Sovrient
SYSTEM NOMINAL
Verifiable Measurement Authority

Five Networks.
One Verifiable Outcome.
Zero Drift.

Public verification surface for catastrophe measurement.

A Verifiable Measurement Authority is a protocol-governed system that produces cryptographically sealed, independently replayable measurements whose validity does not depend on institutional trust.

Multi-source corroboration eliminates single points of failure. Deterministic computation makes every result replayable. Cryptographic sealing reduces reliance on institutional trust by providing independently verifiable mathematical proof. This is an evidentiary layer for settlement logic — not a replacement for catastrophe models.

10Y BACKFILL: 2016-01-01 → 2026-02-08
BUNDLE HASH: 57490554420624a2361746e741dfcd792f31f40e530a82462e390a6b8ec24f91
These anchors bind the 10‑year output. Verification is binary: hashes match or the claim fails.
PROTOCOLSOVOS_CANON_V1
ATTESTATION CLASSVOSINT (Verifiable Open-Source Intelligence)
EVIDENCE MODELMerkle-sealed, deterministically replayable
FAILURE SEMANTICSFail-closed — unverifiable data does not pass
WITNESSINGEdDSA signature + TSA timestamp
DOMAINCatastrophe risk — seismic events
ANCHORSEPOLIA TESTNET ANCHORED (2026-02-01 → 2026-02-08)
PROTOCOL v1.0 (draft) · SCHEMA v2.4 (draft) · ATTESTATION FORMAT v1.1 (draft) · CI-1
Protocol versioning may change. Individual attestations are final once sealed — signature and hash are immutable regardless of future protocol revisions.
View Attestations Verification Globe Live Attestation Log
Backfill Coverage
0Days
Trigger Days
0
M4+ Events (Latest Day)
0Events
Sources
0Networks
Counts reflect live attestation status at time of page generation.
Problem Statement

The Oracle Problem Isn't About
Data Availability. It's About
Evidentiary Admissibility.

When billions move on a single measurement, the question is not whether the data is available — it is whether the data is provably correct, reproducible, and non-manipulated. OSINT-grade data is being used in settlement-grade systems. That gap is structural, not ideological.

01

Single Point of Failure

Parametric triggers often rely on a single data source. If that source is wrong, manipulated, or delayed — the entire contract fails. Any system that moves money based on OSINT is structurally unsafe.

SOVRIENT ANSWER
Feb 8, 2026: Cuba M5.5 corroborated across EMSC + USGS + GFZ within 40 minutes of the event. 36 events confirmed by >=2 independent sources; 11 (M>=4.0) entered GUL. Single-source events excluded from GUL. GFZ FDSN connection failure during automated fetch → system fail-closed; error recorded in manifest.
02

No Reproducibility

Can you replay the computation that determined a payout? Can you verify the data hasn't been modified since measurement? If the answer is no, you don't have evidence — you have narrative.

SOVRIENT ANSWER
Replay hash 8f6894ab…9651 is identical across independent runs. 3,221 days, 1,407 trigger days, zero computational drift. Same input → same output → same hash. Verified today.
03

Trust Without Evidence

Traditional oracles rely on institutional trust. Settlement-grade systems require cryptographic proof — independently verifiable, deterministically replayable, and non-repudiable.

SOVRIENT ANSWER
Every attestation is Ed25519 signed, SHA-256 sealed, with quantified corroboration metrics — 1.14km, 0.24s, 0.0Δmag — preserved as contemporaneous evidence before the financial calculation executes.
Verified Open-Source Intelligence

From OSINT to VOSINT

Evidentiary-grade, open-source intelligence whose integrity, provenance, timing, and completeness are cryptographically attested, independently corroborated, and deterministically reproducible — admissible for automated decisioning and settlement systems.

OSINT classifies access.
VOSINT classifies admissibility.

OSINT — Informational

  • Publicly available, anyone can scrape
  • Single source, unverified
  • Manual reconciliation
  • No tamper evidence
  • Unreproducible analysis
  • Verification is social or reputational
OSINT informs humans.

