Terms of Verification

A contractual mechanism that initiates payout based on a measured physical parameter (e.g., earthquake magnitude, wind speed, rainfall depth) rather than on assessed losses. The trigger fires when the parameter exceeds a pre-agreed threshold, regardless of actual damage. Removes the need for loss adjustment but introduces basis risk — the possibility that the parameter triggers without corresponding loss, or vice versa.

A contractual mechanism that initiates payout based on actual incurred losses as determined through claims adjustment and loss assessment. Unlike parametric triggers, indemnity triggers eliminate basis risk but require extended settlement timelines (often months) for loss determination. Most traditional reinsurance uses indemnity triggers.

A debt instrument that transfers catastrophe risk from a sponsor (typically an insurer or reinsurer) to capital market investors via a Special Purpose Vehicle (SPV). Investors receive coupon payments in return for bearing the risk that principal may be partially or fully lost if a qualifying catastrophic event occurs. The trigger mechanism — parametric, indemnity, modeled loss, or industry index — determines when and how principal is at risk.

Broad category of financial instruments whose value is affected by insured loss events. Includes catastrophe bonds, industry loss warranties (ILWs), sidecars, and collateralized reinsurance. ILS allows insurance risk to be transferred to capital markets, providing sponsors with additional capacity beyond traditional reinsurance.

A legally independent entity created solely to isolate financial risk. In cat bond structures, the SPV issues notes to investors, holds collateral in a trust account, and enters into a reinsurance agreement with the sponsor. Bankruptcy-remote by design — the SPV's obligations are limited to the transaction it was created for.

The independent third party designated in a cat bond or ILS contract to determine whether a trigger event has occurred and to calculate the resulting loss. Typically a recognized firm (e.g., PCS, PERILS, Swiss Re) whose determination is contractually binding. The calculation agent's methodology is generally proprietary and non-replayable — the determination is binding by contract, not by independently verifiable evidence.

The formal process by which a calculation agent or designated party establishes the financial loss resulting from a trigger event. In parametric structures, this involves verifying the physical parameter against the trigger threshold. In indemnity structures, this involves aggregating and adjusting claims. Loss determination is the step that converts a physical event into a financial obligation.

The loss threshold at which a cat bond or reinsurance layer begins to respond. Below the attachment point, the sponsor retains the loss entirely. Above it, the risk transfer mechanism activates. Expressed as a dollar amount, percentage of portfolio, or parametric threshold (e.g., M7.0 within 200km of a defined location).

The loss level at which a cat bond or reinsurance layer is fully consumed. Above the exhaustion point, the sponsor bears any additional loss (unless covered by higher layers). The range between attachment and exhaustion defines the layer's limit — the maximum amount the risk transfer mechanism will pay.

The total estimated loss before any insurance or reinsurance terms are applied. GUL represents raw damage to exposed assets, calculated from hazard intensity (e.g., ground shaking), exposure data (location and value of assets), and vulnerability functions (damage curves). GUL is the starting point — financial module calculations then apply deductibles, limits, and policy structures to derive insured loss.

A mathematical model that estimates ground shaking intensity (typically Peak Ground Acceleration or Spectral Acceleration) at a given distance from an earthquake source, accounting for magnitude, depth, site conditions, and tectonic regime. GMPEs are the core physics engine converting seismological parameters into hazard values that drive loss estimation.

A geographic grid cell in a catastrophe model that represents a discrete area of peril exposure. Each areaperil has a unique identifier and is associated with hazard intensity values for a given event. The total number of activated areaperils in a footprint determines the spatial extent of loss estimation. Finer grids capture more geographic detail but increase computational cost.

A dataset describing the location, value, and characteristics of assets at risk. In catastrophe modeling, the exposure model maps insured values to geographic grid cells (areaperils). The quality and granularity of exposure data directly determines the accuracy of loss estimates. Production exposure models reflect actual portfolio positions; demonstration models (like Sovrient's uniform $1M/cell) establish pipeline validity without proprietary data.

A mathematical function that maps hazard intensity to expected damage ratio. Given a ground shaking value (from the GMPE) and building characteristics, the vulnerability curve outputs the expected proportion of value that is damaged. Different construction types, occupancies, and building codes produce different vulnerability curves. These curves, combined with hazard and exposure, complete the loss estimation triangle.

The risk that a parametric trigger does not accurately reflect actual losses. A trigger may fire without corresponding damage (sponsor overpays), or actual damage may occur without the trigger firing (sponsor is unprotected). Basis risk is the fundamental trade-off of parametric structures: speed and transparency in exchange for imperfect correlation between parameter and loss.

