Document Classification: Internal — CHLOM Confidential Phase: 0 → 1 Version: 0.1 Owner: CrownThrive, LLC Last Updated: 2025-08-08
Section 1 — Sensitive Attribute List
Attribute | Type | Handling Policy |
Race/Ethnicity | PII | Never stored raw; use category encoding in privacy-preserving form |
Gender | PII | Tokenized; optional field; used only when policy allows |
Date of Birth | PII | Stored as commitment; used in ZK proof for age verification |
National ID | PII | Not stored; FPE/tokenized for temporary match |
Geolocation | PII | Coarsened to region/country; never store precise lat/long without consent |
Section 2 — Bias Detection Methods
- Statistical Parity Difference — Compare positive decision rates across groups.
- Equal Opportunity Difference — Compare TPR across groups.
- Calibration Curves — Ensure predicted risk scores align with actual outcomes.
- KS Test — For feature distribution differences across sensitive groups.
Section 3 — Drift Detection Methods
- PSI (Population Stability Index) on key features.
- KL Divergence for categorical shifts.
- Windowed AUC Tracking for model performance degradation.
- Drift alerts routed to Data Eng + Compliance for review.
Section 4 — Human-in-the-Loop Control Points
- Pre‑Deployment Review: All models reviewed by Compliance + Risk team.
- Appeals Process: Tenants can request score re‑evaluation by human analyst.
- Threshold Adjustments: Only via governance‑approved policy bundles.
Section 5 — Corrective Action Procedures
- Bias Breach Detected → Freeze affected model in Model Registry.
- Launch RCA to identify root cause.
- Retrain with balanced dataset or reweight features.
- Validate on fairness metrics before re‑deployment.
CaaS API Spec (OpenAPI Skeleton) — CHLOM Phase 0→1
Document Classification: Internal — CHLOM Confidential Owner: CrownThrive, LLC Last Updated: 2025-08-08
openapi: 3.1.0
info:
title: CHLOM CaaS API
version: 0.1.0
description: Compliance scoring, fraud detection, KYC resolution, ZK verification.
servers:
- url: https://api.chlom.io
security:
- mtls: []
- oauth2: [caas.read, caas.write]
paths:
/v1/score/compliance:
post:
summary: Compute compliance score
operationId: postComplianceScore
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/ComplianceScoreRequest'
responses:
'202': { $ref: '#/components/responses/AcceptedAsync' }
/v1/fraud/graph/inspect:
post:
summary: Graph-based fraud network inspection
operationId: postFraudGraphInspect
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/FraudGraphRequest'
responses:
'200': { $ref: '#/components/responses/FraudGraphResponse' }
/v1/anomaly/stream:
post:
summary: Subscribe to anomaly events
operationId: postAnomalyStream
responses:
'101': { description: Switching Protocols (SSE/WS) }
/v1/kyc/resolve:
post:
summary: Sanctions/PEP resolution
operationId: postKycResolve
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/KycResolveRequest'
responses:
'200': { $ref: '#/components/responses/KycResolveResponse' }
/v1/zk/verify:
post:
summary: Verify Obsidian ZK proof
operationId: postZkVerify
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/ZkVerifyRequest'
responses:
'200': { $ref: '#/components/responses/ZkVerifyResponse' }
components:
securitySchemes:
mtls:
type: mutualTLS
oauth2:
type: oauth2
flows:
clientCredentials:
tokenUrl: https://auth.chlom.io/oauth/token
scopes:
caas.read: Read access
caas.write: Write access
schemas:
ComplianceScoreRequest:
type: object
properties:
entity: { $ref: '#/components/schemas/Entity' }
context: { type: object, additionalProperties: true }
required: [entity]
FraudGraphRequest:
type: object
properties:
seed_ids: { type: array, items: { type: string } }
window: { type: string, example: 'PT24H' }
required: [seed_ids]
KycResolveRequest:
type: object
properties:
name: { type: string }
dob: { type: string, format: date }
documents: { type: array, items: { type: string, format: uri } }
required: [name]
ZkVerifyRequest:
type: object
properties:
proof: { type: string }
public_inputs: { type: array, items: { type: string } }
required: [proof, public_inputs]
Entity:
type: object
properties:
type: { type: string, enum: [person, organization] }
identifiers: { type: object, additionalProperties: true }
responses:
AcceptedAsync:
description: Accepted for async processing; webhook will deliver result.
headers:
Operation-Id: { description: Async correlation id, schema: { type: string } }
FraudGraphResponse:
description: Graph clusters and risk links
content:
application/json:
schema:
type: object
properties:
clusters: { type: array, items: { type: array, items: { type: string } } }
explanations: { type: array, items: { type: string } }
KycResolveResponse:
description: Matched entities with confidence bands
content:
application/json:
schema:
type: object
properties:
matches: { type: array, items: { type: object, additionalProperties: true } }
ZkVerifyResponse:
description: Proof verification outcome
content:
application/json:
schema:
type: object
properties:
valid: { type: boolean }
meta: { type: object, additionalProperties: true }