HomeGiveaway10% ReferralBuy EDM

Revoke

What “Revoke” is and isn’t

Revoke is a signed correction to the record. An attestor, registry, or platform key authority declares that a previously counted attestation (or mirror) is no longer valid as submitted. Revocation never rewinds history and never moves money; it pauses only what depends on the bad fact, shows the fix path, and resumes when the dossier is clean. Already-paid slices stay paid unless there’s proven fraud and a contractual set-off applies. Rule remains: No proof, no release. No EMT, no funds.

Who can revoke and what they revoke

Revocation comes from the same trust surface that created the fact: the original attestor (PSI/QA, terminal/carrier, DC/3PL, sensor OEM), an external registry/brand feed (for tokens/wrappers), or the platform (key compromise/suspension). The signal is a signed message bound to the PoV hash and the specific attestation/mirror. Each revocation carries: role id, key id, PoV hash, reason code, timestamp, and signature. The Attestor Registry verifies authority and status.

  • Inspector / PSI: Withdraws a report or corrects a lot/COA.

  • Terminal / carrier: Amends BL, container list, seal photo/number.

  • DC / 3PL: Updates receipt/QA.

  • Sensor OEM: Corrects a temperature stream.

  • Registry / brand: Flips a token/mirror status.

  • Platform: Revokes a key or suspends a role (compromise, policy breach).

What happens on-chain

  1. Accept & scope: The contract verifies the signer and that the revoked attestation was counted at a gate. It computes scope: the affected stage (and only downstream releases that depend on it).

  2. Freeze narrowly: For Trade, only future, unreleased slices for the impacted sub-lots are paused. For Tokens, the listing freezes (settled/retired units get a corrective path, not “unretire”).

  3. Open case: A Dispute Pack is assembled: gate checklist, original files + hashes, revocation notice, timestamps, and a proposed fix (re-inspection, corrected doc, variance, replacement).

  4. Resume on fix: When the dossier is clean, a corrective EMT or a replacement token finalizes (with replaces: old_claim_id), and dependent slices resume.

No money flips, no fee posts, no burn occurs at Revoke. Burns on already-paid events remain immutable on the ledger.

Business effects you’ll actually feel

  • Trade: The timeline shows a red banner on the affected gate with a plain reason (“PSI withdrawn,” “seal mismatch vs packing report,” “temp out of range segment 2”). Only the next money moments pause; what you already paid stays paid. You apply the fix (upload corrected BL + seal photo; schedule re-inspection; apply variance math); the platform mints the corrective EMT and the next release proceeds.

  • Tokens: Listings freeze; you cannot trade or retire until the mirror/dossier is corrected. If a unit was already retired and the registry corrects it later, EDMA records a compensating action (replacement/compensating retirement) and links both entries. Your original receipt stays—append-only lineage shows the correction.

Inputs, checks, and failure cases

  • Inputs: pov_hash, attestation_id|mirror_ref, reason_code, signed_by(role_key), order|listing id, optional sub_lot.

  • Checks: Signer is an active key for the correct role in the Attestor Registry (or an authorized registry/brand/platform key). The attestation/mirror was counted (or is currently freezable). Revocation is idempotent (no double-revoke against the same attestation id). Window/policy (if configured) is respected.

  • Typical errors: E_NOT_AUTHORIZED—signer/key not allowed for this schema. E_NOT_COUNTED—the referenced attestation didn’t affect a pass. E_ALREADY_REVOKED—processed earlier. E_POLICY_WINDOW_CLOSED—outside governed window (if enabled).

Clearing a revocation

  • Correct the file: Upload an amended BL (matching container IDs, seal photo/number), corrected PSI/COA, or updated DC QA.

  • Re-inspect: Schedule a second PSI; the corrective EMT mints on pass.

  • Variance: Apply MPA math (short-shipment, damage, shelf-life) and release the adjusted slice with a reason line.

  • Replacement: Bind the same Locked EDSD to a replacement sub-lot; finalize with a new EMT linked via replaces: old_claim_id.

  • Cancel & refund: If no fix exists, the frozen Locked EDSD returns to the buyer per MPA; downstream slices re-balance.

All fixes are append-only; the proof page shows the original and the corrective entry.

API & Webhooks

  • POST /v1/pov/revoke: Submit revocation (signed; role key).

  • GET /v1/pov/revocations/{id}: Scope and status.

  • POST /v1/trade/replace: Submit corrective dossier—mint corrective EMT (replaces: old_claim_id).

  • POST /v1/tokens/replace: Mint replacement token/mirror and link lineage.

  • Webhooks: pov.attestation.revoked—accepted; scope and reason. trade.slice.frozen / trade.slice.unfrozen—pause/resume with case id. tokens.listing.frozen / tokens.listing.unfrozen—token side. oneclaim.replaced—corrective claim finalized; lineage updated.

Fees, burns, and EDSD

No protocol fee, no burn at revocation. Locked EDSD remains locked for frozen slices; Unlocked EDSD from earlier stages can still pay in-platform invoices; off-platform cash-out remains tied to schedule completion, as usual. When the corrective EMT/token finalizes and a release occurs, the normal fee/burn rules apply (Trade 0.5%/milestone with caps; Tokens 4%), and the 50% burn in EDM posts with its hash.

Governance knobs

EDM holders can tune policy, not settlement law: Who may revoke per schema (role lists), propagation SLA (how fast freezes apply), approved neutrals for re-inspection, and penalty bands/rotation for repeatedly bad performance. They cannot allow releases without a clean pass, weaken One-Claim, skip must-fund before shipping, or discount the 50% burn.

Operator checklist

  • Treat the revocation banner as an actionable task, not an alarm: Open the case, read the reason, pick fix / re-inspect / variance / replace.

  • Expect narrow impact: Only the dependent future slices pause; other lots and suppliers keep moving.

  • Don’t plan off-platform cash-out until your schedule completes: Unlocked EDSD can still pay EDMA invoices in the meantime.

  • File the corrective receipt: The proof page will show original + correction for audit.

Drawing

Plain recap

Revoke corrects the record without breaking trust. It pauses exactly where the bad fact matters, shows how to fix it, and resumes on proof. Paid slices stay paid, burns remain immutable, and lineage is append-only. Money still follows facts: clean dossier → PASS → EMT → release → burn—and until it’s clean, No EMT, no funds.

PreviousRetireNextCanonical JSON

Last updated