The insurer or reinsurer that transfers risk to another party through a reinsurance or cat bond transaction. The cedent is the buyer of protection — the party that pays premiums (or coupons) in exchange for coverage. Also called the "sponsor" in cat bond structures.

Reinsurance purchased by a reinsurer to transfer a portion of the risks it has assumed. In effect, reinsurance of reinsurance. Retrocession creates additional layers of risk transfer and is a key mechanism for distributing catastrophe exposure across the global market. Retrocessionaires assume the tail risk that primary reinsurers seek to offload.

An open-source catastrophe modeling platform maintained by the Oasis Loss Modelling Framework. Provides a standardized execution pipeline: eve → getmodel → gulcalc → fmcalc → summarycalc. Unlike proprietary vendor models (RMS, AIR, CoreLogic), Oasis LMF is transparent, auditable, and deterministically replayable — making it suitable for evidence-grade loss computation.

Sovrient's methodology for turning documents, measurements, and decision structures into deterministic, sealed, bounded machine surfaces that autonomous systems can consume without hidden interpretation steps. An ANATOP surface is deterministic, cryptographically bound to its inputs, and explicit about what it proves and what it does not prove.

An entity whose measurement outputs are independently verifiable by any party without cooperation from the authority itself. Unlike traditional measurement authorities whose credibility rests on institutional reputation, a VMA's authority derives from the cryptographic and procedural properties of its evidence chain. If the evidence cannot be independently verified, the VMA designation does not apply.

A class of intelligence derived from publicly available data that has been multi-source corroborated, cryptographically sealed, and made deterministically replayable. VOSINT extends OSINT by adding three properties: Verified (integrity-checked at ingestion), Verifiable (independently recomputable), and Witnessed (existence and timing attested). OSINT classifies access. VOSINT classifies admissibility.

The three non-overlapping properties that distinguish VOSINT from OSINT. V₁ Verified: data passed explicit integrity checks at ingestion — mechanically confirmed, not assumed. V₂ Verifiable: any third party can independently recompute and confirm the same result — deterministic, not reputational. V₃ Witnessed: data existence, state, and timing were independently attested — non-repudiable via Merkle seals and timestamps. Each property is independently necessary; all three are jointly sufficient.

Sovrient's governed memory runtime and replayable path-validity engine. MAS evaluates candidate paths over declared state under explicit policy artifacts, contradiction handling, exclusion rules, and emission controls. Its role is admissibility and governed traversal, not generic chat memory or convenience retrieval.

A deterministic decision-scoring function computed from declared loss, risk, weighting, and verification-cost inputs under fixed ordering and rounding rules. NERV consumes only MAS-governed or otherwise admitted inputs, binds threshold configuration into the receipt, and emits a replayable score artifact rather than a discretionary narrative conclusion.

A bounded early-stage publication artifact showing that Sovrient already holds the source surface, manifest discipline, replay posture, and non-claim boundaries for a lane, without claiming that the lane is fully operational at production maturity. A governance seed proves infrastructure and evidence handling are in place; it does not imply full anomaly adjudication, live operational coverage, or completed downstream automation.

The reconstruction of why a machine-supported workflow landed where it did in evidentiary terms: what it saw, what it selected, what it excluded, and what it carried forward into the resulting posture. This is stronger than an execution trace alone, but narrower than a claim to expose inner model consciousness, latent state, or human-like intent.

A published Sovrient lane that applies manifested, bounded, replay-oriented evidence handling to authoritative open U.S. coastal AIS data. In current public form, it exposes a real Hampton Roads source slice, a local manifest, and a governance seed over that slice with explicit limits around liveness, geographic completeness, and anomaly claims.

A deterministic, replayable, multi-source estimate of physical quantities (for example, ground-up loss) generated within a closed attestation window and cryptographically sealed. The value is governed by input provenance, deterministic computation, and signature verification — not by institutional reputation alone.

A later, contractual output produced by a named calculation agent under treaty terms. It is authoritative by contract, but typically non-replayable as a public computation artifact. Its epistemic role is settlement determination, not independently sealed physical evidence.

Number of validated auxiliary physical observations included alongside the primary seismic corroboration set (for example GNSS/NaVIC/QZSS telemetry and NOAA-derived feeds). Auxiliary witnesses are non-gating in default mode unless explicitly required by policy, but materially strengthen evidentiary posture.

