Privacy and Data Placement
Privacy is an architecture boundary, not a late security feature. The first prototype should classify every record before writing validation rules.
Holochain’s source-chain docs describe each participant’s source chain as a signed, immutable journal on their device. The same page explains that agents use public/private key pairs and that source chains can include public or private data. Holochain validation explains that distributed network applications (DNAs) define rules for distributed hash table (DHT) operations so peers can check data integrity.
Classification Rule
Section titled “Classification Rule”Put only the minimum shared fact on the DHT. Keep sensitive details private, encrypted, redacted, or external unless peers need them to validate the shared record.
| Record type | Default home | Why |
|---|---|---|
| Role assignment | Shared DHT record | Other peers need to know who can act. |
| Governance resolution | Shared DHT record, with redactions when needed | Decisions need provenance and shared authority. |
| Receipt image | External storage or encrypted payload | Receipts can expose addresses, payment details, and personal data. |
| Receipt hash | Shared or private reference | The hash can prove continuity without exposing content. |
| Fiscal-host comment | Private or scoped record | Review comments may include sensitive compliance details. |
| Export manifest | Scoped bridge record | The reviewer needs a stable packet, but not every peer does. |
| Payment confirmation | External system plus reference | Banking and accounting systems remain authoritative. |
Validation Consequence
Section titled “Validation Consequence”Validation rules should check only what peers are entitled to see.
A public approval record can validate that:
- the approving role existed at the time;
- the approval points to an agreement, expense packet, and entity;
- required hashes or references are present;
- the record follows the state transition rules.
It should not require every peer to read the underlying receipt, bank detail, tax form, or private comment.
First Prototype Rule
Section titled “First Prototype Rule”For the fiscal-host expense wedge, start with four layers:
- Public or group-scoped approval state.
- Hashes for receipts, agreements, and export packets.
- Private or encrypted evidence payloads for reviewers.
- External payment, accounting, and compliance records.
That split lets the protocol preserve institutional memory without turning sensitive finance or identity data into unnecessary shared data.
Research Backlog
Section titled “Research Backlog”- Test Holochain private-entry and encrypted-payload patterns against the first expense workflow.
- Decide whether document hashes should be content-addressed externally, stored through a file-storage zome, or both.
- Define a redaction pattern for reviewer exports.
- Identify which fiscal-host records need legal retention outside the Holochain application (hApp).