TML Specification Architecture — Deliverable E

Constitutional Compliance Matrix

Every OpenAPI path and every JSON Schema property mapped to monograph section, TML Pillar, regulatory nexus, and implementation status
OpenAPI paths 22 + 2 webhooks
Schema $defs 26 definitions
Regulatory nexus EU AI Act, NIST RMF, ISO 42001, FRE 902
authority TML Monograph v3.3
Regulatory Nexus Guard
Regulatory mappings are made only to provisions explicitly cited or unmistakably implied in the TML Constitutionalization Monograph v3.3. All other regulatory cells carry: Not directly referenced in monograph. This guard applies to EU AI Act Articles, NIST RMF Functions, ISO 42001 Clauses, and FRE 902 Rules throughout this matrix.
Status Key: SHIPPING — buildable with 2025 production libraries BETA — buildable with documented tradeoffs FUTURE — blocked by Section 10 constraint Not directly referenced in monograph
Part 1 — OpenAPI Path Compliance
All 22 paths + 2 webhooks mapped to monograph section, pillar(s), regulatory nexus, and status
1.1 Inference Lane
PathMethodOperationMonograph RefTML Pillar(s)EU AI ActNIST RMFISO 42001FRE 902Status
/decisions POST Submit Decision Vector Section 2.3 SacredZeroAlwaysMemory Art. 9 (Risk Mgmt); Art. 13 (Transparency) ID.RA-01; DE.CM-01 Cl. 6.1.2; Cl. 8.4 Not directly referenced SHIPPING
/decisions/{decisionId} GET Retrieve Decision Record Section 2.3; Section 8 AlwaysMemoryMoralTraceLogs Art. 13; Art. 19 (Logging) ID.AM-03; DE.AE-02 Cl. 8.5; Cl. 9.1 Rule 902(11) SHIPPING
1.2 Anchoring Lane
PathMethodOperationMonograph RefTML Pillar(s)EU AI ActNIST RMFISO 42001FRE 902Status
/anchoring-logs POST Submit Moral Trace Log; Request Permission Token Section 2.3.3; Section 8 AlwaysMemoryPublicBlockchainsMoralTraceLogs Art. 12 (Record-keeping); Art. 19 PR.DS-01; PR.DS-10; DE.CM-09 Cl. 7.5; Cl. 8.5; Cl. 9.1 Rule 902(11); Rule 902(13) SHIPPING
/anchoring-logs/{logId} GET Retrieve Anchoring Log Record Section 8 MoralTraceLogsPublicBlockchains Art. 12; Art. 19 DE.AE-02; ID.AM-03 Cl. 8.5; Cl. 9.1 Rule 902(11) SHIPPING
1.3 Sacred Zero Escalation
PathMethodOperationMonograph RefTML Pillar(s)EU AI ActNIST RMFISO 42001FRE 902Status
/sacred-zero/escalations GET List Sacred Zero Escalation Queue Section 2.2 SacredZeroHumanRightsMandate Art. 9; Art. 14 (Human Oversight) GV.OC-01; DE.AE-06 Cl. 6.1.2; Cl. 8.4 Not directly referenced SHIPPING
/sacred-zero/escalations/{id} GET Retrieve Sacred Zero Escalation Case Section 2.2; Section 8 SacredZeroMoralTraceLogs Art. 14; Art. 19 DE.AE-02; RS.AN-03 Cl. 8.4; Cl. 9.1 Rule 902(11) SHIPPING
/sacred-zero/escalations/{id} PATCH Resolve Sacred Zero Escalation (Human Review) Section 2.2 SacredZeroHumanRightsMandateAlwaysMemory Art. 14; Art. 22 (Fundamental Rights Impact) RS.AN-03; RC.RP-01 Cl. 8.4; Cl. 10.2 Not directly referenced SHIPPING
/sacred-zero/lantern GET Get Current Lantern Status Section 2.4 GoukassianPromise Art. 13; Art. 50 (Transparency Obligations) GV.OC-04; ID.RA-06 Cl. 5.2; Cl. 7.4 Not directly referenced SHIPPING
1.4 Refusal State
PathMethodOperationMonograph RefTML Pillar(s)EU AI ActNIST RMFISO 42001FRE 902Status
/refusals POST Record Refusal State (State -1) Section 2.3; Section 2.4 SacredZeroGoukassianPromiseAlwaysMemory Art. 9; Art. 12; Art. 19 PR.DS-01; DE.CM-01 Cl. 6.1.2; Cl. 7.5; Cl. 8.4 Rule 902(11) SHIPPING
/refusals/license-violations POST Record Goukassian Promise License Violation Section 2.4 GoukassianPromise Art. 9; Art. 13 DE.CM-01; ID.RA-01 Cl. 6.1.2; Cl. 8.4 Not directly referenced SHIPPING
1.5 Emergency Override
PathMethodOperationMonograph RefTML Pillar(s)EU AI ActNIST RMFISO 42001FRE 902Status
/emergency/override POST Emergency Override — Break-Glass / Kill Switch Section 13.3 SacredZeroAlwaysMemoryHybridShield Art. 9; Art. 14 RS.MA-01; RC.RP-01; GV.OC-01 Cl. 6.1.2; Cl. 8.4; Cl. 10.2 Not directly referenced SHIPPING
/emergency/status GET Get Emergency Override Status Section 13.3 SacredZeroHybridShield Art. 14; Art. 9 DE.AE-06; GV.OC-01 Cl. 8.4; Cl. 9.1 Not directly referenced SHIPPING
1.6 Auditor Verification
PathMethodOperationMonograph RefTML Pillar(s)EU AI ActNIST RMFISO 42001FRE 902Status
/audit/verifications/merkle/{root} GET Verify Merkle Root Section 8 PublicBlockchainsMoralTraceLogs Art. 19; Art. 72 (Post-market Monitoring) DE.AE-02; ID.AM-03 Cl. 9.1; Cl. 9.2 Rule 902(13) SHIPPING
/audit/verifications/inclusion/{logId} GET Get Log Inclusion Proof Section 8 PublicBlockchainsMoralTraceLogsAlwaysMemory Art. 12; Art. 19 DE.AE-02; PR.DS-10 Cl. 7.5; Cl. 9.1 Rule 902(11); Rule 902(13) SHIPPING
/audit/custodians/{id}/heartbeat GET Get Custodian Heartbeat Section 2.3.3 HybridShield Art. 9; Art. 19 ID.AM-03; DE.CM-09 Cl. 8.5; Cl. 9.1 Not directly referenced SHIPPING
