TML Specification Architecture — Deliverable A
openapi.yaml — Canonical API Contract
Ternary Moral Logic Framework — OpenAPI 3.1 Endpoint Reference
Dual-Lane Architecture
The binary inference engine operates as the system's fast cognitive layer: speed, pattern recognition, statistical throughput. The ternary logic operates as a sovereign governance coprocessor in parallel. The binary system proposes actions via the Inference Lane. The ternary system dictates whether those actions cross the actuation threshold via the Anchoring Lane. A proposed State +1 does not authorize actuation. Only a cryptographically valid Permission Token issued by the Anchoring Lane authorizes execution.
The binary inference engine operates as the system's fast cognitive layer: speed, pattern recognition, statistical throughput. The ternary logic operates as a sovereign governance coprocessor in parallel. The binary system proposes actions via the Inference Lane. The ternary system dictates whether those actions cross the actuation threshold via the Anchoring Lane. A proposed State +1 does not authorize actuation. Only a cryptographically valid Permission Token issued by the Anchoring Lane authorizes execution.
"Pause when truth is uncertain" → State 0 (SACRED_ZERO)
"Refuse when harm is clear" → State -1 (REFUSE)
"Proceed where truth is" → State +1 (PROCEED)
"Refuse when harm is clear" → State -1 (REFUSE)
"Proceed where truth is" → State +1 (PROCEED)
Security Schemes
Three tiered security profiles across all endpoint groups
InferenceLaneSecurity
mTLS + ServiceAccountJWT
Applies to Inference Lane and Gateway paths. Short-lived Service Account JWT. Mutual TLS at transport layer.
AnchoringLaneSecurity
HSM-SignedJWT + MutualTLS
Applies to Anchoring Lane, Sacred Zero, Refusal, and Emergency Override. JWT signed by HSM registered in HybridShield 6-Custodian registry.
AuditorRegulatorSecurity
CA-VettedJWT + IPAllowlist
Applies to Auditor Verification, Regulator Inspection, and Redress/Appeal. CA-vetted authority. IP allowlist enforced at gateway.
Inference Lane
Lane 1 — Fast Path — <2ms — Binary logic proposes actions. Does NOT actuate.
POST
/decisions
SHIPPING
Submit a decision vector to the TML binary inference engine. Returns a State Envelope with the proposed triadic state (+1, 0, or -1) and a Justification Object. A proposed State +1 does not authorize actuation. The actuation layer remains locked until the Anchoring Lane issues a valid Permission Token via POST /anchoring-logs.
NO LOG = NO ACTION — State +1 proposal from this endpoint does not authorize execution. Permission Token required.
TML Pillars
SacredZero
AlwaysMemory
Monograph Reference
Section 2.3
Request Body
proposedAction (string)
justificationObject (JustificationObject)
requestContext (object, optional)
justificationObject (JustificationObject)
requestContext (object, optional)
Sacred Zero Behavior
State 0 response triggers Sacred Pause. Do NOT retry same action vector until escalation resolved.
Responses
200StateEnvelope returned. State +1 requires Permission Token for actuation.
408SacredZeroHold — Sacred Pause active. Await sacredPauseEscalation webhook.
400Malformed request. Schema validation failure.
401Authentication required.
403Insufficient authorization.
409Idempotency conflict.
429Rate limit exceeded.
503Service unavailable.
x-tml-security: "mTLS + ServiceAccountJWT"
⚠ Idempotency-Key header required (UUID v4)
GET
/decisions/{decisionId}
SHIPPING
Retrieves a previously submitted decision record and its current State Envelope, including any Permission Token issued by the Anchoring Lane.
TML Pillars
AlwaysMemoryMoralTraceLogs
Monograph Reference
Section 2.3, Section 8
Path Parameter
decisionId (UUID v4)
Returns
StateEnvelope (with permissionToken if State +1 and anchored)
Responses
200Decision record returned as StateEnvelope.