VOSINT — Attestation-Grade

  • Multi-source corroborated
  • Cryptographic provenance (hashes, signatures, Merkle roots)
  • Deterministic consensus engine
  • Bit-for-bit reproducible
  • Fail-closed: unverifiable data does not pass
  • Anyone can independently recompute
VOSINT authorizes systems.

Why the "V" Earns Its Keep

Three properties. Non-overlapping. Each independently necessary.

V₁

Verified

The data passed explicit integrity checks at the time of ingestion. Not "seems right" — mechanically verified.

V₂

Verifiable

Any third party can independently recompute and confirm the same result. Verification is deterministic, not reputational.

V₃

Witnessed

The data's existence, state, and timing were independently attested — non-repudiable. Merkle seals and TSA timestamps are not version control. They are witnesses.

Open Sources, Verified

The Sovrient protocol ingests from the same public authorities available to all participants — USGS, EMSC, JMA, GFZ, IRIS. The distinction: every observation is hashed at fetch time, corroborated across sources, and sealed with cryptographic proof.

Open Standards, Auditable

Loss calculations use Oasis LMF (open source, industry standard). Vulnerability curves are published CSV files. Cryptography uses GPG, SHA-256, EdDSA. No proprietary component exists anywhere in the verification chain.

Corroboration Evidence

Quantified Agreement.
Sealed Before Calculation.

Before any loss calculation runs, independent seismological networks must agree within tolerance. The corroboration record — showing exactly how close sources agreed on location, magnitude, and timing — is sealed as a cryptographic artifact. This is not metadata. It is forensic-grade input verification, preserved as contemporaneous evidence.

Important distinction: The ±60s / ±50km / ±0.2M tolerances are post-event agreement thresholds between independent observation networks — not prediction intervals. This system verifies what already happened. It does not forecast what will happen. "Deterministic" refers to the computation (same inputs → same outputs → same hash), not to the seismology.

Spatial Agreement
1.14km
EMSC ↔ USGS epicenter distance
Temporal Agreement
0.24sec
Origin time difference
Magnitude Drift
0.0Δmag
Independent measurement agreement
Latest Daily GUL
$11,486,996.56
Feb 8 · 11 M4+ events · 1,046 unique areaperils (36 confirmed)

Event: ms_t5901126 | 2026-02-06

Myanmar–India Border Region · M5.2
CONFIRMED ✓
🇪🇺
EMSC (Europe)
23.5194°N, 94.9543°EM5.2
2026-02-06T00:33:06.170Z
🇺🇸
USGS (USA)
23.5110°N, 94.9478°EM5.2
2026-02-06T00:33:06.410Z
View Event Page
Corroboration Record (Sealed Pre-GUL)
SPATIAL DELTA
1.145 km
Within ±50km tolerance
TEMPORAL DELTA
0.240 sec
Within ±60s tolerance
MAGNITUDE DELTA
0.000
Within ±0.2 tolerance
Two independent networks · Zero magnitude drift · Sub-second timing · Sub-kilometer locationStatus: CONFIRMED

