{"meta":{"export_version":"1.0","export_date":"2026-05-19T02:20:44.904Z","dictionary_version":"1.0.0","term_count":103,"mapped_term_count":52,"classified_term_count":41,"governance_populated_count":41,"programme":"MintPass Protocol Foundations","data_sources":["/api/dictionary-data","/api/semantic-laws","/api/drift-classifications","/api/canonical-mappings"]},"semantic_laws":[{"id":"PSL-001","statement":"State is protocol truth; status is not.","rationale":"The canonical lifecycle field `lifecycle_state_canonical` is the sole authoritative signal for where an entitlement exists in its lifecycle. Status fields are projections derived for presentation and must not be used to drive protocol decisions.","terms_referenced":["State","Status","Lifecycle"],"governs":"Lifecycle & State"},{"id":"PSL-002","statement":"Evaluation is read-only; execution mutates.","rationale":"Evaluation determines exercisability without producing side effects. Only an authorised execution operation may produce a state change. Conflating evaluation with execution violates the protocol's mutation boundary.","terms_referenced":["Evaluation","Execution","Constraint Engine"],"governs":"Evaluation & Truth"},{"id":"PSL-003","statement":"The Convergence Engine is the sole authority for exercisability.","rationale":"No external signal, carrier document, or presentation field may override a Convergence Engine outcome. Exercisability is a protocol truth produced only by CE evaluation against the full constraint dimension set.","terms_referenced":["Convergence Engine","Evaluation","Entitlement"],"governs":"Evaluation & Truth"},{"id":"PSL-004","statement":"Guardian enforces invariants independently of CE outcome.","rationale":"Guardian protects structural protocol integrity and may block execution even when CE returns PASS. Guardian and CE serve distinct roles; a CE pass does not constitute Guardian clearance.","terms_referenced":["Guardian","Convergence Engine","Execution"],"governs":"Enforcement & Guardian"},{"id":"PSL-005","statement":"BLOCKED is recoverable; DENIED is terminal.","rationale":"A BLOCKED outcome signals a constraint condition that may be resolved through remediation. A DENIED outcome signals a structural or permanent barrier that cannot be overcome by any actor action. These two outcomes must never be treated as equivalent.","terms_referenced":["BLOCKED","DENIED","Evaluation"],"governs":"Evaluation & Truth"},{"id":"PSL-006","statement":"Enforcement overlays are liftable; Guardian blocks are not.","rationale":"Administrative enforcement actions — freeze, suspend, hold, restrict — may be reversed by an authorised actor. Guardian invariant violations reflect structural protocol breaches that cannot be overridden by any actor or administrative action.","terms_referenced":["Guardian","Enforcement Action","Overlay"],"governs":"Enforcement & Guardian"},{"id":"PSL-007","statement":"Carriers never create protocol truth.","rationale":"Presentation formats, transport wrappers, QR codes, PDFs, and carrier documents may reference entitlements but do not define, confirm, or alter their state. Protocol truth lives in the protocol record, not in any derived or rendered form.","terms_referenced":["Carrier","State","Entitlement"],"governs":"Authority & Governance"},{"id":"PSL-008","statement":"Domain language must map into canonical protocol terms before execution.","rationale":"Profile-specific vocabulary must resolve to canonical protocol operations before the protocol acts on them. Operating on untranslated domain language bypasses the semantic governance layer and produces undefined protocol behaviour.","terms_referenced":["Domain Translation","Canonical Term","Execution"],"governs":"Profile Extension"},{"id":"PSL-009","statement":"All repeatable events must be recorded as event records, not as overwritten timestamps.","rationale":"When a lifecycle event can occur more than once, each occurrence must be persisted as an immutable event record. Overwriting a single timestamp destroys the historical record required for audit, analytics, and protocol dispute resolution.","terms_referenced":["Lifecycle","State","Audit"],"governs":"Lifecycle & State"},{"id":"PSL-010","statement":"An entitlement's exercisability is evaluated against the full constraint dimension set in deterministic precedence order.","rationale":"The eight evaluation dimensions — lifecycle, temporal, enforcement, dependency, capacity, verification, delegation, acceptance — are evaluated in fixed precedence order. No dimension may be selectively skipped, and precedence may not be altered by external configuration.","terms_referenced":["Constraint Engine","Evaluation","Convergence Engine"],"governs":"Evaluation & Truth"}],"non_authoritative_clarification":{"summary":"Non-authoritative does not mean operationally unimportant. It means the field or term must not independently determine protocol truth. Non-authoritative metadata may be required for presentation, audit trails, evidence collection, domain translation, carrier rendering, and operational context. Dropping non-authoritative data is not a safe default.","detail_points":["A non-authoritative field carries information that is valid and useful, but that information is derived from or subordinate to an authoritative source.","Non-authoritative fields must be preserved, passed through evaluation surfaces as context, and persisted for audit and operational purposes.","The error is not in having non-authoritative fields — it is in using them to drive protocol decisions that must be governed by authoritative fields.","When in doubt: keep the data, route the decision to the authoritative source."],"anchor":"#non-authoritative-clarification"},"classifications":{"authority_status":["Authoritative","Non-authoritative Metadata","Presentation-only","Profile-authoritative"],"machine_criticality":["CRITICAL","SENSITIVE","SAFE"],"normative_status":["REQUIRED","RECOMMENDED","OPTIONAL","LEGACY","PROHIBITED"],"drift_classification":["STABLE","AMBIGUOUS","DEPRECATED","DOMAIN_ONLY","NOT_FIRST_CLASS","PRESENTATION_ONLY","LEGACY"]},"drift_classification_summary":{"total_classified":41,"by_value":{"AMBIGUOUS":9,"DEPRECATED":1,"DOMAIN_ONLY":10,"NOT_FIRST_CLASS":4,"PRESENTATION_ONLY":3,"STABLE":14}},"mapping_coverage_summary":{"total_entries":76,"mapped_terms":52,"by_confidence":{"HIGH":40,"MEDIUM":19,"LOW":17},"protocol_primitives_covered":13},"governance_framework":{"description":"The Semantic Drift Classification is the FOURTH independent dimension in the dictionary schema. It answers: Is this term at risk of semantic drift, misuse, or confusion? It is structurally and semantically distinct from Authority Status, Machine Criticality, and Normative Status.","dimension_separation_note":"See classification_dimension_separation table below for formal separation from existing dimensions.","classification_dimension_separation":[{"dimension":"Authority Status","answers":"Does this term carry protocol truth?","values":["Authoritative","Non-authoritative Metadata","Presentation-only","Profile-authoritative"],"example":"state = Authoritative"},{"dimension":"Machine Criticality","answers":"Must an AI agent understand this term correctly to avoid unsafe mutations?","values":["CRITICAL","SENSITIVE","SAFE"],"example":"exercisable = CRITICAL"},{"dimension":"Normative Status","answers":"Is this term binding on implementers?","values":["REQUIRED","RECOMMENDED","OPTIONAL","LEGACY","PROHIBITED"],"example":"lifecycle_state_canonical = REQUIRED"},{"dimension":"Drift Classification","answers":"Is this term at risk of semantic drift, misuse, or confusion?","values":["STABLE","AMBIGUOUS","LEGACY","DEPRECATED","DOMAIN_ONLY","NOT_FIRST_CLASS","PRESENTATION_ONLY"],"example":"status = AMBIGUOUS"}],"separation_rules":["A term can have values in ALL FOUR dimensions simultaneously without contradiction — they answer orthogonal questions.","Drift Classification must NEVER override or replace Authority Status. Drift-DEPRECATED does not make a term non-authoritative.","Drift Classification values do not duplicate Authority Status values — where naming overlaps (e.g., AMBIGUOUS), the semantic definition is distinct.","Drift-AMBIGUOUS means: at risk of being misinterpreted across contexts. Authority-ambiguous means: authority status has not been formally resolved.","Drift-PRESENTATION_ONLY means: at risk of being treated as authoritative when purely presentational. Authority-presentation-only means: authority classification is presentation-only.","Drift-DEPRECATED means: actively being removed from vocabulary. Authority status is unchanged — a deprecated term may still be authoritative while it exists.","Visual rendering must distinguish all four dimensions using different badge colours, placement, or visual treatment."]},"audience_presets":[{"preset_id":"ai_agents","label":"AI Agents","description":"Terms and metadata most relevant to autonomous AI agents consuming the API. Prioritises machine-critical terms, authority status, drift warnings, canonical mappings, protocol primitives, and semantic laws. Explicitly elevates the top 10 drift-risk terms from DICT-02B semantic risk review.","priority_terms":["State","Status","Execute","Result","Claim","Booking","Coverage","Hold","Action","Decision","Container","Entitlement","Evaluation","PASS","BLOCKED","DENIED","Guardian","Consume","Constraint","Lifecycle"],"priority_filters":{"machine_critical":["CRITICAL","SENSITIVE"],"authority_status":["Authoritative"],"drift_classification":["AMBIGUOUS","DEPRECATED","PRESENTATION_ONLY"],"mapping_confidence":["HIGH","MEDIUM"],"protocol_primitive":["YES"]},"suppress_filters":{"drift_classification":["DOMAIN_ONLY","NOT_FIRST_CLASS"],"authority_status":["Presentation-only"]},"sort_order":["priority_terms_first","machine_critical_desc","authority_authoritative_first","mapping_confidence_desc","alphabetical"],"focus_sections":["Protocol Semantic Laws","Canonical Mapping","Drift Classification","Authority Status"],"ui_color":"#3b5eb4","ui_icon":"🤖"},{"preset_id":"sdk_builders","label":"SDK Builders","description":"Terms and metadata most relevant to developers building client libraries. Prioritises canonical schemas, field names, enum references, canonical mappings, naming conventions, and type information.","priority_terms":["Container","Entitlement","Evaluation","State","Lifecycle","PASS","BLOCKED","DENIED","Consume","Authorisation","Settlement","Verification","Constraint","Guardian"],"priority_filters":{"mapping_confidence":["HIGH","MEDIUM"],"protocol_primitive":["YES"],"machine_critical":["CRITICAL"]},"suppress_filters":{"authority_status":["Presentation-only"],"drift_classification":["DOMAIN_ONLY","PRESENTATION_ONLY"]},"sort_order":["mapping_confidence_desc","protocol_primitive_first","alphabetical"],"focus_sections":["Canonical Mapping","API References","Enums"],"ui_color":"#286940","ui_icon":"📦"},{"preset_id":"governance_review","label":"Governance Review","description":"Terms and metadata most relevant to protocol governance reviewers. Prioritises authority status, normative status, drift classifications, governance metadata, semantic laws, and ambiguous or contested terms.","priority_terms":["Status","Execute","Booking","Decision","Result","Action","Coverage","Hold","Policy","State"],"priority_filters":{"drift_classification":["AMBIGUOUS","DEPRECATED","LEGACY"],"authority_status":["Authoritative","Non-authoritative Metadata"],"normative_status":["REQUIRED"]},"suppress_filters":{"machine_critical":["SAFE"]},"sort_order":["drift_risk_first","ambiguous_first","deprecated_first","authority_authoritative_first","alphabetical"],"focus_sections":["Governance Metadata","Drift Classification","Protocol Semantic Laws","Authority Status","Normative Status"],"ui_color":"#b92a2a","ui_icon":"⚖️"},{"preset_id":"api_integrators","label":"API Integrators","description":"Terms and metadata most relevant to developers integrating with the MintPass API. Prioritises canonical routes, request/response shapes, error codes, evaluation envelope, consume/authorise flows, and semantic warnings.","priority_terms":["Entitlement","Container","Evaluation","Consume","Authorisation","Settlement","Verification","PASS","BLOCKED","DENIED","Lifecycle","State","Guardian"],"priority_filters":{"mapping_confidence":["HIGH"],"machine_critical":["CRITICAL","SENSITIVE"],"protocol_primitive":["YES"]},"suppress_filters":{"drift_classification":["DOMAIN_ONLY","NOT_FIRST_CLASS","PRESENTATION_ONLY"],"authority_status":["Presentation-only"]},"sort_order":["routes_present_first","mapping_confidence_desc","machine_critical_desc","alphabetical"],"focus_sections":["API References","Canonical Mapping","Semantic Warnings","Permitted","Prohibited"],"ui_color":"#1e7a6a","ui_icon":"🔌"},{"preset_id":"domain_profile_authors","label":"Domain Authors","description":"Terms and metadata most relevant to authors creating domain-specific profiles (insurance, travel, commerce, loyalty). Prioritises domain translations, DOMAIN_ONLY terms, profile naming rules, and core-to-domain mapping boundaries.","priority_terms":["Coverage","Booking","Claim","Policy","Settlement","Carrier","Profile","Domain"],"priority_filters":{"drift_classification":["DOMAIN_ONLY","AMBIGUOUS"],"authority_status":["Profile-authoritative","Non-authoritative Metadata"]},"suppress_filters":{"drift_classification":["STABLE","NOT_FIRST_CLASS"]},"sort_order":["domain_only_first","domain_translations_present_first","alphabetical"],"focus_sections":["Domain Translations","Drift Classification","Domain Profiles"],"ui_color":"#6e3cb4","ui_icon":"🌐"},{"preset_id":"ui_developers","label":"UI Developers","description":"Terms and metadata most relevant to frontend and display developers. Prioritises PRESENTATION_ONLY terms, non-authoritative metadata clarification, carrier-related terms, and display state vs protocol state.","priority_terms":["Status","Coverage","Carrier","Profile","State"],"priority_filters":{"drift_classification":["PRESENTATION_ONLY","NOT_FIRST_CLASS"],"authority_status":["Presentation-only","Non-authoritative Metadata"]},"suppress_filters":{"machine_critical":["CRITICAL"],"drift_classification":["STABLE","DOMAIN_ONLY"]},"sort_order":["presentation_only_first","non_authoritative_first","alphabetical"],"focus_sections":["Non-Authoritative Clarification","Domain Translations","Display Notes"],"ui_color":"#2864a0","ui_icon":"🖥️"}],"terms":[{"term":"Container","canonical_sentence":"A Container is a governed collection scope that groups one or more Entitlements under shared policy, lifecycle rules, and authority constraints.","definition":"Containers establish the organisational boundary within which Entitlements exist. A Container carries its own lifecycle state, policy references, and access controls that apply to all member Entitlements. Creating or modifying a Container is a protocol mutation subject to the full mutation pipeline.","classification":"Core Protocol","authority_status":"Authoritative","normative_status":"REQUIRED","semantic_owner":"Core Protocol","machine_critical":"CRITICAL","cross_domain_stability":"UNIVERSAL","protocol_primitive":"YES","migration_risk":"HIGH","permitted":"Use to represent the top-level scope grouping Entitlements. Reference in issuance, policy, enforcement, and lifecycle operations.","prohibited":"Do not use interchangeably with Entitlement. A Container is not itself exercisable.","api_refs":["POST /api/containers","GET /api/containers","PATCH /api/containers/{id}"],"related":["Entitlement","Lifecycle","Policy"],"domain_translations":{"insurance policy":"Container","loyalty membership account":"Container","subscription plan":"Container"},"confidence":"HIGH","notes":null,"open_question":null,"drift_classification":"STABLE","governance_metadata":{"semantic_stability":"LOCKED","migration_risk":"HIGH","governance_status":"RATIFIED","last_reviewed":"2026-05-09","review_trigger":"Protocol v2.0 major revision"},"canonical_mapping":{"canonical_schema":"Container","canonical_field":"state","enum_reference":null,"openapi_reference":"#/components/schemas/Container","authoritative_routes":["POST /api/containers","GET /api/containers","GET /api/containers/{id}","PATCH /api/containers/{id}"],"semantic_extensions":["x-authoritative: true"],"implementation_notes":"Container.state is the canonical lifecycle field per SYN-NAME-02 (state renamed from status). Container.status is deprecated (x-replaced-by: state). Container.policy_number is marked x-replaced-by: external_ref. Runtime populates both state (canonical) and status (deprecated) in responses via withContainerState() helper. Container.state enum: draft/active/expired/cancelled. SYN-NAME-02 COMPLETE (commit 36b5b465, deploy 2026-05-10).","mapping_confidence":"HIGH","mapping_source":"OA-ANNOTATE-01B"}},{"term":"Entitlement","canonical_sentence":"An Entitlement is the canonical record of exercisable rights held by an Actor, subject to constraint evaluation before any mutation is permitted.","definition":"Entitlements are the core unit of value in MintPass. Each Entitlement carries a lifecycle state, capacity, constraints, and is governed by its Container's policy. All protocol operations (consume, evaluate, enforce) target Entitlements. Entitlements cannot be exercised without a PASS from the Constraint Engine.","classification":"Core Protocol","authority_status":"Authoritative","normative_status":"REQUIRED","semantic_owner":"Core Protocol","machine_critical":"CRITICAL","cross_domain_stability":"UNIVERSAL","protocol_primitive":"YES","migration_risk":"BREAKING","permitted":"Use as the canonical unit representing exercisable rights.","prohibited":"Do not use \"coverage\", \"benefit\", or \"wallet balance\" as synonyms in core protocol logic.","api_refs":["POST /api/entitlements","GET /api/entitlements/{id}","POST /api/entitlements/{id}/consume"],"related":["Container","State","Capacity","Constraint"],"domain_translations":{"insurance coverage":"Entitlement","loyalty points balance":"Entitlement","subscription access":"Entitlement"},"confidence":"HIGH","notes":null,"open_question":null,"drift_classification":"STABLE","governance_metadata":{"semantic_stability":"LOCKED","migration_risk":"BREAKING","governance_status":"RATIFIED","last_reviewed":"2026-05-09","review_trigger":"Protocol v2.0 major revision"},"canonical_mapping":{"canonical_schema":"Entitlement","canonical_field":null,"enum_reference":null,"openapi_reference":"#/components/schemas/Entitlement","authoritative_routes":["POST /api/entitlements/issue","GET /api/entitlements","GET /api/entitlements/{id}","PATCH /api/entitlements/{id}"],"semantic_extensions":["x-authoritative: true"],"implementation_notes":"Entitlement schema carries x-authoritative: true per OA-ANNOTATE-01B. Primary unit of value in MintPass. Contains both authoritative fields: (1) lifecycle_state_canonical (CanonicalLifecycleState: PENDING/ISSUED/ACTIVE/CONSUMED/REVOKED, x-state-class: canonical_lifecycle, x-authoritative: true) — protocol-canonical lifecycle state per LIFECYCLE-RESP-01; (2) state (ClaimWorkflowState: 17 lowercase workflow values, x-authoritative: true) — domain-level claim workflow state per STATE-SPLIT-01B. Also carries non-authoritative field entitlement_status (x-authoritative: false, x-semantic-warning). The canonical lifecycle field is lifecycle_state_canonical (protocol truth); state provides workflow context. SYN-NAME-01 finding #1 flags entitlement_status as PSL-001 violation.","mapping_confidence":"HIGH","mapping_source":"OA-ANNOTATE-01B"}},{"term":"Actor","canonical_sentence":"An Actor is any authenticated principal that can initiate protocol operations, subject to authority evaluation before execution is permitted.","definition":"Actors are the identity layer of the protocol. Every mutation, evaluation, or authority check references an Actor. Actors may hold delegated authority from other Actors.","classification":"Core Protocol","authority_status":"Authoritative","normative_status":"REQUIRED","semantic_owner":"GOV","machine_critical":"CRITICAL","cross_domain_stability":"UNIVERSAL","protocol_primitive":"YES","migration_risk":"MEDIUM","permitted":"Use to identify any authenticated principal in the system.","prohibited":"Do not conflate with Holder or Beneficiary — an Actor may operate on behalf of others.","api_refs":[],"related":["Authority","Delegation","Holder"],"domain_translations":{},"confidence":"HIGH","notes":null,"open_question":null,"drift_classification":null,"governance_metadata":{},"canonical_mapping":{"canonical_schema":"ActorAuthorityBasis","canonical_field":null,"enum_reference":null,"openapi_reference":"#/components/schemas/ActorAuthorityBasis","authoritative_routes":[],"semantic_extensions":["x-authoritative: false","x-semantic-warning"],"implementation_notes":"ActorAuthorityBasis carries x-authoritative: false and x-semantic-warning per OA-ANNOTATE-01B. This is a CONSISTENCY_WARNING: the dictionary term Actor has authority_status: Authoritative but the closest OpenAPI schema (ActorAuthorityBasis) is marked x-authoritative: false. Resolution: Actor as a protocol entity is authoritative; ActorAuthorityBasis is a non-authoritative metadata projection for external AI agent interpretation (the schema description confirms: 'Non-authoritative metadata'). The authority_basis field (present on EvaluationEnvelope metadata, Authorisation, ConsumeResponse) carries this non-authoritative context.","mapping_confidence":"MEDIUM","mapping_source":"OA-ANNOTATE-01B"}},{"term":"Tenant","canonical_sentence":"A Tenant is the top-level organisational boundary that enforces multi-tenant isolation across all protocol entities.","definition":"Tenants provide the highest-level isolation boundary. All protocol entities belong to exactly one Tenant. Cross-tenant operations are forbidden by design.","classification":"Core Protocol","authority_status":"Authoritative","normative_status":"REQUIRED","semantic_owner":"Core Protocol","machine_critical":"SENSITIVE","cross_domain_stability":"UNIVERSAL","protocol_primitive":"NO","migration_risk":"MEDIUM","permitted":"Use as the isolation boundary for all multi-tenant operations.","prohibited":"Do not allow cross-tenant entity references.","api_refs":[],"related":["Entity","Container"],"domain_translations":{},"confidence":"HIGH","notes":null,"open_question":null,"drift_classification":null,"governance_metadata":{},"canonical_mapping":{"canonical_schema":null,"canonical_field":null,"enum_reference":null,"openapi_reference":null,"authoritative_routes":[],"semantic_extensions":{},"implementation_notes":null,"mapping_confidence":null,"mapping_source":null}},{"term":"Holder","canonical_sentence":"A Holder is the Actor or entity for whose benefit an Entitlement is