/audit/compliance/attestation GET Pull Compliance Attestation Section 2.4; Section 8 GoukassianPromisePublicBlockchainsHumanRightsMandateEarthProtectionMandate Art. 19; Art. 22; Art. 72 GV.OC-04; DE.AE-02 Cl. 9.1; Cl. 9.2; Cl. 9.3 Rule 902(11) SHIPPING
1.7 Redress and Appeal
PathMethodOperationMonograph RefTML Pillar(s)EU AI ActNIST RMFISO 42001FRE 902Status
/redress/challenges POST Submit Subject-Initiated Redress Challenge Section 2.3.3 HumanRightsMandateMoralTraceLogs Art. 26(7) (Redress); Art. 85 (Right to Explanation) RS.AN-03; GV.OC-01 Cl. 8.4; Cl. 10.2 Not directly referenced SHIPPING
/redress/challenges/{id} GET Get Redress Challenge Status Section 2.3.3 HumanRightsMandateMoralTraceLogs Art. 26(7); Art. 85 RS.AN-03; DE.AE-02 Cl. 8.4; Cl. 9.1 Not directly referenced SHIPPING
/redress/log-reevaluation POST Request Moral Trace Log Re-Evaluation Section 8 MoralTraceLogsAlwaysMemoryHumanRightsMandate Art. 12; Art. 26(7); Art. 85 RS.AN-03; PR.DS-10 Cl. 7.5; Cl. 8.4; Cl. 10.2 Rule 902(11) SHIPPING
/redress/human-rights-grievances POST File Human Rights Grievance Section 2.3.3 HumanRightsMandateAlwaysMemoryPublicBlockchains Art. 22; Art. 85 GV.OC-01; RS.AN-03 Cl. 6.1.2; Cl. 8.4; Cl. 10.2 Not directly referenced SHIPPING
1.8 Regulator Inspection
PathMethodOperationMonograph RefTML Pillar(s)EU AI ActNIST RMFISO 42001FRE 902Status
/regulator/evidence-export POST Request Bulk Evidence Export Section 8 MoralTraceLogsPublicBlockchainsAlwaysMemory Art. 72; Art. 74 (Market Surveillance) GV.OC-05; DE.AE-02; PR.DS-01 Cl. 9.1; Cl. 9.2; Cl. 7.5 Rule 902(11); Rule 902(13) SHIPPING
/regulator/custodian-quorum GET Get Cross-Jurisdiction Custodian Quorum Status Section 2.3.3 HybridShield Art. 9; Art. 19 ID.AM-03; DE.CM-09 Cl. 8.5; Cl. 9.1 Not directly referenced SHIPPING (endpoint); FUTURE (sub-500ms cross-jurisdiction)
/regulator/timestamp-verification/{logId} GET Verify Qualified Timestamp for Log Entry Section 8 MoralTraceLogsPublicBlockchains Art. 12; Art. 19 PR.DS-10; DE.AE-02 Cl. 7.5; Cl. 9.1 Rule 902(9); Rule 902(11) SHIPPING
1.9 Gateway
PathMethodOperationMonograph RefTML Pillar(s)EU AI ActNIST RMFISO 42001FRE 902Status
/gateway/status GET Get TML Gateway Status (Fail-Closed) Section 2.3 SacredZeroAlwaysMemory Art. 9; Art. 14 DE.CM-09; GV.OC-01 Cl. 8.4; Cl. 8.5 Not directly referenced SHIPPING
/gateway/lane-assignment POST Request Lane Assignment for Decision Vector Section 2.3 SacredZeroAlwaysMemoryMoralTraceLogs Art. 9; Art. 13; Art. 14 ID.RA-01; DE.CM-01; GV.OC-01 Cl. 6.1.2; Cl. 8.4; Cl. 8.5 Not directly referenced SHIPPING
1.10 Goukassian Promise
PathMethodOperationMonograph RefTML Pillar(s)EU AI ActNIST RMFISO 42001FRE 902Status
/goukassian/signature GET Get Current Goukassian Promise Signature Block Section 2.4 GoukassianPromise Art. 13; Art. 50 GV.OC-04; ID.RA-06 Cl. 5.2; Cl. 7.4 Rule 902(11) SHIPPING
/goukassian/license/validate POST Validate Goukassian Promise License Section 2.4 GoukassianPromise Art. 9; Art. 13 ID.RA-01; DE.CM-01 Cl. 6.1.2; Cl. 8.4 Not directly referenced SHIPPING
1.11 Webhooks
WebhookEventMonograph RefTML Pillar(s)EU AI ActNIST RMFISO 42001FRE 902Status
sacredPauseEscalation Sacred Pause operational workflow triggers human review when State 0 activates Section 2.2 SacredZero Art. 14 (Human Oversight) DE.AE-06; RS.AN-03 Cl. 8.4; Cl. 10.2 Not directly referenced SHIPPING
lanternStatusBroadcast Goukassian Promise Lantern compliance beacon update broadcast to registered observers Section 2.4 GoukassianPromise Art. 13; Art. 50 GV.OC-04 Cl. 7.4; Cl. 5.2 Not directly referenced SHIPPING
📜
Part 2 — JSON Schema Definition Compliance
Every property from every $defs schema in tml_schema.json mapped at property level
2.1 Primitive and Shared Types
SchemaKey Property / ConstraintMonograph RefTML Pillar(s)EU AI ActNIST RMFISO 42001FRE 902Status
TriadicStateValueenum: [-1, 0, 1]; signed integer; State 0 = SACRED_ZERO (never null/error/timeout)Section 2.3SacredZeroArt. 9ID.RA-01Cl. 6.1.2Not directly referencedSHIPPING
TriadicStateLabelenum: ["PROCEED","SACRED_ZERO","REFUSE"]; UPPER_SNAKE_CASESection 2.3SacredZeroArt. 13ID.RA-01Cl. 6.1.2Not directly referencedSHIPPING
PillarIdentifierenum of 8 canonical PascalCase pillar identifiers; no aliasing permittedSection 2 (Eight Pillars)All PillarsArt. 9; Art. 13GV.OC-04Cl. 6.1.2Not directly referencedSHIPPING
LaneOriginenum: ["INFERENCE_LANE","ANCHORING_LANE"]; maps to Dual-Lane ArchitectureSection 2.3SacredZeroAlwaysMemoryArt. 9ID.AM-03Cl. 8.5Not directly referencedSHIPPING
SHA256Hexpattern: ^[a-f0-9]{64}$; tamper-evidence primitiveSection 8AlwaysMemoryMoralTraceLogsArt. 12PR.DS-10Cl. 7.5Rule 902(11)SHIPPING
ISO8601DateTimeformat: date-time; RFC 3339 UTC; timestamp integrity primitiveSection 8MoralTraceLogsArt. 12PR.DS-10Cl. 7.5Rule 902(9)SHIPPING