A draft specification for treaty-grade settlement evidence, structured as nine clauses: §1 Corroboration, §2 Sealing Order, §3 Computation, §4 Attestation, §5 Replay, §6 Auxiliary Witnesses, §7 Failure Semantics, §8 Model Versioning, §9 Event Closure. Designed as a treaty addendum — not a replacement for existing calculation agents, but an additive evidentiary layer. Tolerances and parameters are configurable per treaty; the specification defines the structure, not the thresholds.

The point at which an observed seismic event is declared complete for the purposes of settlement evidence. Event closure is semantic (defined by cross-network corroboration convergence), not purely temporal. The Primary Event Attestation captures the mainshock once cross-network agreement stabilizes and before secondary seismic activity is incorporated. Aftershocks are attested separately and do not retroactively modify the primary event record. This prevents trigger drift, retroactive reinterpretation, and scope creep in disputes.

The sealed evidentiary record of a single seismic event — one trigger decision, one corroboration record, one settlement computation. Bounded by the Event Closure Boundary. Deterministic, replayable, and immutable once sealed. This is what financial instruments reference. Later revisions or aftershocks produce new attestations; they do not amend the primary record.

A sealed evidentiary record of seismic activity occurring after the Event Closure Boundary of a Primary Event Attestation. Aftershocks are attested independently, with their own corroboration records, timestamps, and GUL computations, and do not retroactively modify the primary event record. Aftershock attestations may be aggregated for damage accumulation analysis, claims handling, or reinsurance exhaustion assessment, but are not used to redefine trigger eligibility for the primary event. Related but non-identical — each aftershock is its own semantic object.

A time-bounded GUL snapshot produced before day closure, computed from corroborated events observed up to the publish timestamp. Intraday GUL is sealed, signed, and independently replayable for that observation window, but is not treated as final for the full UTC day. As additional events are corroborated later in the day, a subsequent run may produce a different daily total.

The canonical daily GUL record generated after full day pull and corroboration close for a given UTC date. Day-Close GUL is the settlement-grade daily reference for that date in Sovrient's strict lane. It is the value intended for final day-level anchoring and downstream governance decisions.

A sealed intraday measurement artifact for Canonical market lanes that records deterministic totals, witness hashes, and replay references for a specific date. Its role is evidentiary state publication, not discretionary trading advice.

A cross-feed comparison artifact that quantifies divergence between provider lanes (for example POLYGON_SIP vs YFINANCE) over aligned intraday windows. It records row counts, per-window deltas, and aggregate deltas under a fixed metric definition.

The signed difference between two declared feed totals for the same date, universe, and metric specification. In Sovrient market lanes this is displayed as a measured quantity with full witness traceability and reproducible source inputs.

A cryptographically sealed artifact documenting the quantified agreement between independent seismological networks for a confirmed event. Contains: source identifiers, reported parameters (location, magnitude, origin time), computed agreement metrics (spatial distance in km, temporal delta in seconds, magnitude delta), tolerance thresholds applied, and confirmation status. Sealed before any loss calculation executes — input integrity precedes financial computation.

The daily record of all data source ingestion attempts, including successful fetches (with SHA-256 hashes of raw response bodies) and failed fetches (with error details). The manifest is the first artifact produced each day and establishes the provenance chain for all downstream computation. Failures are recorded, not suppressed — a manifest with a recorded GFZ connection reset is more trustworthy than one that silently omits the source.

The complete settlement evidence package for a given day or event, containing: witness manifest, corroboration artifact, individually hashed computation inputs, GUL output, Ed25519 signature, and ISO 8601 generation timestamp. All bundle components are ordered deterministically prior to hashing. The bundle constitutes the settlement proof of record and is independently verifiable without cooperation from Sovrient.

The principle that verification should be a property of the computation itself, not an external audit applied after the fact. A system exhibits computational assurance when every step from raw observation to financial output is mechanically deterministic, independently replayable, and cryptographically sealed — such that the evidence chain exists as an intrinsic byproduct of operation, not as a retrospective report.

Zero computational drift between measurement runs. When the same inputs are processed through the same pipeline with the same parameters, the output hash is identical — not approximately equal, not within tolerance, but bit-for-bit identical. DT0 is the empirical proof that the system is deterministic. It is demonstrated daily through hash comparison across the backfill range.