404Decision record not found.
401Authentication required.
403Insufficient authorization.
x-tml-security: "mTLS + ServiceAccountJWT"
Anchoring Lane
Lane 2 — Governance Lane — <500ms — Ternary logic verifies, logs, and issues Permission Tokens.
POST
/anchoring-logs
SHIPPING
Submits a complete Moral Trace Log (TSLF) to the Anchoring Lane for cryptographic verification and Merkle-batched anchoring. The central enforcement point for No Log = No Action. For State +1 only: returns a Permission Token. For State 0: escalation record created; sacredPauseEscalation webhook fired. For State -1: refusal record created. No Permission Token is issued for State 0 or State -1.
NO LOG = NO ACTION — Permission Token issued ONLY after Moral Trace Log is anchored. Anti-spoliation commit precedes all token issuance.
TML Pillars
AlwaysMemoryPublicBlockchainsMoralTraceLogs
Monograph Reference
Section 2.3.3, Section 8
Request Body (oneOf discriminated)
TSLF-State0 (currentState: 0)
TSLF-State-1 (currentState: -1)
TSLF-StateP1 (currentState: +1)
TSLF-State-1 (currentState: -1)
TSLF-StateP1 (currentState: +1)
Implementation Note
Real-time per-token blockchain anchoring is FUTURE (Section 10). Batch anchoring with estimatedFinalizationAt is SHIPPING.
Responses
201Log anchored. permissionToken returned for State +1 only. Escalation record for State 0. Refusal record for State -1.
408SacredZeroHold active.
400Schema validation failure.
401Authentication required.
409Idempotency conflict.
503Service unavailable.
x-tml-security: "HSM-SignedJWT + MutualTLS"
⚠ Idempotency-Key header required (UUID v4)
GET
/anchoring-logs/{logId}
SHIPPING
Retrieves an anchored Moral Trace Log by its unique identifier, including current Merkle anchoring status and any issued Permission Token.
TML Pillars
MoralTraceLogsPublicBlockchains
Monograph Reference
Section 8
Returns (oneOf)
TSLF-State0 | TSLF-State-1 | TSLF-StateP1
Path Parameter
logId (UUID v4)
Responses
200Anchoring log record returned.
404Log record not found.
401Authentication required.
x-tml-security: "HSM-SignedJWT + MutualTLS"
Sacred Zero Escalation
Human-in-the-loop review queue. Lantern signal. State 0 is an active governance state — never null, never error, never timeout.
GET
/sacred-zero/escalations
SHIPPING
Returns the current human-in-the-loop review queue for all active Sacred Zero (State 0) escalations. Escalations remain in queue until a human authority resolves them to State +1 or State -1. During active Sacred Zero state, the Sacred Pause operational workflow is executing.
TML Pillars
SacredZeroHumanRightsMandate
Monograph Reference
Section 2.2
Query Parameters
status (PENDING|UNDER_REVIEW|RESOLVED)
limit (1-100, default 20)
cursor (pagination)
limit (1-100, default 20)
cursor (pagination)
Returns
escalations[], totalPending, nextCursor
Responses
200Escalation queue returned.
401Authentication required.
403Insufficient authorization.
x-tml-security: "HSM-SignedJWT + MutualTLS"
GET
/sacred-zero/escalations/{escalationId}
SHIPPING
Returns full detail for a single Sacred Zero escalation case, including the triggering State Envelope and the TSLF-State0 Moral Trace Log.
TML Pillars
SacredZeroMoralTraceLogs
Monograph Reference
Section 2.2, Section 8
Returns
escalationId, status, TSLF-State0, resolution (if RESOLVED)
Resolution States
+1 (PROCEED) or -1 (REFUSE) only. State 0 is not a valid resolution.
Responses
200Escalation case returned.
404Escalation not found.