UUIDv4format: uuid; UUID v4 pattern; unique identifier primitiveSection 8MoralTraceLogsNot directly referencedNot directly referencedNot directly referencedNot directly referencedSHIPPING
2.2 Permission Token
PropertyConstraintMonograph RefTML Pillar(s)EU AI ActNIST RMFISO 42001FRE 902Status
tokenId$ref UUIDv4Section 2.3.3; Section 5B.iAlwaysMemoryMoralTraceLogsArt. 12PR.DS-01Cl. 7.5Rule 902(11)SHIPPING
logHashSHA-256 of anchored TSLF; core No Log = No Action bindingSection 2.3.3; Section 5B.iAlwaysMemoryMoralTraceLogsPublicBlockchainsArt. 12; Art. 19PR.DS-10; PR.DS-01Cl. 7.5; Cl. 9.1Rule 902(11)SHIPPING
epochTimestampinteger; minimum: 0; Unix epoch secondsSection 5B.iAlwaysMemoryArt. 12PR.DS-10Cl. 7.5Rule 902(9)SHIPPING
signerKeyIdHSM key; HybridShield registry reference; maxLength: 256Section 2.3.3; Section 5B.iHybridShieldGoukassianPromiseArt. 9PR.DS-01Cl. 8.5Not directly referencedSHIPPING
laneOriginconst: "ANCHORING_LANE"; schema-level rejection of Inference Lane tokensSection 2.3; Section 5B.iAlwaysMemoryArt. 9DE.CM-01Cl. 8.4Not directly referencedSHIPPING
merkleRootSHA256Hex; non-repudiation binding to public blockchain anchorSection 8; Section 5B.iPublicBlockchainsAlwaysMemoryArt. 12; Art. 19PR.DS-10Cl. 9.1Rule 902(13)SHIPPING
signatureValueBase64url HSM signature; non-repudiation artifact; minLength: 64Section 2.4; Section 5B.iGoukassianPromiseHybridShieldArt. 9; Art. 13PR.DS-01Cl. 8.5Rule 902(11)SHIPPING
issuedAt / expiresAtISO8601DateTime; expiresAt: actuation layer MUST reject expired tokens (hard constraint)Section 5B.iAlwaysMemoryArt. 9; Art. 12PR.DS-10; DE.CM-01Cl. 7.5; Cl. 8.4Rule 902(9)SHIPPING
custodianQuorumAttestationobject; optional BETA field; absence does not invalidate tokenSection 2.3.3HybridShieldArt. 9ID.AM-03Cl. 8.5Not directly referencedBETA
2.3 State Envelope
PropertyConstraintMonograph RefTML Pillar(s)EU AI ActNIST RMFISO 42001FRE 902Status
currentState$ref TriadicStateValue; 0 = SACRED_ZERO; never null/error; drives if/then conditionalSection 2.3SacredZeroArt. 9; Art. 13ID.RA-01Cl. 6.1.2Not directly referencedSHIPPING
stateLabelconstrained per state via if/then/else; must match currentState integerSection 2.3SacredZeroArt. 13ID.RA-01Cl. 6.1.2Not directly referencedSHIPPING
processActiveState 0: const "SacredPause" (workflow, not state synonym); State +1: "ActuationGated"; State -1: "RefusalLogging"Section 2.2SacredZeroArt. 9; Art. 14DE.CM-01Cl. 8.4Not directly referencedSHIPPING
proposedActionbinary Inference Lane proposal; Anchoring Lane dictates execution; maxLength: 2048Section 2.3SacredZeroAlwaysMemoryArt. 9ID.RA-01Cl. 6.1.2Not directly referencedSHIPPING
permissionTokenREQUIRED when currentState == 1; schema-enforced via if/then; No Log = No Action enforcementSection 2.3.3; Section 5B.iAlwaysMemoryMoralTraceLogsArt. 12; Art. 19PR.DS-01; DE.CM-01Cl. 7.5; Cl. 8.4Rule 902(11)SHIPPING
if/then constraintcurrentState +1 requires permissionToken; schema-level No Log = No Action; unevaluatedProperties: falseSection 2.3.3AlwaysMemoryMoralTraceLogsArt. 12; Art. 19PR.DS-01Cl. 7.5Rule 902(11)SHIPPING
justificationObject$ref JustificationObject; travels Inference to Anchoring laneSection 2.3MoralTraceLogsAlwaysMemoryArt. 12; Art. 13PR.DS-01Cl. 7.5Not directly referencedSHIPPING
anchoringMerkle batch metadata; populated post-Anchoring LaneSection 8PublicBlockchainsAlwaysMemoryArt. 12; Art. 19PR.DS-10Cl. 9.1Rule 902(13)SHIPPING
2.4 Justification Object
PropertyConstraintMonograph RefTML Pillar(s)EU AI ActNIST RMFISO 42001FRE 902Status
proposedStateTriadicStateValue; Inference Lane proposal only; not authoritativeSection 2.3SacredZeroArt. 9ID.RA-01Cl. 6.1.2Not directly referencedSHIPPING
reasoningVectorarray; minItems: 1; ordered reasoning chain with confidence scoresSection 2.3MoralTraceLogsArt. 13 (Transparency)DE.AE-02Cl. 7.5Not directly referencedSHIPPING
uncertaintyScore[0.0, 1.0]; breach of SacredZero threshold mandates State 0 regardless of binary engine proposalSection 2.2; Section 2.3SacredZeroArt. 9ID.RA-01Cl. 6.1.2Not directly referencedSHIPPING
pillarAssessmentsobject; all 8 pillar scores [0.0, 1.0] from Inference LaneSection 2.3All PillarsArt. 9; Art. 13ID.RA-01; GV.OC-04Cl. 6.1.2; Cl. 9.1Not directly referencedSHIPPING
humanRightsMandateFlagsarray; UDHR/Geneva provision flags; triggers mandatory HumanRightsMandate reviewSection 2.3.3HumanRightsMandateArt. 22DE.CM-01Cl. 6.1.2Not directly referencedSHIPPING
earthProtectionMandateFlagsarray; Paris Agreement provision flags; triggers mandatory EarthProtectionMandate reviewSection 2.3.3EarthProtectionMandateArt. 22DE.CM-01Cl. 6.1.2Not directly referencedSHIPPING
inferenceEngineIdstring; chain-of-custody for binary engine instance; maxLength: 256Section 8MoralTraceLogsAlwaysMemoryArt. 12PR.DS-01Cl. 7.5Not directly referencedSHIPPING
