RFC-UZ-002 — Talent and Hiring Marketplace Protocol

Defines talent profile, employer, skill query, hire attestation, outcome attestation, outreach, take-rate, calibrated mentor, and consent scope. Where a term also appears in HIRING_TERMS.md, the form here is operational; the reference document is the legal form.

A talent profile is a tree of typed records rooted on a stable talent_profile_id (ULID). The root carries a ConsentRecord, zero or more AvailabilityBlock and GeographyBlock records, and at most one SalaryBand. The shape is normatively defined in upskillzone.domains.skills_graph.

A four-rung tier ladder — unverified → email_verified → domain_verified → kyc_verified — gates access to projection levels and outreach quotas. Each rung specifies the evidence the platform requires before promotion.

Three projections — public, employer_index, and kyc_only — control which fields a recruiter sees at each tier. evidence_count is rounded for low tiers; SalaryBand and evidence_glimpse are tier-gated to kyc_verified.

All employer talent search MUST flow through the constrained SkillQuery interface. Free-text search over profile bodies is out of scope and MUST NOT be implemented. The schema is closed; extra fields fail with HTTP 422 and the skillquery-extra-field-forbidden problem type.

Ranking inputs are documented (§5.2): trust_score derives only from calibrated mentors' assessments.

A signed record asserting that a hire occurred. Conformant HireAttestation records are the only artefact that triggers take-rate billing. Signature uses the employer's Ed25519 recruiter-seat key registered in §3.

First-contact messages from a recruiter seat to a previously-unengaged talent profile are quota-bound per tier. Quota exhaustion returns HTTP 429 with the outreach-quota-exceeded problem type.

A post-hire signed record capturing whether the hire is still_employed, promoted_or_extended, or terminated, plus a free-form OutcomeAnswer. Submission outside the §8.1 window returns HTTP 409.

12% platform fee on channel_attribution=talent_search hires. Mentor-introduced and self-applied hires are out of scope. Clawbacks for terminated outcomes are surfaced in the invoice payload, not as errors.

§10.1 — Every public-scope SkillQuery is logged with HMAC-hashed identifiers; retention is 2 years.

§10.2 — Quarterly four-fifths-rule monitoring of inferred subgroup selection rates; flagged subgroups appear on /admin/bias-audit and in the public report.

§10.3 — Top-25 drift monitoring against a 50-query reference suite; >30% Jaccard distance over four consecutive weeks pages on-call.

§10.4 — Geographic representation diff against the eligible talent base; >0.25 KL-divergence on >5% of unfiltered queries in a quarter is disclosed.

§10.5 — Public quarterly bias audit report published no later than 45 days after quarter close, machine-readable JSON served alongside.

All errors use application/problem+json (RFC 9457). Field-level errors carry an errors[] with pointer and code members. The problem type catalogue is normative.

Employer key custody — recruiter-seat Ed25519 secret keys are never custodied by the platform. Lost keys trigger a rotation event and revoke previously-signed HireAttestation records.

Talent profile re-identification risk — combinations of region, proficiency_band, last_evidenced_at, and evidence_count can re-identify owners. Implementations SHOULD apply k-anonymity (k≥5) checks on result sets when required_skills length exceeds 8.

BCP 14 (RFC 2119, RFC 8174); RFC 9457; reference/HIRING_TERMS.md; reference/MENTOR_AGREEMENT.md; RFC-UZ-001; reference/DATA_RETENTION.md.