Project-Ame Predicate URI Namespace

Cryptographic-identity root for Project-Ame signed claims (in-toto Statement v1 + SLSA v1.1).

What this is

Project-Ame produces signed bundles for two planes: publish (model artifacts → Pi fleet) and data ingest (datasets → training pipelines). Every bundle declares a predicateType URI under https://project-ame.com/. The URI is a schema discriminator, not a URL fetched at verify time — verifiers compare the URI string. Procurement auditors and tooling resolve it for schema lookup.

This page documents the namespace, its lifecycle, and how to verify the URI-to-ADR binding independently. Authoritative ADR: ADR-0038.

Active URIs

URI	Type	Plane	Owning ADR	Status
`/publish-manifest/v1`	predicate-type	Publish	ADR-0030	ACCEPTED
`/source-manifest/v1`	predicate-type	Data (ingest)	ADR-0035	PROPOSED
`/builds/compile-publish/v1`	SLSA buildType	Publish	ADR-0030	ACCEPTED
`/builds/data-ingest/v1`	SLSA buildType	Data (ingest)	ADR-0035	PROPOSED

Reserved URIs

URI	Type	Plane	Status
`/compile-manifest/v1`	predicate-type	Compile (future)	Reserved
`/adversarial-report/v1`	predicate-type	1.5A adversarial	Reserved
`/bias-report/v1`	predicate-type	1.5A fairness	Reserved
`/staleness-report/v1`	predicate-type	1.5A lifecycle	Reserved
`/train-manifest/v1`	predicate-type	Training (sub-projects 3/4/5)	Reserved
`/builds/compile/v1`	SLSA buildType	Compile (future)	Reserved

Lifecycle Policy

URIs are forever. Once distributed in a signed bundle, a URI is never decommissioned. Verifiers compare strings for the lifetime of any retained bundle.
v2 alongside v1. Schema-breaking evolution increments the version; both versions remain resolvable indefinitely; migration grace periods are unbounded.
TXT records updated, never removed. The TXT-record-to-ADR binding can be updated when ADRs supersede; the record itself stays in the zone.
Additive predicate-body extensions stay under the same URI. Sub-object additions are additive; URI version bumps only on breaking changes.

Verify the URI-to-ADR Binding

Each URI hostname carries a TXT record at _adr.<uri-host> pointing at the owning ADR's GitHub URL. DNSSEC validation (always ON) prevents on-path forgery.

$ dig +short TXT _adr.publish-manifest.v1.project-ame.com
"https://github.com/Project-Ame/ame-trainer/blob/main/docs/adr/0030-oms-v1-adoption-and-own-predicate.md"

$ dig +short TXT _adr.source-manifest.v1.project-ame.com
"https://github.com/Project-Ame/ame-trainer/blob/main/docs/adr/0035-ingest-oms-signing-own-predicate-uri.md"

Governance & Security Posture

Registrar: Cloudflare Registrar (at-cost pricing; co-located with R2 + Pages).
DNSSEC: always ON. Disable requires ADR sign-off.
Sibling-domain defense: project-ame.org + project-ame.dev registered as 301 redirects.
Registration term: ≥2 years upfront with auto-renew + payment-method redundancy + ≥90-day calendar buffer.
Blast-radius isolation: DNS-management API tokens are independent from R2 / HF Hub / sigstore credentials per ADR-0010.
Threat model: documented in ADR-0038 §D9; severity-ranked response in DNS emergency-rotation runbook.