Event: ms_t5901840 | 2026-02-08

45 km SSW of Maisí, Cuba · M5.5
T+40min LIVE CAPTURE ✓
🇪🇺
EMSC (Europe)
19.8899°N, 74.3710°WM5.5
2026-02-08T12:00:09.030Z
🇺🇸
USGS (USA)
19.8899°N, 74.3710°WM5.5
2026-02-08T12:00:09.030Z
View Event Page
🇩🇪
GFZ (Germany)
19.9060°N, 74.3370°Wmb 5.74
2026-02-08T12:00:09.780Z
Retrieved via manual curl · FDSN endpoint reset during automated fetch
Live Corroboration · Sealed Feb 8, 2026 12:38 UTC
SPATIAL DELTA
0.000 km
EMSC ↔ USGS identical coordinates
TEMPORAL DELTA
0.000 sec
EMSC ↔ USGS identical timestamp
MAGNITUDE DELTA
0.000
Both Mw 5.5 · GFZ: mb 5.74 (body-wave scale)
Notification-to-Attestation Timeline
T+0M5.5 earthquake strikes 45km SSW of Maisí, Cuba · 10km depth · 12:00:09 UTC T+15minPush notification received via earthquake monitoring app T+20minDNS failure resolved · ms_fetch_day.py initiated T+22minGFZ FDSN connection reset · System fail-closed (§7) · No partial output T+24min4-source ingest complete (USGS + EMSC + IRIS + JMA) · GFZ failure recorded in manifest T+25minms_corroborate_day.py → 34 observations → 8 confirmed events · Cuba: CONFIRMED T+28minms_gul_from_corroboration.py → Oasis LMF run complete: $11,486,996.56 (1,046 unique areaperils) T+38minms_gul_receipt.py + ms_gul_attestation.py → Ed25519 sealed T+40minFull attestation bundle: corroboration + GUL + signature · Hash: 6220194702…
Three independent networks · Perfect agreement (EMSC ↔ USGS) · GFZ confirmed via manual query · Largest event of day (38.7% of total GUL)T+40min SEALED

How This Answers All Three Problems

P1Single Point of Failure → Eliminated. Single-source events (SINGLE_SOURCE) are excluded from GUL. If only one network reports an event, it does not enter the financial calculation — regardless of magnitude. 10-year backfill identified $5,300,000.00 in false payouts that corroboration would have prevented.
P2No Reproducibility → Solved. The corroboration record is deterministic. Same inputs, same tolerance parameters, same matching algorithm → same confirmed/rejected classification. The replay hash 8f6894ab…9651 is identical across independent runs. 3,221 days. Zero drift.
P3Trust Without Evidence → Replaced. Quantified agreement metrics (km, sec, Δmag) are preserved as sealed artifacts — not just a pass/fail flag. The corroboration record is Ed25519 signed and SHA-256 hashed before any loss calculation runs. The proof exists before anyone has a reason to dispute it.
The corroboration artifact is the evidentiary boundary. Anyone can run a GMPE. No one else has sealed, quantified, multi-source agreement metrics preserved as contemporaneous evidence before the financial calculation executes.
Method

Three Problems.
Three Answers.

Each problem identified above has a direct, operational answer — not a whitepaper promise, but a live system producing verifiable outputs daily. The Sovrient protocol reduces reliance on institutional trust by making verification computable.

🌐
ANSWERS PROBLEM 01

Multi-Source Corroboration

Five independent seismological networks (USGS, EMSC, JMA, GFZ, IRIS) must agree within defined tolerance before an event is confirmed. Disagreements are surfaced, not suppressed. Single-source events are excluded — they never enter the financial calculation.

Live: Feb 8 — Cuba M5.5 corroborated across EMSC + USGS + GFZ within 40 minutes of event
ANSWERS PROBLEM 02

Deterministic Computation

Every calculation produces identical results across execution paths. Not approximately reproducible — identical, bit-for-bit, across substrates. Run the pipeline twice, compare the hash. Match or fail. No ambiguity.

Live: 3,221 days · replay hash identical across runs
🔐
ANSWERS PROBLEM 03

Cryptographic Finality

Every attestation is timestamped, hashed with SHA-256, signed with Ed25519. Corroboration metrics are sealed as artifacts before loss calculation begins. The proof exists before anyone has a reason to dispute it.

Live: attestation_ms_gul_2026-02-08.json · Ed25519 sealed at T+40min
Scope Declaration

What This System Does.
What It Does Not.

Settlement-grade systems require explicit boundaries. The following declarations define the scope and limits of the Sovrient verification protocol.

