The v0.6 predicate primitive is a standalone signed artifact for authority, scope, policy, eligibility, or bounds evaluations. It does not replace mandates, attestations, or ApprovalReceipts. Those primitives remain authoritative for their own domains; predicates package a typed condition into a portable artifact.
New emissions write type as the predicate-type field. Readers accept legacy predicate_type only when type is absent.
Required fields:
predicate_id: urn:concordia:predicate:<id>type: predicate type profile URNauthority: authority namespaceissuer: DID or service idsubject: subject identifiercondition: profile-defined objectissued_at, expires_at: ISO 8601 timestampsreferences: attestation-style referencesalgorithm: EdDSA or ES256status: active, expired, revoked, or suspendedsignature: base64url signatureOptional fields: validity, constraints, delegation_chain, revocation_endpoint, revoked_at, and metadata.
Predicate signatures cover RFC 8785 JCS canonical JSON bytes with signature removed. The reference signer emits Ed25519 through algorithm: "EdDSA". ES256 is accepted by the schema but not emitted by the v0.6 reference signer.
condition.result is allowed only when the predicate type profile declares deterministic semantics. Non-deterministic profiles with condition.result fail at sign time and verify time with schema_invalid.
concordia.predicate.verify_predicate(predicate, *, resolver=None) returns PredicateVerificationResult with stable failure reasons:
schema_invalidbad_signatureexpiredrevokedunknown_authorityref_mismatchwrong_subjectresolver_missThe verifier validates schema, profile semantics, resolver bindings, signature, lifecycle, subject binding, references, revocation, and ApprovalReceipt composition warnings.
concordia.predicate_resolver.BasicHttpsResolver resolves signed predicates from HTTPS or a local mirror. It caches by predicate id with ETag and canonical SHA-256 metadata, validates parseability and signature, and returns None for soft misses. Transport and parse failures raise ResolverProtocolError.
Authority predicates map to:
{
"claim_type": "authority",
"claim_subtype": "predicate_evaluation",
"artifact_ref": "urn:concordia:predicate:pred_001",
"issuer": "did:web:operator.example#policy",
"subject": "urn:sanctuary:action:tool_call_9d4e8f01",
"authority": "urn:concordia:authority:policy",
"verified_at": "2026-05-14T00:00:00Z",
"result": "satisfied"
}
Predicate references preserve unknown type and relationship strings as opaque read-side values. A reference with type: "receipt" and relationship: "fulfills" composes with ApprovalReceipt verification when that verifier is importable. If not, predicate verification records approval_receipt_verifier_unavailable as a warning and continues.