Consent-gated data sharing for Ostrom-governed commons. Data never leaves a room without an explicit consent event. Consent is revocable at any time.
The core design principle: data never leaves a room without explicit, revocable consent.
Records a dataset contribution to a data commons room. The contribution event links the dataset to its owner and declares the initial consent scope.
| Field | Type | Description |
|---|---|---|
| dataset_id | string | Unique identifier for the dataset |
| owner | string | Matrix user ID of the data owner |
| consent | string | Initial consent scope shorthand |
|
Values:
analysis, ai, analysis+ai, restricted |
||
| description | string | Human-readable description of the dataset |
| schema_ref | string | Reference to data schema (optional) |
| size_bytes | integer | Dataset size in bytes (optional) |
| mxc_uri | string | Matrix content URI if uploaded as attachment (optional) |
{
"type": "foundation.protocols.data.contribution",
"content": {
"dataset_id": "D2",
"owner": "@orgA:averdine.net",
"consent": "analysis+ai",
"description": "Organic coffee farm production data Q1 2026",
"schema_ref": "schemas/farm_production_v2",
"size_bytes": 245760
}
}Tracks the consent scope for a dataset. As a state event, only the latest consent state is authoritative. The Consent Bot verifies this event before any data extraction. State key is the dataset ID.
| Field | Type | Description |
|---|---|---|
| dataset_id | string | Dataset this consent applies to |
| permitted_uses | string[] | Explicitly permitted use categories |
|
Values:
analysis, ai_commons_training, ai_commons_analysis, proprietary_ai_analysis |
||
| revocable | boolean | Whether the data owner can withdraw consent |
| proprietary_ai_restrictions | object | Additional restrictions for the DCPAI pathway (optional) |
{
"type": "foundation.protocols.data.consent",
"state_key": "D2",
"content": {
"dataset_id": "D2",
"permitted_uses": ["analysis", "ai_commons_training"],
"revocable": true
}
}When data may be sent to proprietary AI vendors (the DCpAIC dual-pathway), additional restrictions control what fields are exposed:
{
"type": "foundation.protocols.data.consent",
"state_key": "D2",
"content": {
"dataset_id": "D2",
"permitted_uses": [
"analysis",
"ai_commons_training",
"ai_commons_analysis",
"proprietary_ai_analysis"
],
"revocable": true,
"proprietary_ai_restrictions": {
"approved_vendors_only": true,
"max_data_fields": ["summary", "aggregated_metrics"],
"exclude_fields": ["personal_data", "raw_records"],
"require_dpa": true
}
}
}proprietary_ai_analysis
consent, raw data never leaves the commons. The PAI Gateway sends only approved fields
to the external API, enforcing the max_data_fields and exclude_fields constraints.
Records a data withdrawal or redaction request. Withdrawal cascades to all downstream consumers: training sets, vector stores, active sessions, and cached results.
| Field | Type | Description |
|---|---|---|
| dataset_id | string | Dataset being withdrawn |
| reason | string | Reason for withdrawal |
|
Values:
policy_change, consent_revoked, data_error, gdpr_request, organizational |
||
| effective | string | ISO 8601 date when withdrawal takes effect |
| cascade | boolean | Whether to cascade removal to derived datasets (default: true) |
{
"type": "foundation.protocols.data.withdrawal",
"content": {
"dataset_id": "D4",
"reason": "policy_change",
"effective": "2026-04-01",
"cascade": true
}
}Quality assessment score for a contributed dataset. Data curators (power level 50+) can submit quality scores that inform AI training priorities and data catalogue ranking.
| Field | Type | Description |
|---|---|---|
| dataset_id | string | Dataset being assessed |
| score | number | Quality score from 0.0 to 1.0 |
| assessor | string | Matrix user ID of the assessor |
| dimensions | object | Per-dimension scores (optional) |
| comment | string | Assessor notes (optional) |
{
"type": "foundation.protocols.data.quality",
"content": {
"dataset_id": "D2",
"score": 0.87,
"assessor": "@curator:averdine.net",
"dimensions": {
"completeness": 0.92,
"accuracy": 0.85,
"timeliness": 0.84
},
"comment": "Good coverage, some GPS coordinates missing for 3 plots"
}
}Data commons rooms use Matrix power levels to enforce Ostrom-governed roles.
| Role | Power Level | Responsibilities |
|---|---|---|
| Commons Admin | 100 | Full control; charter changes; emergency actions |
| Council Member | 90 | Governance proposals; vote on amendments |
| Sector Steward | 75 | Manage sector space; approve rooms; set policies |
| AI Operator | 75 | Training requests; model publication; PAI Gateway config |
| Data Curator | 50 | Quality scoring; metadata; schema enforcement |
| Data Contributor | 50 | Contribute data; set consent scopes |
| Member | 10 | View data; participate; vote |
| Observer | 0 | Read-only access |
| Family | Relationship |
|---|---|
| ai.* | ai.data_boundary state event enforces which data types may be sent to AI. ai.policy references consent requirements. |
| eudr.* | EUDR chain-of-custody events operate on data-commons rooms. Plot and harvest data requires data.consent before cross-border sharing. |