401Authentication required.
x-tml-security: "HSM-SignedJWT + MutualTLS"
PATCH
/sacred-zero/escalations/{escalationId}
SHIPPING
Submits a human authority resolution for an active Sacred Zero escalation. Resolution must specify a terminal state (+1 or State -1). Resolution to +1: Anchoring Lane issues Permission Token and decision proceeds through actuation gate. Resolution to -1: Refusal Log generated and action permanently blocked.
TML Pillars
SacredZeroHumanRightsMandateAlwaysMemory
Monograph Reference
Section 2.2
Request Body
resolvedState (1 or -1 only)
justification (min 50 chars)
reviewerIdentity (string)
justification (min 50 chars)
reviewerIdentity (string)
Returns
escalationId, resolvedState, permissionToken (if resolvedState +1)
Responses
200Escalation resolved. Resolution logged to Moral Trace Log.
400Invalid resolution state or justification too short.
404Escalation not found.
409Idempotency conflict.
x-tml-security: "HSM-SignedJWT + MutualTLS"
⚠ Idempotency-Key header required (UUID v4)
GET
/sacred-zero/lantern
SHIPPING
Returns the current Goukassian Promise Lantern signal: the public compliance beacon of the TML system. The Lantern is always lit; its signal content reflects the current governance state. Canonical artifact name: "lantern" (lowercase).
TML Pillar
GoukassianPromise
Monograph Reference
Section 2.4
Returns
LanternStatus (compliancePosture, pillarStatuses, signatureBlock)
Artifact Name
artifactName: const "lantern"
Responses
200Current LanternStatus returned.
503Service unavailable.
x-tml-security: "mTLS + ServiceAccountJWT"
Refusal State
Hard refusal logging. Goukassian Promise license violation recording.
POST
/refusals
SHIPPING
Records a hard State -1 (Refuse) determination. The proposed action is permanently blocked. No Permission Token is issued. If triggered by a Goukassian Promise license violation, the licenseViolation field in TSLF-State-1 is mandatory.
TML Pillars
SacredZeroGoukassianPromiseAlwaysMemory
Monograph Reference
Section 2.3, Section 2.4
Request Body
TSLF-State-1 (complete Refusal Log)
Returns
refusalId, logId, anchoredAt. No permissionToken.
Responses
201Refusal logged and anchored. No Permission Token issued.
400Schema validation failure.
401Authentication required.
409Idempotency conflict.
x-tml-security: "HSM-SignedJWT + MutualTLS"
⚠ Idempotency-Key header required (UUID v4)
POST
/refusals/license-violations
SHIPPING
Records a specific Goukassian Promise license violation event. Captures violations of the Lantern, Signature, or License artifacts. Artifact names are canonical lowercase strings: "lantern", "signature", "license".
TML Pillar
GoukassianPromise
Monograph Reference
Section 2.4
Request Body
LicenseValidationRequest
Violated Artifacts
"lantern" | "signature" | "license"
Responses
201License violation recorded.
400Schema validation failure.
401Authentication required.
x-tml-security: "HSM-SignedJWT + MutualTLS"
⚠ Idempotency-Key header required (UUID v4)
Emergency Override
Break-glass shutdown. Kill switch. Forced state transitions. Monograph Section 13.3.
POST
/emergency/override
SHIPPING
SUPREME AUTHORITY ENDPOINT (Section 13.3). Activates emergency override protocols: BREAK_GLASS_SHUTDOWN (halts all Inference Lane proposals), KILL_SWITCH (forces all active State Envelopes to State -1), or FORCED_STATE_TRANSITION (transitions a specific decision). ALL invocations are immutably logged before taking effect. No Log = No Action applies without exception.
NO LOG = NO ACTION applies to emergency overrides without exception. Override is logged before execution.
