UBL (Universal Business Language) 2.0 turns natural-language intent into immutable, verifiable business execution.
This repository is a minimal, production-oriented kernel that:
- evaluates Chips (pure decisions) deterministically,
- executes Programs (orchestration + Effects) atomically against a versioned ledger,
- emits cryptographic Proofs for every decision,
- and supports a Trust Architecture that treats all inputs (including LLM output) as hostile until validated.
If you can replay it, you can audit it. If you can audit it, you can trust it.
Modern systems fail in two ways:
- decisions are opaque (βwhy did this transfer happen?β), and
- LLM-driven automation increases surface area (prompt injection, context poisoning, silent drift).
UBL 2.0 solves this by making every decision a content-addressed artifact:
- Chip: pure boolean policy evaluated over explicit context
- Program: binds context + applies ordered, atomic effects
- Ledger: append-only effect history with state versioning
- Proof: replayable evidence that a chip evaluated correctly
- Kernel: the smallest trusted code that runs everything else
UBLβs goal is not βsmarter automationβ. Itβs auditable automation.
- Deterministic expression evaluation (no hidden state)
- Canonical JSON (JCS / RFC 8785 style) hashing for content-addressable IDs
- SHA-256 hashing for chips, proofs, and ledger records
- Optional Ed25519 signing + verification for proofs and ledger records
- Atomic persistence (
tmp β fsync β rename β dir sync) for crash safety - Optimistic concurrency with
target_versionchecks - Chain-hashed ledger records (
previous_record_hash β record_hash) for tamper evidence - Structured logging (tracing)
- Isolation Barrier endpoint to validate/normalize βuntrusted inputβ into a typed envelope
- Standard-library program packs (organized by theme) to enforce
- circuit breakers,
- multisig approvals,
- vendor allowlists,
- transfer limits,
- escalation workflows.
The Trust Architecture is grounded in the principle that βtrust must be computable and replayableβ, and is designed to resist prompt injection and untrusted orchestration.
A Chip is a pure policy:
- input:
context - output:
ALLOW (1)orDENY (0)
It contains Gates (named conditions) combined by a Composition strategy (ALL/ANY/MAJORITY/WEIGHTED).
A Program:
- receives inputs,
- builds context (
input | ledger | computed), - evaluates a chip,
- applies ordered Effects (atomic, all-or-nothing),
- writes an EffectRecord to the ledger.
A Proof includes:
- chip hash,
- context snapshot,
- per-gate results,
- final result,
- deterministic proof hash,
- optional signature.
Anyone can verify by re-running the chip against the snapshot.
ubl_core/
βββ Cargo.toml
βββ README.md
βββ src/
β βββ main.rs # Axum server & routes
β βββ api.rs # HTTP API: execute/register/verify + registry + barrier
β βββ engine.rs # Deterministic evaluation, JCS hashing, signatures
β βββ ledger.rs # Atomic persistence + versioned state + history chain
β βββ types.rs # Strict AST + request/response types
β βββ trust_barrier.rs # Isolation Barrier processor
β βββ ...
βββ stdlib/
β βββ program_packs/
β βββ entities.json
β βββ agreements.json
β βββ payments.json
β βββ financial.json
β βββ reputation.json
β βββ workspaces.json
β βββ trust.json
βββ examples/
β βββ trust/
β βββ invoice_barrier.json
βββ docs/
βββ UBL-Trust-Architecture.md
βββ UBL-Trust-Architecture.docx
cd ubl_core
cargo build --release
./target/release/ubl_coreBy default the ledger is persisted to:
ubl_ledger.json(in the working directory)
This build supports optional API auth and signing keys (recommended for publication deployments).
# API key for HTTP requests (optional but recommended)
export UBL_API_KEY="change-me"
# Optional signing keys (Ed25519). If present, the kernel signs proofs and ledger records.
export UBL_ED25519_SIGNING_KEY_B64="..."
export UBL_ED25519_VERIFYING_KEY_B64="..."Base URL: http://localhost:8000
curl http://localhost:8000/healthcurl -X POST http://localhost:8000/register \
-H "content-type: application/json" \
-H "x-ubl-key: $UBL_API_KEY" \
-d '{
"type": "chip",
"data": { "name": "standard_transfer", "gates": [...], "composition": {"type":"ALL"} }
}'curl -X POST http://localhost:8000/register \
-H "content-type: application/json" \
-H "x-ubl-key: $UBL_API_KEY" \
-d '{
"type": "program",
"data": { "name": "execute_transfer", "context": [...], "evaluate": "<chip_hash>", "on_allow": [...], "on_deny": [...] }
}'curl -X POST http://localhost:8000/execute \
-H "content-type: application/json" \
-H "x-ubl-key: $UBL_API_KEY" \
-d '{
"program": "execute_transfer",
"inputs": { "from_id": "w1", "to_id": "w2", "amt": 100 },
"target_version": 12
}'Response includes:
result(ALLOWED / DENIED)proof(replayable decision evidence)effect_record(ledger block metadata)
curl -X POST http://localhost:8000/verify \
-H "content-type: application/json" \
-H "x-ubl-key: $UBL_API_KEY" \
-d '{ "proof": { ... }, "chip": { ... } }'Returns { "valid": true|false }.