Within Scope

Measurement attestation — cryptographic proof that a physical event was observed, corroborated, and sealed
Multi-source corroboration across independent seismological networks
Deterministic loss estimation using published, open-source models (Oasis LMF)
Cryptographic witnessing — hash, signature, timestamp, on-chain anchor
Replay verification — any party may recompute and confirm identical output

Explicitly Out of Scope

Valuation — this system provides measurement attestations, not asset pricing
Adjudication — the protocol publishes admissible evidence; it does not adjudicate claims
Prediction — no forward-looking statements of any kind; tolerances (±60s, ±50km, ±0.2M) are post-event observation agreement thresholds, not forecasting intervals; attestations reflect observed, past-tense events only
Replacement of actuarial judgment — this is an evidentiary layer, not a substitute for professional assessment
Source certification — the protocol attests cross-source consistency under declared tolerances; it does not certify any individual provider's absolute accuracy

Independent Verification Procedure

01Obtain the attestation bundle by BUNDLE HASH
02Verify the EdDSA signature against the published fingerprint
03Recompute SHA‑256 for each leaf and rebuild the Merkle tree
04Compare the recomputed root to the published RANGE MERKLE ROOT
05If an on‑chain anchor exists, verify the root on the designated ledger; otherwise status remains AWAITING ON-CHAIN WITNESS
06If any step fails, the attestation is invalid. No partial verification.
This procedure is executable by any independent party without cooperation. If it cannot be completed independently, the attestation is not witnessed.
Replay execution is defined over the published command, model version, seed, and dataset hashes; environmental variance outside these bounds (hardware, OS, filesystem ordering) is out of scope. All bundle components are ordered deterministically prior to hashing — canonical ordering ensures identical Merkle roots regardless of reconstruction path.
Verifier Kit
STATUS: PUBLISHED · Bundle format and verifier scripts are active for independently replayable checks.
What DMSS Replaces
Single-source trigger authority with no corroboration requirement
Non-replayable settlement computations accepted on institutional trust
Magnitude-only parametric triggers that cannot account for spatial exposure
Narrative-based dispute resolution where evidence is reconstructed after the fact
⚠ What DMSS Does Not Replace
Catastrophe models — DMSS is an evidentiary layer, not a modeling engine
Actuarial judgment — professional assessment remains outside protocol scope
Claims adjustment — the protocol attests measurements, not claim validity
Regulatory authority — DMSS produces evidence; regulators interpret it
Autonomous Decisioning

From Corroboration
to Settlement

The verification pipeline does not terminate at measurement. Multi-source corroboration (P1) feeds deterministic loss calculation (P2), producing cryptographically sealed attestations (P3) — every step signed and replayable. The chain from raw seismological observation to financial attestation is unbroken.

Firm Simulation — 10Y Backfill Run

CLEAN RUN ✓
Coverage
2016-01-01 → 2026-02-08
Backfill
3,221 days
Trigger Days
1,407
Risk Limits
5% daily / 29% cum.
MetricValueNotes
Total Ground-Up$18,604,182,501.17Raw modeled loss (Oasis LMF)
Layer Loss$1,260,894,998.98Parametric index triggers
Latest Day (Feb 8)$11,486,996.5611 M4+ events · 1,046 unique areaperils · 36 confirmed (>=2 sources)
Invalid Days0✅ Zero invalid across full range
10Y BUNDLE HASH: 57490554420624a2361746e741dfcd792f31f40e530a82462e390a6b8ec24f91
DECISION BUNDLE: out/firm_sim_decisions_ms_gul.json
Live Attestations

Live Attestations

Corroboration results from the multi-source verification pipeline. Each row represents a cryptographically sealed daily attestation.

DateSourcesConfirmedGULAttestation Hash
2026-02-08436$11,486,996.56d543bc4613…
2026-02-0745$4,113,998.79f2e3452aa7…
2026-02-06523$10,296,797.0623f4e565e2…
2026-02-0348$9,855,997.128116da1ce4…
2026-02-0246$4,533,998.69e25f0af3a1…
2026-02-0148$10,657,996.786c54a07866…
2026-01-31411$11,661,296.5680f9d4052e…
RANGE MERKLE ROOT: d35a8d633827b5de77237862423db69ee1be981801d94dcf32a4f892db3ca666