TML Pillars
SacredZeroAlwaysMemoryHybridShield
Monograph Reference
Section 13.3
Override Types
BREAK_GLASS_SHUTDOWN
KILL_SWITCH
FORCED_STATE_TRANSITION
KILL_SWITCH
FORCED_STATE_TRANSITION
Forced State Constraint
forcedState: -1 or 0 only. Forced transition to +1 is not permitted.
Responses
200Emergency override executed and logged. Returns overrideId, logId, affectedDecisionCount.
400Schema validation failure.
401Authentication required.
403Not a registered supreme authority.
409Idempotency conflict.
x-tml-security: "HSM-SignedJWT + MutualTLS"
⚠ Idempotency-Key header required (UUID v4)
GET
/emergency/status
SHIPPING
Returns the current emergency status of the TML system, including whether break-glass shutdown or kill switch is active.
TML Pillars
SacredZeroHybridShield
Monograph Reference
Section 13.3
System States
NORMAL_OPERATION
BREAK_GLASS_ACTIVE
KILL_SWITCH_ACTIVE
SACRED_ZERO_SYSTEM_WIDE
BREAK_GLASS_ACTIVE
KILL_SWITCH_ACTIVE
SACRED_ZERO_SYSTEM_WIDE
Returns
emergencyActive, systemState, activeOverrideId (if active), activatedAt
Responses
200Emergency status returned.
401Authentication required.
x-tml-security: "HSM-SignedJWT + MutualTLS"
Auditor Verification
Merkle root verification. Log inclusion proofs. Custodian heartbeats. Compliance attestations.
GET
/audit/verifications/merkle/{merkleRoot}
SHIPPING
Verifies that a given Merkle root corresponds to a finalized and anchored batch of Moral Trace Logs on the public blockchain. Returns anchoring metadata and chain-of-custody information. Note: verifies batch-level Merkle roots; real-time per-token anchoring is FUTURE (Section 10).
TML Pillars
PublicBlockchainsMoralTraceLogs
Monograph Reference
Section 8
Path Parameter
merkleRoot (64-char lowercase hex SHA-256)
Returns
MerkleInclusionProof (batchId, logCount, anchoredAt, blockchainTxId)
Responses
200Merkle root verified. MerkleInclusionProof returned.
404Merkle root not found in anchor records.
401Authentication required.
x-tml-security: "CA-VettedJWT + IPAllowlist"
GET
/audit/verifications/inclusion/{logId}
SHIPPING
Returns the Merkle inclusion proof for a specific Moral Trace Log entry, demonstrating its inclusion in an anchored Merkle batch. Primary forensic artifact for log authenticity.
TML Pillars
PublicBlockchainsMoralTraceLogsAlwaysMemory
Monograph Reference
Section 8
Returns
MerkleInclusionProof (logHash, merkleRoot, inclusionPath[], blockchainTxId)
Proof Structure
inclusionPath: ordered sibling hashes from leaf to root (LEFT|RIGHT positions)
Responses
200Inclusion proof returned.
404Log not found.
401Authentication required.
x-tml-security: "CA-VettedJWT + IPAllowlist"
GET
/audit/custodians/{custodianId}/heartbeat
SHIPPING
Returns the current heartbeat status for one of the 6-Custodian HybridShield distributed anchoring nodes. A missing or stale heartbeat triggers HybridShield failover protocols. Cross-jurisdiction sub-500ms quorum is FUTURE (Section 10).
TML Pillar
HybridShield
Monograph Reference
Section 2.3.3
Returns
CustodianHeartbeat (status, lastHeartbeatAt, jurisdiction, latencyMs)
Custodian Statuses
ACTIVE | DEGRADED | UNREACHABLE | ROTATING_KEYS
Responses
200Custodian heartbeat status returned.
404Custodian not found.
401Authentication required.
x-tml-security: "CA-VettedJWT + IPAllowlist"
GET
/audit/compliance/attestation
SHIPPING
Returns the current signed compliance attestation for the TML system, certifying adherence to the Eight Pillars. Signed by the Goukassian Promise Signature Block and anchored to the public Merkle chain.