issued, who may or may not be the same as the Actor exercising it.","definition":"The Holder is the named beneficiary of an Entitlement at issuance time. The Holder may delegate exercise authority to other Actors.","classification":"Core Protocol","authority_status":"Non-authoritative Metadata","normative_status":"RECOMMENDED","semantic_owner":"Core Protocol","machine_critical":"SENSITIVE","cross_domain_stability":"PROFILE-SCOPED","protocol_primitive":"NO","migration_risk":"LOW","permitted":"Use to identify the named beneficiary of an Entitlement.","prohibited":"Do not use interchangeably with Actor or Beneficiary.","api_refs":[],"related":["Actor","Beneficiary","Entitlement"],"domain_translations":{"policyholder":"Holder"},"confidence":"HIGH","notes":null,"open_question":null,"drift_classification":"AMBIGUOUS","governance_metadata":{"semantic_stability":"STABLE","migration_risk":"LOW","governance_status":"RATIFIED","last_reviewed":"2026-05-09","review_trigger":"Beneficiary/Holder disambiguation review"},"canonical_mapping":{"canonical_schema":null,"canonical_field":"policyholder_name","enum_reference":null,"openapi_reference":null,"authoritative_routes":[],"semantic_extensions":[],"implementation_notes":"AMBIGUOUS drift classification (DICT-02B) — Holder has multiple usages (policyholder in insurance, cardholder in commerce, wallet holder in loyalty). Implementation surfaces: policyholder_name and policyholder_email fields on Container schema (these are themselves QUARANTINED per SYN-NAME-01 policyholder finding). No canonical Holder schema exists. PSL-008: domain holders must map to Actor in protocol context.","mapping_confidence":"LOW","mapping_source":"direct inspection"}},{"term":"Beneficiary","canonical_sentence":"A Beneficiary is the party who receives the value of an exercised Entitlement, which may differ from the Holder or the executing Actor.","definition":"Beneficiaries receive the outcome of an exercise operation. In insurance, this is the claimant; in commerce, the recipient of goods or services.","classification":"Core Protocol","authority_status":"Non-authoritative Metadata","normative_status":"OPTIONAL","semantic_owner":"Core Protocol","machine_critical":"SENSITIVE","cross_domain_stability":"PROFILE-SCOPED","protocol_primitive":"NO","migration_risk":"LOW","permitted":"Use to identify the recipient of exercised value.","prohibited":"Do not conflate with Holder — the Beneficiary may be a third party.","api_refs":[],"related":["Holder","Actor","Consume"],"domain_translations":{},"confidence":"HIGH","notes":null,"open_question":null,"drift_classification":null,"governance_metadata":{},"canonical_mapping":{"canonical_schema":null,"canonical_field":null,"enum_reference":null,"openapi_reference":null,"authoritative_routes":[],"semantic_extensions":{},"implementation_notes":null,"mapping_confidence":null,"mapping_source":null}},{"term":"Issuer","canonical_sentence":"An Issuer is the Actor or system authorised to create Entitlements under a given Container policy.","definition":"Issuers are the creation-authority for Entitlements. Issuance is a mutation subject to the full pipeline.","classification":"Core Protocol","authority_status":"Authoritative","normative_status":"RECOMMENDED","semantic_owner":"Core Protocol","machine_critical":"SENSITIVE","cross_domain_stability":"UNIVERSAL","protocol_primitive":"NO","migration_risk":"MEDIUM","permitted":"Use to identify the entity authorised to create Entitlements.","prohibited":"Do not conflate with Actor — not all Actors are Issuers.","api_refs":[],"related":["Actor","Container","Entitlement"],"domain_translations":{},"confidence":"HIGH","notes":null,"open_question":null,"drift_classification":null,"governance_metadata":{},"canonical_mapping":{"canonical_schema":null,"canonical_field":null,"enum_reference":null,"openapi_reference":null,"authoritative_routes":[],"semantic_extensions":{},"implementation_notes":null,"mapping_confidence":null,"mapping_source":null}},{"term":"Resource","canonical_sentence":"A Resource is the protocol-addressable subject of an entitlement right — the thing that may be accessed, consumed, or acted upon.","definition":"Resources are the target objects that Entitlements grant rights over. A Resource may be a service, a physical item, a digital asset, or an abstract capability.","classification":"Core Protocol","authority_status":"Authoritative","normative_status":"RECOMMENDED","semantic_owner":"Core Protocol","machine_critical":"SENSITIVE","cross_domain_stability":"DOMAIN-VARIABLE","protocol_primitive":"NO","migration_risk":"MEDIUM","permitted":"Use to identify the target of an entitlement right.","prohibited":"Do not use as a generic term for any API entity.","api_refs":[],"related":["Entitlement","Capacity"],"domain_translations":{},"confidence":"MEDIUM","notes":null,"open_question":null,"drift_classification":null,"governance_metadata":{},"canonical_mapping":{"canonical_schema":null,"canonical_field":null,"enum_reference":null,"openapi_reference":null,"authoritative_routes":[],"semantic_extensions":{},"implementation_notes":null,"mapping_confidence":null,"mapping_source":null}},{"term":"Entity","canonical_sentence":"An Entity is any protocol-addressable domain object that carries identity, state, and is subject to protocol operations.","definition":"Entity is the abstract base concept for all protocol objects. Containers, Entitlements, Actors, and other addressable objects are Entities.","classification":"Core Protocol","authority_status":"Authoritative","normative_status":"REQUIRED","semantic_owner":"Core Protocol","machine_critical":"SENSITIVE","cross_domain_stability":"UNIVERSAL","protocol_primitive":"NO","migration_risk":"HIGH","permitted":"Use as the abstract base for all protocol-addressable objects.","prohibited":"Do not use as a synonym for a specific entity type (Container, Entitlement, etc.).","api_refs":[],"related":["Container","Entitlement","Actor"],"domain_translations":{},"confidence":"HIGH","notes":null,"open_question":null,"drift_classification":null,"governance_metadata":{},"canonical_mapping":{"canonical_schema":"Entity","canonical_field":null,"enum_reference":null,"openapi_reference":"#/components/schemas/Entity","authoritative_routes":["POST /api/entities","GET /api/entities","GET /api/entities/{id}"],"semantic_extensions":["x-authoritative: true"],"implementation_notes":"Entity and EntityCreateRequest carry x-authoritative: true per OA-ANNOTATE-01B. Entities are the actor/party records within the protocol (carriers, holders, providers). Maps to /api/entities/* route group.","mapping_confidence":"HIGH","mapping_source":"OA-ANNOTATE-01B"}},{"term":"State","canonical_sentence":"State is the sole authoritative lifecycle position of an entity, determined by the lifecycle state machine — not inferred from derived fields or timestamps.","definition":"state is the exclusive lifecycle truth in the MintPass protocol, operating at two levels: (1) Canonical Protocol Level: lifecycle_state_canonical uses CanonicalLifecycleState enum (PENDING, ISSUED, ACTIVE, CONSUMED, REVOKED) — this is the authoritative protocol state per LIFECYCLE-RESP-01. (2) Domain Workflow Level: Entitlement.state uses ClaimWorkflowState enum (17 lowercase values: draft, issued, active, triggered, claim_initiated, evidence_submitted, assessed, approved, part_approved, declined, paid, settled, expired, closed, consumed, disputed, resolved) — this tracks domain-specific workflow progression per STATE-SPLIT-01B. Both fields carry x-authoritative: true. PSL-001 governs: state is protocol truth; status is not. Agents reading Entitlement responses must handle both fields and understand their distinct purposes.","classification":"Lifecycle & State","authority_status":"Authoritative","normative_status":"REQUIRED","semantic_owner":"Lifecycle","machine_critical":"CRITICAL","cross_domain_stability":"UNIVERSAL","protocol_primitive":"YES","migration_risk":"BREAKING","permitted":"Use as the sole authoritative lifecycle field.","prohibited":"Do not use status, timestamps, or derived fields as proxies for state.","api_refs":[],"related":["Status","Lifecycle","Transition"],"domain_translations":{},"confidence":"HIGH","notes":"POST-STATE-SPLIT-01B: lifecycle_state_canonical (CanonicalLifecycleState) is the protocol-canonical state; state (ClaimWorkflowState) is the domain workflow state. Both are authoritative at their respective levels.","open_question":null,"drift_classification":"STABLE","governance_metadata":{"semantic_stability":"LOCKED","migration_risk":"BREAKING","governance_status":"RATIFIED","last_reviewed":"2026-05-09","review_trigger":"Protocol v2.0 major revision"},"canonical_mapping":{"canonical_schema":"Entitlement","canonical_field":"state","enum_reference":"ClaimWorkflowState (primary), CanonicalLifecycleState (protocol-level)","openapi_reference":"#/components/schemas/EntitlementState","authoritative_routes":["GET /api/entitlements/{id}","POST /api/lifecycle/transition","GET /api/lifecycle/history/{entitlementId}","GET /api/lifecycle/matrix"],"semantic_extensions":["x-authoritative: true","x-mtk-surface: core","x-public-contract: true"],"implementation_notes":"Entitlement.state is the canonical claim workflow field per PSL-001 ('State is protocol truth; status is not'). POST-STATE-SPLIT-01B: state now distinguishes between two enum surfaces: (1) ClaimWorkflowState (17 lowercase values: draft, issued, active, triggered, claim_initiated, evidence_submitted, assessed, approved, part_approved, declined, paid, settled, expired, closed, consumed, disputed, resolved) is returned on Entitlement.state for domain-level workflow tracking. (2) CanonicalLifecycleState (5 UPPERCASE values: PENDING, ISSUED, ACTIVE, CONSUMED, REVOKED) is the protocol-canonical lifecycle state returned on Entitlement.lifecycle_state_canonical (LIFECYCLE-RESP-01). Both enums are authoritative but serve different purposes: lifecycle_state_canonical is protocol truth (CEI canonical operations layer), state is domain workflow (consumer-facing entitlement API). Both carry x-authoritative: true per OA-ANNOTATE-01B. Agents reading Entitlement responses must handle both fields.","mapping_confidence":"HIGH","mapping_source":"OA-ANNOTATE-01B"}},{"term":"Status","canonical_sentence":"Status is a non-authoritative presentation field that may reflect lifecycle, domain, or UI context — it must not drive protocol logic unless explicitly defined as authoritative.","definition":"Status fields appear across the API with heterogeneous authority levels. DEPRECATED on core protocol entities: Container.status and Itinerary.status have been renamed to state per SYN-NAME-02 (2026-05-10). RETAINED on operational/admin schemas (ImportJob, WebhookDelivery) where they represent non-authoritative, presentation-only operational state. ALWAYS prefer state or lifecycle_state_canonical for protocol decisions. PSL-001: state is protocol truth; status is not. Entitlement.entitlement_status is x-authoritative: false and x-semantic-warning (presentation-only). SYN-NAME-01 finding #1 flags status occurrences as conflicts with PSL-001.","classification":"Lifecycle & State","authority_status":"Non-authoritative Metadata","normative_status":"LEGACY","semantic_owner":"varies","machine_critical":"SENSITIVE","cross_domain_stability":"DOMAIN-VARIABLE","protocol_primitive":"NO","migration_risk":"HIGH","permitted":"Use only as a presentation or domain-specific field with explicit authority annotation.","prohibited":"Do not use to drive protocol logic. Do not treat as equivalent to state.","api_refs":[],"related":["State","Presentation state"],"domain_translations":{},"confidence":"HIGH","notes":"SYN-NAME-02 (2026-05-10) completed status → state renames on core entities. Status DEPRECATED on lifecycle entities, RETAINED on admin/operational schemas only.","open_question":"All status field occurrences across the API must be audited and annotated with their exact authority level.","drift_classification":"AMBIGUOUS","governance_metadata":{"semantic_stability":"EVOLVING","migration_risk":"HIGH","governance_status":"UNDER_REVIEW","last_reviewed":"2026-05-09","review_trigger":"Completion of full status field audit across all API surfaces"},"canonical_mapping":{"canonical_schema":null,"canonical_field":"status","enum_reference":null,"openapi_reference":null,"authoritative_routes":[],"semantic_extensions":["x-semantic-warning","x-authoritative: false (entitlement_status field)"],"implementation_notes":"QUARANTINED TERM — SYN-NAME-01 §5 findings #1, #2, #4, #5, #8. 18 field occurrences across core/admin/domain schemas (Container.status, Authorisation.status, entitlement_status field, and others). All conflict with PSL-001 ('State is protocol truth; status is not'). Status is AMBIGUOUS (DICT-02B drift classification) with drift_risk HIGH. SYN-NAME-01 finding #1: core schemas use 'status' where 'state' is required by PSL-001. SYN-NAME-01 finding #2: Container.status violates NR-18 (state for authoritative lifecycle). SYN-NAME-01 finding #4: Authorisation.status conflicts with PSL-001. SYN-NAME-01 finding #5: additional status occurrences on domain schemas. SYN-NAME-01 finding #8: presentation-only status fields need explicit x-presentation-only annotation. Planned remediation: SYN-NAME-02 (rename to state on core schemas). Pending: STATUS-AUDIT-01. Map current surfaces with MEDIUM confidence noting pending audit. Note: Per SYN-NAME-02 (2026-05-10), core lifecycle schemas (Container, Itinerary) renamed status → state. The canonical_field for lifecycle entities is now \"state\". \"status\" is RETAINED for operational/admin schemas (ImportJob, WebhookDelivery, etc.) and is DEPRECATED on core entities.","mapping_confidence":"MEDIUM","mapping_source":"SYN-NAME-01"}},{"term":"Lifecycle","canonical_sentence":"Lifecycle is the defined sequence of states and transitions that an entity may occupy, governed by the protocol state machine.","definition":"The lifecycle defines the complete set of valid states and transitions for an entity type at the protocol level. At the canonical level, CanonicalLifecycleState (PENDING → ISSUED → ACTIVE → CONSUMED/REVOKED) defines the protocol state machine per LIFECYCLE-RESP-01. At the domain level, ClaimWorkflowState defines extended workflow tracking (e.g., claim progression through assessment, approval, payment, settlement). Lifecycle enforcement is determined by the /api/lifecycle/matrix endpoint which returns valid transitions for the canonical state. The POST /api/lifecycle/transition endpoint governs canonical state transitions. Entitlement.lifecycle_state_canonical reflects canonical lifecycle truth; Entitlement.state reflects domain workflow progression.","classification":"Lifecycle & State","authority_status":"Authoritative","normative_status":"REQUIRED","semantic_owner":"Lifecycle","machine_critical":"CRITICAL","cross_domain_stability":"UNIVERSAL","protocol_primitive":"YES","migration_risk":"HIGH","permitted":"Use to describe the state machine governing entity transitions.","prohibited":"Do not add ad-hoc states outside the canonical lifecycle.","api_refs":[],"related":["State","Transition","Terminal state"],"domain_translations":{},"confidence":"HIGH","notes":"LIFECYCLE-RESP-01: Entitlement responses now include lifecycle_state_canonical (CanonicalLifecycleState) as the authoritative protocol state, alongside state (ClaimWorkflowState) for workflow tracking.","open_question":null,"drift_classification":null,"governance_metadata":{},"canonical_mapping":{"canonical_schema":"Entitlement","canonical_field":"state","enum_reference":"CanonicalLifecycleState","openapi_reference":"#/components/schemas/Entitlement","authoritative_routes":["POST /api/lifecycle/transition","GET /api/lifecycle/history/{entitlementId}","GET /api/lifecycle/matrix"],"semantic_extensions":["x-authoritative: true"],"implementation_notes":"Lifecycle is operationalised at the protocol level through Entitlement.lifecycle_state_canonical (CanonicalLifecycleState enum: PENDING, ISSUED, ACTIVE, CONSUMED, REVOKED) and at the domain level through Entitlement.state (ClaimWorkflowState enum) per POST-STATE-SPLIT-01B (LIFECYCLE-RESP-01). The /api/lifecycle/* route group (transition, history, matrix) operates on the canonical lifecycle state. PSL-001 governs: lifecycle_state_canonical (PENDING/ISSUED/ACTIVE/CONSUMED/REVOKED) is protocol truth; claim workflow state is domain-level tracking. The lifecycle/matrix endpoint returns valid transitions for the protocol-canonical state machine.","mapping_confidence":"HIGH","mapping_source":"OA-ANNOTATE-01B"}},{"term":"Transition","canonical_sentence":"A Transition is a permitted state change on an entity, executed through the mutation pipeline with full lifecycle and authority validation.","definition":"Transitions are the edges of the lifecycle state machine. Each transition requires validation through the mutation pipeline.","classification":"Lifecycle & State","authority_status":"Authoritative","normative_status":"RECOMMENDED","semantic_owner":"Lifecycle","machine_critical":"SENSITIVE","cross_domain_stability":"UNIVERSAL","protocol_primitive":"NO","migration_risk":"MEDIUM","permitted":"Use to describe a permitted state change.","prohibited":"Do not bypass the mutation pipeline for transitions.","api_refs":[],"related":["State","Lifecycle","Mutation"],"domain_translations":{},"confidence":"HIGH","notes":null,"open_question":null,"drift_classification":null,"governance_metadata":{},"canonical_mapping":{"canonical_schema":null,"canonical_field":null,"enum_reference":null,"openapi_reference":null,"authoritative_routes":[],"semantic_extensions":{},"implementation_notes":null,"mapping_confidence":null,"mapping_source":null}},{"term":"Terminal state","canonical_sentence":"A terminal state is a lifecycle position from which no further transitions are permitted.","definition":"Terminal states at the protocol level are those in CanonicalLifecycleState with no outgoing transitions: CONSUMED (exercised and concluded) and REVOKED (administratively terminated). At the domain workflow level, ClaimWorkflowState may report additional terminal states (expired, closed, declined, resolved, disputed) which represent domain-specific endpoints that ultimately map to protocol-canonical terminal states at enforcement boundaries. Once an entity reaches a canonical terminal state (CONSUMED or REVOKED), no further mutations are allowed per PSL-001.","classification":"Lifecycle & State","authority_status":"Authoritative","normative_status":"REQUIRED","semantic_owner":"Lifecycle","machine_critical":"CRITICAL","cross_domain_stability":"UNIVERSAL","protocol_primitive":"NO","migration_risk":"MEDIUM","permitted":"Use to identify states from which no transitions are permitted.","prohibited":"Do not attempt mutations on entities in terminal states.","api_refs":[],"related":["Consumed","Revoked","Lifecycle"],"domain_translations":{},"confidence":"HIGH","notes":"STATE-SPLIT-01B: Distinguish protocol-canonical terminal states (CONSUMED, REVOKED in CanonicalLifecycleState) from domain-level terminal states (in ClaimWorkflowState).","open_question":null,"drift_classification":null,"governance_metadata":{},"canonical_mapping":{"canonical_schema":"EntitlementState","canonical_field":null,"enum_reference":"CanonicalLifecycleState: CONSUMED, REVOKED","openapi_reference":"#/components/schemas/CanonicalLifecycleState","authoritative_routes":["GET /api/lifecycle/matrix"],"semantic_extensions":["x-authoritative: true"],"implementation_notes":"Terminal states are defined within the CanonicalLifecycleState enum (5 values: PENDING, ISSUED, ACTIVE, CONSUMED, REVOKED). Canonical terminal states per protocol: CONSUMED (exercised and concluded), REVOKED (administratively terminated). Both are final states with no valid outgoing transitions. The /api/lifecycle/matrix endpoint returns CanonicalLifecycleState valid transitions; terminal states inferred as states with no outgoing transitions in the matrix. Entitlement.lifecycle_state_canonical reflects canonical terminal state. Entitlement.state (ClaimWorkflowState) may report workflow-level terminal states (consumed, expired, closed, declined, resolved, disputed) which map to protocol-canonical terminal states at enforcement boundaries per SYN-NAME-02 state mapping.","mapping_confidence":"MEDIUM","mapping_source":"direct inspection"}},{"term":"Active","canonical_sentence":"ACTIVE is the canonical lifecycle state indicating an Entitlement is live and potentially exercisable, subject to CE evaluation.","definition":"An ACTIVE Entitlement has been issued and activated. It may be exercised if CE returns PASS.","classification":"Lifecycle & State","authority_status":"Authoritative","normative_status":"REQUIRED","semantic_owner":"Lifecycle","machine_critical":"SENSITIVE","cross_domain_stability":"UNIVERSAL","protocol_primitive":"NO","migration_risk":"MEDIUM","permitted":"Use as a canonical lifecycle state value.","prohibited":"Do not add variant spellings or synonyms.","api_refs":[],"related":["State","Issued","Consumed"],"domain_translations":{},"confidence":"HIGH","notes":"Must match DB constraint chk_lifecycle_state_canonical.","open_question":null,"drift_classification":null,"governance_metadata":{},"canonical_mapping":{"canonical_schema":null,"canonical_field":null,"enum_reference":null,"openapi_reference":null,"authoritative_routes":[],"semantic_extensions":{},"implementation_notes":null,"mapping_confidence":null,"mapping_source":null}},{"term":"Issued","canonical_sentence":"ISSUED is the canonical lifecycle state indicating an Entitlement has been created but not yet activated.","definition":"An ISSUED Entitlement exists but is not yet exercisable. Activation transitions it to ACTIVE.","classification":"Lifecycle & State","authority_status":"Authoritative","normative_status":"REQUIRED","semantic_owner":"Lifecycle","machine_critical":"SENSITIVE","cross_domain_stability":"UNIVERSAL","protocol_primitive":"NO","migration_risk":"MEDIUM","permitted":"Use as a canonical lifecycle state value.","prohibited":"Do not add variant spellings or synonyms.","api_refs":[],"related":["State","Active","Pending"],"domain_translations":{},"confidence":"HIGH","notes":"Must match DB constraint chk_lifecycle_state_canonical.","open_question":null,"drift_classification":null,"governance_metadata":{},"canonical_mapping":{"canonical_schema":null,"canonical_field":null,"enum_reference":null,"openapi_reference":null,"authoritative_routes":[],"semantic_extensions":{},"implementation_notes":null,"mapping_confidence":null,"mapping_source":null}},{"term":"Consumed","canonical_sentence":"CONSUMED is the canonical terminal lifecycle state indicating an Entitlement's value