inputHashSHA256Hex of decision vector; tamper-evidence for input payloadSection 8AlwaysMemoryMoralTraceLogsArt. 12PR.DS-10Cl. 7.5Rule 902(11)SHIPPING
2.5 Uncertainty Quantification
PropertyConstraintMonograph RefTML Pillar(s)EU AI ActNIST RMFISO 42001FRE 902Status
overallUncertaintyScore[0.0, 1.0]; score that breached the SacredZero thresholdSection 2.2SacredZeroArt. 9ID.RA-01Cl. 6.1.2Not directly referencedSHIPPING
epistemicHoldActiveconst: true in State 0 logs; Epistemic Hold is canonical TML termSection 2.2SacredZeroArt. 9; Art. 14ID.RA-01Cl. 6.1.2; Cl. 8.4Not directly referencedSHIPPING
uncertaintyDimensionsarray; minItems: 1; per-dimension scores with descriptionsSection 2.2SacredZeroArt. 9ID.RA-01Cl. 6.1.2Not directly referencedSHIPPING
thresholdBreached[0.0, 1.0]; configured SacredZero threshold value that was breachedSection 2.2SacredZeroArt. 9ID.RA-01Cl. 6.1.2Not directly referencedSHIPPING
2.6 Deliberation Matrix
PropertyConstraintMonograph RefTML Pillar(s)EU AI ActNIST RMFISO 42001FRE 902Status
considerationsarray; minItems: 1; per-pillar ethical, factual, and legal considerations with weightsSection 2.2SacredZeroAll PillarsArt. 9; Art. 14RS.AN-03Cl. 8.4Not directly referencedSHIPPING
riskVectorsarray; severity enum: LOW|MEDIUM|HIGH|CRITICAL; pillarImplicated per vectorSection 2.2SacredZeroArt. 9; Art. 14ID.RA-01; RS.AN-03Cl. 6.1.2; Cl. 8.4Not directly referencedSHIPPING
resolutionOptionsproposedState enum: [1, -1] only; State 0 is NOT a valid resolution option; minItems: 2Section 2.2SacredZeroHumanRightsMandateArt. 14RS.AN-03; RC.RP-01Cl. 8.4; Cl. 10.2Not directly referencedSHIPPING
2.7 Resolution Request
PropertyConstraintMonograph RefTML Pillar(s)EU AI ActNIST RMFISO 42001FRE 902Status
priorityenum: STANDARD|ELEVATED|CRITICAL; assigned by Sacred Pause workflowSection 2.2SacredZeroArt. 14RS.AN-03Cl. 8.4Not directly referencedSHIPPING
deliberationMatrix$ref DeliberationMatrix; full matrix for human reviewerSection 2.2SacredZeroArt. 14RS.AN-03Cl. 8.4Not directly referencedSHIPPING
deadlineAtISO8601DateTime; HybridShield failover protocols if exceededSection 2.2; Section 2.3.3SacredZeroHybridShieldArt. 14RS.AN-03Cl. 8.4Not directly referencedSHIPPING
2.8 TSLF-State0 (Sacred Pause Log)
PropertyConstraintMonograph RefTML Pillar(s)EU AI ActNIST RMFISO 42001FRE 902Status
currentStateconst: 0; discriminator; Sacred Zero is never null/error/timeoutSection 2.2; Section 8SacredZeroArt. 9; Art. 13ID.RA-01Cl. 6.1.2Not directly referencedSHIPPING
stateLabelconst: "SACRED_ZERO"; always this value for State0 logsSection 2.2SacredZeroArt. 13ID.RA-01Cl. 6.1.2Not directly referencedSHIPPING
processActiveconst: "SacredPause"; workflow executing within State 0; NOT a state synonymSection 2.2SacredZeroArt. 9; Art. 14DE.CM-01Cl. 8.4Not directly referencedSHIPPING
lanternStatus$ref LanternStatus; required; must reflect SACRED_ZERO_ACTIVE at activationSection 2.4; Section 2.2GoukassianPromiseSacredZeroArt. 13GV.OC-04Cl. 5.2; Cl. 7.4Not directly referencedSHIPPING
committedAtpre-actuation commit; AlwaysMemory anti-spoliation; committed before any human reviewSection 8AlwaysMemoryArt. 12; Art. 19PR.DS-10Cl. 7.5Rule 902(11)SHIPPING
pillarsCertifiedarray; minItems: 1; PillarIdentifier items; assessed at commit timeSection 2; Section 8All PillarsArt. 9GV.OC-04Cl. 9.1Not directly referencedSHIPPING
resolutionresolvedState enum [1|-1] only; justification minLength: 50; logged immutablySection 2.2SacredZeroHumanRightsMandateAlwaysMemoryArt. 14RS.AN-03; RC.RP-01Cl. 8.4; Cl. 10.2Rule 902(11)SHIPPING
merkleAnchoringStatusoptional; batchId, merkleRoot, anchoredAt, blockchainTxIdSection 8PublicBlockchainsAlwaysMemoryArt. 12; Art. 19PR.DS-10Cl. 9.1Rule 902(13)SHIPPING
2.9 License Violation Record
PropertyConstraintMonograph RefTML Pillar(s)EU AI ActNIST RMFISO 42001FRE 902Status
violationTypeenum: 5 values incl. LANTERN_SUPPRESSION, SIGNATURE_FORGERY, LICENSE_BREACHSection 2.4GoukassianPromiseArt. 9DE.CM-01Cl. 6.1.2Not directly referencedSHIPPING
violatedArtifactenum: "lantern"|"signature"|"license"; canonical lowercase artifact names enforced by schemaSection 2.4GoukassianPromiseArt. 13DE.CM-01Cl. 5.2Not directly referencedSHIPPING
evidenceHashSHA256Hex of evidence artifact demonstrating the violationSection 8AlwaysMemoryGoukassianPromiseArt. 12PR.DS-10Cl. 7.5Rule 902(11)SHIPPING
2.10 Threat Vector Analysis
PropertyConstraintMonograph RefTML Pillar(s)EU AI ActNIST RMFISO 42001FRE 902Status
threatVectorsarray; minItems: 1; 8-category enum incl. HUMAN_RIGHTS_VIOLATION, EARTH_PROTECTION_VIOLATIONSection 2.3All PillarsArt. 9; Art. 22ID.RA-01; DE.CM-01Cl. 6.1.2Not directly referencedSHIPPING
udhrProvision per vectorUDHR Article tracking; HumanRightsMandate vector enforcementSection 2.3.3HumanRightsMandateArt. 22DE.CM-01Cl. 6.1.2Not directly referencedSHIPPING