SIGNATURE: EdDSA 56FA491FF6EA4FE5E86D21A775867DAF1EE06FC4
On-Chain Deployment Anchors
Network Type Address / Tx Status
Sepolia Contract 0x1ADBEE0a43bBA9C60111Ac3bB53ED1305CB9061C ANCHORED
Sepolia Latest Daily Tx 2026-02-08_eod · 0xe65d6f69ee8dd0542b3a8791e11c91f6c7037b1adf7ff29dd2811ff82448a36a ANCHORED
Daily attestations are anchored on Sepolia from 2026-02-01 through 2026-02-08 (separate tx per day). Day-close and intraday reseals publish as explicit revisions (example: 2026-02-08_eod) so each canonical state has its own tx and replay reference. Latest sealed state (canonical close): eventsUnique=11, GUL=$11,486,996.56, tx 0xe65d...a36a. Historical intraday anchor: 0x0b79...ef5d.
Technical Architecture

Verification Pipeline

From raw seismological data to cryptographically sealed attestation. OSINT enters; VOSINT exits.

Data Sources
Independent Networks
The same public authorities available to all participants. Distinction: every fetch is hashed and corroborated.
  • USGSUSA
  • EMSCEU
  • JMAJP
  • GFZDE
  • IRISNET
Corroboration
Consensus Engine
Deterministic matching across sources. Disagreements are surfaced, not hidden.
  • Time tolerance±60s
  • Distance tolerance±50km
  • Magnitude tolerance±0.2
Output: CONFIRMED / DISPUTED / SINGLE-SRC
Tolerances are post-event observation agreement thresholds, not prediction intervals.
Attestation
Merkle + Seal
Evidence is hashed, signed, timestamped, and eligible for anchoring. Witness state is declared in Deployment Anchors.
  • SHA-256Hash
  • GPG / EdDSASign
  • TSATime
  • On-chain anchorSepolia
Determinism: same inputs → same artifacts → same hashes. (bit-for-bit reproducible)
Fail-closed: unverifiable data does not pass. OSINT enters; VOSINT exits.
SOVOS_CANON_V1 · Schema v2.4
Backfill Proof: 10Y run is bound by replay hash and bundle hash.
Witnessed: every attestation is independently attested, non-repudiable, and contemporaneous.
Parametric Settlement Standard

Current Treaty Language
Is Not Built for This Depth.

Catastrophe bond offering circulars typically specify a trigger in a few pages: one data source, one parameter, one institution's word. The treaty commonly does not address what happens when sources disagree, when magnitudes are revised post-publication, or when a moderate earthquake in a dense exposure zone produces more loss than a larger event in open ocean. The evidentiary standard has not kept pace with settlement automation.

Current Treaty Practice

Single data source (typically USGS NEIC) as primary trigger authority (common practice)
Magnitude as primary trigger parameter — no spatial loss decomposition typically specified
No specification commonly included for source disagreement or post-publication revision handling
Calculation agent output accepted on institutional trust; computation is typically non-replayable
No reproducibility requirement commonly specified — independent verification not operationally feasible
Settlement disputes resolved through arbitration, not deterministic replay

Deterministic Multi-Source Settlement Standard (DMSS)

Implemented by Sovrient · Adoptable as a treaty addendum
Trigger confirmation shall require ≥ 2 independent seismological networks agreeing within declared tolerances
Quantified corroboration metrics (km, sec, Δmag) shall be sealed as a cryptographic artifact before loss calculation executes
Loss computation shall use a declared, open-source model with spatially decomposed per-event, per-areaperil attribution
All computation inputs shall be individually hashed; execution must be deterministic and independently replayable
Settlement evidence bundle shall include Ed25519 signature, corroboration artifact, input hashes, and generation timestamp
Disputes resolved by deterministic replay and hash comparison; arbitration applies only after replay failure is adjudicated