has been fully exercised.","definition":"A CONSUMED Entitlement has been fully exercised. No further mutations are permitted. This is a terminal state.","classification":"Lifecycle & State","authority_status":"Authoritative","normative_status":"REQUIRED","semantic_owner":"Lifecycle","machine_critical":"SENSITIVE","cross_domain_stability":"UNIVERSAL","protocol_primitive":"NO","migration_risk":"MEDIUM","permitted":"Use as a canonical terminal lifecycle state value.","prohibited":"Do not attempt further mutations on CONSUMED entities.","api_refs":[],"related":["State","Terminal state","Consume"],"domain_translations":{},"confidence":"HIGH","notes":"Must match DB constraint chk_lifecycle_state_canonical.","open_question":null,"drift_classification":null,"governance_metadata":{},"canonical_mapping":{"canonical_schema":null,"canonical_field":null,"enum_reference":null,"openapi_reference":null,"authoritative_routes":[],"semantic_extensions":{},"implementation_notes":null,"mapping_confidence":null,"mapping_source":null}},{"term":"Revoked","canonical_sentence":"REVOKED is the canonical terminal lifecycle state indicating an Entitlement has been administratively cancelled.","definition":"A REVOKED Entitlement has been permanently cancelled by an authorised Actor. No further mutations are permitted. This is a terminal state.","classification":"Lifecycle & State","authority_status":"Authoritative","normative_status":"REQUIRED","semantic_owner":"Lifecycle","machine_critical":"SENSITIVE","cross_domain_stability":"UNIVERSAL","protocol_primitive":"NO","migration_risk":"MEDIUM","permitted":"Use as a canonical terminal lifecycle state value.","prohibited":"Do not reverse revocation — it is terminal.","api_refs":[],"related":["State","Terminal state","Revocation"],"domain_translations":{},"confidence":"HIGH","notes":"Must match DB constraint chk_lifecycle_state_canonical.","open_question":null,"drift_classification":null,"governance_metadata":{},"canonical_mapping":{"canonical_schema":null,"canonical_field":null,"enum_reference":null,"openapi_reference":null,"authoritative_routes":[],"semantic_extensions":{},"implementation_notes":null,"mapping_confidence":null,"mapping_source":null}},{"term":"Expired","canonical_sentence":"EXPIRED is a temporal evaluation result, not a stored lifecycle state.","definition":"EXPIRED is determined by the CE's temporal dimension (TMP) at evaluation time. It is never stored as a state value. An expired Entitlement receives DENIED from the CE.","classification":"Lifecycle & State","authority_status":"Authoritative","normative_status":"REQUIRED","semantic_owner":"CE/Lifecycle","machine_critical":"SENSITIVE","cross_domain_stability":"UNIVERSAL","protocol_primitive":"NO","migration_risk":"LOW","permitted":"Use to describe a temporal evaluation outcome.","prohibited":"Do not add EXPIRED as a state machine value. EXPIRED = temporal DENIED from CE.","api_refs":[],"related":["State","Dimension","DENIED"],"domain_translations":{},"confidence":"HIGH","notes":"Critical: Do not add EXPIRED as a state machine value.","open_question":null,"drift_classification":null,"governance_metadata":{},"canonical_mapping":{"canonical_schema":null,"canonical_field":null,"enum_reference":null,"openapi_reference":null,"authoritative_routes":[],"semantic_extensions":{},"implementation_notes":null,"mapping_confidence":null,"mapping_source":null}},{"term":"Presentation state","canonical_sentence":"A presentation state is a derived, non-authoritative view of entity status intended for UI display only.","definition":"Presentation states like entitlement_status are computed from the authoritative state (both lifecycle_state_canonical and state) and other context. They must never be used for protocol decisions. These fields carry x-authoritative: false and x-presentation-only: true annotations. AuditStatsResponse, AvailabilitySnapshot, LedgerBalanceResponse, and similar admin-layer responses all carry x-presentation-only: true. Entitlement.entitlement_status (x-authoritative: false, x-semantic-warning) is derived for UI/presentation purposes only — it does not drive protocol behaviour. Always use lifecycle_state_canonical (protocol truth) or state (domain workflow) for decisions.","classification":"Lifecycle & State","authority_status":"Presentation-only","normative_status":"PROHIBITED","semantic_owner":"UI/API Presentation","machine_critical":"SENSITIVE","cross_domain_stability":"DOMAIN-VARIABLE","protocol_primitive":"NO","migration_risk":"LOW","permitted":"Use only for UI display purposes.","prohibited":"Do not use to drive protocol logic or as a proxy for state.","api_refs":[],"related":["State","Status"],"domain_translations":{},"confidence":"HIGH","notes":"POST-STATE-SPLIT-01B: lifecycle_state_canonical (CanonicalLifecycleState) is the authoritative protocol state; presentation states remain presentation-only derivations.","open_question":null,"drift_classification":"PRESENTATION_ONLY","governance_metadata":{"semantic_stability":"LOCKED","migration_risk":"LOW","governance_status":"RATIFIED","last_reviewed":"2026-05-09","review_trigger":"Addition of new presentation-layer fields to API surface"},"canonical_mapping":{"canonical_schema":null,"canonical_field":"entitlement_status","enum_reference":null,"openapi_reference":null,"authoritative_routes":[],"semantic_extensions":["x-authoritative: false","x-presentation-only: true","x-semantic-warning"],"implementation_notes":"Presentation state maps to Entitlement.entitlement_status (x-authoritative: false, x-semantic-warning per OA-ANNOTATE-01B) and other x-presentation-only fields. PRESENTATION_ONLY drift classification (DICT-02B) consistent. PSL-001: status is not protocol truth — it is derived for presentation only. AuditStatsResponse, AvailabilitySnapshot, LedgerBalanceResponse, etc. also carry x-presentation-only: true.","mapping_confidence":"HIGH","mapping_source":"OA-ANNOTATE-01B"}},{"term":"Evaluation","canonical_sentence":"Evaluation is the deterministic process by which the Constraint Engine assesses whether an Entitlement is exercisable under current conditions.","definition":"Evaluation is the core CE operation. It assesses all 8 dimensions deterministically and returns an Outcome. Evaluation is read-only — it never mutates state.","classification":"Evaluation & Truth","authority_status":"Authoritative","normative_status":"REQUIRED","semantic_owner":"CE","machine_critical":"CRITICAL","cross_domain_stability":"UNIVERSAL","protocol_primitive":"YES","migration_risk":"HIGH","permitted":"Use to describe the CE assessment process.","prohibited":"Do not conflate with execution. Evaluation is read-only; execution is mutation.","api_refs":["GET /api/entitlements/{id}/evaluation"],"related":["Constraint","Outcome","Dimension"],"domain_translations":{},"confidence":"HIGH","notes":"Critical distinction: Evaluation is read-only. Execution is mutation. These must never be conflated.","open_question":null,"drift_classification":"STABLE","governance_metadata":{"semantic_stability":"LOCKED","migration_risk":"HIGH","governance_status":"RATIFIED","last_reviewed":"2026-05-09","review_trigger":"Protocol v2.0 major revision"},"canonical_mapping":{"canonical_schema":null,"canonical_field":"envelope","enum_reference":null,"openapi_reference":null,"authoritative_routes":["GET /api/entitlements/{id}/evaluation"],"semantic_extensions":["x-semantic-warning"],"implementation_notes":"Evaluation is not a named schema in the OpenAPI spec. The evaluation response is returned as an inline shape under GET /api/entitlements/{id}/evaluation, with the canonical evaluation envelope nested under the 'envelope' property. The 'evidence_only: true' field is always present — stored evaluation results are evidence only, not authoritative for enforcement. PSL-002 governs: evaluation is read-only; execution mutates. PSL-003 governs: the Convergence Engine is the sole authority for exercisability. The /api/entitlements/{id}/evaluation path carries x-semantic-warning per OA-ANNOTATE-01B (37 total semantic warning annotations). EvaluationBlockedResponse and EvaluationDeniedResponse are response schemas (x-authoritative: false on their schema definitions but blocking_constraints field carries x-authoritative: true). STABLE drift classification (DICT-02B) is consistent with x-authoritative annotation evidence.","mapping_confidence":"MEDIUM","mapping_source":"direct inspection"}},{"term":"Constraint","canonical_sentence":"A Constraint is a protocol rule that limits exercisability of an Entitlement, evaluated by the CE across defined dimensions.","definition":"Constraints are the individual rules evaluated by the CE. Each constraint belongs to one of the 8 canonical dimensions.","classification":"Evaluation & Truth","authority_status":"Authoritative","normative_status":"REQUIRED","semantic_owner":"CE","machine_critical":"CRITICAL","cross_domain_stability":"UNIVERSAL","protocol_primitive":"YES","migration_risk":"HIGH","permitted":"Use to describe rules that limit exercisability.","prohibited":"Do not create constraints outside the canonical dimension framework.","api_refs":[],"related":["Dimension","Evaluation","Blocking constraint"],"domain_translations":{},"confidence":"HIGH","notes":null,"open_question":null,"drift_classification":"STABLE","governance_metadata":{"semantic_stability":"LOCKED","migration_risk":"HIGH","governance_status":"RATIFIED","last_reviewed":"2026-05-09","review_trigger":"Protocol v2.0 major revision"},"canonical_mapping":{"canonical_schema":"BlockingConstraintItem","canonical_field":"classification","enum_reference":null,"openapi_reference":"#/components/schemas/BlockingConstraintItem","authoritative_routes":["GET /api/entitlements/{id}/evaluation"],"semantic_extensions":["x-authoritative: true"],"implementation_notes":"BlockingConstraintItem carries x-authoritative: true per OA-ANNOTATE-01B. The blocking_constraints field on EvaluationBlockedResponse also carries x-authoritative: true. Constraints are operationalised as 8 canonical constraint dimensions: LC (Lifecycle), TMP (Temporal), ENF (Enforcement), DEP (Dependency), CAP (Capacity), VER (Verification), DEC (Decision), ACCEPTANCE. PSL-010 governs: constraint dimensions have canonical precedence ordering. STABLE drift classification (DICT-02B) consistent.","mapping_confidence":"HIGH","mapping_source":"OA-ANNOTATE-01B"}},{"term":"Dimension","canonical_sentence":"A Dimension is one of the 8 canonical constraint evaluation categories assessed by the CE.","definition":"8 canonical dimensions: LC → TMP → ENF → DEP → CAP → VER → DEC → ACCEPTANCE. Precedence: INVALID_CONFIGURATION > DENIED > BLOCKED > PASS (immutable).","classification":"Evaluation & Truth","authority_status":"Authoritative","normative_status":"REQUIRED","semantic_owner":"CE","machine_critical":"CRITICAL","cross_domain_stability":"UNIVERSAL","protocol_primitive":"NO","migration_risk":"MEDIUM","permitted":"Use to describe one of the 8 canonical evaluation categories.","prohibited":"Do not add new dimensions without governance review.","api_refs":[],"related":["Evaluation","Constraint","Outcome"],"domain_translations":{},"confidence":"HIGH","notes":"8 canonical dimensions evaluated in fixed order: LC → TMP → ENF → DEP → CAP → VER → DEC → ACCEPTANCE.","open_question":null,"drift_classification":null,"governance_metadata":{},"canonical_mapping":{"canonical_schema":null,"canonical_field":"dimension_results","enum_reference":null,"openapi_reference":null,"authoritative_routes":["GET /api/entitlements/{id}/evaluation"],"semantic_extensions":["x-authoritative: true (blocking_constraints)"],"implementation_notes":"Dimension maps to the 8 canonical constraint dimensions operationalised in the evaluation envelope: LC (Lifecycle), TMP (Temporal), ENF (Enforcement), DEP (Dependency), CAP (Capacity), VER (Verification), DEC (Decision), ACCEPTANCE. The dimension_summary array in the evaluation envelope always returns exactly 8 entries in canonical order. Each dimension has applicability (APPLICABLE, NOT_APPLICABLE, MISSING, INVALID), classification (SUCCESS, CONDITIONAL, STRUCTURAL), and definitive flag. PSL-010 governs: constraint dimensions have canonical precedence ordering.","mapping_confidence":"MEDIUM","mapping_source":"direct inspection"}},{"term":"Outcome","canonical_sentence":"An Outcome is the CE's authoritative verdict on an evaluation request — PASS, BLOCKED, DENIED, or INVALID_CONFIGURATION.","definition":"The Outcome is the final result of a CE evaluation. It determines whether an Entitlement may be exercised.","classification":"Evaluation & Truth","authority_status":"Authoritative","normative_status":"REQUIRED","semantic_owner":"CE","machine_critical":"CRITICAL","cross_domain_stability":"UNIVERSAL","protocol_primitive":"NO","migration_risk":"MEDIUM","permitted":"Use for the CE's authoritative evaluation verdict.","prohibited":"Do not use Result or Decision as synonyms for Outcome in CE context.","api_refs":[],"related":["Evaluation","PASS","BLOCKED","DENIED"],"domain_translations":{},"confidence":"HIGH","notes":null,"open_question":null,"drift_classification":null,"governance_metadata":{},"canonical_mapping":{"canonical_schema":null,"canonical_field":"decision","enum_reference":null,"openapi_reference":null,"authoritative_routes":["GET /api/entitlements/{id}/evaluation"],"semantic_extensions":["x-authoritative: true (on blocking_constraints field)"],"implementation_notes":"Outcome maps to the 'decision' field within the evaluation envelope (inline response shape, not a named schema). Decision enum values: PASS, CONDITIONAL, STRUCTURAL — these map to CE/usability layer PASS/BLOCKED/DENIED respectively (D-06 vocabulary layering). The 'exercisable' boolean is the direct machine-readable exercisability signal derived from decision. Note: 'outcome' as a bare field name is NOT used in the authoritative evaluation envelope — the field is named 'decision'. SYN-NAME-01 NR-21 flags bare 'result' as prohibited (must be qualified); same caution applies to bare 'outcome' in implementation references.","mapping_confidence":"MEDIUM","mapping_source":"direct inspection"}},{"term":"Result","canonical_sentence":"Result is a generic term for the output of an operation; prefer Outcome (CE), Decision (authority), or a domain-qualified term where precision matters.","definition":"Result is overloaded across CE, API, and domain contexts. Use the more specific term where available.","classification":"Evaluation & Truth","authority_status":"Non-authoritative Metadata","normative_status":"OPTIONAL","semantic_owner":"various","machine_critical":"SENSITIVE","cross_domain_stability":"DOMAIN-VARIABLE","protocol_primitive":"NO","migration_risk":"MEDIUM","permitted":"Use only where neither Outcome nor Decision applies.","prohibited":"Do not use as a synonym for CE Outcome or authority Decision.","api_refs":[],"related":["Outcome","Decision"],"domain_translations":{},"confidence":"HIGH","notes":null,"open_question":null,"drift_classification":"AMBIGUOUS","governance_metadata":{"semantic_stability":"EVOLVING","migration_risk":"MEDIUM","governance_status":"UNDER_REVIEW","last_reviewed":"2026-05-09","review_trigger":"Outcome/Result/Decision disambiguation pass complete"},"canonical_mapping":{"canonical_schema":null,"canonical_field":null,"enum_reference":null,"openapi_reference":null,"authoritative_routes":[],"semantic_extensions":["x-semantic-warning"],"implementation_notes":"QUARANTINED TERM — SYN-NAME-01 NR-21 (bare 'result' is prohibited; must be qualified as 'evaluation_result', 'dimension_results', etc.). SYN-NAME-01 §5 finding #14 flags CoverageEvaluation.evaluation_result semantics overlap with outcome. AMBIGUOUS drift classification (DICT-02B). No single canonical implementation surface maps to bare 'result'. Qualified forms exist: dimension_results (evaluation envelope), evaluation_result (CoverageEvaluation — x-authoritative: false). Any use of 'result' in implementation must be qualified per NR-21.","mapping_confidence":"LOW","mapping_source":"SYN-NAME-01"}},{"term":"Decision","canonical_sentence":"A Decision is an authority- or policy-level determination, distinct from the CE Outcome (evaluation) and from Execution (mutation).","definition":"Decisions are made by authority or governance logic. They are separate from CE evaluation outcomes.","classification":"Evaluation & Truth","authority_status":"Authoritative","normative_status":"RECOMMENDED","semantic_owner":"GOV/CE","machine_critical":"SENSITIVE","cross_domain_stability":"UNIVERSAL","protocol_primitive":"NO","migration_risk":"MEDIUM","permitted":"Use for authority or policy determinations.","prohibited":"Do not conflate with CE Outcome.","api_refs":[],"related":["Outcome","Authority","Authorisation"],"domain_translations":{},"confidence":"HIGH","notes":null,"open_question":null,"drift_classification":"AMBIGUOUS","governance_metadata":{"semantic_stability":"STABLE","migration_risk":"MEDIUM","governance_status":"RATIFIED","last_reviewed":"2026-05-09","review_trigger":"Outcome/Result/Decision disambiguation pass complete"},"canonical_mapping":{"canonical_schema":null,"canonical_field":"decision","enum_reference":null,"openapi_reference":null,"authoritative_routes":["GET /api/entitlements/{id}/evaluation"],"semantic_extensions":[],"implementation_notes":"Decision maps to the 'decision' field in the evaluation envelope (PASS, CONDITIONAL, STRUCTURAL). Also maps to the DEC constraint dimension in evaluation (judgement/approval state). AMBIGUOUS drift classification (DICT-02B) consistent with dual usage: (1) evaluation outcome decision field, (2) DEC dimension for judgement/approval. No named schema for 'Decision' as a first-class entity. Distinguish from Outcome which is the semantic concept; decision is the field name.","mapping_confidence":"MEDIUM","mapping_source":"direct inspection"}},{"term":"PASS","canonical_sentence":"PASS is the CE outcome indicating all evaluated dimensions are satisfied and the Entitlement is exercisable under current constraints.","definition":"PASS means all dimensions returned satisfactory results. The Entitlement may be exercised.","classification":"Evaluation & Truth","authority_status":"Authoritative","normative_status":"REQUIRED","semantic_owner":"CE","machine_critical":"CRITICAL","cross_domain_stability":"UNIVERSAL","protocol_primitive":"YES","migration_risk":"HIGH","permitted":"Use as the CE outcome indicating exercisability.","prohibited":"Do not add synonyms or variant spellings.","api_refs":[],"related":["Outcome","BLOCKED","DENIED","Evaluation"],"domain_translations":{},"confidence":"HIGH","notes":null,"open_question":null,"drift_classification":"STABLE","governance_metadata":{"semantic_stability":"LOCKED","migration_risk":"HIGH","governance_status":"RATIFIED","last_reviewed":"2026-05-09","review_trigger":"Protocol v2.0 major revision"},"canonical_mapping":{"canonical_schema":"EntitlementState","canonical_field":null,"enum_reference":"PASS","openapi_reference":"#/components/schemas/EntitlementState","authoritative_routes":["GET /api/entitlements/{id}/evaluation"],"semantic_extensions":["x-authoritative: true"],"implementation_notes":"PASS appears as an enum value in both EntitlementState (lifecycle: distinct from evaluation PASS — not directly equivalent) and the evaluation envelope decision field (PASS = fully exercisable). STABLE drift classification (DICT-02B) consistent. Note: evaluation envelope decision=PASS maps to exercisable=true. This is the terminal positive outcome of Convergence Engine evaluation.","mapping_confidence":"HIGH","mapping_source":"OA-ANNOTATE-01B"}},{"term":"BLOCKED","canonical_sentence":"BLOCKED is the CE outcome indicating one or more constraints prevent exercise but the condition may be recoverable.","definition":"BLOCKED means exercise is currently prevented but the blocking condition may be resolved. Parse blocking_constraints and next_actions to select a recovery path.","classification":"Evaluation & Truth","authority_status":"Authoritative","normative_status":"REQUIRED","semantic_owner":"CE","machine_critical":"CRITICAL","cross_domain_stability":"UNIVERSAL","protocol_primitive":"YES","migration_risk":"HIGH","permitted":"Use as the CE outcome indicating recoverable constraint failure.","prohibited":"Do not treat BLOCKED as terminal — it is recoverable.","api_refs":[],"related":["Outcome","PASS","DENIED","Blocking constraint"],"domain_translations":{},"confidence":"HIGH","notes":null,"open_question":null,"drift_classification":"STABLE","governance_metadata":{"semantic_stability":"LOCKED","migration_risk":"HIGH","governance_status":"RATIFIED","last_reviewed":"2026-05-09","review_trigger":"Protocol v2.0 major revision"},"canonical_mapping":{"canonical_schema":null,"canonical_field":"decision","enum_reference":"CONDITIONAL","openapi_reference":null,"authoritative_routes":["GET /api/entitlements/{id}/evaluation"],"semantic_extensions":["x-authoritative: true (EvaluationBlockedResponse)"],"implementation_notes":"BLOCKED maps to decision=CONDITIONAL in the evaluation envelope (D-06 vocabulary layering: CONDITIONAL at external envelope layer = BLOCKED at CE/usability layer). EvaluationBlockedResponse carries x-authoritative: true per OA-ANNOTATE-01B. BLOCKED = reversible constraint that can be lifted. Distinct from DENIED (PSL-005). blocking_type field on EvaluationBlockedResponse carries classification. STABLE drift classification (DICT-02B) consistent.","mapping_confidence":"HIGH","mapping_source":"OA-ANNOTATE-01B"}},{"term":"DENIED","canonical_sentence":"DENIED is the CE outcome indicating a terminal constraint that cannot be resolved — exercise is permanently not permitted under current conditions.","definition":"DENIED means exercise is permanently blocked under current conditions. No recovery path exists. DENIED outcomes do not include blocking_constraints.","classification":"Evaluation & Truth","authority_status":"Authoritative","normative_status":"REQUIRED","semantic_owner":"CE","machine_critical":"CRITICAL","cross_domain_stability":"UNIVERSAL","protocol_primitive":"YES","migration_risk":"HIGH","permitted":"Use as the CE outcome indicating terminal constraint.","prohibited":"Do not treat DENIED as recoverable.","api_refs":[],"related":["Outcome","PASS","BLOCKED","Terminal state"],"domain_translations":{},"confidence":"HIGH","notes":null,"open_question":null,"drift_classification":"STABLE","governance_metadata":{"semantic_stability":"LOCKED","migration_risk":"HIGH","governance_status":"RATIFIED","last_reviewed":"2026-05-09","review_trigger":"Protocol v2.0 major revision"},"canonical_mapping":{"canonical_schema":null,"canonical_field":"decision","enum_reference":"STRUCTURAL","openapi_reference":null,"authoritative_routes":["GET /api/entitlements/{id}/evaluation"],"semantic_extensions":["x-authoritative: true (EvaluationDeniedResponse)"],"implementation_notes":"DENIED maps to decision=STRUCTURAL in the evaluation envelope (D-06 vocabulary layering: STRUCTURAL at external envelope layer = DENIED at CE/usability layer). EvaluationDeniedResponse carries x-authoritative: true per OA-ANNOTATE-01B. DENIED = terminal constraint that cannot be lifted. Distinct from BLOCKED (PSL-005). STABLE drift classification (DICT-02B) consistent.","mapping_confidence":"HIGH","mapping_source":"OA-ANNOTATE-01B"}},{"term":"Exercisable","canonical_sentence":"An Entitlement is exercisable when the CE returns PASS for the current evaluation context.","definition":"Exercisability is determined solely by the CE. No other mechanism may declare an Entitlement exercisable.","classification":"Evaluation & Truth","authority_status":"Authoritative","normative_status":"REQUIRED","semantic_owner":"CE","machine_critical":"CRITICAL","cross_domain_stability":"UNIVERSAL","protocol_primitive":"NO","migration_risk":"LOW","permitted":"Use to describe the condition where CE returns PASS.","prohibited":"Do not infer exercisability from state, status, or timestamps alone.","api_refs":[],"related":["PASS","Evaluation","Entitlement"],"domain_translations":{},"confidence":"HIGH","notes":null,"open_question":null,"drift_classification":null,"governance_metadata":{},"canonical_mapping":{"canonical_schema":null,"canonical_field":"exercisable","enum_reference":null,"openapi_reference":null,"authoritative_routes":["GET /api/entitlements/{id}/evaluation"],"semantic_extensions":["x-authoritative: true (blocking_constraints sub-field)"],"implementation_notes":"Exercisable maps to the 'exercisable' boolean field within the evaluation envelope. Derivation rule (locked): exercisable = (decision === 'PASS'). This field is the canonical machine-readable exercisability signal per PSL-003 (CE is sole authority for exercisability). CG-20B: this field eliminates the need for external agents to interpret CONDITIONAL vs STRUCTURAL vocabulary. The evaluation envelope is an inline schema (not a named EvaluationEnvelope schema — that name does not exist in the current OpenAPI spec). STABLE drift classification (DICT-02B) consistent.","mapping_confidence":"MEDIUM","mapping_source":"direct inspection"}},{"term":"Blocking constraint","canonical_sentence":"A blocking constraint is an active constraint that prevents exercise and is returned in the CE response to guide agent recovery.","definition":"Blocking constraints are returned only on BLOCKED outcomes. Each constraint is recoverable — resolve the constraint and retry.","classification":"Evaluation & Truth","authority_status":"Authoritative","normative_status":"REQUIRED","semantic_owner":"CE","machine_critical":"CRITICAL","cross_domain_stability":"UNIVERSAL","protocol_primitive":"NO","migration_risk":"MEDIUM","permitted":"Use to describe recoverable constraints returned in BLOCKED outcomes.","prohibited":"Do not return blocking constraints for DENIED outcomes.","api_refs":[],"related":["BLOCKED","Constraint","Recovery action"],"domain_translations":{},"confidence":"HIGH","notes":"Needs explicit \"recoverable\" framing in API description.","open_question":null,"drift_classification":null,"governance_metadata":{},"canonical_mapping":{"canonical_schema":"BlockingConstraintItem","canonical_field":"classification","enum_reference":null,"openapi_reference":"#/components/schemas/BlockingConstraintItem","authoritative_routes":["GET /api/entitlements/{id}/evaluation"],"semantic_extensions":["x-authoritative: true"],"implementation_notes":"BlockingConstraintItem carries x-authoritative: true per OA-ANNOTATE-01B. The blocking_constraints field on EvaluationBlockedResponse and EvaluationDeniedResponse also carries x-authoritative: true (field-level annotation). These are the definitive constraints that determined a BLOCKED or DENIED outcome.","mapping_confidence":"HIGH","mapping_source":"OA-ANNOTATE-01B"}},{"term":"Definitive","canonical_sentence":"A definitive dimension result is one that conclusively determines the overall evaluation outcome.","definition":"A definitive result from any dimension immediately determines the overall outcome without requiring further dimension evaluation.","classification":"Evaluation & Truth","authority_status":"Authoritative","normative_status":"REQUIRED","semantic_owner":"CE","machine_critical":"SENSITIVE","cross_domain_stability":"UNIVERSAL","protocol_primitive":"NO","migration_risk":"LOW","permitted":"Use to mark dimension results that conclusively determine the outcome.","prohibited":"Do not override a definitive result from a higher-precedence dimension.","api_refs":[],"related":["Dimension","Outcome","Evaluation"],"domain_translations":{},"confidence":"HIGH","notes":null,"open_question":null,"drift_classification":null,"governance_metadata":{},"canonical_mapping":{"canonical_schema":null,"canonical_field":null,"enum_reference":null,"openapi_reference":null,"authoritative_routes":[],"semantic_extensions":{},"implementation_notes":null,"mapping_confidence":null,"mapping_source":null}},{"term":"Synthetic","canonical_sentence":"A synthetic dimension result is a CE-computed projection not directly tied to a stored constraint record.","definition":"Synthetic results are computed by the CE from context rather than stored constraint records. They provide additional evaluation information.","classification":"Evaluation & Truth","authority_status":"Non-authoritative Metadata","normative_status":"RECOMMENDED","semantic_owner":"CE","machine_critical":"SENSITIVE","cross_domain_stability":"UNIVERSAL","protocol_primitive":"NO","migration_risk":"LOW","permitted":"Use to mark CE-computed projections not tied to stored constraints.","prohibited":"Do not treat synthetic results as authoritative stored records.","api_refs":[],"related":["Dimension","Evaluation","Definitive"],"domain_translations":{},"confidence":"HIGH","notes":null,"open_question":null,"drift_classification":"NOT_FIRST_CLASS","governance_metadata":{"semantic_stability":"STABLE","migration_risk":"LOW","governance_status":"RATIFIED","last_reviewed":"2026-05-09","review_trigger":"CE v2.0 specification"},"canonical_mapping":{"canonical_schema":null,"canonical_field":null,"enum_reference":null,"openapi_reference":null,"authoritative_routes":[],"semantic_extensions":{},"implementation_notes":null,"mapping_confidence":null,"mapping_source":null}},{"term":"Execute","canonical_sentence":"Execute as a mutation verb is DEPRECATED — use Consume for the canonical exercise operation.","definition":"The /execute endpoint and 'execute' verb are deprecated. The canonical operation is Consume via POST /api/entitlements/{id}/consume.","classification":"Execution & Mutation","authority_status":"Authoritative","normative_status":"LEGACY","semantic_owner":"Execution","machine_critical":"CRITICAL","cross_domain_stability":"UNIVERSAL","protocol_primitive":"NO","migration_risk":"BREAKING","permitted":"Use only for backward compatibility references.","prohibited":"Do not use in new code. Use Consume instead.","api_refs":["POST /api/entitlements/{id}/execute"],"related":["Consume","Mutation"],"domain_translations":{},"confidence":"HIGH","notes":"POST /api/entitlements/{id}/execute is deprecated. Canonical route is /consume.","open_question":null,"drift_classification":"DEPRECATED","governance_metadata":{"semantic_stability":"DEPRECATED","migration_risk":"BREAKING","superseded_by":"Consume","deprecated_since":"2026-01-01","replacement_term":"Consume","governance_status":"RATIFIED","last_reviewed":"2026-05-09","review_trigger":"Removal of /api/entitlements/{id}/execute endpoint"},"canonical_mapping":{"canonical_schema":null,"canonical_field":null,"enum_reference":null,"openapi_reference":null,"authoritative_routes":["POST /api/entitlements/{id}/execute (DEPRECATED — x-replaced-by: POST /api/entitlements/{id}/consume)"],"semantic_extensions":["x-semantic-warning"],"implementation_notes":"QUARANTINED TERM — SYN-NAME-01 §5 findings #9, #10, #11, #15. Execute as a verb in paths/fields is classified DEPRECATED/BREAKING. 3 remaining paths use 'execute' as a verb (§5 #9, #10): POST /api/entitlements/{id}/execute (deprecated, x-replaced-by: POST /api/entitlements/{id}/consume, confirmed in live OpenAPI). 1 deprecated schema (§5 #11): RequestExecuteRequest (x-authoritative: false, x-semantic-warning). 2 boolean fields on evaluation responses (§5 #15): EvaluationBlockedResponse.execute and EvaluationDeniedResponse.execute carry semantic warnings. Planned remediations: SYN-NAME-03 (field rename), SYN-NAME-12 (path removal). DEPRECATED drift classification (DICT-02B) is consistent with SYN-NAME-01 quarantine status. Do not use execute as a verb in new implementation surfaces — use consume.","mapping_confidence":"HIGH","mapping_source":"SYN-NAME-01"}},{"term":"Consume","canonical_sentence":"Consume is the canonical protocol operation that records an exercise of entitlement value, debiting capacity and creating an immutable ledger event.","definition":"Consume is the primary mutation operation. It debits capacity from an Entitlement and records an immutable ledger event. Requires CE PASS before execution.","classification":"Execution & Mutation","authority_status":"Authoritative","normative_status":"REQUIRED","semantic_owner":"Execution","machine_critical":"CRITICAL","cross_domain_stability":"UNIVERSAL","protocol_primitive":"YES","migration_risk":"HIGH","permitted":"Use as the canonical exercise operation.","prohibited":"Do not use Redeem, Execute, or Claim as synonyms in core protocol logic.","api_refs":["POST /api/entitlements/{id}/consume"],"related":["Entitlement","Capacity","Ledger event","Idempotency"],"domain_translations":{"redemption":"Consume","claim exercise":"Consume"},"confidence":"HIGH","notes":null,"open_question":null,"drift_classification":"STABLE","governance_metadata":{"semantic_stability":"LOCKED","migration_risk":"HIGH","governance_status":"RATIFIED","last_reviewed":"2026-05-09","review_trigger":"Protocol v2.0 major revision"},"canonical_mapping":{"canonical_schema":"ConsumeRequest","canonical_field":null,"enum_reference":null,"openapi_reference":"#/components/schemas/ConsumeRequest","authoritative_routes":["POST /api/entitlements/{id}/consume"],"semantic_extensions":["x-authoritative: true"],"implementation_notes":"ConsumeRequest and ConsumeResponse both carry x-authoritative: true per OA-ANNOTATE-01B. This is the canonical execution mutation route. Note: POST /api/entitlements/{id}/execute is DEPRECATED (deprecated: true, x-replaced-by: POST /api/entitlements/{id}/consume) per SYN-NAME-01 §5 findings #9, #10. SYN-NAME-03 (field rename) and SYN-NAME-12 (path removal) are planned remediations for the execute deprecation. STABLE drift classification (DICT-02B) is consistent with authoritative annotation. PSL-002: execution (via /consume) mutates; evaluation (via /evaluation) is read-only.","mapping_confidence":"HIGH","mapping_source":"OA-ANNOTATE-01B"}},{"term":"Redeem","canonical_sentence":"Redeem is a domain-colloquial term for exercise, particularly in commerce contexts — it maps to Consume in the core protocol.","definition":"Redeem is used colloquially in commerce and loyalty contexts. In the protocol, redemption maps to the Consume operation.","classification":"Execution & Mutation","authority_status":"Non-authoritative Metadata","normative_status":"LEGACY","semantic_owner":"Execution","machine_critical":"SENSITIVE","cross_domain_stability":"DOMAIN-VARIABLE","protocol_primitive":"NO","migration_risk":"MEDIUM","permitted":"Use in domain-specific UI/documentation where 'redeem' is the natural term.","prohibited":"Do not use in core protocol logic. Map to Consume.","api_refs":[],"related":["Consume","Execute"],"domain_translations":{},"confidence":"HIGH","notes":null,"open_question":null,"drift_classification":"DOMAIN_ONLY","governance_metadata":{"semantic_stability":"STABLE","migration_risk":"MEDIUM","governance_status":"RATIFIED","last_reviewed":"2026-05-09","review_trigger":"Commerce profile formalisation"},"canonical_mapping":{"canonical_schema":null,"canonical_field":null,"enum_reference":null,"openapi_reference":null,"authoritative_routes":[],"semantic_extensions":[],"implementation_notes":"Redeem is a domain-only term (DOMAIN_ONLY drift classification, DICT-02B). No canonical schema maps to 'redeem' — this is a domain synonym for 'consume' in commerce/loyalty contexts. PSL-008: domain language must map into canonical terms before execution. Agents receiving 'redeem' from domain integrations must translate to 'Consume' before protocol execution. No OpenAPI schema named 'Redeem' exists.","mapping_confidence":"LOW","mapping_source":"direct inspection"}},{"term":"Mutation","canonical_sentence":"A Mutation is any protocol operation that changes the state or ledger record of a protocol entity.","definition":"Mutations are state-changing operations subject to the full mutation pipeline (lifecycle validation, authority checks, CE evaluation).","classification":"Execution & Mutation","authority_status":"Authoritative","normative_status":"REQUIRED","semantic_owner":"Execution","machine_critical":"CRITICAL","cross_domain_stability":"UNIVERSAL","protocol_primitive":"NO","migration_risk":"MEDIUM","permitted":"Use to describe any state-changing operation.","prohibited":"Do not bypass the mutation pipeline for any state change.","api_refs":[],"related":["Consume","Transition","Ledger event"],"domain_translations":{},"confidence":"HIGH","notes":null,"open_question":null,"drift_classification":null,"governance_metadata":{},"canonical_mapping":{"canonical_schema":"ConsumeRequest","canonical_field":null,"enum_reference":null,"openapi_reference":"#/components/schemas/ConsumeRequest","authoritative_routes":["POST /api/entitlements/{id}/consume","POST /api/lifecycle/transition","POST /api/authorisations","POST /api/enforcement/{entity_type}/{entity_id}/revoke"],"semantic_extensions":["x-authoritative: true"],"implementation_notes":"Mutation as a concept maps to all authoritative write operations that change protocol state. The canonical mutation surface is POST /api/entitlements/{id}/consume (ConsumeRequest, x-authoritative: true). Lifecycle transitions (POST /api/lifecycle/transition), authorisation creation, and enforcement operations are all protocol mutations. PSL-002 governs: evaluation is read-only; execution (mutation) mutates.","mapping_confidence":"MEDIUM","mapping_source":"direct inspection"}},{"term":"Idempotency","canonical_sentence":"Idempotency is the protocol guarantee that a mutation operation with the same key produces the same result if repeated.","definition":"Critical mutations require an idempotency_key. The protocol guarantees that repeating a mutation with the same key returns the stored result without re-executing.","classification":"Execution & Mutation","authority_status":"Authoritative","normative_status":"REQUIRED","semantic_owner":"Execution","machine_critical":"CRITICAL","cross_domain_stability":"UNIVERSAL","protocol_primitive":"NO","migration_risk":"MEDIUM","permitted":"Use to describe the replay-safety guarantee for mutations.","prohibited":"Do not allow mutations without idempotency keys on critical operations.","api_refs":["POST /api/entitlements/{id}/consume","POST /api/entitlements/{id}/execute","POST /api/authorisations"],"related":["Mutation","Idempotency replay","Consume"],"domain_translations":{},"confidence":"HIGH","notes":null,"open_question":null,"drift_classification":null,"governance_metadata":{},"canonical_mapping":{"canonical_schema":"ConsumeRequest","canonical_field":"idempotency_key","enum_reference":null,"openapi_reference":"#/components/schemas/ConsumeRequest","authoritative_routes":["POST /api/entitlements/{id}/consume"],"semantic_extensions":["x-authoritative: true"],"implementation_notes":"Idempotency maps to the idempotency_key field on ConsumeRequest (x-authoritative: true schema per OA-ANNOTATE-01B). The IdempotencyReplayDetails schema also carries x-authoritative: true, representing the replay metadata returned when an idempotency key matches a prior execution.","mapping_confidence":"HIGH","mapping_source":"OA-ANNOTATE-01B"}},{"term":"Ledger event","canonical_sentence":"A Ledger event is an immutable record of a completed mutation, forming the canonical audit trail.","definition":"Every completed mutation produces a ledger event. Ledger events are immutable and form the canonical audit trail for the protocol.","classification":"Execution & Mutation","authority_status":"Authoritative","normative_status":"REQUIRED","semantic_owner":"Execution/Ledger","machine_critical":"SENSITIVE","cross_domain_stability":"UNIVERSAL","protocol_primitive":"NO","migration_risk":"MEDIUM","permitted":"Use to describe immutable records of completed mutations.","prohibited":"Do not modify or delete ledger events.","api_refs":[],"related":["Mutation","Consume","Execution receipt"],"domain_translations":{},"confidence":"HIGH","notes":null,"open_question":null,"drift_classification":null,"governance_metadata":{},"canonical_mapping":{"canonical_schema":null,"canonical_field":null,"enum_reference":null,"openapi_reference":null,"authoritative_routes":[],"semantic_extensions":{},"implementation_notes":null,"mapping_confidence":null,"mapping_source":null}},{"term":"Capacity","canonical_sentence":"Capacity is the quantified limit on exercisable value within an Entitlement, evaluated by the CE and debited by consume operations.","definition":"Capacity tracks the remaining exercisable value of an Entitlement. The CAP dimension evaluates whether sufficient capacity exists.","classification":"Execution & Mutation","authority_status":"Authoritative","normative_status":"REQUIRED","semantic_owner":"CE/Execution","machine_critical":"SENSITIVE","cross_domain_stability":"UNIVERSAL","protocol_primitive":"NO","migration_risk":"MEDIUM","permitted":"Use to describe the quantified limit on exercisable value.","prohibited":"Do not use 'balance' as a synonym in core protocol logic.","api_refs":[],"related":["Entitlement","Consume","Quantity"],"domain_translations":{"balance":"Capacity","remaining units":"Capacity"},"confidence":"HIGH","notes":null,"open_question":null,"drift_classification":null,"governance_metadata":{},"canonical_mapping":{"canonical_schema":null,"canonical_field":null,"enum_reference":null,"openapi_reference":null,"authoritative_routes":[],"semantic_extensions":{},"implementation_notes":null,"mapping_confidence":null,"mapping_source":null}},{"term":"Quantity","canonical_sentence":"Quantity is the amount of entitlement value requested in a consume operation.","definition":"Quantity specifies how much capacity to debit in a single consume operation.","classification":"Execution & Mutation","authority_status":"Authoritative","normative_status":"REQUIRED","semantic_owner":"Execution/CE","machine_critical":"SENSITIVE","cross_domain_stability":"UNIVERSAL","protocol_primitive":"NO","migration_risk":"MEDIUM","permitted":"Use to specify the amount requested in a consume operation.","prohibited":"Do not use 'amount' as a synonym when referring to unit counts.","api_refs":[],"related":["Capacity","Consume"],"domain_translations":{},"confidence":"HIGH","notes":null,"open_question":null,"drift_classification":null,"governance_metadata":{},"canonical_mapping":{"canonical_schema":null,"canonical_field":null,"enum_reference":null,"openapi_reference":null,"authoritative_routes":[],"semantic_extensions":{},"implementation_notes":null,"mapping_confidence":null,"mapping_source":null}},{"term":"Idempotency replay","canonical_sentence":"Idempotency replay is the protocol behaviour of returning the stored result of a prior mutation when the same idempotency key is received.","definition":"When a mutation is replayed with a previously-used idempotency key, the stored result is returned without re-executing the mutation.","classification":"Execution & Mutation","authority_status":"Authoritative","normative_status":"REQUIRED","semantic_owner":"Execution","machine_critical":"CRITICAL","cross_domain_stability":"UNIVERSAL","protocol_primitive":"NO","migration_risk":"LOW","permitted":"Use to describe the replay behaviour for idempotent operations.","prohibited":"Do not re-execute mutations on replay — return the stored result.","api_refs":[],"related":["Idempotency","Mutation"],"domain_translations":{},"confidence":"HIGH","notes":null,"open_question":null,"drift_classification":null,"governance_metadata":{},"canonical_mapping":{"canonical_schema":"IdempotencyReplayDetails","canonical_field":null,"enum_reference":null,"openapi_reference":"#/components/schemas/IdempotencyReplayDetails","authoritative_routes":["POST /api/entitlements/{id}/consume"],"semantic_extensions":["x-authoritative: true"],"implementation_notes":"IdempotencyReplayDetails carries x-authoritative: true per OA-ANNOTATE-01B. Returned when a POST /api/entitlements/{id}/consume request uses an idempotency_key that matches a prior execution — the replay details are returned instead of executing again.","mapping_confidence":"HIGH","mapping_source":"OA-ANNOTATE-01B"}},{"term":"Dry run","canonical_sentence":"A dry run is a non-mutating evaluation pass that simulates the outcome of an operation without committing any changes.","definition":"Dry runs allow agents to preview the result of an operation without actually executing it. Useful for validation and planning.","classification":"Execution & Mutation","authority_status":"Non-authoritative Metadata","normative_status":"OPTIONAL","semantic_owner":"Execution/Sandbox","machine_critical":"SENSITIVE","cross_domain_stability":"UNIVERSAL","protocol_primitive":"NO","migration_risk":"LOW","permitted":"Use to describe non-mutating simulation of operations.","prohibited":"Do not commit changes during a dry run.","api_refs":[],"related":["Evaluation","Sandbox"],"domain_translations":{},"confidence":"HIGH","notes":null,"open_question":null,"drift_classification":"AMBIGUOUS","governance_metadata":{"semantic_stability":"EVOLVING","migration_risk":"LOW","governance_status":"PROPOSED","last_reviewed":"2026-05-09","review_trigger":"Sandbox v2.0 specification"},"canonical_mapping":{"canonical_schema":null,"canonical_field":"mode","enum_reference":null,"openapi_reference":null,"authoritative_routes":["POST /api/entitlements/{id}/consume"],"semantic_extensions":[],"implementation_notes":"AMBIGUOUS drift classification (DICT-02B). 