| 1. Definition | 2. Functional Requirements | 3. Syntax | 4. Semantics |
1 Definition
An Item issued by a Distributed Service of an M‑Instance to the corresponding Distributed Service of another M‑Instance to notify suspected non‑compliance by a Process belonging to that other M‑Instance..
2 Functional Requirements
The FDR shall include:
- Identifiers of the Host M‑Instance (A), the Foreign M‑Instance (B), the detecting Process in A, and the implicated Process in B (local alias and, if available, a global identifier).
- Rule Context referencing the governing Rule set(s) in A deemed violated, including version and effective‑time information.
- Evidence references (identifiers and optional hashes) sufficient for verification without disclosure of protected metadata.
- Times modelled as intervals (StartTime required, EndTime optional) for: the FDR creation time and the suspected action window.
- Security and transport hints: idempotency Nonce, optional correlation identifiers, contact endpoint, confidentiality marking, and delivery profile.
- Signature (detached JWS or detached COSE_Sign1) or reference to a Signature Item under Rights/Rules.
3 Syntax
https://schemas.mpai.community/MMM4/V2.2/data/FaultDetectionReport.json
4 Semantics
| Label | Description |
|---|---|
| Header | Fault Detection Report Header |
| – Standard-FaultDetectionReport | The characters MMM-FDR-V |
| – Version | Major version – 1 or 2 characters |
| – Dot-separator | The character “.” |
| – Subversion | Minor version – 1 or 2 characters |
| M-InstanceID | Identifier of Host M‑Instance A (HostMInstance). |
| ForeignMInstanceID | Identifier of Foreign M‑Instance B (ForeignMInstance). |
| FaultDetectionReportID | Identifier of the FDR (ReportId). |
| DetectedByProcess | Identifier of the detecting Process/Service in A. |
| ForeignProcessId | Identifier (as recognised in A) of the implicated Process in B. |
| ForeignProcessGlobalId | Canonical/global identifier of the implicated Process in B (if available). |
| EventType | Controlled vocabulary for the suspected infringement category. |
| Severity | Severity level of the suspected infringement. |
| Confidence | Confidence in the assessment; numeric [0,1] or {low, medium, high}. |
| ReportCreationTime | Time interval representing when the FDR was created (StartTime required; EndTime optional). |
| SuspectedActionWindow | Time interval representing when the suspected behaviour occurred (StartTime required; EndTime optional). |
| RuleContext | Array of references to governing Rule(s) in A (RuleSetId, optional RuleVersionId, EffectiveTime). |
| Evidence | Array of typed references supporting the detection (activity, item, provenance, process, transaction, other), with optional content hash algo:hex. |
| ActionTakenInA | Summary of enforcement already applied by A (e.g., blocked action, suspended session). |
| RequestedActionInB | Optional request to B for corrective action. |
| ContactEndpoint | Optional contact/endpoint at A for follow‑up (may require Authenticate). |
| Transport | Delivery interface profile (profile, version) — e.g., HTTPS‑mTLS, DIDComm, Custom. |
| Confidentiality | Optional confidentiality marking for access control under Rules (Public, Restricted, Confidential; default Restricted). |
| ProtectedMetadataHandling | Optional statement about protected metadata handling / selective disclosure policies. |
| Signature | Digital signature over this Report (detached JWS, detached COSE_Sign1) or reference to a Signature Item. |