Worked Example: February 6, 2026 — Why Magnitude Alone Misprices Risk

Nine corroborated earthquakes triggered on February 6, 2026. Total GUL: $10,296,797.06 Every coverage in the model carries the same TIV ($1,000,000.00 per cell) — there is no regional exposure weighting. Despite uniform exposure, magnitude alone still misprices loss because footprint geometry — driven by GMPE attenuation physics, event depth, and grid resolution at different latitudes — determines how many areaperil cells experience shaking. The data below is from sealed production attestations, independently replayable.
EventLocationMagCellsModeled GULMag-Only TriggerΔ Mispricing
event_4Kamchatka, RussiaM5.1243$2,531,000.00Tier 1 ($500,000.00)−$2,031,000.00
event_9Banda Sea, IndonesiaM5.989$1,939,299.00Tier 2 ($2,000,000.00)+$60,701.00
event_1Myanmar–India BorderM5.2626$1,716,000.00Tier 1 ($500,000.00)−$1,216,000
event_3NW ArgentinaM4.9567$1,355,000.00Tier 1 ($500,000.00)−$855,000.00
event_8Off Honshu, JapanM4.5230$730,000.00Tier 1 ($500,000.00)−$230,000.00
event_2N ChileM4.4161$605,000.00Tier 1 ($500,000.00)−$105,000.00
event_5NW ArgentinaM4.2185$531,000.00Below threshold−$531,000.00
event_6Eastern TurkeyM4.8109$487,000.00Tier 1 ($500,000.00)+$13,000.00
event_7Off Fukushima, JapanM4.1136$402,500.00Below threshold−$402,500.00
Cells = unique areaperil cells activated in footprint. TIV = $1,000,000.00/cell (uniform). Mag-Only Trigger uses illustrative step-function: M5.5+ = Tier 2 ($2,000,000.00), M4.5–5.4 = Tier 1 ($500,000.00), below M4.5 = no trigger. Actual treaty terms vary.
01Footprint geometry, not exposure concentration, drives the inversion. The M5.1 Kamchatka event activated 243 areaperil cells. The M5.9 Indonesia event — nearly a full magnitude unit larger, ~5.6× more energy released — activated only 89 cells. With uniform $1,000,000.00 TIV per cell and a single vulnerability function, the loss difference is entirely explained by how many cells the GMPE footprint covers. Magnitude alone cannot capture this.
02Even with uniform exposure, magnitude misprices risk. There is no regional weighting in this model. Every cell pays the same. The mispricing arises from GMPE attenuation physics (how seismic energy distributes through different crustal structures), event depth (shallower events spread energy over wider surface areas), and latitude-dependent grid resolution (cells at 53°N cover less physical area than cells at 7.8°S, so the same GMPE radius intersects more cells at higher latitudes). These are structural properties of how earthquakes propagate — not artifacts of model calibration.
03Two events fall below threshold entirely. The M4.2 and M4.1 events activated 185 and 136 cells respectively, generating a combined $933,500.00 in modeled loss, but would trigger zero payout under a magnitude-only structure. This is unrecoverable basis risk — real economic exposure with no parametric response.
04Single-day basis risk on Feb 6: $5,444,201.00. Summing the absolute mispricing across all 9 events, the gap between magnitude-only trigger payouts and spatially modeled loss totals $5,444,201.00 — on a single day, from a uniform exposure model with no regional bias. The mispricing is not a function of how the model is calibrated. It is a function of what magnitude-only triggers structurally cannot see.
Every number above is derived from the sealed Feb 6 attestation bundle: corroboration artifact day_corroboration_2026-02-06.json, GUL computation via Oasis LMF (eve | getmodel | gulcalc -S 10 -s 12345), input hash footprint.bin: 4a373319…, and Ed25519 signed attestation 23f4e565e265…. The computation is independently replayable; the evidence exists before the dispute.
Draft Trigger Evidence Specification (DMSS)
For treaty addendum use. Terms are operational and verifiable. Defined tolerances are configurable per treaty; values shown are production defaults.
§1 CORROBORATION: A trigger event shall be deemed confirmed only when ≥ 2 independent seismological networks report consistent parameters within declared tolerances (default: ±50km spatial, ±60s temporal, ±0.2 magnitude). Single-source events shall not qualify for trigger confirmation regardless of magnitude. For purposes of this specification, independent networks are operated by distinct institutions with separate data collection, processing, and publication pipelines.
§2 SEALING ORDER: The corroboration record, including quantified agreement metrics (spatial distance, temporal delta, magnitude delta), shall be cryptographically sealed as a distinct artifact before any loss calculation executes. Input integrity shall precede financial computation.
§3 COMPUTATION: Loss calculation shall reference a versioned model identifier, declared vulnerability dataset hash, deterministic seed (if applicable), sample count, and execution command. All execution parameters shall be recorded as artifacts within the attestation bundle.
§4 ATTESTATION: The settlement evidence bundle shall include: corroboration artifact, individually hashed computation inputs, GUL output hash, Ed25519 signature, and ISO 8601 generation timestamp. The bundle constitutes the settlement proof of record.
§5 REPLAY: Any party to the treaty may independently replay the computation using the declared model version and hashed inputs. If independent replay produces a different output hash, the attestation shall be deemed invalid and subject to adjudication. Adjudication applies only to disputes regarding replay execution environment, not to hash mismatch outcomes — a hash mismatch is a binary failure, not a matter of interpretation.
§6 AUXILIARY WITNESSES: Attestations may incorporate GNSS ground displacement data and NOAA consequence observation as additional corroboration modalities when available. Auxiliary witness data shall be sealed as separate artifacts within the evidence chain and are not required for trigger confirmation under this specification.
§7 FAILURE SEMANTICS: Fail-closed. If any verification step cannot be completed independently, the attestation is invalid. No partial verification shall be accepted. No institutional override shall supersede a failed replay.
§8 MODEL VERSIONING: Loss computation shall reference an explicit, versioned model identifier and vulnerability dataset hash. Any change to model version, vulnerability curves, or execution parameters constitutes a new settlement regime and shall be explicitly declared to all parties prior to the effective date.
§9 EVENT CLOSURE: A Primary Event Attestation captures the mainshock once cross-network agreement stabilizes and before secondary seismic activity is incorporated. Aftershocks and subsequent events shall be attested separately and shall not retroactively modify the primary event record. Event closure is semantic (defined by cross-network corroboration convergence), not purely temporal. The closure boundary is protocol-defined and auditable.

