Skip to content

The five C's

A compliant contract is not yet a compliant economy. The bilateral ʿaqd is only the centre; around it sits a wider fiqh of muʿāmalāt. Deducible enforces five of these doctrines, each at a different layer of the stack and each backed by an exact algorithm — no floating point, no heuristics.

They share an initial by accident of English; the discipline is real.

al-ʿuqūd al-murakkabah · sadd al-dharāʾiʿ — the topology layer (composite.rs).

Some arrangements are sound leg-by-leg yet forbidden as a whole. The engine builds the directed asset-flow graph over a bundle’s legs and reasons about its shape.

1. nodes = parties ∪ assets; edges = (from → to, asset, deferred?, price) per leg
2. cycles = enumerate simple cycles by DFS over the directed graph
3. classify each cycle:
• 2-cycle, same asset returns to origin, one leg deferred, price differential → INAH-1 (ʿīnah)
• ≥3-cycle ring back to the financier WITH a monetization flip
(deferred-in + spot-out of the same asset) → INAH-2 (tawarruq)
• round-trip with zero net transfer → INAH-3 (warn)

The key result: riba here is topological — a property of the graph, not of any single price. The same deferred markup that is licit in an acyclic wakalah+murabahah (the customer keeps the asset) becomes riba once it closes a cycle back to the financier. So the engine forbids the cycle, not the markup.

ahliyyah — the identity layer (services/ahliyyah.js, did_registry.json).

A contract is only as sound as the legal capacity (ahliyyat al-adāʾ) of its parties. Each party DID resolves to a verifiable credential; the gateway’s POST /authorize verifies both the terms and every party before allowing the deal:

Check Basis
AHL-MINOR bulūgh / ʿaql — minority or incapacity
AHL-SAFIH rushd — interdiction (ḥajr) on the prodigal (al-Baqarah 2:282, al-Nisāʾ 4:5)
AHL-TAFLIS solvency — the bankrupt (Ṣaḥīḥ Muslim)
AHL-KYC / AHL-AML statutory identity & sanctions

The issuer attests the credential; the capacity ruling is the scholar’s. The gateway only refuses a contract whose parties don’t clear both the fiqh and statutory layers.

zakāt al-tijārah — the AST layer (zakat.rs).

Zakat is computed at the contract itself, as exact integer arithmetic widened to avoid overflow:

// rubʿ al-ʿushr = 1/40 = 250 bps, computed in u256-width then narrowed
fn zakat_due(base: u128, nisab: u128, rate_bps: u128) -> u128 {
if base < nisab { return 0 } // ZAKAT-3: below niṣāb, nothing is due
((base as u256) * (rate_bps as u256) / 10_000) as u128
}

Guards (compile-time): ZAKAT-1 rate must equal 250 bps; ZAKAT-2 the ḥawl must be lunar (ḥijrī) — a solar year silently under-collects; ZAKAT-3 positive niṣāb; ZAKAT-4 the beneficiary must resolve to a party. Proven live: a generated contract moved its maslahah fund by exactly 250000 tinybar on a 10000000 base — to the cent, on a public ledger (Live on Hedera).

waḍʿ al-jawāʾiḥ · farāʾiḍ — the lifecycle layer (faraid.rs).

Two off-ramps, both exact.

Calamity (CONT-1). A jāʾiḥah must abate an obligation, not defer it — effectiveRentDue → 0 while rentDue is untouched. Deferral-with-charge would be riba; abatement is mercy. (Deferral is rejected at compile time.)

Death (CONT-2/3). A deceased partner’s stake dissolves by farāʾiḍ — Islamic inheritance as exact rational arithmetic over Frac { num: u128, den: u128 }:

1. assign the fixed shares (furūḍ): spouse, father, mother, sons, daughters …
2. Σ furūḍ > 1 → ʿawl: scale every share down by 1/Σ (proportional reduction)
3. residue → ʿaṣaba, split male:female = 2:1
4. Σ < 1 and no ʿaṣaba → radd (proportional return), excluding the spouse
5. guards: ʿUmariyyatayn handled; an unmodelled collateral configuration → refer to a faraḍī

Every value is a reduced fraction; the on-chain dissolveByFaraid(heirs, bps) validates Σ bps == 10000 before distributing by transfer. (e.g. estate with a son + husband, child present: husband 1/4 (al-Nisāʾ 4:12), son the ʿaṣaba residue — exact.)

the cryptographic layer (zk.rs).

Some facts must be proven without being revealed. A non-interactive sigma protocol proves that committed losses are proportional — lossBank · clientBps == lossClient · bankBps — without disclosing the amounts.

commit Cb = g^lossBank · h^rb , Cc = g^lossClient · h^rc (Pedersen)
reduce C_z = Cb^clientBps · Cc^(q − bankBps)
→ C_z is a commitment to (lossBank·clientBps − lossClient·bankBps)
→ which is 0 exactly when the loss split is proportional
prove a Schnorr proof on base h that C_z commits to 0
(i.e. the g-exponent is 0, so C_z = h^r for known r)
nizk Fiat–Shamir: challenge = H(transcript) makes it non-interactive

The verifier learns only proportional / not — never the figures. Honest scope: the protocol is real (own SHA-256 KAT-tested, deterministic Miller–Rabin safe-prime, Pedersen, Schnorr); the ~61-bit modulus is illustrative, not production. --target zk emits the matching Circom circuit (INV-1 + RISK-1 as R1CS) and a settleWithProof() gate.


Each doctrine is opt-in, each raises cited diagnostics (reference), and — like everything here — each checks consistency, not legitimacy. The citations are pointers to the tradition for scholarly verification, not fatwa.