parisAgreementProvision per vectorParis Agreement tracking; EarthProtectionMandate vector enforcementSection 2.3.3EarthProtectionMandateArt. 22DE.CM-01Cl. 6.1.2Not directly referencedSHIPPING
overallSeverityenum: LOW|MEDIUM|HIGH|CRITICAL; aggregate across all vectorsSection 2.3MoralTraceLogsArt. 9ID.RA-01Cl. 6.1.2Not directly referencedSHIPPING
2.11 Chain of Custody
PropertyConstraintMonograph RefTML Pillar(s)EU AI ActNIST RMFISO 42001FRE 902Status
entriesarray; minItems: 1; action enum: CREATED|RECEIVED|VALIDATED|ANCHORED|TRANSFERRED|REVIEWED|EXPORTEDSection 8MoralTraceLogsAlwaysMemoryArt. 12; Art. 19PR.DS-01; PR.DS-10Cl. 7.5; Cl. 9.1Rule 902(11)SHIPPING
inputHash / outputHash per entrySHA256Hex; tamper-evidence across handler transitionsSection 8AlwaysMemoryMoralTraceLogsArt. 12PR.DS-10Cl. 7.5Rule 902(11)SHIPPING
2.12 TSLF-State-1 (Refusal Log)
PropertyConstraintMonograph RefTML Pillar(s)EU AI ActNIST RMFISO 42001FRE 902Status
currentStateconst: -1; discriminatorSection 2.3; Section 8SacredZeroArt. 9; Art. 13ID.RA-01Cl. 6.1.2Not directly referencedSHIPPING
licenseViolationoptional; required when GoukassianPromise violation triggers refusal; logged before refusal commitSection 2.4; Section 8GoukassianPromiseAlwaysMemoryArt. 9; Art. 13DE.CM-01Cl. 6.1.2Not directly referencedSHIPPING
refusalIsPermanentboolean; default: true; permanent unless Section 13.3 supreme authority Emergency OverrideSection 13.3SacredZeroAlwaysMemoryArt. 9PR.DS-01Cl. 8.4Not directly referencedSHIPPING
appealEligibleboolean; default: true; subject redress right under HumanRightsMandateSection 2.3.3HumanRightsMandateArt. 26(7); Art. 85GV.OC-01Cl. 10.2Not directly referencedSHIPPING
committedAtpre-actuation commit; AlwaysMemory / Pillar IISection 8AlwaysMemoryArt. 12PR.DS-10Cl. 7.5Rule 902(11)SHIPPING
2.13 Ethical Verification & PillarVerificationResult
PropertyConstraintMonograph RefTML Pillar(s)EU AI ActNIST RMFISO 42001FRE 902Status
pillarVerificationsobject; all 8 PillarIdentifiers required; all must be PASSED for PROCEED; each value is PillarVerificationResultSection 2.3.3All PillarsArt. 9; Art. 13GV.OC-04; ID.RA-01Cl. 6.1.2; Cl. 9.1Not directly referencedSHIPPING
overallVerdictenum: PASSED|FAILED; FAILED triggers State -1Section 2.3.3All PillarsArt. 9ID.RA-01Cl. 6.1.2Not directly referencedSHIPPING
PillarVerificationResult.verdictenum: PASSED|FAILED|NOT_APPLICABLE; FAILED blocks PROCEEDSection 2.3.3All PillarsArt. 9GV.OC-04Cl. 6.1.2Not directly referencedSHIPPING
2.14 Audit Proof
PropertyConstraintMonograph RefTML Pillar(s)EU AI ActNIST RMFISO 42001FRE 902Status
logHashmust match PermissionToken.logHash; proof-layer No Log = No Action enforcementSection 2.3.3; Section 8AlwaysMemoryArt. 12PR.DS-10Cl. 7.5Rule 902(11)SHIPPING
merkleRootmust match PermissionToken.merkleRoot; cross-schema bindingSection 8PublicBlockchainsArt. 19PR.DS-10Cl. 9.1Rule 902(13)SHIPPING
inclusionPatharray; minItems: 1; ordered sibling hashes LEFT|RIGHT from leaf to rootSection 8PublicBlockchainsArt. 12; Art. 19PR.DS-10Cl. 9.1Rule 902(13)SHIPPING
2.15 TSLF-StateP1 (Proceed Log)
PropertyConstraintMonograph RefTML Pillar(s)EU AI ActNIST RMFISO 42001FRE 902Status
currentStateconst: 1; discriminatorSection 2.3; Section 8AlwaysMemoryArt. 9; Art. 13ID.RA-01Cl. 6.1.2Not directly referencedSHIPPING
theSignature$ref SignatureBlock; required; Goukassian Signature binding log to constitutional provenanceSection 2.4GoukassianPromiseArt. 13PR.DS-01Cl. 5.2Rule 902(11)SHIPPING
permissionTokenREQUIRED; in required array; log-level No Log = No Action enforcementSection 2.3.3; Section 5B.iAlwaysMemoryMoralTraceLogsArt. 12; Art. 19PR.DS-01; DE.CM-01Cl. 7.5; Cl. 8.4Rule 902(11)SHIPPING
pillarsCertifiedminItems: 8; maxItems: 8; all Eight Pillars mandatory for PROCEED log validitySection 2; Section 8All PillarsArt. 9GV.OC-04Cl. 9.1Not directly referencedSHIPPING
committedAtlog anchored before Permission Token released to actuation layerSection 8AlwaysMemoryArt. 12PR.DS-10Cl. 7.5Rule 902(11)SHIPPING
2.16 Lantern Status
PropertyConstraintMonograph RefTML Pillar(s)EU AI ActNIST RMFISO 42001FRE 902Status
artifactNameconst: "lantern"; canonical Goukassian Promise artifact name (lowercase)Section 2.4GoukassianPromiseArt. 13GV.OC-04Cl. 5.2Not directly referencedSHIPPING
compliancePostureenum: 5 values incl. SACRED_ZERO_ACTIVE, EMERGENCY_OVERRIDE_ACTIVESection 2.4GoukassianPromiseArt. 13; Art. 50GV.OC-04Cl. 5.2; Cl. 7.4Not directly referencedSHIPPING
pillarStatusesper-pillar live compliance status across all Eight PillarsSection 2; Section 2.4All PillarsArt. 13GV.OC-04Cl. 9.1Not directly referencedSHIPPING
signatureBlock$ref SignatureBlock; Goukassian Promise Signature signing each Lantern broadcastSection 2.4GoukassianPromiseArt. 13PR.DS-01Cl. 5.2Rule 902(11)SHIPPING
