**Key principle:** An AI agent inherits the permissions of the human role that delegated it — never more. An agent acting for a Submitter can write polygon data but cannot validate it. Agents cannot combine permissions from multiple delegating roles.

Permission	Submitter	Validator	Sovereign	Steward	Auditor	AI Agent
Submit polygon / emissions data	✅ Own data	—	—	—	—	⚡ If delegated by Submitter
Issue VALIDATED event / DCC	—	✅	—	—	—	⚡ If delegated by Validator
Issue / revoke FPIC credential	—	—	✅	—	—	—
Read own submitted data	✅	✅	✅ (own territory)	✅	✅ Public only	⚡ Delegated scope
Read all non-restricted data	—	✅	✅ Own territory	✅	✅ Public only	⚡ Public scope
Manage schemas / framework	—	—	—	✅	—	—
Call POST /policy/evaluate	✅	✅	✅	✅	✅	✅ Mandatory before write
Override FPIC consent block	🚫 Never	🚫 Never	N/A	🚫 Never	🚫 Never	🚫 Never

📤

## Data Submitter SUBMITTER

**Who holds this role:** Coffee cooperatives, smallholder farmers, IoT sensor operators, KoboToolbox field agents

#### ✅ Permitted Actions - Submit parcel GPS polygons via KoboToolbox or direct API - Attach evidence documents (photos, invoices, lab certificates) - View own submission status and validation results - Request data deletion for own submissions

#### 🚫 Prohibited Actions - Validate other parties' data - Access other submitters' raw data - Modify or delete after ledger entry - Override FPIC flags

**Required Credential:** `cth:SubmitterCredential`

Issued after identity verification + GDPR/habeas-data consent; expires 12 months; renewable

🔬

## Accredited Validator VALIDATOR

**Who holds this role:** IDEAM-certified labs, SGS/Bureau Veritas auditors, satellite data providers (Planet, Mapbiomas), academic partners

#### ✅ Permitted Actions - Cryptographically sign validation results as W3C VC 2.0 assertions - Issue Digital Conformity Credentials (UNTP DCC) - Access raw submission data for assigned parcels - Flag data quality issues; trigger R-SUB-03

#### 🚫 Prohibited Actions - Self-certify own submissions - Access data outside assigned scope - Modify ledger entries after signing - Issue credentials outside accreditation scope

**Required Credential:** `cth:ValidatorCredential`

Issued by CTH Accreditation Committee; requires ISO 17025 or equivalent; 2-year term; public registry

🤝

## Community Sovereign SOVEREIGN

**Who holds this role:** Indigenous territorial councils (cabildos), Afro-Colombian community boards (consejos comunitarios), campesino associations with collective land title

#### ✅ Permitted Actions - Grant or revoke FPIC for territory-level data collection - Set purpose limitations on community data (e.g. EUDR only, no carbon market use) - Require benefit-sharing terms before validator access - Audit all uses of community data at any time

#### 🚫 Prohibited Actions - Submit individual parcel data (use Data Submitter role) - Override individual member consent - Transfer sovereignty credential to another entity without community resolution

**Required Credential:** `cth:CommunityCredential`

Issued after verification of legal collective title or territorial recognition; held by council secretary; multi-sig (3-of-5 council members) for revocation. The Community Sovereign's FPIC block is structural — enforced at Postgres row-level security below OPA. No board vote, no emergency patch, no API call can override it. This is non-negotiable.

🛡️

## CTH Data Steward STEWARD

**Who holds this role:** CleantechHUB staff members with explicit stewardship assignment (not all CTH staff)

#### ✅ Permitted Actions - Manage framework configuration and standards versions - Onboard and offboard validators (with Governance Board approval) - Execute emergency patches (R-CHG-03) within 48h window - Run compliance exports (EUDR DDS, CSRD reports) - Access all data for governance purposes only

#### 🚫 Prohibited Actions - Use data for CTH commercial purposes - Override FPIC blocks - Approve own stewardship actions without peer review - Modify ledger entries

**Required Credential:** `cth:StewardCredential`

Issued internally; requires Governance Board nomination; logged access; annual review

📋

## Regulator / Auditor AUDITOR

**Who holds this role:** EU customs authorities (EUDR), DIAN (Colombia), ANLA, IDEAM, financial supervisors (CVM, CNBV), carbon registry auditors

#### ✅ Permitted Actions - Read-only access to compliance packages (EUDR DDS, CBAM declarations, CSRD reports) - Verify ledger integrity via rolling SHA-256 hashes - Request data lineage traces for specific parcels - Receive automated compliance alerts

#### 🚫 Prohibited Actions - Access raw submissions beyond compliance package scope - Request personal data beyond what's in compliance outputs - Modify any data or metadata

**Required Credential:** `cth:AuditorCredential`

Issued upon presentation of official regulatory mandate; time-limited to audit scope; zero data retention after audit closes

🤖

## AI Agent AGENT

**Who holds this role:** Claude instances, automated pipeline scripts, Pipedream workflows, any non-human principal acting on behalf of a credentialed human

#### ✅ Permitted Actions - Submit data on behalf of delegating human (inherits human's permissions only) - Read permitted datasets for analysis - Call POST /policy/evaluate before any write operation - Generate PROV-O provenance records for every action

#### 🚫 Prohibited Actions - Hold independent credentials (credential must be delegated from a human DID) - Exceed the permission scope of the delegating human - Bypass POST /policy/evaluate - Take any action when FPIC block is active — absolute prohibition

**Required Credential:** `cth:AgentCredential (delegated from human DID)`

Agent inherits the delegating human's DID permissions — never more. Every agent action creates a PROV-O record naming the delegating human DID and the agent ID. FPIC block is enforced at DB row-level security — OPA never even sees the request.