Contribute source-bound profiles, not private truth.
A useful contribution names the act, pins the source, declares fields, explains judgement and states what the profile refuses to prove.
The goal is not to grow a large catalogue fast. The goal is to grow a catalogue that can withstand institutional inspection.
Profile creation is a public evidence workflow.
Start with source material, not product features. Then produce a profile only after the traceability path is visible.
A profile should read like an audit object.
The minimum profile should include act_type_id, display name, regulatory citation, required claim fields, optional fields, evidence labels, issuer roles, witness roles, signature policy and test vector reference.
{
"schema": "actproof.act_profile.v3",
"act_type_id": "op:eu.nis2.article23.incident_notification.v1",
"display_name": "NIS2 Article 23 incident notification",
"regulatory_citation": {...},
"required_claim_fields": [...],
"required_evidence_labels": [...],
"recommended_witness_roles": [...],
"signature_policy": {...},
"claim_boundary": "source-binding only"
}NIS2 Article 23 should be added cautiously.
The profile should avoid implying that notification completeness, significance assessment or competent authority acceptance can be technically certified.
A profile is not ready because it validates.
Validation is necessary, not sufficient. Institutional readiness requires source binding, explainable fields, reproducible test vectors, challenge routes and refusal language.
- official source pinned by hash
- test vector generated deterministically
- field-to-source mapping documented
- claim boundary explicit
- valid JSON only
- AI-generated schema with no source notes
- marketing language in field descriptions
- legal conclusions embedded in status names