Add Core 2.0 external review note

docs/CORE_2_EXTERNAL_REVIEW_NOTE.md

@@ -0,0 +1,134 @@
+# DigiEmu Core 2.0 External Review Note
+
+- **Status:** Draft
+- **Scope:** DigiEmu Core 2.0
+- **Purpose:** Helps external reviewers understand what to review and what not to assume.
+
+---
+
+## Review Objective
+
+Reviewers should evaluate whether DigiEmu Core 2.0 clearly defines and preserves:
+
+- Deterministic decision-state artifacts
+- Canonicalization boundaries
+- Replay evidence
+- Hash integrity
+- Verification reports
+- PASS/FAIL outcome preservation
+
+The goal is to verify that DigiEmu maintains a clean separation between its own deterministic verification layer and external trust, identity, attribution, compliance, and operational systems.
+
+---
+
+## What DigiEmu Claims
+
+DigiEmu Core 2.0 claims to provide:
+
+- **Deterministic decision-state snapshot structure** – canonical JSON representation of agent decision state
+- **Declared canonicalization profile boundary** – explicit profile under which state is produced
+- **Decision-state hash references** – cryptographic integrity markers for state verification
+- **Replay consistency evidence** – proof that decision state can be reproduced deterministically
+- **Structured verification reports** – machine-readable evidence of verification outcomes
+- **Portable PASS/FAIL outcomes with preserved report references** – binary results that retain links to full diagnostic evidence
+- **Cryptographic integrity metadata where applicable** – signatures, timestamps, and chain-of-custody markers
+
+---
+
+## What DigiEmu Does Not Claim
+
+DigiEmu Core 2.0 does not claim to provide:
+
+- **Agent identity verification** – DigiEmu verifies decision state, not who produced it
+- **Agent certification** – Certification is outside DigiEmu scope
+- **Trust-tier assignment** – Trust tiers are determined by external systems
+- **Legal liability attribution** – Legal responsibility assignment is external
+- **Regulatory approval** – Regulatory status is determined by external authorities
+- **Moral judgment** – Ethical evaluation is outside DigiEmu scope
+- **Model alignment guarantees** – Alignment verification requires additional frameworks
+- **Full system safety guarantees** – Safety is a property of the complete deployed system
+
+DigiEmu verifies deterministic decision-state integrity and replay consistency within its declared scope.
+
+---
+
+## Boundary Questions for Reviewers
+
+Reviewers should check:
+
+- Is the DigiEmu state identity boundary clear?
+- Is it clear that external systems may reference but not redefine DigiEmu state identity?
+- Are PASS/FAIL outcomes linked back to structured reports?
+- Are non-claims explicit enough?
+- Are TBN-style, AntifragileOS-style, CLARIXO-style, compliance, and audit integrations separated from DigiEmu's own claims?
+- Are examples consistent with the contract?
+
+---
+
+## TBN / Trust Review Focus
+
+TBN-style reviewers should focus on whether the separation between DigiEmu decision-state verification and external agent identity/trust certification is clear.
+
+**Boundary principle:**
+
+- TBN may carry DigiEmu evidence as an external reference
+- TBN must not compute or redefine DigiEmu state identity
+- DigiEmu must not compute or redefine TBN agent trust status
+
+TBN provides provenance, signature, agent identity status, and trust certification. DigiEmu provides decision-state verification. The two systems interoperate through shared references but remain distinct.
+
+---
+
+## AntifragileOS / Operational Review Focus
+
+Operational reviewers should focus on whether DigiEmu PASS/FAIL outcomes and structured reports can safely support before-splice validation without DigiEmu itself becoming the deployment authority.
+
+**Key check:**
+
+- Can external systems act on DigiEmu results while preserving structured report references?
+- Is it clear that DigiEmu PASS/FAIL is an input to external validation flows, not a deployment certification?
+- Are diagnostic evidence preservation rules explicit?
+
+---
+
+## CLARIXO / Attribution Review Focus
+
+Attribution system reviewers should verify that:
+
+- CLARIXO may use DigiEmu artifacts as upstream evidence for responsibility and causality tracking
+- DigiEmu itself does not assign responsibility or legal liability
+- The separation between DigiEmu state verification and CLARIXO attribution logic is clear
+
+DigiEmu provides deterministic decision-state evidence; attribution systems apply their own logic to that evidence.
+
+---
+
+## Compliance / Audit Review Focus
+
+Compliance and audit reviewers should check whether DigiEmu evidence is:
+
+- **Portable** – Can be referenced by external systems without loss of integrity
+- **Traceable** – Clear chain from snapshot to verification report to PASS/FAIL outcome
+- **Scoped** – Explicit about what DigiEmu does and does not claim
+
+Reviewers should verify that DigiEmu artifacts can be incorporated into compliance documentation and audit trails without DigiEmu being misrepresented as a certification or approval authority.
+
+---
+
+## Minimal Reviewer Checklist
+
+- [ ] Boundary is clear between DigiEmu and external systems
+- [ ] Non-claims are explicit and unambiguous
+- [ ] External systems are consumers, not second producers of DigiEmu state identity
+- [ ] PASS/FAIL outcomes do not erase diagnostic evidence
+- [ ] Examples are illustrative and clearly marked as non-production
+- [ ] No external system is collapsed into DigiEmu
+- [ ] DigiEmu remains a deterministic decision-state verification layer
+
+---
+
+## Closing Principle
+
+**DigiEmu Core 2.0 should be reviewed as a deterministic decision-state verification layer, not as a complete trust, identity, liability, compliance, or safety system.**
+
+**The boundary is the value.**