Revocation & PoV Feed (Flags, Rectify, SLA)

Summary: In PoV, revocation is first-class. If a counted verification is revoked or expires and quorum drops, dependent assets are flagged / frozen / burned per policy until rectified. The PoV Feed posts on-chain flags within the < 24h SLA. Fixes are append-only—history is never rewritten

When revocation triggers

• Attestor revocation of a counted Verification.v1 (reason: fraud, data mismatch, clerical, superseded)

• Role disable / de-list in PoVAttestorRegistry for a counted verifier

• TTL expiry (validUntil) on any counted verification

• Policy breach detected by monitors (for example, overlapping meter windows, replay, method invalidation)

States and policy

• Active — quorum valid; transfers and settlement allowed

• Flagged — visible warning; transfers/settlement may be restricted by policy

• Frozen — transfers and settlement blocked until rectified

• Burned — hard revoke (irreversible; reserved for fraud / unrectifiable cases)

• Rectified — quorum restored via fresh verifications for the same evidenceHash

PoV Feed (what it does)

• Subscribe to EAS revocation/expiry and Registry role-change events

• Resolve impact for affected claimId sets and dependent assets

• Flag on-chain by calling flagRevoked(claimId) on asset/policy contracts

• Notify integrators and explorers (webhooks, email, on-chain events)

Events and hooks to implement

Every affected asset (Energy NFT, Carbon Credit NFT, EMT, wrappers) MUST implement:

Behavior:

• flagRevoked: set state to Flagged/Frozen; block transfers and settlement tied to that claimId; emit PoVFlagged

• rectify: confirm new verifications restore quorum for the same evidenceHash; clear freeze; emit PoVRectified

• Storage is append-only; never delete prior events

Minimal asset pattern

Circuit breakers

Use a lightweight circuit breaker in settlement and gate paths to pause on systemic issues; resume via timelocked governance.

Rectification workflow (operator view)

1. Detect — PoV Feed observes revocation / expiry / role change

2. Flag — Feed posts flagRevoked(claimId) on affected assets (< 24h SLA)

3. Investigate — issuer and attestors analyze cause (data mismatch, clerical error, fraud)

4. Re-verify — new Verification.v1 attestations restore quorum for the same evidenceHash

5. Rectify — governance/policy calls rectify(claimId); asset unfrozen; PoVRectified emitted

6. Post-mortem — publish incident report; update registry/methods if needed

What the PoV Feed watches

• EAS: revoked / expired Verification.v1 (and meter batch revokes if applicable)

• Registry: role disables, de-lists, quorum parameter changes

• Policy: methodHash invalidations, device certificate revocations, overlapping windows

Explorer and transparency

• Show PoVFlagged and PoVRectified by claimId and by token

• Badge state: Active / Flagged / Frozen / Burned with timestamps and reasons

• Link to attestation UIDs and revocation reason codes

Settlement policy reminder

• Proof mints and conversions are gas-only on Base; flags do not charge users

• Settlement requires EDM; fees enforced on-chain: Energy/Carbon 4% total, Commodity 0.5% per milestone with caps; 50% burned

• If Flagged/Frozen, settlement reverts until rectified

Integrator checklist

• Implement flagRevoked and rectify; block transfers/settlement when Frozen

• Subscribe to the PoV Feed; surface state in UI; store claimId ↔ token mappings

• Respect CircuitBreaker signals in mint/settle flows

• Publish incident responses and rectifications for audit trails