Skip to content

Scope and Governance

A Scope is the unit of governance in the SmartPoints architecture (ADR-088 Layer 4). It wraps a sovereign identity (DID), enforces policies, manages actors, and maintains a registry of connectors to external services.

A user's SmartBrain app equals one Scope. One Scope controls one or more SPTOS host instances. Cross-scope relationships require bilateral SmartPoint pair negotiation.

Architecture

text
Scope (governance boundary)
  +-- ScopePolicy (rules + resource budget)
  +-- ActorRegistry (actor lifecycle)
  +-- ConnectorRegistry (hexagonal adapters)
  +-- RendezvousManager (capability invitations)
  +-- SmartPointPairs (cryptographic channel references)

What a Scope Is

A Scope is a governance boundary that:

  • Wraps a sovereign identity (DID via spt-aid)
  • Enforces policies on actor creation, connector access, data sharing, and resource budgets
  • Manages the lifecycle of SmartPoint pairs (creation, revocation)
  • Maintains a registry of Connectors (hexagonal adapters to external services)
  • Manages Actor Constellations (groups of agents within the scope)
rust,ignore
use sptos_scope::Scope;

let scope = Scope::create("my-brain", "did:said:1:sw:blake3_abc123");

Policy Enforcement

The ScopePolicy governs what actions are permitted within a Scope. Policies are evaluated against a PolicyContext and return a PolicyDecision (allow, deny, or escalate).

rust,ignore
use sptos_scope::{ScopePolicy, PolicyRule, PolicyAction, PolicyContext, ResourceBudget};

let policy = ScopePolicy::new()
    .with_rule(PolicyRule::new(
        "agent-creation",
        PolicyAction::RequireApproval,
    ))
    .with_budget(ResourceBudget {
        max_actors: 50,
        max_connectors: 10,
        max_pairs: 100,
    });

Policy Actions

ActionDescription
AllowPermit the operation without restriction
DenyBlock the operation
RequireApprovalAllow with human approval
RateLimitAllow within rate constraints

Resource Budget

Each Scope has a ResourceBudget that caps the number of actors, connectors, and SmartPoint pairs it can create.

Actor Management

Actors are agents or services operating within a Scope. Each actor has a lifecycle state, a set of capabilities, and is bound to the Scope's policy.

Actor States

text
Created --> Active --> Suspended --> Terminated
               |                        ^
               +------------------------+
StateDescription
CreatedActor registered but not yet active
ActiveOperating within the Scope
SuspendedTemporarily paused (policy violation, maintenance)
TerminatedPermanently removed

Creating Actors

rust,ignore
use sptos_scope::Scope;

let scope = Scope::create("my-brain", "did:said:1:sw:blake3_abc123");
let actor = scope.add_actor(
    "assistant",           // name
    "agent",               // type
    vec!["read:docs".into(), "write:notes".into()],  // capabilities
)?;

The ActorRegistry tracks all actors within a Scope and enforces the resource budget.

Connector Framework

Connectors are hexagonal adapters that integrate external services into a Scope. Each connector has a configuration, a set of capabilities it provides, and a lifecycle managed by the ConnectorRegistry.

Local Connectors

Local connectors run within the Scope's SPTOS host instance:

rust,ignore
use sptos_scope::{Connector, ConnectorConfig, ConnectorRegistry};

let registry = ConnectorRegistry::new();
let config = ConnectorConfig {
    name: "github".into(),
    connector_type: "spt-connector-github".into(),
    capabilities: vec!["repo:read".into(), "pr:create".into()],
    settings: Default::default(),
};
registry.register(Connector::new(config))?;

Connector-as-a-Service (CaaS)

Remote connectors run in a separate Scope and are accessed through a SmartPoint pair. The owning Scope retains the connector service via the marketplace and communicates through the encrypted channel.

Available Connectors

CrateServiceCapabilities
spt-connector-githubGitHubRepository, PR, issue operations
spt-entraMicrosoft Entra IDAuthentication, group management
spt-connectors-coreFrameworkBase traits and utilities

Rendezvous Protocol

A Rendezvous is a scope-sealed, time-bounded invitation for one Scope to grant capabilities to a target DID. It is the mechanism for establishing new SmartPoint pairs between Scopes.

Security Properties

  • Non-transferable: Bound to target_did
  • Non-replayable: Nonce + max_activations counter
  • Scope-sealed: source_did signs the permissions
  • Time-bounded: expires_at checked on every operation
  • Revocable: Can be revoked mid-session

Rendezvous States

text
Dormant --> Active --> Expired
              |
              +--> Revoked
StateDescription
DormantCreated but not yet activated by the target
ActiveActivated and in use
ExpiredTTL elapsed
RevokedExplicitly revoked by the source

Creating a Rendezvous

rust,ignore
use sptos_scope::{RendezvousManager, RendezvousConfig};

let manager = RendezvousManager::new();

let config = RendezvousConfig {
    source_did: "did:said:1:sw:blake3_alice".into(),
    target_did: "did:said:1:sw:blake3_bob".into(),
    capabilities: vec!["read:docs".into(), "write:notes".into()],
    ttl_seconds: 3600,
    max_activations: 1,
};

let rendezvous = manager.create(config)?;

// Target activates the rendezvous
let activated = manager.activate(&rendezvous.id, "did:said:1:sw:blake3_bob")?;

// Source can revoke at any time
manager.revoke(&rendezvous.id)?;

Audit Trail

Every rendezvous operation (create, activate, revoke, expire) is recorded as an AuditEntry for compliance and debugging.

Federation

The spt-federation crate manages trust policies between Scopes across organizational boundaries. Federation enables cross-scope SmartPoint pairs with policy negotiation.

Key Types

TypeCrateDescription
Scopesptos-scopeGovernance boundary wrapping a DID
ScopePolicysptos-scopeRules, actions, and resource budgets
PolicyRulesptos-scopeIndividual policy rule
PolicyActionsptos-scopeAllow, Deny, RequireApproval, RateLimit
ResourceBudgetsptos-scopeActor/connector/pair limits
Actorsptos-scopeAgent within a Scope
ActorRegistrysptos-scopeActor lifecycle management
ActorStatesptos-scopeCreated, Active, Suspended, Terminated
Connectorsptos-scopeHexagonal adapter to external service
ConnectorRegistrysptos-scopeConnector lifecycle management
Rendezvoussptos-scopeTime-bounded capability invitation
RendezvousManagersptos-scopeRendezvous lifecycle management
RendezvousConfigsptos-scopeRendezvous creation parameters
RendezvousStatesptos-scopeDormant, Active, Expired, Revoked

Released under the MIT License.