§9 — Why Event Closure Matters

An earthquake is a clustered process: mainshock, coda, aftershocks. Settlement systems need to answer a specific question: what constitutes "the event" for trigger and payout purposes? Without a defined closure boundary, subsequent seismic activity can retroactively redefine the primary event — destroying determinism and creating dispute surface.
01Primary Event Attestation. Sealed at the point of maximum cross-network agreement, minimum semantic ambiguity. This is a single, bounded, deterministic object — one trigger decision, one corroboration record, one settlement computation. This is what money references.
02Secondary Seismic Activity. Aftershocks are attested as separate events with their own corroboration records. They may matter for damage accumulation, claims handling, or reinsurance exhaustion — but they do not edit the primary attestation. Related but non-identical.
03No retroactive mutation. Source parameter revisions after closure produce new attestations, not amendments. The original remains immutable, replayable, and valid for its defined scope. Later evidence extends the record — it does not overwrite it.
This gives parametric systems the closure they need and indemnity systems the continuity they need. The T+40 minute seal on the Feb 8 Cuba M5.5 is not a speed claim — it captures the event at the moment of maximum cross-network agreement, before subsequent energy releases alter the semantic identity of what occurred.

Adoption Path

01Parallel run. DMSS runs alongside the existing calculation agent for an agreed number of periods. Outputs are compared; no trigger authority changes during this phase.
02Non-binding overlay. DMSS attestation bundles are published as a verification pack alongside the official settlement. Parties may reference DMSS evidence in disputes but trigger authority remains with the incumbent agent.
03Escalation option. Treaties may optionally promote the DMSS attestation root to trigger authority after a successful parallel period, subject to agreement by all named parties.
Integration does not require replacing existing workflows. DMSS is designed as an additive evidentiary layer that strengthens settlement integrity without disrupting incumbent processes.
For Institutions

Institutional Interfaces

The Sovrient protocol delivers VOSINT-grade, evidence-bound loss proxies for daily oversight — complementary to, not a substitute for, traditional claims and actuarial accounting. The system provides LPs and risk committees a deterministic, auditable signal between event and official loss release, without altering how final settlements are calculated. Attestation-grade intelligence for systems that require admissibility, not availability.