'Dry run' maps to the 'mode' field on ConsumeRequest, which may carry a dry-run or simulation mode value. However, the ConsumeRequest 'mode' field is not the canonical term name. No schema named 'DryRun' exists. The evaluation endpoint (GET /api/entitlements/{id}/evaluation) is the authoritative non-mutating surface — dry run should be mapped to evaluation rather than a special mode on consume.","mapping_confidence":"LOW","mapping_source":"direct inspection"}},{"term":"Execution receipt","canonical_sentence":"An execution receipt is the structured response confirming a completed mutation, including ledger reference and outcome.","definition":"Execution receipts provide the canonical confirmation of a completed mutation, including references to the ledger event and outcome.","classification":"Execution & Mutation","authority_status":"Authoritative","normative_status":"REQUIRED","semantic_owner":"Execution","machine_critical":"SENSITIVE","cross_domain_stability":"UNIVERSAL","protocol_primitive":"NO","migration_risk":"MEDIUM","permitted":"Use to describe the structured response from a completed mutation.","prohibited":"Do not use as a synonym for Ledger event — the receipt is the response, the event is the record.","api_refs":[],"related":["Ledger event","Mutation","Consume"],"domain_translations":{},"confidence":"HIGH","notes":null,"open_question":null,"drift_classification":null,"governance_metadata":{},"canonical_mapping":{"canonical_schema":null,"canonical_field":null,"enum_reference":null,"openapi_reference":null,"authoritative_routes":[],"semantic_extensions":{},"implementation_notes":null,"mapping_confidence":null,"mapping_source":null}},{"term":"Reservation","canonical_sentence":"A Reservation is a tentative capacity hold that has not yet been committed — not currently a first-class protocol concept.","definition":"Reservation is not currently implemented as a first-class protocol entity. Do not treat availability snapshots as reservation confirmations.","classification":"Execution & Mutation","authority_status":"Non-authoritative Metadata","normative_status":"OPTIONAL","semantic_owner":"Execution","machine_critical":"SENSITIVE","cross_domain_stability":"DOMAIN-VARIABLE","protocol_primitive":"NO","migration_risk":"LOW","permitted":"Use only if reservation semantics are explicitly implemented.","prohibited":"Do not treat availability snapshots as reservation confirmations.","api_refs":[],"related":["Hold","Capacity"],"domain_translations":{},"confidence":"MEDIUM","notes":"Neither Reservation nor Hold is currently a first-class protocol concept.","open_question":null,"drift_classification":"NOT_FIRST_CLASS","governance_metadata":{"semantic_stability":"EXPERIMENTAL","migration_risk":"MEDIUM","governance_status":"PROPOSED","last_reviewed":"2026-05-09","review_trigger":"Governance review for first-class Reservation primitive proposal"},"canonical_mapping":{"canonical_schema":"ReserveResponse","canonical_field":null,"enum_reference":null,"openapi_reference":"#/components/schemas/ReserveResponse","authoritative_routes":[],"semantic_extensions":["x-authoritative: false"],"implementation_notes":"NOT_FIRST_CLASS drift classification (DICT-02B). ReserveResponse carries x-authoritative: false per OA-ANNOTATE-01B. ReleaseReserveResponse also carries x-authoritative: false and x-semantic-warning. Reservation is not a first-class protocol primitive — it is a capacity management operation for specific commerce scenarios.","mapping_confidence":"MEDIUM","mapping_source":"OA-ANNOTATE-01B"}},{"term":"Hold","canonical_sentence":"A Hold is a temporary capacity lock — not currently a first-class protocol concept.","definition":"Hold is not currently implemented as a first-class protocol entity. It represents a theoretical temporary lock on capacity.","classification":"Execution & Mutation","authority_status":"Non-authoritative Metadata","normative_status":"OPTIONAL","semantic_owner":"Execution","machine_critical":"SENSITIVE","cross_domain_stability":"DOMAIN-VARIABLE","protocol_primitive":"NO","migration_risk":"LOW","permitted":"Use only if hold semantics are explicitly implemented.","prohibited":"Do not assume hold semantics exist — they are not implemented.","api_refs":[],"related":["Reservation","Capacity"],"domain_translations":{},"confidence":"MEDIUM","notes":"Neither Reservation nor Hold is currently a first-class protocol concept.","open_question":null,"drift_classification":"NOT_FIRST_CLASS","governance_metadata":{"semantic_stability":"EXPERIMENTAL","migration_risk":"LOW","governance_status":"PROPOSED","last_reviewed":"2026-05-09","review_trigger":"Governance review for first-class Hold primitive proposal"},"canonical_mapping":{"canonical_schema":null,"canonical_field":null,"enum_reference":null,"openapi_reference":null,"authoritative_routes":[],"semantic_extensions":{},"implementation_notes":null,"mapping_confidence":null,"mapping_source":null}},{"term":"Authorisation","canonical_sentence":"Authorisation is a protocol decision record that grants approval for a specific operation before it may be executed.","definition":"Authorisations are explicit approval gates. Certain operations require an authorisation record before execution is permitted.","classification":"Authority & Governance","authority_status":"Authoritative","normative_status":"REQUIRED","semantic_owner":"GOV","machine_critical":"CRITICAL","cross_domain_stability":"UNIVERSAL","protocol_primitive":"YES","migration_risk":"MEDIUM","permitted":"Use to describe explicit approval gates for operations.","prohibited":"Do not conflate with Authority or Authentication.","api_refs":["POST /api/authorisations"],"related":["Authority","Decision","Actor"],"domain_translations":{},"confidence":"HIGH","notes":"Distinction: Authorisation ≠ Authority ≠ Authentication.","open_question":null,"drift_classification":"STABLE","governance_metadata":{"semantic_stability":"LOCKED","migration_risk":"MEDIUM","governance_status":"RATIFIED","last_reviewed":"2026-05-09","review_trigger":"Protocol v2.0 major revision"},"canonical_mapping":{"canonical_schema":"Authorisation","canonical_field":null,"enum_reference":null,"openapi_reference":"#/components/schemas/Authorisation","authoritative_routes":["POST /api/authorisations","GET /api/authorisations","GET /api/authorisations/{id}"],"semantic_extensions":["x-authoritative: true","x-semantic-warning"],"implementation_notes":"Authorisation schema carries x-authoritative: true AND x-semantic-warning per OA-ANNOTATE-01B. The x-semantic-warning indicates that Authorisation.status (PSL-001 conflict) exists on this schema. This is a SYN-NAME-01 surface violation (finding #5: status on Authorisation schema). SYN-NAME-02 (rename to state) is planned remediation. Fields: authorised_amount, authority_basis, created_at, entitlement_id, id, status. AuthorisationErrorResponse also carries x-authoritative: true and x-semantic-warning. AuthorisationCreateRequest carries x-authoritative: true. STABLE drift classification (DICT-02B) is consistent with authoritative intent despite warning annotation.","mapping_confidence":"HIGH","mapping_source":"OA-ANNOTATE-01B"}},{"term":"Authority","canonical_sentence":"Authority is an Actor's protocol-verified power to initiate a specific operation on a specific entity.","definition":"Authority is the composite of roles, delegation grants, and elevation status that determines what operations an Actor may perform.","classification":"Authority & Governance","authority_status":"Authoritative","normative_status":"REQUIRED","semantic_owner":"GOV","machine_critical":"CRITICAL","cross_domain_stability":"UNIVERSAL","protocol_primitive":"YES","migration_risk":"HIGH","permitted":"Use to describe an Actor's verified power to perform operations.","prohibited":"Do not conflate with Authorisation (decision record) or Permission (broader capability).","api_refs":[],"related":["Authorisation","Actor authority","Delegation"],"domain_translations":{},"confidence":"HIGH","notes":null,"open_question":null,"drift_classification":"STABLE","governance_metadata":{"semantic_stability":"LOCKED","migration_risk":"HIGH","governance_status":"RATIFIED","last_reviewed":"2026-05-09","review_trigger":"Protocol v2.0 major revision"},"canonical_mapping":{"canonical_schema":"AuthorityRequiredErrorResponse","canonical_field":null,"enum_reference":null,"openapi_reference":"#/components/schemas/AuthorityRequiredErrorResponse","authoritative_routes":["POST /api/authorisations","POST /api/entitlements/{id}/consume"],"semantic_extensions":["x-authoritative: true"],"implementation_notes":"Authority as a protocol concept maps to AuthorityRequiredErrorResponse (x-authoritative: true per OA-ANNOTATE-01B) and the authority_basis field present on ConsumeResponse and Authorisation. The ActorAuthorityBasis schema carries x-authoritative: false and x-semantic-warning (non-authoritative metadata for AI agent interpretation). STABLE drift classification (DICT-02B) consistent. PSL-005 governs: BLOCKED and DENIED are distinct invariants requiring different agent recovery paths.","mapping_confidence":"HIGH","mapping_source":"OA-ANNOTATE-01B"}},{"term":"Authority basis","canonical_sentence":"Authority basis is the recorded source of an Actor's authority for a given operation.","definition":"The authority basis documents why an Actor has the power to perform a specific operation (e.g., role assignment, delegation grant, elevation).","classification":"Authority & Governance","authority_status":"Authoritative","normative_status":"REQUIRED","semantic_owner":"GOV","machine_critical":"CRITICAL","cross_domain_stability":"UNIVERSAL","protocol_primitive":"NO","migration_risk":"MEDIUM","permitted":"Use to record the source of authority for audit purposes.","prohibited":"Do not allow operations without a recorded authority basis.","api_refs":[],"related":["Authority","Actor authority"],"domain_translations":{},"confidence":"HIGH","notes":null,"open_question":null,"drift_classification":null,"governance_metadata":{},"canonical_mapping":{"canonical_schema":"ActorAuthorityBasis","canonical_field":"authority_type","enum_reference":null,"openapi_reference":"#/components/schemas/ActorAuthorityBasis","authoritative_routes":["POST /api/entitlements/{id}/consume","POST /api/authorisations"],"semantic_extensions":["x-authoritative: false","x-semantic-warning"],"implementation_notes":"ActorAuthorityBasis carries x-authoritative: false and x-semantic-warning per OA-ANNOTATE-01B. The authority_basis field appears on ConsumeResponse, Authorisation, and the evaluation envelope metadata. This is non-authoritative metadata for external agent interpretation only — it identifies who acted and under what authority. Not a protocol decision surface.","mapping_confidence":"HIGH","mapping_source":"OA-ANNOTATE-01B"}},{"term":"Actor authority","canonical_sentence":"Actor authority is the composite of an Actor's roles, delegation grants, and elevation status that determines what operations they may perform.","definition":"Actor authority encompasses all sources of power for a specific Actor, evaluated at operation time.","classification":"Authority & Governance","authority_status":"Authoritative","normative_status":"REQUIRED","semantic_owner":"GOV","machine_critical":"CRITICAL","cross_domain_stability":"UNIVERSAL","protocol_primitive":"NO","migration_risk":"MEDIUM","permitted":"Use to describe the full authority profile of an Actor.","prohibited":"Do not cache authority — evaluate at operation time.","api_refs":[],"related":["Authority","Authority basis","Delegation"],"domain_translations":{},"confidence":"HIGH","notes":null,"open_question":null,"drift_classification":null,"governance_metadata":{},"canonical_mapping":{"canonical_schema":"ActorAuthorityBasis","canonical_field":"authority_type","enum_reference":null,"openapi_reference":"#/components/schemas/ActorAuthorityBasis","authoritative_routes":[],"semantic_extensions":["x-authoritative: false","x-semantic-warning"],"implementation_notes":"Actor authority maps to the same surface as Authority basis (ActorAuthorityBasis, x-authoritative: false). Non-authoritative metadata for AI agent interpretation. PSL-007 governs: carriers never create protocol truth — carrier authority claims must be mapped through the protocol's authority evaluation before any protocol decision.","mapping_confidence":"MEDIUM","mapping_source":"OA-ANNOTATE-01B"}},{"term":"Delegation","canonical_sentence":"Delegation is the protocol mechanism by which a principal Actor grants another Actor authority to perform specific operations on their behalf.","definition":"Delegation creates a grant record that extends authority from one Actor to another, scoped to specific operations and entities.","classification":"Authority & Governance","authority_status":"Authoritative","normative_status":"REQUIRED","semantic_owner":"GOV/BDE","machine_critical":"CRITICAL","cross_domain_stability":"UNIVERSAL","protocol_primitive":"YES","migration_risk":"HIGH","permitted":"Use to describe authority grants between Actors.","prohibited":"Do not allow unbounded delegation — always scope to operations and entities.","api_refs":[],"related":["Authority","Actor","Authorisation"],"domain_translations":{},"confidence":"HIGH","notes":null,"open_question":null,"drift_classification":"STABLE","governance_metadata":{"semantic_stability":"LOCKED","migration_risk":"HIGH","governance_status":"RATIFIED","last_reviewed":"2026-05-09","review_trigger":"Protocol v2.0 major revision"},"canonical_mapping":{"canonical_schema":"Delegation","canonical_field":null,"enum_reference":null,"openapi_reference":"#/components/schemas/Delegation","authoritative_routes":["POST /api/delegations","GET /api/delegations","GET /api/delegations/{id}","POST /api/delegations/{id}/revoke"],"semantic_extensions":["x-authoritative: true"],"implementation_notes":"Delegation schema carries x-authoritative: true per OA-ANNOTATE-01B. DelegationCreateRequest, DelegationRevokeRequest, DelegationRevokeResponse, DelegationCheckResponse, and DelegationLogActionRequest/Response all carry x-authoritative: true. Fields: active, created_at, delegate_id, delegator_id, id, scope. STABLE drift classification (DICT-02B) consistent.","mapping_confidence":"HIGH","mapping_source":"OA-ANNOTATE-01B"}},{"term":"Permission","canonical_sentence":"Permission is a broader capability grant, distinct from the operation-specific Authority verified by the protocol.","definition":"Permission is a general capability concept. Authority is the protocol-specific, operation-verified subset of permission.","classification":"Authority & Governance","authority_status":"Authoritative","normative_status":"RECOMMENDED","semantic_owner":"GOV","machine_critical":"SENSITIVE","cross_domain_stability":"UNIVERSAL","protocol_primitive":"NO","migration_risk":"MEDIUM","permitted":"Use for broader capability grants.","prohibited":"Do not use as a synonym for Authority — Authority is operation-specific.","api_refs":[],"related":["Authority","Scope"],"domain_translations":{},"confidence":"HIGH","notes":null,"open_question":null,"drift_classification":null,"governance_metadata":{},"canonical_mapping":{"canonical_schema":null,"canonical_field":null,"enum_reference":null,"openapi_reference":null,"authoritative_routes":[],"semantic_extensions":{},"implementation_notes":null,"mapping_confidence":null,"mapping_source":null}},{"term":"Scope","canonical_sentence":"Scope is the API access boundary that limits what resources and operations a credential may access.","definition":"Scope defines the boundaries of API access for a given credential or token.","classification":"Authority & Governance","authority_status":"Authoritative","normative_status":"RECOMMENDED","semantic_owner":"GOV","machine_critical":"SENSITIVE","cross_domain_stability":"UNIVERSAL","protocol_primitive":"NO","migration_risk":"MEDIUM","permitted":"Use to define API access boundaries.","prohibited":"Do not conflate with Authority — Scope is access boundary, Authority is operation power.","api_refs":[],"related":["Permission","Authority"],"domain_translations":{},"confidence":"HIGH","notes":null,"open_question":null,"drift_classification":null,"governance_metadata":{},"canonical_mapping":{"canonical_schema":null,"canonical_field":null,"enum_reference":null,"openapi_reference":null,"authoritative_routes":[],"semantic_extensions":{},"implementation_notes":null,"mapping_confidence":null,"mapping_source":null}},{"term":"Consent","canonical_sentence":"Consent is a profile-level record of agreement, distinct from the ACCEPTANCE dimension which enforces protocol-level terms.","definition":"Consent records explicit agreement at the profile level. It is distinct from the ACCEPTANCE CE dimension which enforces protocol-level terms acceptance.","classification":"Authority & Governance","authority_status":"Authoritative","normative_status":"OPTIONAL","semantic_owner":"GOV","machine_critical":"SENSITIVE","cross_domain_stability":"PROFILE-SCOPED","protocol_primitive":"NO","migration_risk":"LOW","permitted":"Use for profile-level agreement records.","prohibited":"Do not conflate with the ACCEPTANCE CE dimension.","api_refs":[],"related":["Acceptance","Authority"],"domain_translations":{},"confidence":"HIGH","notes":null,"open_question":null,"drift_classification":null,"governance_metadata":{},"canonical_mapping":{"canonical_schema":null,"canonical_field":null,"enum_reference":null,"openapi_reference":null,"authoritative_routes":[],"semantic_extensions":{},"implementation_notes":null,"mapping_confidence":null,"mapping_source":null}},{"term":"Acceptance","canonical_sentence":"Acceptance is the 8th canonical CE dimension, evaluating whether required terms or conditions have been accepted before exercise.","definition":"The ACCEPTANCE dimension is the newest addition to the CE. It evaluates whether required terms, conditions, or agreements have been accepted before exercise is permitted.","classification":"Authority & Governance","authority_status":"Authoritative","normative_status":"REQUIRED","semantic_owner":"GOV/CE","machine_critical":"SENSITIVE","cross_domain_stability":"UNIVERSAL","protocol_primitive":"NO","migration_risk":"MEDIUM","permitted":"Use as the 8th canonical CE dimension.","prohibited":"Do not conflate with Consent — Acceptance is a CE dimension, Consent is a profile record.","api_refs":[],"related":["Consent","Dimension","Evaluation"],"domain_translations":{},"confidence":"HIGH","notes":null,"open_question":null,"drift_classification":null,"governance_metadata":{},"canonical_mapping":{"canonical_schema":null,"canonical_field":null,"enum_reference":null,"openapi_reference":null,"authoritative_routes":[],"semantic_extensions":{},"implementation_notes":null,"mapping_confidence":null,"mapping_source":null}},{"term":"Policy","canonical_sentence":"Policy is an ambiguous term — qualify as \"Container policy\" (protocol) or \"insurance policy\" (domain profile) always.","definition":"Policy has two distinct meanings: Container governance rules (core protocol) and insurance policy documents (domain profile). Always qualify which meaning is intended.","classification":"Authority & Governance","authority_status":"Non-authoritative Metadata","normative_status":"OPTIONAL","semantic_owner":"varies","machine_critical":"SENSITIVE","cross_domain_stability":"DOMAIN-VARIABLE","protocol_primitive":"NO","migration_risk":"HIGH","permitted":"Use only with explicit qualification: 'Container policy' or 'insurance policy'.","prohibited":"Do not use unqualified 'policy' — it is ambiguous.","api_refs":[],"related":["Container","Rule"],"domain_translations":{},"confidence":"HIGH","notes":null,"open_question":"Requires disambiguation decision before OA-ANNOTATE-01B.","drift_classification":"AMBIGUOUS","governance_metadata":{"semantic_stability":"EVOLVING","migration_risk":"HIGH","governance_status":"UNDER_REVIEW","last_reviewed":"2026-05-09","review_trigger":"Insurance profile v1.0 formalisation"},"canonical_mapping":{"canonical_schema":null,"canonical_field":null,"enum_reference":null,"openapi_reference":null,"authoritative_routes":[],"semantic_extensions":["x-semantic-warning"],"implementation_notes":"QUARANTINED TERM — SYN-NAME-01 §5 findings #12, #17: policy/policyholder appear as fields on Container schema (container.policy_number, container.policyholder_name, container.policyholder_email) which represents insurance-domain leakage into core schemas, violating PSL-008 (domain language must map into canonical terms before execution). PolicyImportRequest and PolicyImportResponse carry x-authoritative: false and x-semantic-warning. AMBIGUOUS drift classification (DICT-02B) consistent. Planned remediation: SYN-NAME-13 (remove from core schemas). OA-ANNOTATE-01B §9: 'booking', 'carrier', 'profile/vertical' have no OpenAPI schema — same applies to 'policy' as a first-class schema. Container.policy_number is marked x-replaced-by: external_ref (OA-ANNOTATE-01B §17 issue #5).","mapping_confidence":"LOW","mapping_source":"SYN-NAME-01"}},{"term":"Rule","canonical_sentence":"A Rule is a specific governance or constraint condition within a policy that governs entity behaviour.","definition":"Rules are the individual conditions within a policy that govern entity behaviour and constraint evaluation.","classification":"Authority & Governance","authority_status":"Authoritative","normative_status":"RECOMMENDED","semantic_owner":"GOV","machine_critical":"SENSITIVE","cross_domain_stability":"UNIVERSAL","protocol_primitive":"NO","migration_risk":"MEDIUM","permitted":"Use to describe individual governance conditions.","prohibited":"Do not conflate with Constraint — Rules are governance-level, Constraints are CE-level.","api_refs":[],"related":["Policy","Constraint"],"domain_translations":{},"confidence":"HIGH","notes":null,"open_question":null,"drift_classification":null,"governance_metadata":{},"canonical_mapping":{"canonical_schema":null,"canonical_field":null,"enum_reference":null,"openapi_reference":null,"authoritative_routes":[],"semantic_extensions":{},"implementation_notes":null,"mapping_confidence":null,"mapping_source":null}},{"term":"Jurisdiction","canonical_sentence":"Jurisdiction is the legal or regulatory context that may impose additional constraints on protocol operations.","definition":"Jurisdiction captures the legal/regulatory context that may affect how protocol operations are constrained.","classification":"Authority & Governance","authority_status":"Authoritative","normative_status":"OPTIONAL","semantic_owner":"GOV","machine_critical":"SENSITIVE","cross_domain_stability":"DOMAIN-VARIABLE","protocol_primitive":"NO","migration_risk":"LOW","permitted":"Use to capture legal/regulatory context.","prohibited":"Do not use as a general-purpose location