I had the schema open in one tab and the allocation preview in another, and the thing bothering me was embarrassingly small.
One field.
That was it.
Not broken. Not malformed. The schema in Sign Protocol was doing exactly what schemas are supposed to do there: giving the attestation a stable structure, something registrable, discoverable, reusable, machine-readable, all the calm words people use when they want standards to sound harmless. The Sign docs are pretty clear about that. Schemas define the structure and semantics of attestations, and the Schema Registry exists so those schemas can be found, reused, and interpreted consistently across the ecosystem.
Fine.
The original team had built a clean one. Narrow on purpose. A tidy little credential format for a qualification workflow. Enough to say this person passed the program’s test. Enough to issue an attestation. Enough for another verifier to query it later and not have to guess what the fields meant.
That was the part everyone liked.
Because once one schema works, people start reusing it like they just discovered a shortcut nobody has to pay for.
Another team picked it up for access control. Fair enough. Then another used the same schema for partner qualification. Still fine. Same structure, same field meanings, same issuer behavior. Sign made that easy because reuse is not an accident in the design. The registry is there precisely so a schema can become a stable reference instead of every program inventing a fresh format for the same basic claim.
Then somebody fed it into a TokenTable program.
That was where my shoulders went up a little.
Because TokenTable is not just checking whether a credential exists. It is a capital allocation and distribution system. It is where “looks eligible” stops being a nice organizational label and starts becoming rows, amounts, recipients, disbursements, reports. Sign’s own docs describe TokenTable in that operational lane: allocation rules, controlled distribution, auditable implementation.
And suddenly that old schema field, the one that was perfectly adequate when the consequence was access, was being asked to carry payout judgment.
No redesign. No new structure. No careful moment where somebody admitted the field now had financial force behind it.
Just reuse.
The attestation still verified exactly the same way. The schema was still technically correct. That is what made it worse. Nothing in Sign was failing. The verifier could still confirm the record conformed to the schema. The issuer still signed it. The registry still pointed to the same structure. The system was behaving with complete discipline while the institution around it had quietly started hanging much heavier consequences on the same old field definitions.
And that is the nasty part of schema reuse on Sign when it goes well for too long.
The schema does not expand on its own just because downstream decisions got more serious. It does not grow new caveats because treasury is reading it now. It does not stop the ecosystem and ask whether a format built to express standing was ever specific enough to determine allocation.
So the same schema keeps moving. Same fields. Same clean verification path. Meanwhile the institutional weight attached to it keeps climbing in total silence.
And then one day you are staring at a finalized distribution input built on a structure that still means exactly what it originally meant, while everybody using it has started pretending it meant much, much more.