foundation.protocols.*

Open Protocol Extensions for Matrix — 188 event types across 14 families for data commons, AI governance, ML lifecycle, legal MCP recording, supply chain compliance, and legal workflows. Apache 2.0. Implement freely.

188

Event Types

Event Families

171

Timeline Events

State Events

v1.0 live on Codeberg · 2026-04-14 — Apache-2.0 release at codeberg.org/foundationprotocols/foundation-protocols-spec. New this release: ai.ias.claude.* (DICSTAMACH state events) and the universal verify correlation convention.

Event Families

All events use the foundation.protocols.* namespace. No MSC required — custom namespaced events are a blessed Matrix extension mechanism.

foundation.protocols.data.*

Data Commons

4 events (3 timeline, 1 state)

Consent-gated data sharing. Contribution, consent, withdrawal, quality assessment. Ostrom-governed commons with explicit, revocable consent at the protocol level.

foundation.protocols.ai.*

AI Governance

17 events (10 timeline, 7 state)

Vendor-neutral governance for any AI agent. Intention/Decision/Effect audit trail (ESAA pattern), policy gates, kill switch, cost tracking, model registry, risk assessment, transparency cards.

foundation.protocols.ai.claude.*

Claude Session Recording

42 events (40 timeline, 2 state)

Complete Claude Code session recording: prompts, responses, thinking, tool calls, MCP interactions, approvals, file changes, git operations, cost tracking, multi-agent coordination.

foundation.protocols.ai.gryph.*

System Hook Observation

15 events (15 timeline)

Independent system-level observation of AI coding agent actions via native hooks. Tool call interception, file change hashing, security block/guidance decisions, actual cost from transcripts, subagent lifecycle tracking. The execution audit layer — parallel to claude.* self-report.

foundation.protocols.ai.observation.*

Bridge Observation Layer

15 events (15 timeline)

Bridge-native observation of AI agent actions: tool use, file operations with content hashing, command execution, security decisions, cost snapshots, privacy sensitivity, subagent lifecycle. The Kotlin bridge's own audit trail (AGPL-3.0) — parallel to gryph.* and claude.*.

foundation.protocols.ai.claude.hook.*

IAS Hook Enforcement

5 events (5 timeline)

Gate enforcement decisions from Claude Code hooks: which rules were evaluated, what was blocked or allowed, session lifecycle, and subagent spawn/completion tracking with inline agent attribution.

foundation.protocols.ai.certification.*

Verifiable Execution Certification

4 events (4 timeline)

Dual-observer correlation verdicts: PASS when agent self-report matches independent system observation, FAIL on discrepancy, GAP for missing signatures. Session-level CERTIFIED / FLAGGED / PARTIAL judgment.

foundation.protocols.ai.hopsworks.*

Hopsworks ML Lifecycle

37 events (36 timeline, 1 state)

Complete ML lifecycle recording for Hopsworks Feature Store, Model Registry, and serving. Feature engineering, model training, deployment, governance, cost tracking, dual-bridge Claude correlation.

foundation.protocols.ai.ansvar.*

Ansvar Legal MCP Recording

11 events (9 timeline, 2 state)

Complete MCP interaction recording for Ansvar legal and regulatory servers. Tool calls, resource access, citation extraction, session lifecycle. Data stays home — only metadata crosses the bridge.

foundation.protocols.ai.cost

Cost Tracking

1 state event

Vendor-agnostic, multi-currency, per-user cost accumulator. State key = Matrix user ID. Supports SEK, EUR, USD, INR, CNY. Space-level aggregation across rooms.

foundation.protocols.eudr.*

EUDR Compliance

11 events (9 timeline, 2 state)

EU Deforestation Regulation (2023/1115): plot geolocation, satellite deforestation verification, chain-of-custody, harvest records, Due Diligence Statement workflow, country benchmarking.

foundation.protocols.legal.*

Legal Workflows

18 events (14 timeline, 4 state)

Legal marketplace: briefs, proposals, escalation, lawyer seal, case assignment. Professional privilege rooms. Per-jurisdiction spaces. Bar council verification.

foundation.protocols.ai.ias.claude.*

DICSTAMACH Context State

8 events + 2 verify sub-types

Introspection layer. Dynamic Interactive Claude State Machine: session lifecycle, domain loaded/unloaded, consent-gated garbage collection, pressure-threshold signals. Cross-verified by gryph-based hooks observing STATEOFCLAUDE.md writes.

