Deliverable A · "Ternary Logic" (TL) Governance API

OpenAPI Specification

Version 1.0.0-tl-monograph-2026 · OpenAPI 3.1.0

Author

Lev Goukassian

ORCID

0009-0006-5966-1243

Repository

FractonicMind/TernaryLogic

DOI 1

10.1007/s43681-025-00910-6

DOI 2

10.1007/s43681-026-01124-0

Raw Spec

tl_openapi.yaml

"Pause when truth is uncertain" → State 0 (Epistemic Hold)
"Refuse when harm is clear" → State -1 (Refuse)
"Proceed where truth is" → State +1 (Proceed)

Immutable mandates No SpyNo WeaponNo Switch Off

Servers

Sandboxhttps://api.sandbox.tl-governance.org/v1

Staginghttps://api.staging.tl-governance.org/v1

Productionhttps://api.tl-governance.org/v1

Security Schemes

TLGovernanceJWT

JWT with TL governance claims. Used on all Inference Lane endpoints. Proposal rights only — cannot issue Permission Tokens.

NLNAAuditToken

Audit lane completion token. Cryptographically bound to X-TL-Trace-Id of the originating Inference Lane request. laneOrigin claim MUST be "AUDIT_LANE".

HSMSignedJWT

HSM-signed JWT for Audit and Governance Lane security. Required for state-mutating audit operations.

CAVettedJWT

Certificate Authority-vetted JWT for auditor and regulator endpoints.

PUFAttestationHeader

Physical Unclonable Function attestation token. FUTURE for full MT deployments. Non-MT: NULL_PUF_DEPLOYMENT sentinel.

Webhooks

epistemicHold.escalation

Async notification when Epistemic Hold triggers human review. HMAC-SHA256 signed. Min 3 attempts over 15 minutes with exponential backoff. Dedup key: escalationId. Pillar: EpistemicHold.

lanternStatus.broadcast

Goukassian Principle Lantern public beacon update. HMAC-SHA256 signed. Best-effort. Dedup key: lanternSignalId. Pillar: GoukassianPrinciple.

Core States

POST /emergency/override SHIPPING Break-glass shutdown, kill switch, or forced state transition

SecurityHSMSignedJWT

PillarHybridShield (VII)

ConstraintNL=NA without exception. forcedState enum [−1, 0] only. Forced +1 constitutionally blocked. Monograph Section IX.3.

Responses201 StateEnvelope · 403 ProblemResponse

GET /emergency/status SHIPPING Current emergency override status

SecurityTLGovernanceJWT

PillarHybridShield (VII)

ReturnsoverrideActive bool, activeOverrideType, forcedState, expiresAt

POST /refusals SHIPPING Record hard State −1 Refuse — no Permission Token issued

SecurityHSMSignedJWT

PillarImmutableLedger (II)

Responses201 StateEnvelope (stateLabel: "Refuse")

POST /refusals/license-violations SHIPPING Record Goukassian Principle license violation refusal

PillarGoukassianPrinciple (III)

BodydecisionId · violatedArtifact (lantern | signature | license) · violationDescription

Decision Engine

POST /decisions SHIPPING Submit decision vector for TL governance evaluation

SecurityTLGovernanceJWT

PillarEpistemicHold (I)

NL=NAState +1 from this endpoint does NOT authorize actuation. Permission Token required from POST /audit-logs.

RequiredHeaders: X-TL-Trace-Id (UUID v4), Idempotency-Key (UUID v4)

BodydecisionVector · proposedAction · GoukassianPrincipleBlock · [RegulatoryContext] · [domain]

Returns200 TLResult + decisionId · 400/401/403/429/500 ProblemResponse

GET /decisions/{decisionId} SHIPPING Retrieve decision record with current state

PillarDecisionLogs (IV)

Returns200 StateEnvelope + TLResult · 404 if not found

Epistemic Hold

GET/epistemic-hold/escalationsSHIPPINGHuman-in-the-loop review queue

PillarEpistemicHold (I)

Filterstatus · pillarImplicated

GET/epistemic-hold/escalations/{escalationId}SHIPPINGFull escalation case detail

ReturnsescalationId · decisionId · EscrowRecord · deliberationMatrix · resolutionRequest

PATCH/epistemic-hold/escalations/{escalationId}SHIPPINGHuman authority resolution

ConstraintresolvedState enum [1, −1]. State 0 is constitutionally invalid as resolution. Requires TriCameralApproval.

GET/epistemic-hold/lanternSHIPPINGGoukassian Principle Lantern status

PillarGoukassianPrinciple (III)

ReturnsLanternStatus — artifactName const "lantern" · compliancePosture · pillarStatuses[8]

Goukassian Principle

GET/goukassian/signatureSHIPPINGCurrent Signature Block

ReturnsSignatureBlock — artifactName const "signature" · signatureAlgorithm (ES256/Ed25519; PQC slots 6–7 reserved) · attestationChainStatus

POST/goukassian/license/validateSHIPPINGValidate license scope against proposed action

BodyartifactName (const "license") · licenseToken · requestingEntityId · purposeOfUse · [proposedActionVector]

ConstraintExceeded licenseScope triggers automatic Refuse (State −1).

Audit and Anchoring

POST/audit-logsSHIPPINGSubmit TGLF — central NL=NA enforcement point

SecurityHSMSignedJWT + NLNAAuditToken

NL=NAAuditProof.logHash MUST = PermissionToken.logHash. AuditProof.merkleRoot MUST = PermissionToken.merkleRoot (Layer 4).

