The five C's
A compliant contract is not yet a compliant economy. The bilateral ʿaqd is only the centre; around it sits a wider fiqh of muʿāmalāt. Deducible enforces five of these doctrines, each at a different layer of the stack and each backed by an exact algorithm — no floating point, no heuristics.
They share an initial by accident of English; the discipline is real.
Composition
Section titled “Composition”al-ʿuqūd al-murakkabah · sadd al-dharāʾiʿ — the topology layer (composite.rs).
Some arrangements are sound leg-by-leg yet forbidden as a whole. The engine builds the directed
asset-flow graph over a bundle’s legs and reasons about its shape.
1. nodes = parties ∪ assets; edges = (from → to, asset, deferred?, price) per leg2. cycles = enumerate simple cycles by DFS over the directed graph3. classify each cycle: • 2-cycle, same asset returns to origin, one leg deferred, price differential → INAH-1 (ʿīnah) • ≥3-cycle ring back to the financier WITH a monetization flip (deferred-in + spot-out of the same asset) → INAH-2 (tawarruq) • round-trip with zero net transfer → INAH-3 (warn)The key result: riba here is topological — a property of the graph, not of any single price. The same deferred markup that is licit in an acyclic wakalah+murabahah (the customer keeps the asset) becomes riba once it closes a cycle back to the financier. So the engine forbids the cycle, not the markup.
Capacity
Section titled “Capacity”ahliyyah — the identity layer (services/ahliyyah.js, did_registry.json).
A contract is only as sound as the legal capacity (ahliyyat al-adāʾ) of its parties. Each party DID
resolves to a verifiable credential; the gateway’s POST /authorize verifies both the terms and
every party before allowing the deal:
| Check | Basis |
|---|---|
AHL-MINOR |
bulūgh / ʿaql — minority or incapacity |
AHL-SAFIH |
rushd — interdiction (ḥajr) on the prodigal (al-Baqarah 2:282, al-Nisāʾ 4:5) |
AHL-TAFLIS |
solvency — the bankrupt (Ṣaḥīḥ Muslim) |
AHL-KYC / AHL-AML |
statutory identity & sanctions |
The issuer attests the credential; the capacity ruling is the scholar’s. The gateway only refuses a contract whose parties don’t clear both the fiqh and statutory layers.
Charge
Section titled “Charge”zakāt al-tijārah — the AST layer (zakat.rs).
Zakat is computed at the contract itself, as exact integer arithmetic widened to avoid overflow:
// rubʿ al-ʿushr = 1/40 = 250 bps, computed in u256-width then narrowedfn zakat_due(base: u128, nisab: u128, rate_bps: u128) -> u128 { if base < nisab { return 0 } // ZAKAT-3: below niṣāb, nothing is due ((base as u256) * (rate_bps as u256) / 10_000) as u128}Guards (compile-time): ZAKAT-1 rate must equal 250 bps; ZAKAT-2 the ḥawl must be lunar
(ḥijrī) — a solar year silently under-collects; ZAKAT-3 positive niṣāb; ZAKAT-4 the
beneficiary must resolve to a party. Proven live: a generated contract moved its maslahah fund by
exactly 250000 tinybar on a 10000000 base — to the cent, on a public ledger
(Live on Hedera).
Contingency
Section titled “Contingency”waḍʿ al-jawāʾiḥ · farāʾiḍ — the lifecycle layer (faraid.rs).
Two off-ramps, both exact.
Calamity (CONT-1). A jāʾiḥah must abate an obligation, not defer it — effectiveRentDue → 0
while rentDue is untouched. Deferral-with-charge would be riba; abatement is mercy. (Deferral is
rejected at compile time.)
Death (CONT-2/3). A deceased partner’s stake dissolves by farāʾiḍ — Islamic inheritance as
exact rational arithmetic over Frac { num: u128, den: u128 }:
1. assign the fixed shares (furūḍ): spouse, father, mother, sons, daughters …2. Σ furūḍ > 1 → ʿawl: scale every share down by 1/Σ (proportional reduction)3. residue → ʿaṣaba, split male:female = 2:14. Σ < 1 and no ʿaṣaba → radd (proportional return), excluding the spouse5. guards: ʿUmariyyatayn handled; an unmodelled collateral configuration → refer to a faraḍīEvery value is a reduced fraction; the on-chain dissolveByFaraid(heirs, bps) validates
Σ bps == 10000 before distributing by transfer. (e.g. estate with a son + husband, child present:
husband 1/4 (al-Nisāʾ 4:12), son the ʿaṣaba residue — exact.)
Concealment
Section titled “Concealment”the cryptographic layer (zk.rs).
Some facts must be proven without being revealed. A non-interactive sigma protocol proves that
committed losses are proportional — lossBank · clientBps == lossClient · bankBps — without
disclosing the amounts.
commit Cb = g^lossBank · h^rb , Cc = g^lossClient · h^rc (Pedersen)reduce C_z = Cb^clientBps · Cc^(q − bankBps) → C_z is a commitment to (lossBank·clientBps − lossClient·bankBps) → which is 0 exactly when the loss split is proportionalprove a Schnorr proof on base h that C_z commits to 0 (i.e. the g-exponent is 0, so C_z = h^r for known r)nizk Fiat–Shamir: challenge = H(transcript) makes it non-interactiveThe verifier learns only proportional / not — never the figures. Honest scope: the protocol is
real (own SHA-256 KAT-tested, deterministic Miller–Rabin safe-prime, Pedersen, Schnorr); the ~61-bit
modulus is illustrative, not production. --target zk emits the matching Circom circuit
(INV-1 + RISK-1 as R1CS) and a settleWithProof() gate.
Each doctrine is opt-in, each raises cited diagnostics (reference), and — like everything here — each checks consistency, not legitimacy. The citations are pointers to the tradition for scholarly verification, not fatwa.