activeSacredZeroCountinteger; minimum: 0; count at signal emission timeSection 2.2; Section 2.4SacredZeroGoukassianPromiseArt. 13; Art. 14DE.AE-06Cl. 8.4Not directly referencedSHIPPING
2.17 Signature Block
PropertyConstraintMonograph RefTML Pillar(s)EU AI ActNIST RMFISO 42001FRE 902Status
artifactNameconst: "signature"; canonical Goukassian Promise artifact name (lowercase)Section 2.4GoukassianPromiseArt. 13GV.OC-04Cl. 5.2Not directly referencedSHIPPING
signatureAlgorithmES256 = SHIPPING default; SLH-DSA-SHAKE-128s / ML-KEM-1024 = FUTURE per Section 10Section 2.4; Section 10GoukassianPromiseArt. 9PR.DS-01Cl. 8.5Not directly referencedSHIPPING (ES256); FUTURE (PQC)
signedPayloadHashSHA256Hex of canonical serialization of signed payloadSection 8AlwaysMemoryGoukassianPromiseArt. 12PR.DS-10Cl. 7.5Rule 902(11)SHIPPING
custodianIdoptional; HybridShield custodian holding the signing keySection 2.3.3HybridShieldArt. 9ID.AM-03Cl. 8.5Not directly referencedSHIPPING
2.18 License Validation Request
PropertyConstraintMonograph RefTML Pillar(s)EU AI ActNIST RMFISO 42001FRE 902Status
artifactNameconst: "license"; canonical Goukassian Promise artifact name (lowercase)Section 2.4GoukassianPromiseArt. 13GV.OC-04Cl. 5.2Not directly referencedSHIPPING
licenseTokenstring; minLength: 1; verifiable against Goukassian Promise constitutional recordSection 2.4GoukassianPromiseArt. 9DE.CM-01Cl. 6.1.2Not directly referencedSHIPPING
requestingEntityId / purposeOfUseidentity of requesting entity; declared purpose of use; maxLength: 512 / 2048Section 2.4GoukassianPromiseArt. 13ID.AM-03; ID.RA-06Cl. 5.2; Cl. 7.4Not directly referencedSHIPPING
2.19 Merkle Inclusion Proof
PropertyConstraintMonograph RefTML Pillar(s)EU AI ActNIST RMFISO 42001FRE 902Status
logHashSHA256Hex; leaf node for Merkle proofSection 8AlwaysMemoryPublicBlockchainsArt. 12PR.DS-10Cl. 7.5Rule 902(11)SHIPPING
merkleRootSHA256Hex; must match blockchain recordSection 8PublicBlockchainsArt. 19PR.DS-10Cl. 9.1Rule 902(13)SHIPPING
inclusionPatharray; minItems: 1; LEFT|RIGHT positions; ordered leaf to rootSection 8PublicBlockchainsArt. 19PR.DS-10Cl. 9.1Rule 902(13)SHIPPING
verificationStatusenum: VERIFIED|PENDING|FAILEDSection 8PublicBlockchainsArt. 19DE.AE-02Cl. 9.1Not directly referencedSHIPPING
2.20 Custodian Heartbeat
PropertyConstraintMonograph RefTML Pillar(s)EU AI ActNIST RMFISO 42001FRE 902Status
statusenum: ACTIVE|DEGRADED|UNREACHABLE|ROTATING_KEYSSection 2.3.3HybridShieldArt. 9ID.AM-03; DE.CM-09Cl. 8.5Not directly referencedSHIPPING
latencyMsnumber; minimum: 0; sub-500ms cross-jurisdiction = FUTURE per Section 10Section 2.3.3; Section 10HybridShieldArt. 9DE.CM-09Cl. 8.5Not directly referencedSHIPPING (field); FUTURE (sub-500ms global)
jurisdictionstring; legal jurisdiction of custodian operationSection 2.3.3HybridShieldArt. 9GV.OC-05Cl. 8.5Not directly referencedSHIPPING
2.21 Compliance Attestation
PropertyConstraintMonograph RefTML Pillar(s)EU AI ActNIST RMFISO 42001FRE 902Status
pillarComplianceobject; all 8 PillarIdentifiers required; PillarVerificationResult valuesSection 2; Section 2.4All PillarsArt. 9; Art. 13GV.OC-04Cl. 9.1; Cl. 9.2; Cl. 9.3Not directly referencedSHIPPING
overallStatusenum: FULLY_COMPLIANT|PARTIAL_COMPLIANCE|NON_COMPLIANTSection 2.4GoukassianPromiseArt. 13GV.OC-04Cl. 9.1Not directly referencedSHIPPING
signatureBlock / merkleRootGoukassian Signature on attestation; anchored to public blockchainSection 2.4; Section 8GoukassianPromisePublicBlockchainsArt. 13; Art. 19PR.DS-01; PR.DS-10Cl. 5.2; Cl. 9.1Rule 902(11); Rule 902(13)SHIPPING
2.22 Redress Challenge
PropertyConstraintMonograph RefTML Pillar(s)EU AI ActNIST RMFISO 42001FRE 902Status
challengeGroundsarray; minItems: 1; description minLength: 50; per-pillar with optional UDHR Article citationSection 2.3.3HumanRightsMandateArt. 22; Art. 85GV.OC-01; RS.AN-03Cl. 6.1.2; Cl. 10.2Not directly referencedSHIPPING
challengedLogId / challengedDecisionIdUUIDv4; identifies the specific log and decision under challengeSection 8MoralTraceLogsHumanRightsMandateArt. 12; Art. 85RS.AN-03Cl. 9.1; Cl. 10.2Rule 902(11)SHIPPING
supportingEvidenceHashSHA256Hex; optional; hash of supporting evidence packageSection 8AlwaysMemoryArt. 12PR.DS-10Cl. 7.5Rule 902(11)SHIPPING
2.23 Human Rights Grievance
PropertyConstraintMonograph RefTML Pillar(s)EU AI ActNIST RMFISO 42001FRE 902Status
udhrProvisionsarray; minItems: 1; UDHR Articles alleged violated (e.g., "UDHR-Art-3")Section 2.3.3HumanRightsMandateArt. 22DE.CM-01Cl. 6.1.2Not directly referencedSHIPPING
genevaConventionProvisionsarray; optional; Geneva Convention provisions if applicableSection 2.3.3HumanRightsMandateArt. 22DE.CM-01Cl. 6.1.2Not directly referencedSHIPPING