Returns201 StateEnvelope — +1 includes PermissionToken, 0 includes EscrowRecord + webhook fires, −1 no token

GET/audit-logs/{logId}SHIPPINGRetrieve anchored TGLF record

PillarImmutableLedger (II)

GET/audit/verifications/merkle/{merkleRoot}SHIPPINGVerify Merkle root against blockchain anchor

PillarAnchors (VIII)

GET/audit/verifications/inclusion/{logId}SHIPPINGGet log inclusion proof with full Merkle path

ReturnsmerkleRoot · merklePath[] · leafHash · verified bool

GET/audit/custodians/{custodianId}/heartbeatSHIPPINGHybridShield custodian liveness check

PillarHybridShield (VII)

GET/audit/compliance/attestationSHIPPINGSigned Eight Pillar compliance attestation

ReturnspillarAttestations[8] with complianceStatus per pillar · SignatureBlock

Redress and Appeal

POST/redress/challengesSHIPPINGSubject-initiated challenge against TL state determination

PillarEconomicRights (V)

GET/redress/challenges/{challengeId}SHIPPINGChallenge status and outcome

Returnsstatus: PENDING | UNDER_REVIEW | RESOLVED_UPHELD | RESOLVED_OVERTURNED

POST/redress/log-reevaluationSHIPPINGTGLF re-evaluation — original log immutable

ConstraintimmutabilityConfirmed: true is const. Original log never modified.

POST/redress/economic-rights-grievancesSHIPPINGFormal economic rights grievance under Pillar V

CategoriesFINANCIAL_FAIRNESS | EQUITABLE_ACCESS | TRANSPARENCY_DEFICIT | REGULATORY_VIOLATION

Regulatory Compliance

POST/regulator/evidence-exportSHIPPINGBulk regulatory evidence export (async)

SecurityCAVettedJWT

Returns202 Accepted with exportJobId

GET/regulator/custodian-quorumSHIPPINGCross-jurisdiction HybridShield quorum status

NotecrossJurisdictionLatencyMs field present. Sub-300ms global quorum is FUTURE per Section X.

GET/regulator/timestamp-verification/{logId}SHIPPINGRFC 3161 qualified timestamp verification

ReturnstimestampVerified bool · rfc3161Token · tsaIssuer · timestampedAt

GET/regulator/basel-iii/attestationSHIPPINGBasel III capital adequacy attestation

Returnslcr · nsfr · capitalRatio · stressTestPassed · counterpartyExposureWithinLimits · SignatureBlock

POST/regulator/fatf/compliance-exportSHIPPINGFATF AML/CFT compliance export with SAR trigger

Returns202 with exportJobId · sarGenerationTriggered bool

GET/regulator/iosco/principle-mappingSHIPPINGIOSCO principle compliance mapping

ReturnsprinciplesMapped[] · marketIntegrityChecks (layering/spoofing/washTrading/crossMarket)

Gateway

GET/gateway/statusSHIPPINGTL Gateway status — fail-closed posture, lane health, Lantern

ReturnsGatewayRoutingStatus — operationalStatus includes EPISTEMIC_HOLD_OVERRIDE_ACTIVE and FAIL_CLOSED

POST/gateway/lane-assignmentSHIPPINGRequest lane assignment — epistemicHoldOverride flag

ConstraintCannot reach Audit Lane → defaults to EPISTEMIC_HOLD. Fail-open constitutionally prohibited.

Domain Evaluation

POST/evaluate/tradeSHIPPINGFinancial trading governance — Basel III, FATF, IOSCO

PillarEconomicRights (V)

ReturnsTLResult + tradingMetadata.amlClearanceStatus (CLEARED | PENDING_REVIEW | REFUSED)

POST/evaluate/policySHIPPINGMonetary policy governance — Paris Agreement, ESG

PillarSustainableCapital (VI)

ReturnsTLResult + policyMetadata (inflationImpact · unemploymentDelta · greenBondEligibility)

POST/evaluate/supply-chainSHIPPINGSupply chain governance

ReturnsTLResult + chainMetadata (carbonFootprintVerified · laborStandardCompliance)

Pillars and Thresholds

GET/pillars/statusSHIPPINGEight Pillar health check with compliance scores

Returnspillars[8] — pillarId · status · complianceScore · attestationHash · overallComplianceScore

POST/pillars/{pillarId}/configureSHIPPINGPillar reconfiguration — Tri-Cameral approval required

BodypillarConfiguration · TriCameralApproval (required)

GET/thresholds/{domain}SHIPPINGCurrent threshold profile for governance domain

Domaintrade | policy | supply-chain | general

PUT/thresholds/{domain}SHIPPINGUpdate threshold profile — Tri-Cameral approval required

ConstraintRequires TriCameralApproval. Update logged to ImmutableLedger.

DITL Hardware Interface

POST/ditl/state-transitionFUTUREMT hardware state query with Window Comparator verification

BlockingConstitutional Hardware Monograph, Section X. SHIPPING: NULL_PUF_DEPLOYMENT sentinel.

GET/ditl/puf-attestation/{deviceId}FUTUREPUF attestation chain verification for MT device

ReturnsenrollmentVerified · foundryAttestationVerified · nlNaInterlockVerified · merkleHashChainRoot

System Metrics

GET/metrics/summarySHIPPINGState distribution, epistemic hold rate, ghost governance detection

ReturnsstateDistribution (proceed/epistemicHold/refuse) · averageConfidence · epistemicHoldRate · regulatoryComplianceRate · esgVerificationAccuracy · decisionLogCompleteness · averageHoldDurationMs · ghostGovernanceDetectionRate