Verification correlation convention

Every primary event can be paired with independent-observer X.verify.<mechanism>.<observation> sub-events via Matrix's m.relates_to (rel_type: foundation.protocols.verify.v1). Divergence between primary and verify is itself audit signal — hallucination, silent action, transport failure, spoofing.

Read the CORRELATION convention →

Design Principles

The protocol extensions follow these architectural principles.

✓

Consent-Gated Data Flow

Data never leaves a room without an explicit data.consent event. Consent is revocable at any time via data.withdrawal.

→

Intention → Decision → Effect

High-risk AI operations follow a three-phase audit trail. The agent proposes, a human or policy approves, the outcome is recorded. Inspired by ESAA.

⬡

Vendor-Neutral Governance

ai.* events apply to any AI agent. ai.claude.* is the first vendor-specific layer. Add ai.mistral.*, ai.openai.* following the same pattern.

🔒

E2EE by Default

All events are end-to-end encrypted via Matrix's Olm & Megolm (double-ratchet). Only authorised room members can decrypt. Not even the server admin.

⚖

Ostrom-Governed Commons

Matrix power levels map to governance roles. Clear boundaries, proportional contribution, collective rule-making, transparent monitoring, right to withdraw.

🌍

Open Standards, No Lock-In

Event spec is Apache 2.0. No MSC required. Any Matrix homeserver accepts these events natively. Implement on your own infrastructure.

Example: AI Intention Event

Before a high-risk operation, the agent proposes its action for approval.

{
  "type": "foundation.protocols.ai.intention",
  "content": {
    "intention_id": "int_01ABC",
    "session_id": "sess_01ABC",
    "agent_type": "claude-code",
    "agent_model": "claude-sonnet-4-20250514",
    "proposed_action": "execute_shell_command",
    "description": "Delete the dist/ directory for a clean build",
    "parameters": { "command": "rm -rf dist/" },
    "risk_level": "high",
    "requires_human_decision": true,
    "policy_ref": "$ai_policy_state_event_id"
  }
}

If ai.policy requires approval for this tool, the bridge holds execution until an ai.decision event (approved/denied) arrives. The outcome is recorded as ai.effect.

Implement

No special server support needed. Any Matrix homeserver accepts custom namespaced events.

Reference Implementations

Two open-source implementations exist:

OpenEarth Bridge (Kotlin, Trixnity 4.22.7)
HTTP proxy + certification engine recording AI sessions as ai.claude.*, ai.observation.*, and ai.certification.* events. All 42 claude events + 15 observation + 4 certification implemented and tested.
OpenEarth Messenger (Kotlin, Trixnity 5.4.0)
Compose Multiplatform client with 116 custom views across 6 domains. Approval buttons, cost dashboards, session monitoring, colour-coded accent bands.

Protocol Spec on Codeberg

Licensing

Two layers, split by the wire protocol:

Protocol spec — Apache 2.0
Bridges — AGPL 3.0
Messenger — AGPL 3.0

Full Licensing Details

Discussion

Join the protocol design discussion:

#foundation-protocols:matrix.openearth.network

We welcome feedback on event design, governance patterns, and potential MSC candidates from the Matrix community.

The Protocols Foundation

A vendor-neutral standards body maintaining the foundation.protocols.* namespace. Currently initiated by VakeWorks. Seeking co-maintainers and organisations interested in domain-specific Matrix protocol extensions.

The protocol spec is separate from any implementation. openearth.network provides reference implementations. Any organisation can implement foundation.protocols.* events on their own Matrix infrastructure.