grievanceNarrativestring; minLength: 100; maxLength: 16384Section 2.3.3HumanRightsMandateArt. 85GV.OC-01Cl. 10.2Not directly referencedSHIPPING
2.24 Bulk Evidence Export
PropertyConstraintMonograph RefTML Pillar(s)EU AI ActNIST RMFISO 42001FRE 902Status
legalBasisstring; minLength: 1; maxLength: 2048; e.g., "EU AI Act Article 72"Section 8MoralTraceLogsHumanRightsMandateArt. 72; Art. 74GV.OC-05Cl. 9.2Not directly referencedSHIPPING
exportScopeobject; fromDate + toDate required; optional stateFilter, pillarFilter, includePermissionTokens, includeMerkleProofsSection 8MoralTraceLogsPublicBlockchainsArt. 72; Art. 74GV.OC-05; DE.AE-02Cl. 9.1; Cl. 9.2Rule 902(11); Rule 902(13)SHIPPING
jurisdictionstring; optional; legal jurisdiction of requesting regulatory authoritySection 2.3.3HybridShieldArt. 74GV.OC-05Cl. 9.2Not directly referencedSHIPPING
2.25 Gateway Routing Status
PropertyConstraintMonograph RefTML Pillar(s)EU AI ActNIST RMFISO 42001FRE 902Status
operationalStatusenum incl. FAIL_CLOSED_ACTIVE; fail-open is not permittedSection 2.3SacredZeroAlwaysMemoryArt. 9; Art. 14DE.CM-09; GV.OC-01Cl. 8.4; Cl. 8.5Not directly referencedSHIPPING
failClosedActiveboolean; true when Gateway defaults all decisions to SacredZeroSection 2.3SacredZeroArt. 9; Art. 14DE.CM-09Cl. 8.4Not directly referencedSHIPPING
lanternStatus$ref LanternStatus; embedded so operators get Lantern state without separate callSection 2.4GoukassianPromiseArt. 13GV.OC-04Cl. 5.2Not directly referencedSHIPPING
2.26 Emergency Override Request
PropertyConstraintMonograph RefTML Pillar(s)EU AI ActNIST RMFISO 42001FRE 902Status
overrideTypeenum: BREAK_GLASS_SHUTDOWN|KILL_SWITCH|FORCED_STATE_TRANSITIONSection 13.3SacredZeroAlwaysMemoryHybridShieldArt. 14RS.MA-01; RC.RP-01Cl. 8.4; Cl. 10.2Not directly referencedSHIPPING
justificationstring; minLength: 100; logged to Moral Trace Log before execution; No Log = No ActionSection 13.3AlwaysMemoryArt. 14PR.DS-01; RS.MA-01Cl. 8.4Rule 902(11)SHIPPING
forcedStateenum: [-1, 0] only; forced transition to +1 (PROCEED) is schema-blockedSection 13.3SacredZeroArt. 14RS.MA-01Cl. 8.4Not directly referencedSHIPPING
custodianQuorumApprovaloptional BETA; HybridShield quorum approval if required by deployment policySection 2.3.3; Section 13.3HybridShieldArt. 9; Art. 14GV.OC-01Cl. 8.4; Cl. 8.5Not directly referencedBETA
if/then constrainttargetDecisionId and forcedState required when overrideType = FORCED_STATE_TRANSITIONSection 13.3AlwaysMemoryArt. 14RS.MA-01Cl. 8.4Not directly referencedSHIPPING
Part 3 — Cross-Cutting Compliance Notes
Audit verification surfaces, integrity checkpoints, canonical artifact name enforcement, and Implementation Gap summary
3.1 No Log = No Action — Five Enforcement Layers
An auditor verifying No Log = No Action must confirm all five enforcement layers below are intact across the specification. Schema constraint, cryptographic binding, log-level requirement, proof-level cross-reference, and on-chain ABI reversion are independent; bypassing one does not bypass the others.
LayerArtifact / LocationEnforcement MechanismMonograph Section
1 — Schema (StateEnvelope) StateEnvelope if/then constraint
tml_schema.json#/$defs/StateEnvelope		 permissionToken is REQUIRED when currentState == 1. Absence renders envelope schema-invalid. unevaluatedProperties: false prevents bypass. Section 2.3.3
2 — Schema (PermissionToken) PermissionToken.laneOrigin
tml_schema.json#/$defs/PermissionToken		 const: "ANCHORING_LANE". Schema-level rejection of all Inference Lane-originated tokens. The Inference Lane cannot produce a valid Permission Token. Section 2.3
3 — Schema (TSLF-StateP1) TSLF-StateP1.permissionToken
tml_schema.json#/$defs/TSLF-StateP1		 permissionToken is in the required array. pillarsCertified minItems: 8 / maxItems: 8. The Proceed log cannot be valid without the token, and the token cannot be valid without the log. Section 5B.i
4 — Schema (AuditProof) AuditProof.logHash / merkleRoot
tml_schema.json#/$defs/AuditProof		 logHash must match PermissionToken.logHash; merkleRoot must match PermissionToken.merkleRoot. Traversal path: token → logHash → merkleRoot → inclusionPath → GET /audit/verifications/merkle/{merkleRoot}. Section 8
5 — On-Chain ABI TML_Core.registerPermissionToken
NoLogNoAction custom error
tml_abi.json / TML_Core		 Reverts with NoLogNoAction error when logHash is not provably included in any anchored Merkle root. The on-chain final arbiter. Even a schema-valid token fails registration if the log is not anchored. Section 2.3.3
3.2 Sacred Zero — Integrity Checkpoints
An auditor must confirm State 0 is never aliased, substituted, or represented as a null, false, error, or timeout at any of the five checkpoint locations below. These are schema-enforced const constraints; any deviation is a schema violation.
