Scenarios
Scenarios: the standard stress-tested against worlds
Worked thought-experiments that push the mechanical contract's primitives against hard domains to see where they hold and where they creak.
Scenarios are not roadmap. Each one stress-tests a different edge of the specification and either the primitives hold or we learn where they creak (the §8.5 claim - “no industry vocabulary in the core” - is falsifiable, and this is where we try to falsify it).
Scenario 1: The patient journal as a mechanical contract
The uncomfortable observation first: Swedish health-records law already describes our machine. Patientdatalagen (2008:355) mandates, in prose, nearly every primitive the mechanical contract has.
| Patientdatalagen / vård reality | Mechanical-contract primitive |
|---|---|
| Journalen: chronological, entries never deleted; rättelse is marked, the original stays readable; destruction only by IVO decision | the append-only hash-chained log + amendments; §1’s replay covenant, verbatim |
| Anteckningar signed by legitimerad personal (HOSP), within deadlines set by the vårdgivare’s rutiner (HSLF-FS 2016:40) | signed submissions through an authorized port + a cadence obligation (osignerade anteckningar are a real audit finding today) |
| Åtkomstkontroll + loggning: every access logged; the patient may demand a loggutdrag (who read my journal?) | receipted READS - access itself is an event through a port, and the loggutdrag is a fold over the access-receipt chain |
| Inre sekretess: only staff participating in THIS patient’s care may access | port authorization + need-to-know disclosure scopes (§12) |
| Spärr: the patient blocks records from other care units | patient-controlled port closure / disclosure scope - a signed, receipted declaration |
| Samtycke for sammanhållen journalföring | an approval leg (§4.1) granted by the patient, revocable, receipted |
| Nödöppning (“bryta spärren” in an emergency) | escalation (§4.2) with a declared disclosure widening + mandatory after-the-fact review - §12’s per-level disclosure scopes, on max difficulty |
| Menprövning before disclosure | the disclosure policy, pre-declared per audience |
What this scenario surfaces that nothing else did: reads must be receiptable. Everywhere else in the design, receipts attach to submissions; healthcare law demands that access itself is an event - a read port whose receipts ARE the legally mandated access log, with the patient holding the right to fold them. That is a genuine (small) spec extension, flagged for v-next: port journal.read: every access emits a receipt to the log; loggutdrag = a query. It generalizes beyond healthcare instantly - “who looked at the sealed rate card” is the same question OSL 31:16 asks (§12), and today no contract system on earth can answer it.
The privacy fit is the §2/§12 machinery at full stretch: envelope/body detachment means journal integrity is provable (chain intact, entries signed, nothing deleted) without disclosing a single word of content; opaque (§8.4) is the type of the sealed entry; per-level escalation scopes are the nödöppning rules. The 1177 disaster (2.7M call recordings on an open server, 2019) is the standing argument that healthcare’s current answer - perimeter security around plaintext - fails structurally; sealed-by-construction with receipted access is the other road.
Honesty block: this is NOT the wedge and must not become it. Journal systems are a certified, regulated, incumbent-dense market (Cosmic, TakeCare, Epic; IVO/Socialstyrelsen oversight), and §12’s cryptographic layer is explicitly v2. The scenario’s value: it proves the primitives generalize to the hardest privacy domain, it surfaced the receipted-read requirement, and it hands the sekretess design a worked example regulators already understand. Nothing in the product roadmap moves.
Scenario 2: Future lawyers write mechanical contracts, not Word documents
The 2035 drafting workflow, every piece of which the reference implementation has prototyped in miniature:
- Start from a profile + template (mk-se-b2b consulting, mk-se-public ramavtal…) - the standardavtal industry (AB 04, ISDA-style master libraries) becomes a market of governed template artifacts with their own update contracts (§5.2). AB 04’s next revision ships as a version, with a diff.
- Declare, don’t draft: pools, rates, cadences, approval ladders, escalation - the extraction order taught as method: pools → shapes → sizes/variables → rules → tiering. The tiering judgment - what is executable, what stays soft - IS the legal craft, made explicit. (In the reference implementation’s translation experiment, a competent translation ran 63% executable / 32% soft; the soft third is where the lawyer earns the fee, and “skäligt” should never be code.)
- The linter is the new proofreading: red squiggles for legal logic - non-exhaustive
which, a reachable pool overdraw, a dead join (§3.7), an unhandled clause (coverage), a signature that won’t link (§7.6). Malpractice class of errors caught at authoring time, the way type systems killed a class of software bugs. - Test-drive before signature (pre-signature test-drives): run the hypothetical futures with the client in the room - “here is month 14 if volumes double; here is what happens when the index spikes 9%”. The client sees the contract behave before signing it.
- Negotiation = structured diffs. Redlining a Word document is diffing prose by eyeball; redlining a mechanical contract is a semantic diff -
rates.senior: 895 → 910,attest threshold: 50k → 100k, one soft clause reworded. Review like a pull request, sign the hash. - The Word document survives - demoted to a projection.
mk renderproduces the human-readable contract, two cross-linked spines, prose governing on conflict. Courts and clients read the render; the machine runs the source; the Ricardian bundle binds them under one signature. - Disputes become replays: the 8-line receipt instead of the 40-page PDF, the eskaleringstrappa with a runtime (§4.2), and the loggutdrag question above answered for commercial secrets too.
New professional reality, honestly stated: a contract engineer discipline emerges (Stanford CodeX-style computational law made vocational), with the translation experiment’s working notes as the first syllabus sketch; professional liability shifts (who answers for a rule bug - drafting firm’s insurance meets software warranty law, unresolved and non-trivial); and the adoption path runs through templates-for-the-long-tail (§6.2’s two-person AB signing from a template in an afternoon) long before BigLaw rewrites its workflow. The bar that matters is unchanged from §6.2: if only lawyers-who-code can author these, the standard failed - the lawyer declares and tiers; the tooling proves.