field.","api_refs":[],"related":["Rule","Policy"],"domain_translations":{},"confidence":"HIGH","notes":null,"open_question":null,"drift_classification":null,"governance_metadata":{},"canonical_mapping":{"canonical_schema":null,"canonical_field":null,"enum_reference":null,"openapi_reference":null,"authoritative_routes":[],"semantic_extensions":{},"implementation_notes":null,"mapping_confidence":null,"mapping_source":null}},{"term":"Origin basis","canonical_sentence":"Origin basis records the source or provenance of a governance decision or authority grant.","definition":"Origin basis tracks where a decision or authority grant came from — useful for audit and dispute resolution.","classification":"Authority & Governance","authority_status":"Authoritative","normative_status":"RECOMMENDED","semantic_owner":"GOV","machine_critical":"SENSITIVE","cross_domain_stability":"UNIVERSAL","protocol_primitive":"NO","migration_risk":"LOW","permitted":"Use to record decision provenance.","prohibited":null,"api_refs":[],"related":["Authority basis","Decision"],"domain_translations":{},"confidence":"HIGH","notes":null,"open_question":null,"drift_classification":null,"governance_metadata":{},"canonical_mapping":{"canonical_schema":null,"canonical_field":null,"enum_reference":null,"openapi_reference":null,"authoritative_routes":[],"semantic_extensions":{},"implementation_notes":null,"mapping_confidence":null,"mapping_source":null}},{"term":"Dispute","canonical_sentence":"A Dispute is a formal challenge to a protocol decision or outcome, subject to the contestation process.","definition":"Disputes are formal challenges that enter the contestation pipeline for resolution.","classification":"Authority & Governance","authority_status":"Authoritative","normative_status":"OPTIONAL","semantic_owner":"GOV","machine_critical":"SENSITIVE","cross_domain_stability":"DOMAIN-VARIABLE","protocol_primitive":"NO","migration_risk":"LOW","permitted":"Use to describe formal challenges to decisions.","prohibited":"Do not resolve disputes outside the contestation pipeline.","api_refs":[],"related":["Contestation","Decision"],"domain_translations":{},"confidence":"HIGH","notes":null,"open_question":null,"drift_classification":null,"governance_metadata":{},"canonical_mapping":{"canonical_schema":null,"canonical_field":null,"enum_reference":null,"openapi_reference":null,"authoritative_routes":[],"semantic_extensions":{},"implementation_notes":null,"mapping_confidence":null,"mapping_source":null}},{"term":"Contestation","canonical_sentence":"A Contestation is the structured process for resolving disputes against protocol decisions or outcomes.","definition":"Contestations provide a formal resolution mechanism for disputes. They follow a defined lifecycle and may result in decision reversal or confirmation.","classification":"Authority & Governance","authority_status":"Authoritative","normative_status":"OPTIONAL","semantic_owner":"GOV","machine_critical":"SENSITIVE","cross_domain_stability":"DOMAIN-VARIABLE","protocol_primitive":"NO","migration_risk":"LOW","permitted":"Use to describe the formal dispute resolution process.","prohibited":"Do not bypass the contestation pipeline for dispute resolution.","api_refs":[],"related":["Dispute","Decision"],"domain_translations":{},"confidence":"HIGH","notes":null,"open_question":null,"drift_classification":null,"governance_metadata":{},"canonical_mapping":{"canonical_schema":null,"canonical_field":null,"enum_reference":null,"openapi_reference":null,"authoritative_routes":[],"semantic_extensions":{},"implementation_notes":null,"mapping_confidence":null,"mapping_source":null}},{"term":"Enforcement","canonical_sentence":"Enforcement is the protocol mechanism that applies administrative overlays (freeze, suspend, restrict) to entities, blocking exercise independently of CE evaluation.","definition":"Enforcement applies administrative restrictions to entities. These overlays cause BLOCKED in the CE ENF dimension independently of other constraint evaluation.","classification":"Enforcement & Guardian","authority_status":"Authoritative","normative_status":"REQUIRED","semantic_owner":"Enforcement","machine_critical":"CRITICAL","cross_domain_stability":"UNIVERSAL","protocol_primitive":"YES","migration_risk":"HIGH","permitted":"Use to describe administrative overlays on entities.","prohibited":"Do not conflate with Guardian — Enforcement is entity overlays, Guardian is invariant protection.","api_refs":[],"related":["Enforcement overlay","Guardian","Enforcement block"],"domain_translations":{},"confidence":"HIGH","notes":null,"open_question":null,"drift_classification":"STABLE","governance_metadata":{"semantic_stability":"LOCKED","migration_risk":"HIGH","governance_status":"RATIFIED","last_reviewed":"2026-05-09","review_trigger":"Protocol v2.0 major revision"},"canonical_mapping":{"canonical_schema":"EnforcementBlockedResponse","canonical_field":null,"enum_reference":null,"openapi_reference":"#/components/schemas/EnforcementBlockedResponse","authoritative_routes":["POST /api/enforcement/{entity_type}/{entity_id}/freeze","POST /api/enforcement/{entity_type}/{entity_id}/hold","POST /api/enforcement/{entity_type}/{entity_id}/lift-restriction","POST /api/enforcement/{entity_type}/{entity_id}/release-hold","POST /api/enforcement/{entity_type}/{entity_id}/restore","POST /api/enforcement/{entity_type}/{entity_id}/restrict","POST /api/enforcement/{entity_type}/{entity_id}/revoke","GET /api/enforcement/{entity_type}/{entity_id}/state","POST /api/enforcement/{entity_type}/{entity_id}/suspend","POST /api/enforcement/{entity_type}/{entity_id}/thaw"],"semantic_extensions":["x-authoritative: true","x-semantic-warning"],"implementation_notes":"EnforcementBlockedResponse carries x-authoritative: true AND x-semantic-warning per OA-ANNOTATE-01B. The x-semantic-warning is consistent with DICT-02B STABLE drift classification (no drift issue — warning relates to enforcement_state vocabulary). The /api/enforcement/* route group (10 routes) covers freeze, hold, restrict, revoke, suspend, restore, release-hold, thaw, lift-restriction, and state read. STABLE drift classification (DICT-02B) consistent with authoritative implementation surface. Enforcement overlays are liftable (PSL-006).","mapping_confidence":"HIGH","mapping_source":"OA-ANNOTATE-01B"}},{"term":"Enforcement overlay","canonical_sentence":"An enforcement overlay is an active administrative restriction on an entity that causes BLOCKED in the CE ENF dimension.","definition":"Enforcement overlays are admin-applied per-entity restrictions. They can be lifted (unlike Guardian blocks which are hard-coded correctness rules).","classification":"Enforcement & Guardian","authority_status":"Authoritative","normative_status":"REQUIRED","semantic_owner":"Enforcement","machine_critical":"CRITICAL","cross_domain_stability":"UNIVERSAL","protocol_primitive":"NO","migration_risk":"MEDIUM","permitted":"Use to describe admin-applied entity restrictions.","prohibited":"Do not conflate with runtime invariants — overlays are admin-applied and liftable.","api_refs":[],"related":["Enforcement","Enforcement block","Suspension"],"domain_translations":{},"confidence":"HIGH","notes":"Enforcement overlays are admin-applied per-entity (can be lifted). Runtime invariants are hard-coded correctness rules (cannot be lifted).","open_question":null,"drift_classification":null,"governance_metadata":{},"canonical_mapping":{"canonical_schema":"EnforcementBlockedResponse","canonical_field":null,"enum_reference":null,"openapi_reference":"#/components/schemas/EnforcementBlockedResponse","authoritative_routes":["POST /api/enforcement/{entity_type}/{entity_id}/freeze","POST /api/enforcement/{entity_type}/{entity_id}/hold","POST /api/enforcement/{entity_type}/{entity_id}/restrict","POST /api/enforcement/{entity_type}/{entity_id}/suspend","POST /api/enforcement/{entity_type}/{entity_id}/revoke"],"semantic_extensions":["x-authoritative: true","x-semantic-warning"],"implementation_notes":"Enforcement overlays are the active enforcement actions applied to entities (freeze, hold, restrict, suspend, revoke). These are returned in EnforcementBlockedResponse (x-authoritative: true, x-semantic-warning per OA-ANNOTATE-01B). PSL-006: overlays are liftable except REVOCATION which is terminal. The enforcement/state endpoint returns current overlay state.","mapping_confidence":"HIGH","mapping_source":"OA-ANNOTATE-01B"}},{"term":"Guardian","canonical_sentence":"Guardian is the invariant-enforcement layer that protects protocol correctness by blocking mutations that would violate system invariants, regardless of CE outcome.","definition":"Guardian is the hard correctness layer. It blocks mutations that would violate protocol invariants, regardless of what the CE says. Guardian blocks are non-configurable and non-bypassable.","classification":"Enforcement & Guardian","authority_status":"Authoritative","normative_status":"REQUIRED","semantic_owner":"Guardian","machine_critical":"CRITICAL","cross_domain_stability":"UNIVERSAL","protocol_primitive":"YES","migration_risk":"HIGH","permitted":"Use to describe the invariant-enforcement layer.","prohibited":"Do not conflate with Enforcement — Guardian is invariant correctness, Enforcement is entity overlays.","api_refs":[],"related":["Guardian block","Invariant","Enforcement"],"domain_translations":{},"confidence":"HIGH","notes":"Critical distinction: Guardian ≠ Enforcement. Guardian = invariant correctness. Enforcement = entity-level overlays.","open_question":null,"drift_classification":"STABLE","governance_metadata":{"semantic_stability":"LOCKED","migration_risk":"HIGH","governance_status":"RATIFIED","last_reviewed":"2026-05-09","review_trigger":"Protocol v2.0 major revision"},"canonical_mapping":{"canonical_schema":"GuardianBlockedErrorResponse","canonical_field":null,"enum_reference":null,"openapi_reference":"#/components/schemas/GuardianBlockedErrorResponse","authoritative_routes":["POST /api/entitlements/{id}/consume","POST /api/authorisations"],"semantic_extensions":["x-authoritative: true (on GuardianBlockedErrorResponse)","x-semantic-warning"],"implementation_notes":"Guardian is not a resource schema — it is a protocol enforcement gating mechanism. The implementation surface is the GuardianBlockedErrorResponse schema (error response when Guardian blocks a mutation), which carries x-authoritative: true per OA-ANNOTATE-01B. GuardianBlockedErrorResponse fields: detail, error. PSL-004 governs: Guardian enforces invariants independently of CE outcome. The Guardian is independent of the Convergence Engine — it can block even when CE returns PASS. STABLE drift classification (DICT-02B) consistent.","mapping_confidence":"MEDIUM","mapping_source":"OA-ANNOTATE-01B"}},{"term":"Guardian block","canonical_sentence":"A Guardian block is a mutation rejection issued by Guardian because the requested operation would violate a protocol invariant.","definition":"Guardian blocks are hard rejections that cannot be overridden. They protect protocol correctness.","classification":"Enforcement & Guardian","authority_status":"Authoritative","normative_status":"REQUIRED","semantic_owner":"Guardian","machine_critical":"CRITICAL","cross_domain_stability":"UNIVERSAL","protocol_primitive":"NO","migration_risk":"MEDIUM","permitted":"Use to describe invariant-violation rejections.","prohibited":"Do not attempt to override or bypass Guardian blocks.","api_refs":[],"related":["Guardian","Invariant","Protocol violation"],"domain_translations":{},"confidence":"HIGH","notes":null,"open_question":null,"drift_classification":null,"governance_metadata":{},"canonical_mapping":{"canonical_schema":"GuardianBlockedErrorResponse","canonical_field":null,"enum_reference":null,"openapi_reference":"#/components/schemas/GuardianBlockedErrorResponse","authoritative_routes":["POST /api/entitlements/{id}/consume","POST /api/authorisations"],"semantic_extensions":["x-authoritative: true","x-semantic-warning"],"implementation_notes":"GuardianBlockedErrorResponse carries x-authoritative: true AND x-semantic-warning per OA-ANNOTATE-01B. Fields: detail, error. Guardian block is returned when the protocol Guardian (invariant enforcement layer) blocks a mutation despite CE outcome. The x-semantic-warning is consistent with DICT-02B STABLE drift classification.","mapping_confidence":"HIGH","mapping_source":"OA-ANNOTATE-01B"}},{"term":"Enforcement block","canonical_sentence":"An enforcement block is a BLOCKED outcome from the ENF dimension caused by an active enforcement overlay on the entity.","definition":"Enforcement blocks are recoverable — they can be lifted by removing the enforcement overlay.","classification":"Enforcement & Guardian","authority_status":"Authoritative","normative_status":"REQUIRED","semantic_owner":"Enforcement","machine_critical":"CRITICAL","cross_domain_stability":"UNIVERSAL","protocol_primitive":"NO","migration_risk":"MEDIUM","permitted":"Use to describe BLOCKED outcomes from the ENF dimension.","prohibited":"Do not conflate with Guardian block — enforcement blocks are recoverable.","api_refs":[],"related":["Enforcement overlay","BLOCKED","Guardian block"],"domain_translations":{},"confidence":"HIGH","notes":null,"open_question":null,"drift_classification":null,"governance_metadata":{},"canonical_mapping":{"canonical_schema":"EnforcementBlockedResponse","canonical_field":"blocking_action_type","enum_reference":null,"openapi_reference":"#/components/schemas/EnforcementBlockedResponse","authoritative_routes":["GET /api/entitlements/{id}/evaluation"],"semantic_extensions":["x-authoritative: true"],"implementation_notes":"Enforcement block maps to the ENF constraint dimension in evaluation. When enforcement overlays are active, the ENF dimension returns BLOCKED or DENIED. EnforcementBlockedResponse (x-authoritative: true) contains blocking_action_id, blocking_action_type, blocking_reason, blocking_scope. This is returned as an error response when enforcement prevents execution.","mapping_confidence":"HIGH","mapping_source":"OA-ANNOTATE-01B"}},{"term":"Suspension","canonical_sentence":"Suspension is an enforcement overlay that temporarily prevents exercise while the overlay is active.","definition":"Suspension is a recoverable enforcement action. The entity can be unsuspended to restore exercisability.","classification":"Enforcement & Guardian","authority_status":"Authoritative","normative_status":"REQUIRED","semantic_owner":"Enforcement","machine_critical":"SENSITIVE","cross_domain_stability":"UNIVERSAL","protocol_primitive":"NO","migration_risk":"MEDIUM","permitted":"Use to describe temporary enforcement overlays.","prohibited":"Do not treat suspension as a lifecycle state — it is an overlay.","api_refs":[],"related":["Enforcement overlay","Restriction"],"domain_translations":{},"confidence":"HIGH","notes":"SUSPENDED is an enforcement overlay, not a lifecycle state value.","open_question":null,"drift_classification":null,"governance_metadata":{},"canonical_mapping":{"canonical_schema":null,"canonical_field":null,"enum_reference":null,"openapi_reference":null,"authoritative_routes":[],"semantic_extensions":{},"implementation_notes":null,"mapping_confidence":null,"mapping_source":null}},{"term":"Restriction","canonical_sentence":"A Restriction is an enforcement overlay that limits specific operations on an entity without fully suspending it.","definition":"Restrictions are partial enforcement overlays that limit certain operations while leaving others available.","classification":"Enforcement & Guardian","authority_status":"Authoritative","normative_status":"RECOMMENDED","semantic_owner":"Enforcement","machine_critical":"SENSITIVE","cross_domain_stability":"UNIVERSAL","protocol_primitive":"NO","migration_risk":"MEDIUM","permitted":"Use to describe partial enforcement overlays.","prohibited":"Do not conflate with full suspension.","api_refs":[],"related":["Enforcement overlay","Suspension"],"domain_translations":{},"confidence":"HIGH","notes":null,"open_question":null,"drift_classification":null,"governance_metadata":{},"canonical_mapping":{"canonical_schema":null,"canonical_field":null,"enum_reference":null,"openapi_reference":null,"authoritative_routes":[],"semantic_extensions":{},"implementation_notes":null,"mapping_confidence":null,"mapping_source":null}},{"term":"Revocation","canonical_sentence":"Revocation is the enforcement action that permanently cancels an Entitlement, transitioning it to the REVOKED terminal state.","definition":"Revocation is a terminal enforcement action. Once revoked, an Entitlement cannot be restored.","classification":"Enforcement & Guardian","authority_status":"Authoritative","normative_status":"REQUIRED","semantic_owner":"Enforcement/Lifecycle","machine_critical":"CRITICAL","cross_domain_stability":"UNIVERSAL","protocol_primitive":"NO","migration_risk":"MEDIUM","permitted":"Use to describe permanent cancellation of Entitlements.","prohibited":"Do not reverse revocation — it is terminal.","api_refs":[],"related":["Revoked","Enforcement","Terminal state"],"domain_translations":{},"confidence":"HIGH","notes":null,"open_question":null,"drift_classification":null,"governance_metadata":{},"canonical_mapping":{"canonical_schema":"EnforcementBlockedResponse","canonical_field":"blocking_action_type","enum_reference":null,"openapi_reference":"#/components/schemas/EnforcementBlockedResponse","authoritative_routes":["POST /api/enforcement/{entity_type}/{entity_id}/revoke"],"semantic_extensions":["x-authoritative: true"],"implementation_notes":"Revocation maps to POST /api/enforcement/{entity_type}/{entity_id}/revoke. This is a terminal enforcement action (cannot be lifted per PSL-006). The blocking_action_type field on EnforcementBlockedResponse identifies REVOCATION as the blocking action type.","mapping_confidence":"MEDIUM","mapping_source":"direct inspection"}},{"term":"Dependency block","canonical_sentence":"A dependency block is a BLOCKED outcome from the DEP dimension caused by an unsatisfied prerequisite entity or operation.","definition":"Dependency blocks occur when a required prerequisite entity or operation has not been satisfied.","classification":"Enforcement & Guardian","authority_status":"Authoritative","normative_status":"REQUIRED","semantic_owner":"CE","machine_critical":"CRITICAL","cross_domain_stability":"UNIVERSAL","protocol_primitive":"NO","migration_risk":"MEDIUM","permitted":"Use to describe BLOCKED outcomes from the DEP dimension.","prohibited":"Do not conflate with enforcement blocks — dependency blocks are CE-evaluated.","api_refs":[],"related":["BLOCKED","Dimension","Constraint"],"domain_translations":{},"confidence":"HIGH","notes":"Evidence = missing Actor-provided input. Dependency = missing upstream protocol state.","open_question":null,"drift_classification":null,"governance_metadata":{},"canonical_mapping":{"canonical_schema":null,"canonical_field":"dimension_results","enum_reference":null,"openapi_reference":null,"authoritative_routes":["GET /api/entitlements/{id}/evaluation"],"semantic_extensions":[],"implementation_notes":"Dependency block maps to the DEP constraint dimension in evaluation. When cross-entitlement dependencies are not satisfied, the DEP dimension returns BLOCKED or DENIED. The dimension_summary array in the evaluation envelope includes the DEP dimension entry. No named schema for dependency constraints at present.","mapping_confidence":"MEDIUM","mapping_source":"direct inspection"}},{"term":"Invariant","canonical_sentence":"An Invariant is a protocol correctness rule that must hold at all times — violations are blocked by Guardian.","definition":"Invariants are non-negotiable correctness rules enforced by the Guardian layer. They cannot be configured or overridden.","classification":"Enforcement & Guardian","authority_status":"Authoritative","normative_status":"REQUIRED","semantic_owner":"Guardian","machine_critical":"CRITICAL","cross_domain_stability":"UNIVERSAL","protocol_primitive":"NO","migration_risk":"MEDIUM","permitted":"Use to describe non-negotiable correctness rules.","prohibited":"Do not allow invariant violations under any circumstances.","api_refs":[],"related":["Guardian","Guardian block","Protocol violation"],"domain_translations":{},"confidence":"HIGH","notes":null,"open_question":null,"drift_classification":null,"governance_metadata":{},"canonical_mapping":{"canonical_schema":"GuardianBlockedErrorResponse","canonical_field":null,"enum_reference":null,"openapi_reference":"#/components/schemas/GuardianBlockedErrorResponse","authoritative_routes":[],"semantic_extensions":["x-authoritative: true","x-semantic-warning"],"implementation_notes":"Protocol invariants are enforced by the Guardian (protocol enforcement layer independent of CE). The GuardianBlockedErrorResponse (x-authoritative: true, x-semantic-warning) is returned when an invariant violation is detected. PSL-004: Guardian enforces invariants independently of CE outcome.","mapping_confidence":"MEDIUM","mapping_source":"OA-ANNOTATE-01B"}},{"term":"Protocol violation","canonical_sentence":"A Protocol violation is an attempted operation that would break a system invariant, resulting in a Guardian block.","definition":"Protocol violations are detected by Guardian and result in hard rejection. They indicate a correctness issue in the calling code.","classification":"Enforcement & Guardian","authority_status":"Authoritative","normative_status":"REQUIRED","semantic_owner":"Guardian","machine_critical":"CRITICAL","cross_domain_stability":"UNIVERSAL","protocol_primitive":"NO","migration_risk":"MEDIUM","permitted":"Use to describe invariant-violating operations.","prohibited":"Do not suppress protocol violations — they indicate bugs.","api_refs":[],"related":["Invariant","Guardian block"],"domain_translations":{},"confidence":"HIGH","notes":null,"open_question":null,"drift_classification":null,"governance_metadata":{},"canonical_mapping":{"canonical_schema":"ProtocolErrorResponse","canonical_field":null,"enum_reference":null,"openapi_reference":"#/components/schemas/ProtocolErrorResponse","authoritative_routes":[],"semantic_extensions":["x-authoritative: true"],"implementation_notes":"ProtocolErrorResponse carries x-authoritative: true per OA-ANNOTATE-01B. Returned when a protocol rule is violated (e.g. invalid state transition, invariant breach). This is distinct from validation errors (ValidationErrorResponse) and enforcement blocks (EnforcementBlockedResponse).","mapping_confidence":"HIGH","mapping_source":"OA-ANNOTATE-01B"}},{"term":"Fail-closed","canonical_sentence":"Fail-closed is the Guardian principle that ambiguous or error conditions result in blocking rather than permitting mutations.","definition":"When Guardian encounters uncertainty, it blocks the operation. This prevents unsafe mutations in edge cases.","classification":"Enforcement & Guardian","authority_status":"Authoritative","normative_status":"REQUIRED","semantic_owner":"Guardian","machine_critical":"CRITICAL","cross_domain_stability":"UNIVERSAL","protocol_primitive":"NO","migration_risk":"MEDIUM","permitted":"Use to describe the Guardian's default-deny behaviour.","prohibited":"Do not implement fail-open behaviour for mutations.","api_refs":[],"related":["Guardian","Invariant"],"domain_translations":{},"confidence":"HIGH","notes":null,"open_question":null,"drift_classification":null,"governance_metadata":{},"canonical_mapping":{"canonical_schema":null,"canonical_field":null,"enum_reference":null,"openapi_reference":null,"authoritative_routes":[],"semantic_extensions":[],"implementation_notes":"Fail-closed is a protocol invariant (not a named schema or endpoint). Implementation: when constraint evaluation is missing or inconclusive, the Convergence Engine defaults to BLOCKED/DENIED rather than PASS. The MISSING applicability value on dimension_summary entries reflects this: a MISSING dimension is treated as blocking. No OpenAPI schema name maps directly to fail-closed — it is an invariant of the evaluation algorithm.","mapping_confidence":"LOW","mapping_source":"direct inspection"}},{"term":"Next action","canonical_sentence":"A Next action is the CE's recommended recovery step for an agent facing a BLOCKED evaluation outcome.","definition":"Next actions are recovery guidance returned with BLOCKED outcomes. Agents should validate before executing.","classification":"Agent & Recovery","authority_status":"Authoritative","normative_status":"REQUIRED","semantic_owner":"UAR","machine_critical":"CRITICAL","cross_domain_stability":"UNIVERSAL","protocol_primitive":"NO","migration_risk":"MEDIUM","permitted":"Use to describe recommended recovery steps.","prohibited":"Do not blindly execute next actions — validate first.","api_refs":[],"related":["UAR action","Recovery action","BLOCKED"],"domain_translations":{},"confidence":"HIGH","notes":"Actions are recovery guidance, NOT protocol truth. Agents must validate before executing.","open_question":null,"drift_classification":null,"governance_metadata":{},"canonical_mapping":{"canonical_schema":"NextAction","canonical_field":null,"enum_reference":null,"openapi_reference":"#/components/schemas/NextAction","authoritative_routes":["GET /api/entitlements/{id}/evaluation"],"semantic_extensions":["x-authoritative: true"],"implementation_notes":"NextAction carries x-authoritative: true per OA-ANNOTATE-01B. Fields: action, description, endpoint, method. Returned within evaluation responses to guide agent recovery paths. UARActionItem and UARActionType also carry x-authoritative: true.","mapping_confidence":"HIGH","mapping_source":"OA-ANNOTATE-01B"}},{"term":"UAR action","canonical_sentence":"A UAR action is a typed recovery operation from the canonical action set: ESCALATE, REDUCE_SCOPE, REQUEST_AUTHORISATION, RESOLVE_DEPENDENCY, UPGRADE, WAIT.","definition":"UAR (User Action Required) actions are the canonical set of recovery operations available to agents. DENY is internal-only.","classification":"Agent & Recovery","authority_status":"Authoritative","normative_status":"REQUIRED","semantic_owner":"UAR","machine_critical":"SENSITIVE","cross_domain_stability":"UNIVERSAL","protocol_primitive":"NO","migration_risk":"MEDIUM","permitted":"Use the canonical action types for recovery guidance.","prohibited":"Do not expose DENY as a user-facing action type.","api_refs":[],"related":["Next action","Recovery action"],"domain_translations":{},"confidence":"HIGH","notes":"Canonical types: ESCALATE, REDUCE_SCOPE, REQUEST_AUTHORISATION, RESOLVE_DEPENDENCY, UPGRADE, WAIT. DENY is internal-only.","open_question":null,"drift_classification":null,"governance_metadata":{},"canonical_mapping":{"canonical_schema":null,"canonical_field":null,"enum_reference":null,"openapi_reference":null,"authoritative_routes":[],"semantic_extensions":{},"implementation_notes":null,"mapping_confidence":null,"mapping_source":null}},{"term":"Recovery action","canonical_sentence":"A Recovery action is a concrete step an agent can take to resolve a blocking constraint and retry the operation.","definition":"Recovery actions provide actionable guidance for resolving BLOCKED outcomes. They map to specific UAR action types.","classification":"Agent & Recovery","authority_status":"Authoritative","normative_status":"RECOMMENDED","semantic_owner":"UAR","machine_critical":"SENSITIVE","cross_domain_stability":"UNIVERSAL","protocol_primitive":"NO","migration_risk":"MEDIUM","permitted":"Use to describe concrete recovery steps.","prohibited":"Do not execute recovery actions without validation.","api_refs":[],"related":["UAR action","Next action","Blocking constraint"],"domain_translations":{},"confidence":"HIGH","notes":null,"open_question":null,"drift_classification":null,"governance_metadata":{},"canonical_mapping":{"canonical_schema":null,"canonical_field":null,"enum_reference":null,"openapi_reference":null,"authoritative_routes":[],"semantic_extensions":{},"implementation_notes":null,"mapping_confidence":null,"mapping_source":null}},{"term":"Action","canonical_sentence":"Action is a general term for an operation or step — prefer the more specific Next action, UAR action, or Recovery action where precision matters.","definition":"Action is an overloaded term. Use the more specific variant when describing protocol operations.","classification":"Agent & Recovery","authority_status":"Non-authoritative Metadata","normative_status":"OPTIONAL","semantic_owner":"various","machine_critical":"SENSITIVE","cross_domain_stability":"UNIVERSAL","protocol_primitive":"NO","migration_risk":"LOW","permitted":"Use only where the specific action type is not relevant.","prohibited":"Do not use when Next action, UAR action, or Recovery action is more precise.","api_refs":[],"related":["Next action","UAR action","Recovery action"],"domain_translations":{},"confidence":"HIGH","notes":null,"open_question":null,"drift_classification":"AMBIGUOUS","governance_metadata":{"semantic_stability":"EVOLVING","migration_risk":"LOW","governance_status":"UNDER_REVIEW","last_reviewed":"2026-05-09","review_trigger":"UAR action type taxonomy finalisation"},"canonical_mapping":{"canonical_schema":"UARActionItem","canonical_field":"type","enum_reference":"UARActionType","openapi_reference":"#/components/schemas/UARActionItem","authoritative_routes":["GET /api/entitlements/{id}/evaluation"],"semantic_extensions":["x-authoritative: true"],"implementation_notes":"UARActionItem and UARActionType both carry x-authoritative: true per OA-ANNOTATE-01B. Actions are recovery instructions returned within BLOCKED evaluation responses. AMBIGUOUS drift classification (DICT-02B) — Action has multiple meanings (enforcement action, recovery action, UARActionItem). The canonical mapping here is to UARActionItem/Type as the most authoritative surface.","mapping_confidence":"HIGH","mapping_source":"OA-ANNOTATE-01B"}},{"term":"Retryable","canonical_sentence":"A retryable condition is one where the blocking constraint may be resolved and the operation re-attempted — BLOCKED outcomes are retryable, DENIED outcomes are not.","definition":"Retryable maps to BLOCKED outcomes. After resolving the blocking constraint, the agent may retry the operation.","classification":"Agent & Recovery","authority_status":"Authoritative","normative_status":"REQUIRED","semantic_owner":"CE/UAR","machine_critical":"CRITICAL","cross_domain_stability":"UNIVERSAL","protocol_primitive":"NO","migration_risk":"LOW","permitted":"Use to describe BLOCKED outcomes that may be resolved.","prohibited":"Do not describe DENIED outcomes as retryable.","api_refs":[],"related":["BLOCKED","Recoverable","Terminal"],"domain_translations":{},"confidence":"HIGH","notes":null,"open_question":null,"drift_classification":null,"governance_metadata":{},"canonical_mapping":{"canonical_schema":"NextAction","canonical_field":null,"enum_reference":null,"openapi_reference":"#/components/schemas/NextAction","authoritative_routes":[],"semantic_extensions":["x-authoritative: true"],"implementation_notes":"Retryable maps to the NextAction schema (x-authoritative: true per OA-ANNOTATE-01B), which provides agent recovery instructions after a BLOCKED outcome. UARActionType also carries x-authoritative: true and defines the set of recovery action types available.","mapping_confidence":"MEDIUM","mapping_source":"OA-ANNOTATE-01B"}},{"term":"Recoverable","canonical_sentence":"Recoverable is a synonym for retryable in recovery context — the blocking condition may be resolved.","definition":"Recoverable is interchangeable with retryable. Both indicate that the blocking constraint may be resolved.","classification":"Agent & Recovery","authority_status":"Authoritative","normative_status":"RECOMMENDED","semantic_owner":"CE/UAR","machine_critical":"SENSITIVE","cross_domain_stability":"UNIVERSAL","protocol_primitive":"NO","migration_risk":"LOW","permitted":"Use as a synonym for retryable in recovery contexts.","prohibited":"Do not describe DENIED or terminal conditions as recoverable.","api_refs":[],"related":["Retryable","BLOCKED"],"domain_translations":{},"confidence":"HIGH","notes":null,"open_question":null,"drift_classification":null,"governance_metadata":{},"canonical_mapping":{"canonical_schema":null,"canonical_field":null,"enum_reference":null,"openapi_reference":null,"authoritative_routes":[],"semantic_extensions":{},"implementation_notes":null,"mapping_confidence":null,"mapping_source":null}},{"term":"Terminal","canonical_sentence":"A terminal condition is one from which no recovery is possible — DENIED outcomes and terminal lifecycle states are non-recoverable.","definition":"Terminal conditions cannot be recovered. DENIED CE outcomes and terminal lifecycle states (CONSUMED, REVOKED) are non-recoverable.","classification":"Agent & Recovery","authority_status":"Authoritative","normative_status":"REQUIRED","semantic_owner":"CE/Lifecycle","machine_critical":"CRITICAL","cross_domain_stability":"UNIVERSAL","protocol_primitive":"NO","migration_risk":"LOW","permitted":"Use to describe non-recoverable conditions.","prohibited":"Do not attempt recovery actions on terminal conditions.","api_refs":[],"related":["DENIED","Terminal state","Retryable"],"domain_translations":{},"confidence":"HIGH","notes":null,"open_question":null,"drift_classification":null,"governance_metadata":{},"canonical_mapping":{"canonical_schema":"EntitlementState","canonical_field":null,"enum_reference":"consumed, expired, closed, paid, settled, declined, resolved","openapi_reference":"#/components/schemas/EntitlementState","authoritative_routes":["GET /api/lifecycle/matrix"],"semantic_extensions":["x-authoritative: true"],"implementation_notes":"Terminal states are defined within the EntitlementState enum (x-authoritative: true). Terminal states (no further transitions): consumed, expired, closed. Other states may be terminal depending on the lifecycle matrix. The /api/lifecycle/matrix endpoint returns valid transitions, from which terminal states can be inferred (states with no outgoing transitions).","mapping_confidence":"MEDIUM","mapping_source":"direct inspection"}},{"term":"Agent-critical","canonical_sentence":"Agent-critical marks protocol elements where agent misunderstanding could cause unsafe mutation, invalid replay, or broken recovery.","definition":"Agent-critical annotations flag elements that require careful handling by AI agents and automated systems.","classification":"Agent & Recovery","authority_status":"Authoritative","normative_status":"RECOMMENDED","semantic_owner":"Core Protocol","machine_critical":"CRITICAL","cross_domain_stability":"UNIVERSAL","protocol_primitive":"NO","migration_risk":"LOW","permitted":"Use to flag elements requiring careful agent handling.","prohibited":"Do not ignore agent-critical annotations in automated systems.","api_refs":[],"related":["Evaluation","Consume","Idempotency"],"domain_translations":{},"confidence":"HIGH","notes":null,"open_question":null,"drift_classification":null,"governance_metadata":{},"canonical_mapping":{"canonical_schema":"NextAction","canonical_field":null,"enum_reference":null,"openapi_reference":"#/components/schemas/NextAction","authoritative_routes":["GET /api/entitlements/{id}/evaluation"],"semantic_extensions":["x-authoritative: true"],"implementation_notes":"Agent-critical surfaces are those which AI agents must interpret correctly to achieve successful outcomes. The NextAction schema (x-authoritative: true) and the exercisable boolean in the evaluation envelope are the primary agent-critical surfaces. The ai_convenience sub-object in evaluation metadata (execution_status: EXECUTABLE/NOT_EXECUTABLE) provides agent-readable projections.","mapping_confidence":"MEDIUM","mapping_source":"direct inspection"}},{"term":"Orientation","canonical_sentence":"Orientation is the protocol discovery mechanism that provides agents with the entry points and workflow stages for interacting with the system.","definition":"The orientation endpoint (GET /api) provides a zero-knowledge discovery surface for agents to understand available operations.","classification":"Agent & Recovery","authority_status":"Authoritative","normative_status":"REQUIRED","semantic_owner":"Core Protocol","machine_critical":"SENSITIVE","cross_domain_stability":"UNIVERSAL","protocol_primitive":"NO","migration_risk":"MEDIUM","permitted":"Use to describe the protocol discovery mechanism.","prohibited":"Do not modify orientation responses based on actor context — they must be deterministic.","api_refs":["GET /api"],"related":["Read surface","Sandbox"],"domain_translations":{},"confidence":"HIGH","notes":null,"open_question":null,"drift_classification":null,"governance_metadata":{},"canonical_mapping":{"canonical_schema":null,"canonical_field":null,"enum_reference":null,"openapi_reference":null,"authoritative_routes":[],"semantic_extensions":{},"implementation_notes":null,"mapping_confidence":null,"mapping_source":null}},{"term":"Read surface","canonical_sentence":"A Read surface is a protocol endpoint that returns evaluation evidence or constraint state without performing mutations.","definition":"Read surfaces provide observation-only access to protocol state. They return evidence, not authoritative decisions.","classification":"Agent & Recovery","authority_status":"Authoritative","normative_status":"REQUIRED","semantic_owner":"CE","machine_critical":"SENSITIVE","cross_domain_stability":"UNIVERSAL","protocol_primitive":"NO","migration_risk":"MEDIUM","permitted":"Use to describe read-only evaluation endpoints.","prohibited":"Do not treat read surface results as authoritative for enforcement decisions — re-evaluate at exercise time.","api_refs":["GET /api/entitlements/{id}/evaluation"],"related":["Evaluation","Orientation"],"domain_translations":{},"confidence":"HIGH","notes":"Evidence only — stored results are NOT authoritative for enforcement decisions.","open_question":null,"drift_classification":null,"governance_metadata":{},"canonical_mapping":{"canonical_schema":null,"canonical_field":null,"enum_reference":null,"openapi_reference":null,"authoritative_routes":[],"semantic_extensions":{},"implementation_notes":null,"mapping_confidence":null,"mapping_source":null}},{"term":"Sandbox","canonical_sentence":"A Sandbox is a controlled test environment that provides non-production context for agents to perform live evaluation and consume flows.","definition":"The sandbox provides test identifiers, test entitlements, and a safe environment for agents to learn the protocol without affecting production data.","classification":"Agent & Recovery","authority_status":"Non-authoritative Metadata","normative_status":"RECOMMENDED","semantic_owner":"Core Protocol","machine_critical":"SENSITIVE","cross_domain_stability":"UNIVERSAL","protocol_primitive":"NO","migration_risk":"LOW","permitted":"Use to describe the test environment for agent learning.","prohibited":"Do not treat sandbox results as production data.","api_refs":["GET /api/sandbox"],"related":["Orientation","Test case"],"domain_translations":{},"confidence":"HIGH","notes":null,"open_question":null,"drift_classification":"NOT_FIRST_CLASS","governance_metadata":{"semantic_stability":"EVOLVING","migration_risk":"LOW","governance_status":"RATIFIED","last_reviewed":"2026-05-09","review_trigger":"Sandbox v2.0 specification"},"canonical_mapping":{"canonical_schema":"SandboxDiscovery","canonical_field":null,"enum_reference":null,"openapi_reference":"#/components/schemas/SandboxDiscovery","authoritative_routes":["GET /api/sandbox"],"semantic_extensions":["x-authoritative: false"],"implementation_notes":"SandboxDiscovery and SandboxTestCase carry x-authoritative: false per OA-ANNOTATE-01B. NOT_FIRST_CLASS drift classification (DICT-02B). Sandbox is a testing/development surface — not a protocol primitive. The sandbox routes serve test scenarios for integration development.","mapping_confidence":"HIGH","mapping_source":"OA-ANNOTATE-01B"}},{"term":"Test case","canonical_sentence":"A Test case is a predefined sandbox scenario that exercises a specific protocol flow with known inputs and expected outcomes.","definition":"Test cases provide structured learning scenarios for agents to understand protocol behaviour under specific conditions.","classification":"Agent & Recovery","authority_status":"Non-authoritative Metadata","normative_status":"OPTIONAL","semantic_owner":"Core Protocol","machine_critical":"SENSITIVE","cross_domain_stability":"UNIVERSAL","protocol_primitive":"NO","migration_risk":"LOW","permitted":"Use for structured agent learning scenarios.","prohibited":"Do not treat test case outcomes as production guarantees.","api_refs":[],"related":["Sandbox","Orientation"],"domain_translations":{},"confidence":"HIGH","notes":null,"open_question":null,"drift_classification":null,"governance_metadata":{},"canonical_mapping":{"canonical_schema":null,"canonical_field":null,"enum_reference":null,"openapi_reference":null,"authoritative_routes":[],"semantic_extensions":{},"implementation_notes":null,"mapping_confidence":null,"mapping_source":null}},{"term":"Claim","canonical_sentence":"A Claim is an insurance-profile structured request to exercise entitlement value under a Coverage Entitlement.","definition":"Claims are insurance-profile specific exercise requests. They map to the Consume operation at the core protocol level.","classification":"Profile Extension","authority_status":"Profile-authoritative","normative_status":"OPTIONAL","semantic_owner":"Insurance profile","machine_critical":"SENSITIVE","cross_domain_stability":"PROFILE-SCOPED","protocol_primitive":"NO","migration_risk":"HIGH","permitted":"Use in insurance-profile contexts for structured exercise requests.","prohibited":"Do not use Claim as a synonym for Consume in core protocol logic.","api_refs":[],"related":["Consume","Coverage","Incident"],"domain_translations":{"insurance claim":"Claim → Consume"},"confidence":"HIGH","notes":"Forbidden: Do not use Claim as a synonym for Consume in core protocol logic.","open_question":null,"drift_classification":"DOMAIN_ONLY","governance_metadata":{"semantic_stability":"STABLE","migration_risk":"HIGH","governance_status":"RATIFIED","last_reviewed":"2026-05-09","review_trigger":"Insurance profile v1.0 formalisation"},"canonical_mapping":{"canonical_schema":"Claim","canonical_field":null,"enum_reference":null,"openapi_reference":"#/components/schemas/Claim","authoritative_routes":["POST /api/claims","GET /api/claims/{id}","POST /api/claims/{id}/assess","POST /api/claims/{id}/transition"],"semantic_extensions":["x-semantic-warning"],"implementation_notes":"Claim schema carries x-semantic-warning per OA-ANNOTATE-01B (domain-specific term). DOMAIN_ONLY drift classification (DICT-02B) — 'claim' is an insurance-domain term, not a core protocol primitive. Maps to /api/claims/* route group. ClaimCreateRequest, ClaimAssessRequest/Response, ClaimTransitionRequest/Response, ClaimLine, ClaimLineCreateRequest/Update all carry x-semantic-warning. PSL-008 governs: claim is a domain term that must map to protocol operations at execution time.","mapping_confidence":"HIGH","mapping_source":"OA-ANNOTATE-01B"}},{"term":"Coverage","canonical_sentence":"Coverage is an insurance-profile interpretation of an Entitlement.","definition":"Coverage maps onto the Entitlement primitive in the insurance profile. It represents insured benefits under a policy.","classification":"Profile Extension","authority_status":"Profile-authoritative","normative_status":"OPTIONAL","semantic_owner":"Insurance profile","machine_critical":"SENSITIVE","cross_domain_stability":"DOMAIN-VARIABLE","protocol_primitive":"NO","migration_risk":"HIGH","permitted":"Use in insurance-profile contexts.","prohibited":"Do not use Coverage as a synonym for Entitlement in core protocol logic.","api_refs":[],"related":["Entitlement","Claim"],"domain_translations":{"insurance coverage":"Entitlement"},"confidence":"HIGH","notes":"Domain translation: insurance coverage → Entitlement.","open_question":null,"drift_classification":"DOMAIN_ONLY","governance_metadata":{"semantic_stability":"STABLE","migration_risk":"HIGH","governance_status":"RATIFIED","last_reviewed":"2026-05-09","review_trigger":"Insurance profile v1.0 formalisation"},"canonical_mapping":{"canonical_schema":"CoverageEvaluation","canonical_field":null,"enum_reference":null,"openapi_reference":"#/components/schemas/CoverageEvaluation","authoritative_routes":["POST /api/coverage/evaluate"],"semantic_extensions":["x-authoritative: false","x-semantic-warning"],"implementation_notes":"CoverageEvaluation carries x-authoritative: false and x-semantic-warning per OA-ANNOTATE-01B. DOMAIN_ONLY drift classification (DICT-02B) — 'coverage' is an insurance-domain term. CoverageEvaluateRequest also carries x-semantic-warning. SYN-NAME-01 §5 finding #14 flags CoverageEvaluation.evaluation_result for semantics overlap with 'outcome'. PSL-008: coverage is a domain term; must map to canonical evaluation/entitlement terms at protocol level.","mapping_confidence":"HIGH","mapping_source":"OA-ANNOTATE-01B"}},{"term":"Incident","canonical_sentence":"An Incident is an insurance-profile triggering event that may give rise to a Claim.","definition":"Incidents are the triggering events in the insurance profile that initiate the claims process.","classification":"Profile Extension","authority_status":"Profile-authoritative","normative_status":"OPTIONAL","semantic_owner":"Insurance profile","machine_critical":"SENSITIVE","cross_domain_stability":"PROFILE-SCOPED","protocol_primitive":"NO","migration_risk":"LOW","permitted":"Use in insurance-profile contexts for triggering events.","prohibited":"Do not use Incident in