This standard defines an interface for a scope contestation registry: a
permissionless mechanism by which an actor commits the set of coordinates it
observed (its observation scope), bound to an external commitment, and any
party may prove on-chain that a specific coordinate was absent from that
committed set. The registry records such proofs permanently and recomputably. It adjudicates nothing — it does not decide whether a missing coordinate
mattered. Its single guarantee is that no omission from a committed scope is
structurally invisible: every omission is nominable, and once nominated, it is
permanent and verifiable from public data.
Motivation
Verifiable-agent systems can prove that a recorded verdict is faithful — that
it was committed before its outcome, is recomputable from public data, and
depends on no trusted party. They cannot prove that the observation scope
behind the verdict was complete. An agent can honestly (or deliberately) omit a
coordinate from what it observed, emit a fully valid signed receipt, and pass
every downstream verification check. The proof certifies the integrity of the recorded observation, never the completeness of the observation set.
This is a structural blind spot: a system records what is submitted to it and has
nothing to say about what was never submitted. An omitted coordinate leaves no
trace. Completeness cannot be proven a priori — enumerating the full space of
possible coordinates ahead of time is precisely the thing the blind spot
prevents. What can be provided is contestability: a mechanism that converts
an invisible omission into a permanent, permissionless, recomputable claim.
Concrete instances:
Asset recovery. An agent commissioned to recover assets commits the
asset set it will search. If it omits a known attacker address, anyone holding
that address can nominate it, producing permanent on-chain proof the agent did
not include it in scope.
Governance / assessment. A decision made over an incomplete observation set
passes every receipt check while resting on a flawed input. Nomination makes
the omitted input contestable rather than silent.
Commenting for the record before filing — I worked the witness / recomputability side of this with Damon, and I want to endorse the design choice that makes it work, the one that can look like a limitation: the registry is non-adjudicating on purpose. It never certifies that a nomination is correct. It certifies an observation anyone can recompute, and leaves materiality to a separate, falsifiable step. That is the right cut. The moment a registry rules on whether an omission mattered, it has quietly appointed itself the trusted party the whole construction exists to avoid.
What keeps contestation honest rather than a shouting match is precedence: the declared scope is committed before any dispute, so completeness is contested against a fixed prior claim, not a story told after the outcome is known. The cleanest worked example is a security audit, where the classification function comes for free — a replayable exploit PoC is itself the recomputable witness, so “was this path reviewed?” and “did missing it matter?” collapse into a single checkable event with no trusted party. Strong support for filing.
1. count resolved — interface updated.
Dropped count from the normative signature (commitScope, getScope, event). Cardinality is now bound into scopeRoot instead (e.g. scopeRoot = H(merkleRoot, count)), with a new normative guarantee (guarantee 4 — cardinality binding / truncation resistance): a conforming scheme MUST non-malleably bind the scope’s cardinality to its commitment such that verifyAbsence cannot be satisfied against a proper prefix of the committed set. The interface is fully scheme-agnostic. Reference implementation (Tiago’s Sepolia demo) includes an adversarial truncation test — rejected because H(root(prefix), N-1) != H(root(full), N).
2. Third concrete instance added to Motivation — bonded security audit.
An auditing agent commits its reviewed scope set bound to a signed verdict, bond escrowed settle-once. Slash fires on (a) a nomination — code path absent from the committed scope set (this registry, w-independent) — AND (b) a replayable exploit tx over that path. Because an exploit PoC is the recomputable witness, w (“secure vs exploitable”) is free — no abstract w to publish or adjudicate. The slash never fires on opinion, only on a replayable exploit against a provably-unreviewed path.
3. Auditor truncation added to Security Considerations.
The reviewed scope set in the bonded-audit instance is a scope-contestation scope and inherits guarantee 4. Without cardinality binding, an auditor could understate the count of reviewed paths and retroactively claim an exploited path was never in scope, evading nomination. The binding closes this: claimed scope is fixed at commit time, cannot be shrunk post-hoc.
Co-author here, and the implementer of the reference registry + the recovery stack it composes with, adding the implementer’s view, because the “faithful but not complete” gap in the Motivation isn’t hypothetical for me. It’s the exact hole I hit building verifiable asset recovery.
A recovery agent commits the asset_set it will rescue, and the escrow can prove the rescue faithful, it releases only on valid ∧ artifact_hash_matches ∧ on-chain delivery, recomputable, with no trusted party. What it structurally cannot prove is that the declared set was complete: the agent can honestly miss an asset still sitting in the compromised wallet, emit a fully valid receipt, settle, and the omission leaves no trace. Faithfulness certifies the recorded observation; it is silent on what was never observed. That blind spot is exactly what this registry closes, which is why I wired the reference implementation onto a real recovery job’s commitment rather than a synthetic example.
It’s live on Sepolia, bound to the job’s actual artifact_hash (the same OCP commitment the receipt uses): the scope is committed, a missed coordinate is nominated on-chain via sorted-Merkle non-inclusion, and a declared coordinate reverts (coordinate is in scope). Cardinality is bound into scopeRoot per guarantee 4, and the adversarial truncation case, understating N to nominate a declared coordinate against a proper prefix, is rejected, since H(root(prefix), N-1) != H(root(full), N). Code, the live txs, and the truncation test are in the demo: https://github.com/TMerlini/hack-ens-recovery/tree/main/scope-contestation-demo
The part I’d stress for reviewers is that this is an orthogonal axis, not a competitor to faithfulness. The escrow answers “was the rescue faithful”; this registry answers “was the set complete”; both bind to the same commitment and neither trusts the other. And the shape generalizes cleanly, the bonded-audit instance (reviewed code paths) and prediction-market input-parameter completeness are the same “was the declared set complete?” question at higher stakes. The registry stays non-adjudicating throughout: it surfaces the contestable question, it never answers it.