VitalCV / Trust / Doctrine
Replay Contract Doctrine
6 enforced invariants · 1.0 · pilot · /trust · /.well-known/trust-register
Replay Contract Map
ID
Invariant
Layer
Status
RC-1
First write wins — dedupeKey enforced on all LearningEvents
Prisma upsert({ where: { dedupeKey }, update: {} })
DB
● ENFORCED
RC-2
actor_id persists on every durable write
x-clerk-user-id required; embedded in metadata.actor_id
APP
● ENFORCED
RC-3
Replay survives server restart
Postgres persistence; dedupeKey prevents ghost writes on replay
DB
● ENFORCED
RC-4
Anonymous writes rejected at the edge
session.userId check → 401 before proxy forward
API
● ENFORCED
RC-5
Receipt JWT carries azp (actor) + vcv.actor_id
signIssuerReceipt() embeds actorId as azp per RFC 9068
JWT
● ENFORCED
RC-6
Origin allowlist enforced — no wildcard in production
buildCorsOriginCallback() with normalizeOrigin()
API
● ENFORCED
6 / 6 invariants enforced
Lineage Continuity
Current Run
Object
NPI 1457128589
Macie Miller
→
Ownership
vcv-system
← actor attribution
→
Checked At
2026-05-12
10:21 UTC
← freshness
→
Channel
CMS NPPES
Registry
→
Replay
run:ffff1234
← chain link
→
Run ID
run:a1b2c3d4
← deterministic hash
T3 · Source Checked
↑ REPLAY links to Prior Run: run:ffff1234
Prior Run
Object
NPI 1457128589
Macie Miller
→
Ownership
vcv-system
← actor attribution
→
Checked At
2026-04-10
09:00 UTC
← freshness
→
Channel
CMS NPPES
Registry
→
Replay
—
← chain link
→
Run ID
run:ffff1234
← deterministic hash
T3 · Source Checked
Chronology Continuity Rail
2026-05-12 10:21 UTCNPPES IdentityT3VERIFIED
↳ prior: run:ffff1234
RC-1: dedupeKey — this run ID is final; idempotent replay guaranteed
run:a1b2c3d4
2026-04-10 09:00 UTCNPPES IdentityT3VERIFIED
RC-2: actor: system — genesis run; no prior chain
run:ffff1234
Replay Survivability
Invariant
Mechanism
Status
First write wins
Prisma upsert dedupe
● ACTIVE
actor_id persists
metadata.actor_id
● ACTIVE
Postgres connected
DATABASE_URL set
● ACTIVE
Restart safe
dedupeKey enforced
● CONFIRMED
Survivability Score95 / 100
Evidence Count1,247 attributed writes
Replay Determinism
Input (NPI + Checked_At)
1457128589 : 1715529660000
→
Output (Run_ID)
run:a1b2c3d4
ALGORITHM: djb2-hash(npi:checkedAt) → hex → first 8 chars
Same NPI + same timestamp always produces the same run ID
Implication: Restart cannot generate a ghost run for an existing check