Skip to content

ADR 005: Forensic Identity Lifecycle (Standard 78)

Status

ACCEPTED (Jan 11, 2026)

Context

The platform's initial authentication system relied on static development bypasses and lacked a formal state machine for user onboarding, verification, and revocation. To achieve "Forensic Grade" governance, we require a lifecycle model that asserts identity through cryptographic proof, multi-factor verification, and time-bound access.

Decision

We will implement the Forensic Identity Lifecycle (Standard 78), a unified state machine governed by the environment context (Dev, Test, Prod). This system replaces the static bypass with lifecycle-aware simulations and enforces stringent proof-of-ownership and identity requirements in production.

Key Principles

1. Environment Tri-Tier Model

  • Development: Full bypass via pre-defined "Lifecycle Scenarios" using the emulator.
  • Testing: Semi-persistent states for E2E validation.
  • Production: Forensic-only, requiring dual-band verification and manual audit.

2. Multi-Step Verification (Dual-Band)

All production credentials require a "Return-to-Sender" loop: - Band 1 (Email): Token-based verification. - Band 2 (SMS/WhatsApp): Physical device control verification (Cell phone mandatory).

3. Zero-Permanency (Standard 79)

No access is permanent. Every persona is bound by an AccessExpiryDate linked to the underlying forensic proof (Lease, Contract, Deed, or ID expiration).

4. Forensic Storage Vault (Standard 80)

Sensitive artifacts (Deeds, IDs) are stored in an isolated, private partition (gs://singular-dream-forensic-vault) accessible only via short-lived Signed URLs.

Mandatory bilingual (English/Spanish) acknowledgment of responsibilities and ARCO rights under Mexican law (LFPDPPP).

6. High-Fidelity Capture (Standard 82)

User avatars must be captured through forensic-ready methods: - Biometric Preview: Live camera snap for "Life in the Moment" proof. - Document Integrity: Structured upload path for official identification portraits.

7. Unified Auth Entry (Standard 90)

Authentication occurs within a glassmorphic Auth Terminal: - Visual Parity: 50/50 split between Community Branding (Left) and Identity Gateway (Right). - Identifier-First: Decouple identity entry from verification methods to support polymorphic MFA.

Consequences

  • Security: Significantly hardens the platform against unauthorized access and role-shadowing.
  • Auditability: Provides an immutable record of every identity transition, approved by a verified agent.
  • Complexity: Increases the onboarding friction for users, mitigated by the clear, multi-step UI flow.
  • Governance: Enables legally valid electronic voting and official community motions through notary-ready credentialing.