--- vault_clearance: EUCLID halo: classification: INTERNAL confidence: MEDIUM front: "15_Project_ShadowsOfSight" custodian: "The Architect" created: 2026-03-27 updated: 2026-03-27 wing: UNASSESSED containment: "FORM — local integrity paradigm map" --- # FORM — Fixed-Object Reality Monitoring **BOOK:** [BOOK.md](BOOK.md) — attestation and integrity refs as threat model cites them. > **F**ixed-**O**bject **R**eality **M**onitoring. > Map **“trust the OS / AV brand”** vs **sealed manifests, HMAC baselines, canaries, append-only verify logs**. --- ## The Two Paradigms ### Orthodox (consumer security theater) - **Philosophy:** Antivirus score, green checkmarks, proprietary cloud “reputation.” - **Free parameters:** Opaque heuristics; update cadence; unknown telemetry. - **Output:** Comfort — **evidence bundle** often missing for *your* files. ### ShadowSuite (ours) - **Philosophy:** **Do these bytes still match our sealed manifest?** Local integrity + canary factory; append-only `logs/verify.jsonl`; hard HMAC seal; no network beacon unless you add an approved token. - **Free parameters:** `watch_paths.json`, seal rotation policy — explicit. - **Tools:** `shadow_suite.py`, triggers, `secrets/.shadow_key` (user-backed-up). - **Output:** **Re-checkable evidence** on disk. --- ## Head-to-Head: Axes That Matter | Axis | Orthodox | ShadowSuite | |------|----------|-------------| | **Claim** | “Safe” | “Unchanged since baseline” | | **Third parties** | Vendor cloud | Optional; default local | | **Forensics** | Black box | JSONL + seal files | | **Cost** | Subscription | Scheduler + disk | --- ## The Murder Board — Where Orthodox Fails 1. **Integrity ≠ malware** — clean file can still be **wrong file**. 2. **Silent tamper** — AV looks green. 3. **Evidence gap** — cannot show *what* changed in court or in postmortem. 4. **Trust inversion** — outsourcing judgment to marketing. **Countermove:** Baseline → verify → rotate; doctor command; watch list discipline. --- ## What We Take From Orthodox (Honestly) | From security industry | Why | Into ShadowSuite how | |------------------------|-----|----------------------| | **HMAC patterns** | Integrity primitives | Already central | | **Scheduled checks** | Consistency | Task Scheduler path in README | | **Key hygiene** | Recovery | Document backup of `.shadow_key` | --- ## The Proof: Concrete Comparisons to Run 1. **Tamper drill:** Flip one watched byte — verify must fail with line in JSONL. 2. **Canary:** New high-entropy file — baseline — mutate — detection path. 3. **Doctor:** Suite health on clean install vs broken config. 4. **No beacon:** Packet capture default run — should be silent. --- ## Expected Result - **Orthodox** wins **lowest friction for non-technical users**. - **ShadowSuite** wins **evidence-grade local integrity** for operators who steward their own keys. --- ## FORM — Final Assessment ShadowsOfSight is **EYE for bytes** — not for narratives. FORM maps why AV marketing is the wrong comparison class. --- **Orthodox apex toolbar (vault-wide):** Sigstore/TUF-class integrity bars vs ShadowSuite are summarized with citeable §F rows and proof ladder in [16_Project_Constellation/FORM_ORTHODOX_APEX_TOOLING.md](../16_Project_Constellation/FORM_ORTHODOX_APEX_TOOLING.md) — **Chapter 15**. *FORM — Fixed-Object Reality Monitoring. Seal what matters; prove what changed.*