P169 — AIEP — Cross-Node Evidence Replication Protocol
Publication Date: 2026-03-27 Status: Open Source Prior Art Disclosure Licence: Apache License 2.0 Author/Organisation: Phatfella Ltd Schema: AIEP_OS_SPEC_TEMPLATE v1.0.1 — https://aiep.dev/schemas/aiep-os-spec-template/v1.0.1
Framework Context
[0001] This disclosure operates within an Architected Instruction and Evidence Protocol (AIEP) environment as defined in United Kingdom patent application number GB2519711.2, filed 20 November 2025, the entire contents of which are incorporated herein by reference.
[0002] The present disclosure defines a protocol for replicating evidence artefacts across AIEP nodes for resilience, latency reduction, and availability assurance, through a ReplicationPolicy schema, a ReplicationManager component managing replica set membership and synchronisation, a ReplicaHealthMonitor tracking replica availability, and consistency guarantees compatible with the AIEP deterministic evidence model.
Field of the Disclosure
[0003] This disclosure relates to cross-node evidence replication protocols for resilient governed artificial intelligence reasoning systems.
[0004] More particularly, the disclosure concerns a ReplicationPolicy defining replica count targets and placement constraints; a ReplicationManager orchestrating replication across the DEID Registry (P162); replica consistency verification using content hash comparison; replica failover procedures; and a split-brain avoidance mechanism ensuring that evidence artefact conflicts do not arise from replica divergence.
Background
[0005] AIEP nodes storing evidence artefacts represent single points of failure for the evidence artefacts they hold. Where a reasoning chain requires access to an artefact held by a single unreachable node, reasoning halts or degrades. Replication of evidence artefacts across multiple nodes improves availability, reduces retrieval latency by allowing requests to be served by the nearest replica, and enables continued operation during network partitions affecting primary holders.
[0006] Evidence replication in AIEP must respect the immutability and provenance properties of evidence artefacts: replicas are read-only copies of the primary artefact; modifications to evidence may only be applied through the provenance chain (P150) at the primary node and then propagated as updated artefacts to replicas. A replica that diverges from its primary through independent modification violates the AIEP deterministic evidence model.
[0007] The DEID Registry (P162) already tracks primary and replica node assignments for each DEID. This disclosure extends that model with active replication management: policies governing how many replicas should exist, health monitoring of replica nodes, automatic failover promotion of replicas when primaries become unavailable, and consistency verification procedures.
Summary of the Disclosure
[0008] ReplicationPolicy Schema:
policy_id— SHA-256 of canonical serialisation of all other fieldsscope_selector— evidence selection criteria (taxonomy filter P160, DEID list, or domain pattern)target_replica_count— desired number of replica copies (default: 2; total copies = replicas + primary = 3)placement_constraints— list of placement rules:GEO_DIVERSE(replicas in different geographic regions),ORG_DIVERSE(replicas hosted by different organisations),JURISDICTION_MATCH:{code}(replicas in specified jurisdiction only),EXCLUDE_NODE:{fingerprint}sync_interval_seconds— maximum interval between primary and replica synchronisation checks (default: 3600)priority_class—CRITICAL(sync immediately on change),STANDARD(sync at interval),BACKGROUND(best-effort)policy_owner— node fingerprint
[0009] Replication Initiation: When an EvidenceNode is admitted to Active tier (P167), the ReplicationManager queries the applicable ReplicationPolicy for that artefact and identifies target_replica_count suitable candidate nodes from the AIEP node discovery registry (P46/P60), applying placement_constraints. The ReplicationManager sends ReplicaRequest messages to the selected nodes, carrying the EvidenceNode and its full ProvenanceChain (P150). Accepting nodes confirm replica receipt by updating the DEID Registry as replica holders and returning a signed ReplicaConfirmation.
[0010] Replica Consistency Check: The ReplicaHealthMonitor periodically verifies replica consistency by requesting the content_hash_raw of each replica’s copy of each monitored DEID and comparing against the primary’s hash. A hash mismatch triggers a ReplicaInconsistencyRecord in the ledger and initiates a full re-push of the artefact from primary to the diverged replica. Consistency checks for CRITICAL priority artefacts occur on every ProvenanceChain update; STANDARD checks occur at sync_interval_seconds; BACKGROUND checks at a daily interval.
[0011] Primary Failover: Where a primary node is unavailable for a configurable duration (default: 5 minutes), the ReplicaHealthMonitor promotes the highest-availability replica node to primary status, updating the DEID Registry accordingly and recording the failover event in the ledger. The former primary, upon recovery, is demoted to replica and resynchronised from the new primary.
[0012] Write Propagation: All write operations to an evidence artefact (new ProvenanceLinks from P150, classification updates, retention tier changes) originate at the primary node only. The ReplicationManager propagates writes to replicas after committing them to the ledger at the primary. The propagation protocol uses a monotonically increasing write_sequence_number per DEID; replicas reject writes that arrive out of sequence and request gap recovery from the primary.
[0013] Split-Brain Prevention: To prevent two nodes simultaneously believing they are the primary for the same DEID (a split-brain condition), primary promotion requires acknowledgement from a quorum of replica nodes (majority of target_replica_count + 1). A node that cannot reach a quorum of replicas will not accept new write operations for DEIDs in that quorum’s scope, preventing conflicting writes during network partitions.
ASCII Architecture
Primary Node (holds EvidenceNode)
│
│ ReplicationManager
▼
┌────────────────────────────┐
│ ReplicationPolicy lookup │◀── placement_constraints
│ target_replica_count = 2 │ GEO_DIVERSE, ORG_DIVERSE
└──────────┬─────────────────┘
│ ReplicaRequest
┌────┴──────────────┐
│ │
▼ ▼
Replica Node A Replica Node B
(geo region 2) (geo region 3)
│ │
└──────┬────────────┘
│ ReplicaConfirmation
▼
DEID Registry (P162)
replica_node_ids updated
Consistency Check (periodic):
Primary hash ──▶ compare ──▶ Replica hash
│
MISMATCH → re-push + ReplicaInconsistencyRecord (P80)
Operational Detail
[0014] Replication Bandwidth: Evidence artefacts include full content_canonical text and all metadata. For large artefacts, the replication protocol supports delta-replication: where a replica holds a previous version of the artefact, only the changed fields and the new ProvenanceLink are transmitted, reducing bandwidth consumption.
[0015] Replica Retirement: When target_replica_count is reduced (e.g. a node leaves the network), the ReplicationManager identifies which replica node to retire by selecting the lowest-priority node that is not a quorum member and sending a ReplicaRetirementNotice. The retiring node confirms deletion and updates the DEID Registry.
[0016] Cross-Jurisdiction Replication: Where JURISDICTION_MATCH placement constraints apply, the ReplicationManager only selects replica candidates whose P46 node record declares a matching jurisdiction. This enables organisations operating under data residency requirements to guarantee that evidence replicates only within permitted jurisdictions.
Claims-Exclusion Notice
This specification is published as open-source prior art. No patent claims are asserted by the author in respect of the mechanisms described. Any third party seeking to patent mechanisms substantially equivalent to those described herein is placed on notice of this prior art disclosure.