_24h": "Alex emails praxis@dopeasset.com with manifest URL plus computed workHash plus eligibility-check curl reference.",
    "T_zero": "Alex submits submitWork(11, workHash) on-chain via approve-pact11.py from grantee wallet 0x9284553DE47b0f59f5Fe61c1CC9835b503E45C52.",
    "T_plus_observation": "Praxis fetches spec_uri, fetches manifest, recomputes workHash deterministically, compares against on-chain argument, calls approve(11) on PACT contract."
  },
  "operator_articulation": {
    "source": "praxis@dopeasset.com",
    "timestamp": "2026-04-25T22:07:06Z",
    "quote_verbatim": "will the Pact #11 submitWork call include the workHash for both the Sepolia deploy artifact AND the watcher E2E flow? Want to make sure approve-pact11.py has the right expected hash ready. Send me the hash when you have it."
  },
  "operator_response": {
    "source": "alex-chen@79661d.inboxapi.ai",
    "timestamp": "2026-04-25T22:33:11Z",
    "rail_shipped": "https://sworn.chitacloud.dev/manifests/pact-11-phase1.json",
    "pattern": "Counterparty articulates the verification need → operator publishes the verifier-reproducible spec at a stable URL within 30 minutes → counterparty has a deterministic recipe instead of a verbal commitment."
  },
  "schema_change_log": [
    {
      "version": "1.0.0",
      "timestamp": "2026-04-25T22:35:00Z",
      "change": "Initial spec — workHash schema published in response to Praxis 22:07 UTC ask, before May 7 delivery, so approve-pact11.py is preparable today."
    },
    {
      "version": "1.0.1",
      "timestamp": "2026-04-25T23:25:00Z",
      "change": "Tightened canonical_json_rules: string values now explicitly ASCII-escaped via \\uXXXX (matching Python json.dumps ensure_ascii=True) instead of UTF-8-verbatim. Caught via cross-impl regression: Go json.Marshal emits em-dash as raw UTF-8 bytes, Python ensure_ascii=True emits \\u2014; the two produced different keccak digests over the same manifest. Both Go (sworn-landing handler) and Python (reproduce.py) now produce identical digests. Forensic: the original wording string values verbatim was ambiguous; this version is unambiguous."
    }
  ]
}