Attestation Delivery: From Hash Chain to Human-Readable Instrument

Every attestation exists in two layers. The cryptographic layer — Ed25519 signatures, SHA-256 hashes, Merkle roots — is the source of truth, independently verifiable by any technical party. The PDF rendering is the presentation layer: a human-readable document designed for risk committees, legal review, deal rooms, and treaty addenda. The PDF does not replace the hash chain. It references it — every claim in the document is anchored to a specific hash that can be independently verified.
01Cryptographic attestation is generated. Corroboration record sealed → GUL computation runs with hashed inputs → output hash recorded → Ed25519 signature binds the bundle → timestamp recorded. This is the evidentiary root.
02PDF attestation is rendered. The sealed bundle is rendered as a structured, human-readable document containing: corroboration metrics with source attribution, per-event loss decomposition with areaperil cell counts, input/output hashes in full, signature fingerprint, and independent verification procedure. Designed for institutional circulation — printable, attachable, archivable.
03Recipient verifies at their chosen depth. A risk committee reads the PDF as a summary. A technical auditor extracts the hashes and replays the computation. A legal team references the document in a treaty addendum. All three are reading the same attestation at different layers of abstraction — and any of them can escalate to full cryptographic verification at any time.
The PDF is not a report. It is an instrument. A report tells you what someone concluded. An instrument contains the cryptographic anchors that let you verify the conclusion yourself. Calculation agents deliver reports backed by reputation. Sovrient delivers instruments backed by hash comparison.

📊 For Cat Bond Managers

  • Independent settlement verification — Cuba M5.5 on Feb 8 processed from notification to sealed attestation in 40 minutes, with multi-source corroborated inputs from USGS, EMSC, and GFZ
  • Quantified corroboration metrics (km, sec, Δmag) sealed before loss calculation — contemporaneous evidence, not retroactive reconstruction
  • Replayable computation — identical replay hash across independent runs, 3,221 days verified
  • Three consecutive daily attestations: Feb 6 ($10,296,797.06, 9 events), Feb 7 ($4,113,998.79, 5 events), Feb 8 ($11,486,996.56, 11 M4+ events, 36 confirmed)
  • Fail-closed: GFZ connection failure on Feb 8 recorded in manifest — system refused partial output until --allow-partial explicitly enabled
Request Access

⛓️ For DeFi Protocols

  • Attestation hashes compatible with on-chain verification
  • Merkle inclusion proofs for settlement logic
  • Witnessed timestamps + EdDSA signatures
  • Dispute-resistant evidence packs
  • Fail-closed gating for execution safety
Integration Docs

📈 For Cat-Bond ETF Sponsors

  • Publishable verification packs for public markets
  • Daily receipts and signed manifests
  • Evidence lane without exposure to private IP
  • Hash handles for transparent disclosures
  • Independent verification procedure included
Request Access

🧠 For Cat Modelers

  • Audit overlay: input/output hash chain
  • Replayable run certificates without IP leakage
  • Deterministic receipts for compliance
  • Proof that stated inputs produced stated outputs
  • Optional on-chain anchor compatibility
Partnerships

🌦️ For Parametric Insurers

  • Multi-source trigger corroboration
  • Witnessed event evidence for disputes
  • Deterministic loss proxies
  • Signed bundles suitable for adjudication
  • Fail-closed verification procedure
Documentation

🔗 For On-Chain Re Protocols

  • Attestation roots compatible with smart contracts
  • Merkle inclusion proofs for settlement
  • Non-repudiable signatures and timestamps
  • Chain-agnostic anchor policy (testnet → mainnet)
  • Fail-closed semantics for execution safety
Integration Docs

🗃️ For Data Markets & Oracles

  • Signed range packs with provenance
  • Deterministic transforms for auditability
  • Chain-of-custody verification steps
  • Hash handles for downstream distribution
  • Independent reproducibility without coordination
Request Access