CHLOM-Named Architecture (L0–L3) — Technical Spec v0.1

CHLOM-Named Architecture (Own L0–L3)

L0 — CHLOM (Core)

What it is: Our base security + data layer. Jobs: consensus, staking/slashing, randomness, data-availability (DA) commitments, cross-domain messaging. Consensus: PoS BFT (HotStuff/Comet class), 1–2s blocks, ≥⅔ finality. Tokens: CLOM (governance+security), CHM (utility/fees). Key modules

• Validator set + staking/slashing.
• VRF randomness beacon (council lotteries, sweepstakes fairness).
• DA commitments (erasure-coded blobs; KZG commitments for rollup batches).
• Light-client primitives for future bridges.

Think: “the CrownThrive base chain”—we own finality and DA.

L1 — CHLOM Licensing (Settlement)

What it is: The canonical state of rights. EVM-compatible for tooling. Jobs: mint/modify/transfer License Objects, publish LEX listings, enforce royalty semantics. Consensus: L0 validators produce L1 blocks (shared security from CHLOM Core). Primitives

• License Objects (ERC-721/1155-style SFTs):
• LEX (License Exchange): offer/accept/cancel; escrow hooks.
• Identity: DID + SBT roles (creator, studio, publisher, retailer, affiliate, ambassador).
• Events:

Consensus role: Inherits L0 finality; no app-level quorums needed to settle normal license ops.

L2 — CHLOM Ownership (Payouts & Proofs)

What it is: High-throughput domain lanes that prove money and usage back to L1. Jobs: ingest receipts from shops/ad-servers/booking apps, compute splits, prove they match licenses, and trigger payouts. Consensus (economic):

• Optimistic ADE proofs (+ bonded submitters, T=7d challenges by Watchers).
• Upgrade path to ZK revenue proofs for private terms/instant validity.

Domain Lanes (rollups)

• AdLuxe Lane (Optimistic) — impressions → conversions → payout proofs.
• Retail/CPG Lane (ZK) — wholesale/DTC revenue; “sum=100% & rate≥floor” without revealing terms.
• Services/ThriveSeat Lane (ZK-lite) — bookings, no-shows, deposits, dynamic pricing.
• Media/OTT Lane (Optimistic) — viewership/fulfilled integrations → sponsor splits.

Events: PayoutProofSubmitted, Challenged, Finalized, StreamStarted/Settled.

L3 — CHLOM Compliance (Policy & Governance)

What it is: Policy brain + dispute system. Jobs: compile human rules into machine checks, attest compliance, govern edge cases, run disputes and takedowns. Consensus (application): DLA Council quorum (reputation-bounded PoS). Example: 9-of-13 signatures to ratify a policy pack or license takedown. Modules

• ACE (Adaptive Compliance Engine): policy packs (ad safety, IP, geo, vertical); emits
• DLA (Decentralized Licensing Authority): elections, quorums, slashing, appeals.
• Attestations: KYC/KYB, brand-safety, sustainability claims; selective-disclosure (ZK) where needed.
• Emergency controls: pause new license ops (payouts continue unless fraud flagged).

How layers talk (the hand-off)

1. L3 → L1: ACE compiles a policy pack →
2. L1 → L2: Each License Object references
3. L2 → L1:

Default parameters (pilot-safe)

• L0 validators: start 13 → grow to 21/31; min stake and hardware profile defined in runbook.
• Council (L3): 13 seats, 9-of-13 quorum; ⅓ rotation per epoch; stake caps + SBT reputation bounds; public rationale on-chain.
• ADE challenge window: 7 days (AdLuxe 3–5 possible later), 10× bond on fraudulent submitters → slashed to Claims Pool.
• Fees: 0.5–1.0% of payout volume (capped per ticket); split among validators (L0), DLA pool (L3), and protocol treasury (sustainability).

Minimal data specs (so devs can start)

License Object (L1)

{
  "id": "AST-120",
  "owner": "ENT-500",
  "licensee": "ENT-510",
  "rights_granted": ["use", "distribute"],
  "channels": ["web", "ads", "ott"],
  "territories": ["US-VA"],
  "languages": ["EN"],
  "exclusivity": "Exclusive",
  "start": "2025-09-01",
  "end": "2026-08-31",
  "royalty": {"type": "percent", "value": 20},
  "audit_rights": true,
  "ade_split_hash": "0x…",
  "ace_policy_hash": "0x…",
  "privacy_flags": {"rates_private": false}
}

ADE Payout Proof (L2 → L1)

{
  "lane": "adluxe",
  "period": "2025-09-W01",
  "batch_root": "0x…",         
  "license_root": "0x…",       
  "sum_splits_100": true,
  "signer": "0xSubmitter",
  "bond": "1000 CHM"
}

SDK surface (names that match layers)

• @chlom/core
• @chlom/licensing
• @chlom/ownership
• @chlom/compliance
• @chlom/utils

Go-to-market phrasing (site-ready, no oversell)

• CHLOM (Core): “Our base chain for security and data availability.”
• CHLOM Licensing: “Rights you can read, audit, and monetize—on chain.”
• CHLOM Ownership: “Receipts to revenue: proof-based payouts you can trust.”
• CHLOM Compliance: “Policy, attestations, and fair decisions with human oversight.”