core protocol logic.","api_refs":[],"related":["Claim","Coverage"],"domain_translations":{"travel disruption event":"Incident"},"confidence":"HIGH","notes":null,"open_question":null,"drift_classification":"DOMAIN_ONLY","governance_metadata":{"semantic_stability":"STABLE","migration_risk":"LOW","governance_status":"RATIFIED","last_reviewed":"2026-05-09","review_trigger":"Insurance profile v1.0 formalisation"},"canonical_mapping":{"canonical_schema":null,"canonical_field":null,"enum_reference":null,"openapi_reference":null,"authoritative_routes":[],"semantic_extensions":[],"implementation_notes":"DOMAIN_ONLY drift classification (DICT-02B). No named Incident schema in OpenAPI. The incidents table exists in the database (CLAUDE.md) but no public API endpoint maps to it directly in the OpenAPI spec. Domain-specific term used in insurance and service verticals.","mapping_confidence":"LOW","mapping_source":"direct inspection"}},{"term":"Claim line","canonical_sentence":"A Claim line is an individual item within a structured Claim, representing a specific benefit or service claimed.","definition":"Claim lines break down a Claim into individual benefit items for processing and settlement.","classification":"Profile Extension","authority_status":"Profile-authoritative","normative_status":"OPTIONAL","semantic_owner":"Insurance profile","machine_critical":"SENSITIVE","cross_domain_stability":"PROFILE-SCOPED","protocol_primitive":"NO","migration_risk":"LOW","permitted":"Use in insurance-profile contexts for itemised claim breakdown.","prohibited":"Do not use in core protocol logic.","api_refs":[],"related":["Claim","Coverage"],"domain_translations":{},"confidence":"HIGH","notes":null,"open_question":null,"drift_classification":null,"governance_metadata":{},"canonical_mapping":{"canonical_schema":null,"canonical_field":null,"enum_reference":null,"openapi_reference":null,"authoritative_routes":[],"semantic_extensions":{},"implementation_notes":null,"mapping_confidence":null,"mapping_source":null}},{"term":"Itinerary","canonical_sentence":"An Itinerary is a travel-profile journey scope that maps to Container metadata in the core protocol.","definition":"Itineraries represent travel journey structure in the travel profile. They map to Container metadata at the core level.","classification":"Profile Extension","authority_status":"Profile-authoritative","normative_status":"OPTIONAL","semantic_owner":"Travel profile","machine_critical":"SENSITIVE","cross_domain_stability":"PROFILE-SCOPED","protocol_primitive":"NO","migration_risk":"LOW","permitted":"Use in travel-profile contexts.","prohibited":"Do not use in core protocol logic.","api_refs":[],"related":["Itinerary node","Container"],"domain_translations":{"travel itinerary":"Container metadata"},"confidence":"HIGH","notes":null,"open_question":null,"drift_classification":"DOMAIN_ONLY","governance_metadata":{"semantic_stability":"STABLE","migration_risk":"LOW","governance_status":"RATIFIED","last_reviewed":"2026-05-09","review_trigger":"Travel profile v1.0 formalisation"},"canonical_mapping":{"canonical_schema":"Itinerary","canonical_field":"state","enum_reference":null,"openapi_reference":"#/components/schemas/Itinerary","authoritative_routes":["POST /api/itineraries","GET /api/itineraries/{id}"],"semantic_extensions":[],"implementation_notes":"Itinerary.state is the canonical lifecycle field per SYN-NAME-02 (state renamed from status). Itinerary.status is deprecated (x-replaced-by: state). Note: Itinerary.state runtime population is DEFERRED (SYN-NAME-02 deferred item — schema added, runtime wiring pending). x-domain-profile: travel. SYN-NAME-02 COMPLETE for schema (commit 36b5b465, deploy 2026-05-10).","mapping_confidence":"LOW","mapping_source":"direct inspection"}},{"term":"Itinerary node","canonical_sentence":"An Itinerary node is a waypoint or segment within an Itinerary.","definition":"Itinerary nodes represent individual stops, flights, or segments within a travel itinerary.","classification":"Profile Extension","authority_status":"Profile-authoritative","normative_status":"OPTIONAL","semantic_owner":"Travel profile","machine_critical":"SENSITIVE","cross_domain_stability":"PROFILE-SCOPED","protocol_primitive":"NO","migration_risk":"LOW","permitted":"Use in travel-profile contexts.","prohibited":"Do not use in core protocol logic.","api_refs":[],"related":["Itinerary"],"domain_translations":{},"confidence":"HIGH","notes":null,"open_question":null,"drift_classification":null,"governance_metadata":{},"canonical_mapping":{"canonical_schema":null,"canonical_field":null,"enum_reference":null,"openapi_reference":null,"authoritative_routes":[],"semantic_extensions":{},"implementation_notes":null,"mapping_confidence":null,"mapping_source":null}},{"term":"Availability","canonical_sentence":"Availability is a profile-level informational snapshot of current resource state — it is not a reservation confirmation.","definition":"Availability snapshots are point-in-time views of resource state. They do not guarantee future availability and must not be treated as reservations.","classification":"Profile Extension","authority_status":"Presentation-only","normative_status":"OPTIONAL","semantic_owner":"Travel/Commerce","machine_critical":"SENSITIVE","cross_domain_stability":"PROFILE-SCOPED","protocol_primitive":"NO","migration_risk":"LOW","permitted":"Use for informational snapshots of resource state.","prohibited":"Do not treat availability as a reservation confirmation.","api_refs":[],"related":["Reservation","Hold"],"domain_translations":{},"confidence":"HIGH","notes":"Availability snapshots must not be treated as reservation confirmations.","open_question":null,"drift_classification":"PRESENTATION_ONLY","governance_metadata":{"semantic_stability":"STABLE","migration_risk":"LOW","governance_status":"RATIFIED","last_reviewed":"2026-05-09","review_trigger":"Addition of first-class Reservation primitive"},"canonical_mapping":{"canonical_schema":"AvailabilitySnapshot","canonical_field":null,"enum_reference":null,"openapi_reference":"#/components/schemas/AvailabilitySnapshot","authoritative_routes":[],"semantic_extensions":["x-presentation-only: true","x-authoritative: false","x-semantic-warning"],"implementation_notes":"AvailabilitySnapshot carries x-presentation-only: true, x-authoritative: false, and x-semantic-warning per OA-ANNOTATE-01B. PRESENTATION_ONLY drift classification (DICT-02B) consistent. Availability is a presentation-layer concept derived from Entitlement/Container capacity data.","mapping_confidence":"HIGH","mapping_source":"OA-ANNOTATE-01B"}},{"term":"Product reference","canonical_sentence":"A Product reference is a profile-level identifier linking an Entitlement to an external product catalogue.","definition":"Product references provide the link between protocol Entitlements and external product/service catalogues.","classification":"Profile Extension","authority_status":"Non-authoritative Metadata","normative_status":"OPTIONAL","semantic_owner":"Commerce profile","machine_critical":"SAFE","cross_domain_stability":"PROFILE-SCOPED","protocol_primitive":"NO","migration_risk":"LOW","permitted":"Use for external product catalogue references.","prohibited":"Do not use as a substitute for Entitlement identity.","api_refs":[],"related":["Entitlement"],"domain_translations":{},"confidence":"HIGH","notes":null,"open_question":null,"drift_classification":null,"governance_metadata":{},"canonical_mapping":{"canonical_schema":null,"canonical_field":null,"enum_reference":null,"openapi_reference":null,"authoritative_routes":[],"semantic_extensions":{},"implementation_notes":null,"mapping_confidence":null,"mapping_source":null}},{"term":"Supplier","canonical_sentence":"A Supplier is a profile-level entity that provides the resource or service underlying an Entitlement.","definition":"Suppliers are external entities referenced in profile metadata. They are not core protocol entities.","classification":"Profile Extension","authority_status":"Non-authoritative Metadata","normative_status":"OPTIONAL","semantic_owner":"Commerce profile","machine_critical":"SAFE","cross_domain_stability":"PROFILE-SCOPED","protocol_primitive":"NO","migration_risk":"LOW","permitted":"Use for external supplier references.","prohibited":"Do not treat as a core protocol entity.","api_refs":[],"related":["Resource","Product reference"],"domain_translations":{},"confidence":"HIGH","notes":null,"open_question":null,"drift_classification":null,"governance_metadata":{},"canonical_mapping":{"canonical_schema":null,"canonical_field":null,"enum_reference":null,"openapi_reference":null,"authoritative_routes":[],"semantic_extensions":{},"implementation_notes":null,"mapping_confidence":null,"mapping_source":null}},{"term":"Policy number","canonical_sentence":"A Policy number is an insurance-profile external identifier for the insurance policy document.","definition":"Policy numbers are external identifiers from the insurance domain. They reference the insurance policy (which maps to Container in the core protocol).","classification":"Profile Extension","authority_status":"Non-authoritative Metadata","normative_status":"OPTIONAL","semantic_owner":"Insurance profile","machine_critical":"SENSITIVE","cross_domain_stability":"PROFILE-SCOPED","protocol_primitive":"NO","migration_risk":"LOW","permitted":"Use in insurance-profile contexts for external policy references.","prohibited":"Do not use as a substitute for Container identity.","api_refs":[],"related":["Container","Policy"],"domain_translations":{},"confidence":"HIGH","notes":null,"open_question":null,"drift_classification":null,"governance_metadata":{},"canonical_mapping":{"canonical_schema":null,"canonical_field":null,"enum_reference":null,"openapi_reference":null,"authoritative_routes":[],"semantic_extensions":{},"implementation_notes":null,"mapping_confidence":null,"mapping_source":null}},{"term":"Policyholder","canonical_sentence":"A Policyholder is the insurance-profile term for the Holder of an insurance Container.","definition":"Policyholder maps to Holder in the core protocol. It is the named insured on a policy.","classification":"Profile Extension","authority_status":"Non-authoritative Metadata","normative_status":"OPTIONAL","semantic_owner":"Insurance profile","machine_critical":"SENSITIVE","cross_domain_stability":"PROFILE-SCOPED","protocol_primitive":"NO","migration_risk":"LOW","permitted":"Use in insurance-profile contexts.","prohibited":"Do not use as a synonym for Holder in core protocol logic.","api_refs":[],"related":["Holder","Container"],"domain_translations":{"policyholder":"Holder"},"confidence":"HIGH","notes":null,"open_question":null,"drift_classification":"DOMAIN_ONLY","governance_metadata":{"semantic_stability":"STABLE","migration_risk":"LOW","governance_status":"RATIFIED","last_reviewed":"2026-05-09","review_trigger":"Insurance profile v1.0 formalisation"},"canonical_mapping":{"canonical_schema":null,"canonical_field":"policyholder_name","enum_reference":null,"openapi_reference":null,"authoritative_routes":[],"semantic_extensions":["x-semantic-warning"],"implementation_notes":"QUARANTINED TERM — SYN-NAME-01 §5 findings #12, #17: policyholder/policyholder_name/policyholder_email appear as fields on the Container schema (insurance-domain leakage into core). PSL-008 violation: domain language present in core schema without profile isolation. DOMAIN_ONLY drift classification (DICT-02B) consistent with quarantine. Planned remediation: SYN-NAME-13 (remove policyholder fields from core Container schema). Container.policy_number is marked x-replaced-by: external_ref (OA-ANNOTATE-01B §17 issue #5). No canonical schema named 'Policyholder' exists.","mapping_confidence":"LOW","mapping_source":"SYN-NAME-01"}},{"term":"Traveller","canonical_sentence":"A Traveller is the travel-profile term for the Holder or Beneficiary of a travel Entitlement.","definition":"Traveller maps to Holder or Beneficiary in the core protocol depending on context.","classification":"Profile Extension","authority_status":"Non-authoritative Metadata","normative_status":"OPTIONAL","semantic_owner":"Travel profile","machine_critical":"SAFE","cross_domain_stability":"PROFILE-SCOPED","protocol_primitive":"NO","migration_risk":"LOW","permitted":"Use in travel-profile contexts.","prohibited":"Do not use as a synonym for Holder in core protocol logic.","api_refs":[],"related":["Holder","Beneficiary"],"domain_translations":{},"confidence":"HIGH","notes":null,"open_question":null,"drift_classification":null,"governance_metadata":{},"canonical_mapping":{"canonical_schema":null,"canonical_field":null,"enum_reference":null,"openapi_reference":null,"authoritative_routes":[],"semantic_extensions":{},"implementation_notes":null,"mapping_confidence":null,"mapping_source":null}},{"term":"Booking","canonical_sentence":"Booking is an ambiguous profile term that may map to Container, Entitlement, or an external reference depending on profile context.","definition":"Booking is profile-dependent and must be explicitly mapped to the correct core protocol entity in each usage context.","classification":"Profile Extension","authority_status":"Non-authoritative Metadata","normative_status":"OPTIONAL","semantic_owner":"Travel/Commerce","machine_critical":"SENSITIVE","cross_domain_stability":"DOMAIN-VARIABLE","protocol_primitive":"NO","migration_risk":"MEDIUM","permitted":"Use only with explicit profile mapping to Container, Entitlement, or external reference.","prohibited":"Do not use without explicit mapping — it is ambiguous.","api_refs":[],"related":["Container","Entitlement"],"domain_translations":{},"confidence":"MEDIUM","notes":"Requires explicit profile mapping for each usage.","open_question":null,"drift_classification":"AMBIGUOUS","governance_metadata":{"semantic_stability":"EVOLVING","migration_risk":"MEDIUM","governance_status":"PROPOSED","last_reviewed":"2026-05-09","review_trigger":"Travel profile v1.0 formalisation"},"canonical_mapping":{"canonical_schema":null,"canonical_field":null,"enum_reference":null,"openapi_reference":null,"authoritative_routes":[],"semantic_extensions":[],"implementation_notes":"No OpenAPI schema exists for 'booking'. OA-ANNOTATE-01B §9 explicitly identifies 'booking' as one of 4 forbidden synonym pairs with no OpenAPI mapping. Empty canonical mapping per OA-ANNOTATE-01B §9 evidence. AMBIGUOUS drift classification (DICT-02B) — identified as an unmapped synonym with high drift risk. No mapping is invented here; the absence is deliberate and honest.","mapping_confidence":"LOW","mapping_source":"OA-ANNOTATE-01B"}},{"term":"Membership","canonical_sentence":"Membership is a loyalty-profile term for a Container that represents a membership account scope.","definition":"Membership maps to Container in the loyalty profile. It represents the account scope under which loyalty Entitlements exist.","classification":"Profile Extension","authority_status":"Non-authoritative Metadata","normative_status":"OPTIONAL","semantic_owner":"Loyalty profile","machine_critical":"SENSITIVE","cross_domain_stability":"PROFILE-SCOPED","protocol_primitive":"NO","migration_risk":"LOW","permitted":"Use in loyalty-profile contexts.","prohibited":"Do not use as a synonym for Container in core protocol logic.","api_refs":[],"related":["Container","Wallet"],"domain_translations":{"loyalty membership":"Container"},"confidence":"HIGH","notes":null,"open_question":null,"drift_classification":"DOMAIN_ONLY","governance_metadata":{"semantic_stability":"STABLE","migration_risk":"LOW","governance_status":"RATIFIED","last_reviewed":"2026-05-09","review_trigger":"Loyalty profile v1.0 formalisation"},"canonical_mapping":{"canonical_schema":null,"canonical_field":null,"enum_reference":null,"openapi_reference":null,"authoritative_routes":[],"semantic_extensions":[],"implementation_notes":"DOMAIN_ONLY drift classification (DICT-02B). 'Membership' is a loyalty/subscription domain synonym for Container (loyalty membership account → Container per domain_translations in dictionary). No canonical schema named 'Membership' exists.","mapping_confidence":"LOW","mapping_source":"direct inspection"}},{"term":"Wallet","canonical_sentence":"A Wallet is a presentation-only aggregate view of multiple Entitlements — it is not a protocol entity.","definition":"Wallets are UI constructs that aggregate Entitlements for display. They are not protocol entities and carry no authority.","classification":"Profile Extension","authority_status":"Presentation-only","normative_status":"OPTIONAL","semantic_owner":"UI/Presentation","machine_critical":"SAFE","cross_domain_stability":"DOMAIN-VARIABLE","protocol_primitive":"NO","migration_risk":"LOW","permitted":"Use as a presentation aggregate for Entitlements.","prohibited":"Do not treat Wallet as a protocol entity — it is presentation-only.","api_refs":[],"related":["Entitlement","Membership"],"domain_translations":{},"confidence":"HIGH","notes":"Wallet is presentation-only — not a protocol entity.","open_question":null,"drift_classification":"PRESENTATION_ONLY","governance_metadata":{"semantic_stability":"STABLE","migration_risk":"LOW","governance_status":"RATIFIED","last_reviewed":"2026-05-09","review_trigger":"Addition of any wallet-like protocol entity"},"canonical_mapping":{"canonical_schema":null,"canonical_field":null,"enum_reference":null,"openapi_reference":null,"authoritative_routes":[],"semantic_extensions":["x-presentation-only: true (inferred)"],"implementation_notes":"PRESENTATION_ONLY drift classification (DICT-02B). 'Wallet' is a UI/presentation concept with no protocol-level schema. Wallets are presentation views over Entitlement collections. No canonical schema named 'Wallet' exists in OpenAPI.","mapping_confidence":"LOW","mapping_source":"direct inspection"}},{"term":"Loyalty","canonical_sentence":"Loyalty is a domain profile for points-based and membership entitlement systems.","definition":"The loyalty profile maps loyalty program concepts onto the core protocol: membership → Container, points → Entitlement capacity, redemption → Consume.","classification":"Profile Extension","authority_status":"Non-authoritative Metadata","normative_status":"OPTIONAL","semantic_owner":"Loyalty profile","machine_critical":"SENSITIVE","cross_domain_stability":"PROFILE-SCOPED","protocol_primitive":"NO","migration_risk":"LOW","permitted":"Use as a domain profile reference.","prohibited":"Do not allow loyalty terminology to colonise core protocol schemas.","api_refs":[],"related":["Membership","Entitlement","Consume"],"domain_translations":{"loyalty points":"Entitlement capacity"},"confidence":"HIGH","notes":null,"open_question":null,"drift_classification":"DOMAIN_ONLY","governance_metadata":{"semantic_stability":"STABLE","migration_risk":"LOW","governance_status":"RATIFIED","last_reviewed":"2026-05-09","review_trigger":"Loyalty profile v1.0 formalisation"},"canonical_mapping":{"canonical_schema":null,"canonical_field":null,"enum_reference":null,"openapi_reference":null,"authoritative_routes":[],"semantic_extensions":[],"implementation_notes":"DOMAIN_ONLY drift classification (DICT-02B). 'Loyalty' is a vertical domain term with no canonical schema mapping. Loyalty programmes are modelled as Containers with Entitlements in the protocol. PSL-008: domain terms must map to canonical terms before execution.","mapping_confidence":"LOW","mapping_source":"direct inspection"}},{"term":"Gift card","canonical_sentence":"A Gift card is a commerce-profile Entitlement with fixed capacity representing stored monetary value.","definition":"Gift cards map to Entitlements with capacity in the commerce profile. Gift card balance = Entitlement capacity. Redemption = Consume.","classification":"Profile Extension","authority_status":"Non-authoritative Metadata","normative_status":"OPTIONAL","semantic_owner":"Commerce profile","machine_critical":"SENSITIVE","cross_domain_stability":"PROFILE-SCOPED","protocol_primitive":"NO","migration_risk":"LOW","permitted":"Use in commerce-profile contexts.","prohibited":"Do not treat gift card balance as separate from Entitlement capacity.","api_refs":[],"related":["Entitlement","Capacity","Consume"],"domain_translations":{"gift card balance":"Entitlement capacity","gift card redemption":"Consume"},"confidence":"HIGH","notes":null,"open_question":null,"drift_classification":"DOMAIN_ONLY","governance_metadata":{"semantic_stability":"STABLE","migration_risk":"LOW","governance_status":"RATIFIED","last_reviewed":"2026-05-09","review_trigger":"Commerce profile v1.0 formalisation"},"canonical_mapping":{"canonical_schema":null,"canonical_field":null,"enum_reference":null,"openapi_reference":null,"authoritative_routes":[],"semantic_extensions":[],"implementation_notes":"DOMAIN_ONLY drift classification (DICT-02B). 'Gift card' is a commerce/loyalty domain synonym for a stored-value Entitlement. No canonical schema named 'GiftCard' exists. PSL-008: domain terms must map to canonical Entitlement before protocol execution.","mapping_confidence":"LOW","mapping_source":"direct inspection"}},{"term":"Subscription","canonical_sentence":"A Subscription is a time-bounded Entitlement governed by the TMP dimension for access period control.","definition":"Subscriptions map to time-bounded Entitlements in the core protocol. The TMP dimension controls access period evaluation.","classification":"Profile Extension","authority_status":"Non-authoritative Metadata","normative_status":"OPTIONAL","semantic_owner":"Commerce profile","machine_critical":"SENSITIVE","cross_domain_stability":"PROFILE-SCOPED","protocol_primitive":"NO","migration_risk":"LOW","permitted":"Use in commerce-profile contexts.","prohibited":"Do not treat subscription access as separate from Entitlement + TMP evaluation.","api_refs":[],"related":["Entitlement","Dimension"],"domain_translations":{"subscription access":"Time-bounded Entitlement"},"confidence":"HIGH","notes":null,"open_question":null,"drift_classification":"DOMAIN_ONLY","governance_metadata":{"semantic_stability":"STABLE","migration_risk":"LOW","governance_status":"RATIFIED","last_reviewed":"2026-05-09","review_trigger":"Commerce profile v1.0 formalisation"},"canonical_mapping":{"canonical_schema":null,"canonical_field":null,"enum_reference":null,"openapi_reference":null,"authoritative_routes":[],"semantic_extensions":[],"implementation_notes":"DOMAIN_ONLY drift classification (DICT-02B). 'Subscription' is a SaaS/commerce domain synonym for Container (subscription plan → Container). No canonical schema named 'Subscription' exists. PSL-008: subscription domain terms must map to canonical Container/Entitlement before protocol execution.","mapping_confidence":"LOW","mapping_source":"direct inspection"}}]}