DUNIN7 · LOOMWORKS · RECORD
record.dunin7.com
Status Current
Path candidate-seeds/ova/ova-candidate-seed-v0_1.md

OVA — candidate seed v0.1

Version. 0.1 Date. 2026-06-22 Status. Candidate seed. Ready for Operator review and induction.


What the work is

OVA is a standalone DUNIN7 product: a topology-hiding predicate authorizer over the Kaspa blockDAG. It answers exactly one question about an access request — granted or rejected — and answers it without revealing who is asking, what they are permitted, which condition was satisfied, or how the governed system is structured.

The unit is the egg: an on-chain object carrying live authorization state (its ACL conditions, state payload, and chain linkage encrypted under the egg key), living among indistinguishable decoys. A requester proves in zero knowledge that their credential set satisfies at least one of an egg's ACL conditions; the interrogation returns the boolean result and nothing more. The egg's ACL conditions and type are never exposed in the return value (REQ-013).

OVA's committed differentiator is that the who-can-reach-what structure stays opaque even to an observer who can read everything — the assume-breach / full-read adversary model. This is the single property that separates OVA from conventional access-control systems, all of which assume a trusted observer of the policy.

Identity correction (preserved, not smoothed). OVA was previously framed as a product for "AI agent identity and authorization." That framing is retired. Grounding against the V3 spec established that OVA contains no agent vocabulary, no notion of principal type, and no identity machinery — it proves predicates over credential sets while remaining deliberately blind to who or what holds them. The prior framing was a label that never matched the built mechanism. The seed fixes OVA as the predicate authorizer the spec describes; "agent identity" is not OVA's work and never was.

Who consumes the work

Consuming applications that need provable, topology-hiding authorization decisions, integrating OVA at the application layer in their own codebases (the based-ZK-application model — off-chain execution, ordering inherited from Kaspa Layer 1, compact proofs verified on-chain).

Named and anticipated consumers:

OVA does not distinguish its consumers by the nature of the principals they authorize. A human-holding consumer and an agent-holding consumer produce identical OVA proofs.

Voice

Neutral / decisional. OVA's posture toward its consumers is to return an authorization result — granted or rejected — and nothing else. It does not advise, explain, or expose its reasoning; the deliberate withholding of which condition was satisfied (REQ-041) is constitutive of the product. OVA is a decision surface, not an advisory or descriptive one.

Constraints

Must:

Must not:

Success conditions

OVA is complete-and-good when:

This is continuously-maintained correctness: the maintained property is that no spec change, platform change, or consumer integration reintroduces a linkage, a type identifier, or a content/identity leak that the indistinguishability argument forbids.

Initial contributors and agents

No autonomous agent holds authority over OVA's commitments; the roster names humans-and-tools at creation and evolves through the engagement.

What OVA is not (the fence)

This section exists to protect OVA from well-intentioned expansion by the products that consume it. A seed that only says what a product does leaves the door open for consumers to annex it; OVA's value is its smallness and its blindness, and both are lost by accretion.

Future-primitive note (not a commitment). Should a data-object-protection mechanism or an absence-proof capability prove genuinely needed by the broader system, each is a separate product with its own seed, scoped and justified on its own terms — never a stretch of OVA. This note records the boundary without predicting OVA will ever cross it.

Authorisation

Authorized by Marvin Percival, DUNIN7 Operator, 2026-06-22: OVA is a standalone DUNIN7 product — a topology-hiding predicate authorizer over Kaspa. It is not part of any consuming product. The "agent identity and authorization" framing is retired. Data-object protection is out of scope and belongs to a separate mechanism.


Drafter's notes for your review

What was provided vs. drawn from source.

Preserved corrections (Discovery-record posture).

Consistency checks applied.

Flagged for your decision (not resolved by the skill):

  1. No prior OVA seed existed. CC confirmed there is no ova-candidate-seed-* anywhere and the record subtree is "awaiting content." This is genuinely v0.1 — first seed for OVA. (Noting it so the version isn't mistaken for a restart over a higher existing version.)
  2. Open spec items inherited, not resolved by the seed: the STARK-vs-Groth16 mainnet decision (REQ-048/050/059/061, [ZK-OPCODE]); the [SCOPEGAS] and [SCALE] flags (REQ-060); mainnet activation (~2026-06-30) post-dating this draft. The seed commits to the abstract-interface posture (bind to neither verifier) rather than to a specific verifier — confirm that's the right level for a seed.
  3. Verification maturity: Part I complete, Part II draft, Parts III–VII not present. Success conditions name the full program as the bar; confirm you want the seed to hold OVA to all seven parts as its success measure rather than a reduced set.
  4. FORAY dependency version: the spec cites FORAY "consumed as an external dependency at v4.1." Left as-is; flag if the version reference should be generalised.

What was deliberately NOT included.


DUNIN7 · Done In Seven LLC · Miami, Florida OVA — candidate seed — v0.1 — 2026-06-22