Migration notes (from earlier drafts)

• “CrownLayer-0 / CHLOM-1 settlement / CrownRollups / Compliance” → rename to the four labels above.
• Keep CLOM/CHM tickers. Update event names and package namespaces to
• Update canvas diagrams and handbook sections (§5.5, §13, Appendices F–G) to the new layer names.

Extended Technical Specification

A. System Overview (Diagrams & Flows)

flowchart LR
  subgraph L0[CHLOM (Core)]
    V[Validators]
    DA[DA Commitments]
    VRF[VRF Randomness]
  end
  subgraph L1[CHLOM Licensing (Settlement)]
    LR[LicenseRegistry]
    LEX[LEX Exchange]
    ID[Identity: DID+SBT]
  end
  subgraph L2[CHLOM Ownership (Payouts & Proofs)]
    A[AdLuxe Lane]
    R[Retail/CPG Lane]
    S[Services Lane]
    M[Media/OTT Lane]
  end
  subgraph L3[CHLOM Compliance (Policy & Governance)]
    ACE[ACE Policy Packs]
    DLA[DLA Council]
  end
  VRF-->DLA
  V--shared security-->L1
  DA--KZG blobs-->L2
  ACE--policy_hash-->LR
  LEX<-->LR
  L2--PayoutProofFinalized-->L1
  DLA--quorum decisions-->LR

End-to-end happy path:

1. License minted on L1 with
2. L2 lane batches receipts → submits optimistic ADE proof to L1.
3. No challenge in T=7d →
4. Any dispute → L3 DLA quorum signs outcome; state updated.

B. L0 — CHLOM (Core) Deep Spec

Consensus: PoS BFT (HotStuff/Comet family)

• Block time: 1.2s (target).
• Epoch length: 10,000 blocks (~3.3 hours).
• Finality: ≥⅔ voting power (pre-commit stage).
• Fork choice: finalize on commit; no probabilistic reorgs.

Validator Set & Staking

• Min stake: 100,000 CLOM (pilot default).
• Max validators: 31 (pilot), increase by governance.
• Unbonding: 21 days.
• Slashing:
• Equivocation: 5% stake + jailing epoch.
• Prolonged downtime (>2% missed blocks per epoch): 0.5% stake.
• Censorship (provable exclusion for ≥N blocks): 1–3% stake (graduated).

Randomness (VRF)

• Ed25519 VRF (draft) → feeds council lotteries, sweepstakes fairness, committee sampling.
• Output commitments anchor in L0 block header

Data Availability (DA)

• Blob format:

BlobHeader{
  version: 0x01,
  lane_id: bytes20,
  period: uint32,          // e.g., 2025-09-W01
  rows, cols: uint16,      // erasure matrix
  kzg_commitment: bytes48,
  merkle_root: bytes32
}
BlobBody: shards[rows*cols]

• Erasure coding: Reed–Solomon 2D; recoverable with any k-of-n shards.
• Verification: KZG polynomial commitments; DA light clients check proofs before accepting L2 references.

Cross-Domain Messaging (XDM)

• Message

{
  "src": "l2:adluxe",
  "dst": "l1:licensing",
  "nonce": 987654,
  "payload_root": "0x...",
  "sig": "0xaggregated_bls_or_threshold"
}

• L0 notarizes XDM envelopes; consumers verify inclusion + threshold signatures.

Networking

• libp2p gossipsub v1.1; max gossip peers=64; block/DA topics separated.
• Mempool: priority by

Config (example)

chain_id: chlom-core-100
block_time_ms: 1200
epoch_blocks: 10000
max_validators: 31
min_stake_clom: 100000
unbonding_days: 21
slash:
  equivocation: 0.05
  downtime: 0.005
  censorship_min: 0.01
vrf:
  curve: ed25519
  beacon_interval_blocks: 60
 da:
  erasure: reed_solomon
  commitment: kzg
p2p:
  max_gossip_peers: 64