curl -H "x-ubl-key: $UBL_API_KEY" http://localhost:8000/registry/chips
curl -H "x-ubl-key: $UBL_API_KEY" http://localhost:8000/registry/programscurl -X POST http://localhost:8000/barrier/process \
-H "content-type: application/json" \
-H "x-ubl-key: $UBL_API_KEY" \
-d '{
"content_type": "invoice",
"payload": { "vendor_id": "ACME", "amount": 149.99, "currency": "USD", "date": "2025-12-14" }
}'The barrier returns validated_fields (normalized) plus a deterministic content_hash that can be referenced from chips/programs.
This repo ships program packs organized by theme. These are governance scaffolding that demonstrate UBL patterns β they do not replace your business logic, but show how to structure trust policies.
entities.json- Entity lifecycle, freezing/unfreezing, guardian managementagreements.json- Agreement proposals, signing, activation, obligationspayments.json- Basic transfers, wallet management, escrow operationsfinancial.json- Credit requests, loan management, invoice processing, asset registryreputation.json- Reputation updates, staking, slashingworkspaces.json- Workspace creation, shadow entity managementtrust.json- Trust Architecture patterns (circuit breakers, shadow validation, multisig, capability gating)
Programs reference chips by name using evaluate: "CHIP:<name>". Register chips first, then programs:
# Start the server
cargo run --release
# Register packs (chips must be registered before programs that reference them)
python3 scripts/register_pack.py stdlib/program_packs/entities.json
python3 scripts/register_pack.py stdlib/program_packs/agreements.json
python3 scripts/register_pack.py stdlib/program_packs/payments.json
python3 scripts/register_pack.py stdlib/program_packs/financial.json
python3 scripts/register_pack.py stdlib/program_packs/reputation.json
python3 scripts/register_pack.py stdlib/program_packs/workspaces.json
python3 scripts/register_pack.py stdlib/program_packs/trust.jsonPrograms use template interpolation (e.g., {amount}, {entity_id}, {now}) which is resolved deterministically at execution time and stored in EffectRecord for replayability.
The Trust Architecture is implemented primarily through Chips and Programs, not kernel modifications.
-
Isolation Barrier - Untrusted input is validated and normalized via
POST /barrier/processbefore entering the system. This ensures data never becomes executable logic. -
Atomic Operations - All effects apply atomically. Ledger commits are crash-safe. EffectRecords are chain-hashed and optionally signed.
-
Shadow Validation - Anomaly detection through chips that check patterns (limits, counterparties, timing). Integrated into decision chips or wrapped in trusted programs.
-
Trajectory-Based Identity - Trust accumulates through verifiable history. Chips gate capabilities based on thresholds and age using built-in functions like
age(),before(),after(). -
Circuit Breakers - Rate limits and thresholds enforced via chips and ledger state. Built-in functions (
add,sub,time_bucket) support threshold management. -
Multi-Signature - Two approaches:
- Program-level: store approvals in ledger, require
length(approvals) >= threshold - Cryptographic: use
verify_ed25519(pk_b64, msg, sig_b64)built-in function
- Program-level: store approvals in ledger, require
Kernel responsibilities are minimal:
- Deterministic hashing/canonicalization (JCS)
- Deterministic evaluation semantics
- Signature primitives (Ed25519)
- Atomic persistence & concurrency
Everything else β approvals, rate limits, circuit breakers, LLM output validation β is expressed as:
- Barrier β ValidatedData (typed, non-executable)
- Chips β decision policies (pure boolean functions)
- Programs β orchestration and governance effects (atomic state changes)
See examples/trust/ for implementation templates and stdlib/program_packs/trust.json for complete patterns.
Trusted
- The kernel implementation (this repo)
- Hash + signature algorithms (SHA-256, Ed25519)
- Bootstrap assumptions (how initial chips/programs are installed)
Untrusted
- Program/chip payloads submitted by users
- External inputs (HTTP payloads, LLM outputs, vendor data)
- Any remote system referenced by orchestration
Mitigations
- Isolation Barrier: typed normalization + content hashing for untrusted payloads
- Content-addressed chips: policy is immutable once referenced by hash
- Replayable proofs: every decision is independently verifiable
- Chain-hashed history: ledger tampering is detectable
- Optional signatures: origin authentication for proofs and records
- Version checks: prevent concurrent βdouble spendβ writes
- Trust Architecture Specification: See
docs/UBL-Trust-Architecture.mdfor the complete technical specification - Examples: See
examples/trust/for Trust Architecture implementation patterns
This project is dual-licensed under MIT OR Apache-2.0. See LICENSE-MIT and LICENSE-APACHE for details.
This is a publication-oriented kernel: small, auditable, and intentionally minimal.
If you want βenterprise featuresβ (multi-tenancy, quotas, policy distribution, replication/consensus), keep them outside the kernel β as chips, programs, or sidecar services β so the trusted base stays small.