A system design principle where any verification failure results in no output rather than degraded output. If a data source is unreachable, the system does not approximate — it stops and records the failure. If a hash does not match, publication is treated as technical non-conformance pending contractual adjudication. No partial verification is accepted. Any exception handling must be explicitly disclosed and contract-governed. This is the opposite of "best effort."

Sovrient's foundational verification framework applying formal mathematical proofs and cryptographic sealing to create deterministic, reproducible measurements. DAROC defines the operational procedures for ingestion, corroboration, computation, sealing, and attestation that underlie both the seismic verification pipeline and the broader Computational Assurance methodology. Formally verified using ACL2 theorem proving.

A framework where measured market or environmental turbulence becomes cryptographically verified collateral. Rather than static asset pledging, kinetic collateralization derives collateral value from the verified state of dynamic phenomena — seismic activity, market volatility, environmental measurements — with the verification itself providing the assurance layer that traditional collateral provides through custody. In Sovrient's context, a sealed seismic attestation can function as collateral for parametric settlement logic — the verified event state replaces the custodied asset.

A cryptographic hash function that takes any input (a file, a number, an entire database) and produces a fixed 256-bit (64-character hexadecimal) output called a digest. The same input always produces the same digest. Even a single bit change in the input produces a completely different digest. It is computationally infeasible to find two different inputs that produce the same digest, or to reconstruct the input from the digest. This is the foundation of tamper evidence — if you know the expected hash, you can verify that data has not been altered.

A digital signature algorithm based on elliptic curve cryptography (Edwards curve). Sovrient uses Ed25519 to sign attestation bundles — the private key creates a signature that anyone with the corresponding public key can verify. This proves that a specific key holder produced the attestation and that the content has not been modified since signing. Ed25519 is widely regarded as the strongest standard signature scheme for its key size, offering 128-bit security.

A single hash that summarizes an entire dataset through recursive pairwise hashing. Individual data items are hashed (leaf nodes), then pairs of hashes are combined and hashed again, recursively, until a single root hash remains. Changing any leaf changes the root. This allows efficient verification: you can prove a specific item belongs to the dataset by providing only the item and a short "proof path" (log₂ N hashes) rather than the entire dataset. Sovrient uses Merkle roots to seal multi-day backfill ranges into a single verifiable commitment.

The ability for any independent party to re-execute the exact computation and obtain a bit-for-bit identical result. Requires: declared model version, declared input dataset (by hash), declared random seed (if applicable), declared sample count, and declared execution command. Replay execution is defined over these published parameters — environmental variance outside these bounds (hardware, OS, filesystem ordering) is out of scope. Replay must produce identical canonical hash output.

A governance boundary where source bytes and capture-window metadata are sealed first, before model transforms, financial computation, or legal narrative.

A state in which independent verifiers converge on one published value under shared consensus rules.

For declared canonical inputs, configuration, ordering, window constraints, and rounding semantics, computation has exactly one valid output and one canonical hash.

The state in which a measurement or computation is sealed such that any modification is detectable. Once an attestation bundle is hashed and signed, its content is final — not because an authority declared it final, but because the mathematics make undetected alteration infeasible. Finality here is a cryptographic property, not an institutional declaration. It does not mean the measurement is correct; it means the measurement is immutable and auditable.

A browser security mechanism that allows web pages to verify that external scripts have not been tampered with. When a page specifies an SRI hash for a script, the browser computes the hash of the downloaded file and compares it — if they don't match, the script is blocked. Sovrient uses SRI on all external dependencies (GSAP animation libraries) to ensure that a compromised CDN cannot inject malicious code into the landing page.

A browser-enforced security layer that restricts what resources a web page can load and execute. Sovrient's CSP constrains execution to declared origins, prevents iframe embedding (anti-clickjacking), and locks the page to explicit source allowlists. Current policy includes controlled inline script/style allowance for deterministic rendering; all external scripts are still pinned with SRI. This aligns with fail-closed philosophy: unauthorized external code is blocked in the evidence presentation layer.

An attestation hash published to a public blockchain, creating a timestamped, immutable proof of existence that is independent of Sovrient's infrastructure. If Sovrient disappears, the on-chain witness remains — anyone can verify that a specific attestation existed at a specific time by checking the public ledger. The witness does not store the attestation content on-chain; it stores only the hash, which is sufficient for proof of existence and integrity verification.

The requirement that all bundle components are ordered deterministically prior to hashing. Without canonical ordering, the same set of components could produce different Merkle roots depending on the order they were processed. Canonical ordering ensures identical roots regardless of reconstruction path — a necessary condition for independent replay to succeed.