C. L1 — CHLOM Licensing (Settlement) Deep Spec

EVM Chain Defaults

• VM: EVM, London+Shanghai features (no self-destruct refunds).
• Chain ID:
• Gas token:
• Precompiles:
• 0x000...1001
• 0x000...1002
• 0x000...1003

Solidity — License Registry (excerpt)

// SPDX-License-Identifier: BUSL-1.1
pragma solidity ^0.8.24;

interface IPolicyRegistry {
    function isPolicyHashActive(bytes32 policyHash) external view returns (bool);
}

interface IADEVerifier {
    function isValidSplitHash(bytes32 splitHash) external view returns (bool);
}

contract LicenseRegistry {
    struct LicenseData {
        address owner;
        address licensee;
        uint96  royaltyBps;       // 1 = 0.01%
        uint64  startTs;
        uint64  endTs;
        bytes32 adeSplitHash;
        bytes32 acePolicyHash;
        uint8   flags;            // bitfield: 0x1 rates_private, 0x2 exclusive
        bytes32 metaHash;         // optional off-chain doc hash
    }

    event LicenseMinted(bytes32 id, address owner, address licensee);
    event LicenseModified(bytes32 id);
    event LicenseAssigned(bytes32 id, address newLicensee);
    event LicenseRevoked(bytes32 id);

    mapping(bytes32 => LicenseData) public licenses;
    IPolicyRegistry public policy;
    IADEVerifier public ade;

    constructor(address policy_, address ade_) {
        policy = IPolicyRegistry(policy_);
        ade    = IADEVerifier(ade_);
    }

    function mint(bytes32 id, LicenseData calldata d) external {
        require(licenses[id].owner == address(0), "EXISTS");
        require(policy.isPolicyHashActive(d.acePolicyHash), "POLICY");
        require(ade.isValidSplitHash(d.adeSplitHash), "SPLIT");
        require(d.endTs > d.startTs, "TIME");
        licenses[id] = d;
        emit LicenseMinted(id, d.owner, d.licensee);
    }

    function modify(bytes32 id, LicenseData calldata d) external {
        LicenseData storage cur = licenses[id];
        require(msg.sender == cur.owner, "OWNER");
        require(policy.isPolicyHashActive(d.acePolicyHash), "POLICY");
        require(ade.isValidSplitHash(d.adeSplitHash), "SPLIT");
        licenses[id] = d; emit LicenseModified(id);
    }

    function assign(bytes32 id, address newLicensee) external {
        LicenseData storage cur = licenses[id];
        require(msg.sender == cur.owner, "OWNER");
        cur.licensee = newLicensee; emit LicenseAssigned(id, newLicensee);
    }

    function revoke(bytes32 id) external {
        LicenseData storage cur = licenses[id];
        require(msg.sender == cur.owner, "OWNER");
        delete licenses[id]; emit LicenseRevoked(id);
    }
}

LEX Listing (sketch)

struct Listing {
  bytes32 licenseId;
  uint256 price;
  address seller;
  bool    active;
}

License Lifecycle (state machine)

stateDiagram-v2
  [*] --> Draft
  Draft --> Active: mint()
  Active --> Modified: modify()
  Active --> Assigned: assign()
  Active --> Revoked: revoke()
  Modified --> Active
  Assigned --> Active
  Revoked --> [*]

JSON-RPC Example (mint)

{"jsonrpc":"2.0","method":"eth_sendTransaction","params":[{
  "from":"0xOwner","to":"0xRegistry","data":"0x<calldata>","gas":"0x5208"
}],"id":1}

D. L2 — CHLOM Ownership (Payouts & Proofs) Deep Spec

Receipt Schemas

• AdLuxe

{
  "event":"ad_conversion",
  "ts": "2025-09-07T12:00:00Z",
  "campaign":"CAMP-99",
  "license_id":"AST-120",
  "value": 129.50,
  "currency":"USD",
  "txid":"AD-123"
}

• Retail/CPG

{"event":"order","order_id":"ORD-1","license_id":"AST-120","gross":84.00,"discount":4.00,"net":80.00}

Batch/Merkle Construction

Batch{
  header: {
    lane: "adluxe",
    period: "2025-09-W01",
    n: 1024,
    receipts_root: H(Merkle(receipts)),
    licenses_root: H(Merkle(unique(license_ids)))
  },
  receipts: [...]
}

Optimistic Challenge Game

• Submitter bonds CHM and posts
• Watchers can post fraud proof within T=7d (e.g., receipt double-count, invalid license, wrong sum).
• On win: submitter slashed (10× bond) → Claims Pool; correct batch can be posted.
• On timeout:

Solidity — ADE Verifier (excerpt)

interface IADEProofs {
  event PayoutProofSubmitted(bytes32 batchRoot, address submitter, uint256 bond);
  event Challenged(bytes32 batchRoot, address watcher);
  event Finalized(bytes32 batchRoot);

  function submit(bytes32 batchRoot, uint256 bond) external;
  function challenge(bytes32 batchRoot, bytes calldata fraudProof) external;
  function finalize(bytes32 batchRoot) external;
}

Payout Settlement (streaming)

function settle(bytes32 licenseId, uint256 amount) internal {
  // split according to licensed ADE shares
}

ZK Circuit Sketch (Retail/CPG lane)

Public: license_root, batch_root, min_rate_bps
Witness: line_items[], splits[]
Constraints:
  1) Σ splits == 10000 bps
  2) For each item referencing license L: royalty(L) >= min_rate_bps
  3) Poseidon(batch(line_items)) == batch_root

E. L3 — CHLOM Compliance (Policy & Governance) Deep Spec

ACE Policy Language (YAML)

version: 0.1
name: ad_safety_default_us
rules:
  - id: prohibited_categories
    type: block
    match: ["illegal", "hate", "adult-explicit"]
  - id: geo_restrictions
    type: allow
    territories: ["US","CA","UK"]
  - id: disclosure
    type: require
    fields: ["sponsored_tag","brand_id"]
compiled_hash: 0xACE...

DLA Council Mechanics

• Seats: 13; classes: creator(3), publisher(3), marketplace(3), legal(2), independent(2).
• Vote: 9-of-13 BLS aggregated signature; stored with decision record.
• Slashing: false attestations (≥1%), collusion (≥2%), censorship (≥1%).
• Appeals: majority reopen; 2-week window.

Emergency Controls

• Pause new license mints/mods (settlements continue unless flagged).
• One-epoch sunset; requires renewal vote.

F. SDKs — Package Skeletons

TypeScript

// @chlom/licensing
export async function mintLicense(provider, data: LicenseData): Promise<string> { /* ... */ }
export async function getLicense(id: string): Promise<LicenseData> { /* ... */ }

// @chlom/ownership
export async function submitProof(batch: Batch, bond: bigint) { /* ... */ }
export async function challenge(batchRoot: string, proof: Uint8Array) { /* ... */ }

// @chlom/compliance
export async function getPolicy(hash: string): Promise<PolicyPack> { /* ... */ }
export async function proposePolicy(pack: PolicyPack): Promise<string> { /* ... */ }

CSV → On-Chain Importers

// parse ADE CSV → compute split hash → call mint/modify

G. Security & Threat Model (summary)

• L0 consensus faults: equivocation, downtimes, censorship → slashing + jailing.
• L1 contract risks: reentrancy, overflow, upgrade control → proxy patterns + timelocks + audits.
• L2 proof fraud: incorrect sums, license mismatch → watchers + bonds + ZK upgrades.
• Governance capture: stake caps, seat classes, VRF sampling, SBT reputation bounds.
• Privacy leaks: ZK selective disclosure; encrypt off-chain docs; hash anchors on-chain.

H. Economics (formulae)

Protocol fee:

fee = min(cap, max(0.005, dynamic_bps) * gross_settlement)

Distribution: 50% validators (L0), 25% DLA pool (L3), 25% treasury (sustainability). Incentives: submitter rebates for timely, accurate proofs; watcher rewards on valid challenges.

I. Testnet Runbook

1) Local devnet (Docker)

# L0
docker run -p 26657:26657 chlom/core:dev start --chain-id chlom-core-100
# L1
docker run -p 8545:8545 chlom/licensing-evm:dev --chain-id 7272

2) Deploy contracts

forge create LicenseRegistry --rpc-url http://localhost:8545 --private-key $PK \
  --constructor-args $POLICY $ADE

3) Mint a license

node scripts/mint_license.js AST-120 ...

4) Submit a proof

node scripts/submit_proof.js batches/adluxe_2025-09-W01.json

5) Challenge (simulated)

node scripts/challenge.js --root 0xBATCH --fraud proofs/doublecount.bin

J. Data Retention & Privacy

• PII: off-chain encrypted; on-chain anchors only (hash).
• Retention: configurable per policy pack; default 24 months for receipts, 7 years for financial summaries.
• Access control: role-based; CrownLytics consumes only aggregates.

K. Glossary

• ADE: Attribution & Distribution Engine (payout proofs, splits).
• ACE: Adaptive Compliance Engine (policy packs → policy hash).
• DLA: Decentralized Licensing Authority (quorum decisions).
• LEX: License Exchange (offer/accept).
• CLOM/CHM: governance+security token / utility+fees token.

https://crownthrive.io/chlom-starter-v0.1.zip

https://crownthrive.io/chlom-starter-v0.2.addonszip