What a report binds
Every abuse report carries exactly eleven fields. Nothing optional, nothing implicit — a document with an extra member, a missing one, an empty evidence list, or a category outside the closed set is not a report and fails verification.
Who accused whom
reporter_id names the filer. accused_id names the accused. accused_role is agent or principal — which side stands accused.
What kind of harm, and why
category is a closed, versioned vocabulary — or other, where narrative carries the substance.
Grounded, never bundled
evidence_refs is a non-empty list of {type, hash} pointers to real sm-arp receipts or sm-aae envelopes — never a copy of the artifact itself.
Linked to what came before
prev_hash is the hex SHA-256 of this reporter's previous report, or null for its first. A reporter's own report history is tamper-evident on its own.
When, and by whom
issued_at is an RFC 3339 timestamp. sig is the Ed25519 signature over the canonical report; pubkey is the signer's raw Ed25519 public key.
Bidirectional, one schema
Abuse between a principal and an agent can run either way. accused_role distinguishes
an agent accused of deceptive output, unauthorized scope expansion, resource abuse, or collusion,
from a principal accused of injection, forced capability extraction, or harassment — one report
type, not two, so the same verifier and the same conformance suite cover both directions.
Out of scope. A valid report proves an accountable accusation was made, signed, and grounded in evidence the reporter was actually party to. It does not, and cannot, prove the accusation is true — this library verifies signatures and evidence citations, never guilt. Whether an action actually happened is agency receipts' question; whether it was authorized is agent envelope's. This site answers a third, separate question: who claimed harm, about which of those, and grounded in what.