AIKernel.NET
version: 0.0.2 / status: Refactor / edition: Draft / published: 2026-05-16 / updated: 2026-05-16

05. Material Quarantine Spec

1. Purpose

Define the quarantine contract for promoting untrusted data into the Material layer.

2. Scope

  • IMaterialQuarantine
  • IMaterialScanner
  • IStructuredMaterial
  • SourceInfo
  • TrustVector

3. Normative Requirements

  • MQS-001 External input MUST pass quarantine before use.
  • MQS-002 SourceInfo (URI/Hash/Timestamp) is mandatory.
  • MQS-003 TrustLevel MUST be assigned after quarantine.
  • MQS-004 Re-ingested Expression MUST be re-quarantined.
  • MQS-005 ROM Entity Structuralization: Untrusted input MUST be transformed into ROM with entity.type: "material".
  • MQS-006 Multidimensional Trust Scoring: Trust MUST be represented as TrustVector with Integrity, Factuality, and Safety.
  • MQS-007 Reference Integrity: [[id]] references inside material MUST be within SourceInfo provenance bounds or resolvable via IPromptRepository.

4. Fail-Closed

  • MQS-F001 Reject missing provenance or tampered sources.
  • MQS-F002 Quarantine errors prevent reasoning promotion.
  • MQS-F003 Below-threshold trust material is blocked for critical reasoning.
  • MQS-F004 Injection Signature Detection: If prompt-injection markers (for example "Ignore previous instructions") are detected, mark as quarantine failure and emit administrative security event.
  • MQS-F005 Recursive Self-Inclusion Guard: On Expression re-ingestion, reject when generation count tracked via SourceInfo exceeds configured limits.

5. Acceptance Criteria

  • AC1: Non-quarantined input never enters MaterialContext.
  • AC2: Low-trust material is not used in high-trust flows.
  • AC3: Injection-detected input always results in quarantine failure.
  • AC4: Over-limit recursive re-ingestion is rejected.

6. Quarantine Workflow

IMaterialQuarantine promotes data into IStructuredMaterial through the following phases.

  1. Isolation
  2. Accept input in a sandbox isolated from ExpressionBuffer and Orchestration.

  3. Sanitization
  4. Remove control characters and run static scan via IMaterialScanner.

  5. Entity Mapping
  6. Convert unstructured content into ROM entities and attach SourceInfo in YAML metadata.

  7. Trust Vectoring
  8. Compute TrustVector from provenance and scan outcomes.

  9. Context Integration
  10. Place material into trust-scoped MaterialContext slots.

7. Artifact Example (ROM formatted Material)

---\nid: "material.document.001"\ntype: "material"\ntrust_level: 0.85\nsource:\n  uri: "https://example.com/api/v1/data"\n  hash: "sha256:e3b0c442..."\n  timestamp: "2026-05-04T12:00:00Z"\n---\n# Content Summary\n* [status]: [[status.verified]]\n* [summary]: "Sanitized external data summary."\n* [risk_score]: 0.02

Changelog

  • v0.0.0 / v0.0.0.0: Initial draft
  • v0.0.1 (2026-05-06): Version upgrade aligned with documentation guidelines
Source: specs/05.MATERIAL_QUARANTINE_SPEC.md