CheckpointLocationCorrect ValueProhibited Values
State integer TriadicStateValue; StateEnvelope.currentState; TSLF-State0.currentState 0 (integer) null, false, "HOLD", "TIMEOUT", "ERROR", undefined
State label StateEnvelope.stateLabel; TSLF-State0.stateLabel "SACRED_ZERO" "SacredPause", "PauseState", "HOLD", "Timeout", "Error"
Process identifier StateEnvelope.processActive; TSLF-State0.processActive "SacredPause" (workflow name only; not a state alias) Using "SacredPause" as stateLabel; using it as a substitute for State 0
Epistemic Hold flag UncertaintyQuantification.epistemicHoldActive true (const in State 0 context) false; absent; null
Resolution states DeliberationMatrix.resolutionOptions[].proposedState; TSLF-State0.resolution.resolvedState 1 or -1 only (terminal states) 0 (Sacred Zero cannot resolve to another Sacred Zero)
3.3 Goukassian Promise — Artifact Name Integrity
The canonical Goukassian Promise artifact names appear as const values in three schema properties. An auditor must confirm these are exactly the lowercase strings shown. Any variation in case, spelling, or value is a schema violation.
ArtifactSchemaPropertyconst ValueUsage Context
Lantern LanternStatus artifactName "lantern" Public compliance beacon; required in TSLF-State0; exposed at GET /sacred-zero/lantern; lanternStatusBroadcast webhook
Signature SignatureBlock artifactName "signature" Provenance and non-repudiation; required in TSLF-StateP1 as theSignature; LanternStatus.signatureBlock; ComplianceAttestation.signatureBlock
License LicenseValidationRequest artifactName "license" Governs authorized use; validated at POST /goukassian/license/validate; violations trigger State -1 via TSLF-State-1.licenseViolation

LicenseViolationRecord.violatedArtifact uses the same lowercase enum values: "lantern", "signature", "license". In the ABI (ITMLEnforcer), these are encoded as ordinals for on-chain compatibility: 1 = "lantern", 2 = "signature", 3 = "license".

3.4 Implementation Gap — FUTURE Features (Section 10)
All FUTURE-classified items trace to Section 10 (Implementation Gap) of the TML Constitutionalization Monograph v3.3. No endpoint or schema claims to implement any feature in this table. SHIPPING mitigations are noted; they do not close the underlying gap.
FeatureSection 10 Blocking ConstraintSHIPPING MitigationRemaining GapSpecification Artifacts Affected
Real-time per-token blockchain anchoring Throughput asymmetry at global AI scale. Public blockchain TPS insufficient for per-token writes at Anchoring Lane latency. Merkle-batched anchoring. estimatedFinalizationAt field; GET /audit/verifications/merkle/{root}; GET /audit/verifications/inclusion/{logId}. Finalization lag between log commit and blockchain confirmation. PermissionToken valid before batch finalization; forensic auditability deferred. POST /anchoring-logs; PermissionToken; MerkleInclusionProof; TML_Core.anchorMerkleRoot
Post-quantum cryptography (PQC) signature migration HSM vendor firmware and EVM toolchain not uniformly supporting FIPS 204 (ML-DSA) / FIPS 205 (SLH-DSA) in production as of monograph version. ES256 (ECDSA P-256) as SHIPPING default. PQC algorithm IDs reserved in SignatureBlock.signatureAlgorithm enum and EIP-712 GoukassianSignatureAttestation.signatureAlgorithmId. Cryptographic non-repudiation chain retains long-term quantum vulnerability until HSM vendors and EVM toolchains ship PQC support. SignatureBlock.signatureAlgorithm; eip712_typed_data.json GoukassianSignatureAttestation signatureAlgorithmId 6-7
Hardware Moral Processing Units (MPUs) No production MPU silicon. Hardware gating of the actuation bus is architecturally desirable but physically unavailable. Dual-Lane software architecture. InferenceLaneSecurity vs AnchoringLaneSecurity. PermissionToken.laneOrigin: const "ANCHORING_LANE". GET /gateway/status failClosedActive field. Software enforcement requires a trusted execution environment. Non-conforming implementation can bypass software constraints; hardware gating would make this physically impossible. Entire Dual-Lane Architecture; GatewayRoutingStatus; PermissionToken.laneOrigin
Cross-jurisdiction custodian quorum in <500ms Network physics. Speed-of-light minimum RTT between geographically distributed custodian nodes exceeds 500ms budget for synchronous full quorum. Regional co-located subsets can achieve sub-500ms locally. GET /regulator/custodian-quorum reports crossJurisdictionLatencyMs. PermissionToken.custodianQuorumAttestation optional BETA field. Full cross-jurisdictional quorum within <500ms is not achievable with current network infrastructure. Endpoint is SHIPPING; the latency target is FUTURE. GET /regulator/custodian-quorum (x-tml-blocking-constraint annotation); PermissionToken.custodianQuorumAttestation (BETA); CustodianHeartbeat.latencyMs
Immutable ledger with native GDPR Article 17 compliance (Erasure Paradox) Architectural contradiction: cryptographic immutability (AlwaysMemory) and right to erasure (Article 17) cannot both be satisfied natively by a single log store. Cryptographic erasure: personal data encrypted per-record; key destruction renders data computationally inaccessible. This is a practical approximation under current regulatory interpretation, not native compliance. Three remaining gaps: (1) key-destruction-as-erasure not affirmed by all EU supervisory authorities; (2) erasure key registry is a critical dependency; (3) log metadata may itself constitute personal data in some jurisdictions. All TSLF schemas; SHA256Hex; PermissionToken.logHash; AuditProof; Cryptographic Erasure folder (TernaryLogic repo)
TML Specification Architecture — Step 4 of 5 — constitutional_compliance_matrix.md — v3.3.0-tml-monograph-2025 Authority: TML Constitutionalization Monograph v3.3