TML Pillars
GoukassianPromisePublicBlockchainsHumanRightsMandateEarthProtectionMandate
Monograph Reference
Section 2.4, Section 8
Returns
ComplianceAttestation (pillarCompliance[all 8], overallStatus, signatureBlock, merkleRoot)
Overall Status
FULLY_COMPLIANT | PARTIAL_COMPLIANCE | NON_COMPLIANT
Responses
200Compliance attestation returned.
401Authentication required.
403Insufficient authorization.
x-tml-security: "CA-VettedJWT + IPAllowlist"
Redress and Appeal
Subject-initiated challenge. Moral Trace Log re-evaluation. Human rights grievance filing.
POST
/redress/challenges
SHIPPING
Allows a subject of a TML decision to initiate a formal challenge against a logged State determination. Initiates a Moral Trace Log re-evaluation workflow under the Human Rights Mandate (Pillar V).
TML Pillars
HumanRightsMandateMoralTraceLogs
Monograph Reference
Section 2.3.3
Request Body
RedressChallenge (subjectIdentity, challengedLogId, challengeGrounds[])
Returns
challengeId, submittedAt, status (PENDING)
Responses
201Challenge submitted and queued for re-evaluation.
400Schema validation failure.
409Idempotency conflict.
x-tml-security: "CA-VettedJWT + IPAllowlist"
⚠ Idempotency-Key header required (UUID v4)
GET
/redress/challenges/{challengeId}
SHIPPING
Returns the current status and, if resolved, the outcome of a subject-initiated redress challenge including whether the challenge was upheld and any revised State Envelope.
TML Pillars
HumanRightsMandateMoralTraceLogs
Monograph Reference
Section 2.3.3
Status Values
PENDING | UNDER_REVIEW | RESOLVED
Outcome (if RESOLVED)
upheld (bool), revisedStateEnvelope (if upheld)
Responses
200Challenge status returned.
404Challenge not found.
x-tml-security: "CA-VettedJWT + IPAllowlist"
POST
/redress/log-reevaluation
SHIPPING
Initiates a formal re-evaluation of a specific Moral Trace Log entry. The re-evaluation does NOT modify the original immutable log; it creates a new review record linked to the original (AlwaysMemory).
TML Pillars
MoralTraceLogsAlwaysMemoryHumanRightsMandate
Monograph Reference
Section 8
Request Body
logId, challengeId, reevaluationJustification (min 100 chars)
Immutability Note
Original log is immutable. Re-evaluation creates a new linked record only.
Responses
201Re-evaluation initiated. reevaluationId returned.
400Justification too short or schema failure.
x-tml-security: "CA-VettedJWT + IPAllowlist"
⚠ Idempotency-Key header required (UUID v4)
POST
/redress/human-rights-grievances
SHIPPING
Files a formal human rights grievance against a TML decision. Aligned with the Human Rights Mandate (Pillar V, UDHR/Geneva Convention vector enforcement). Grievances are logged, assigned to compliance review, and anchored to the public Merkle chain.
TML Pillars
HumanRightsMandateAlwaysMemoryPublicBlockchains
Monograph Reference
Section 2.3.3
Request Body
HumanRightsGrievance (udhrProvisions[], genevaConventionProvisions[], grievanceNarrative min 100 chars)
Returns
grievanceId, filedAt
Responses
201Grievance filed and logged.
400Schema validation failure.
x-tml-security: "CA-VettedJWT + IPAllowlist"
⚠ Idempotency-Key header required (UUID v4)
Regulator Inspection
Bulk evidence export. Cross-jurisdiction custodian quorum status. Qualified timestamp verification.
POST
/regulator/evidence-export
SHIPPING
Initiates a bulk export of Moral Trace Logs and Permission Token records for regulatory inspection. Exports are signed, Merkle-verified archives with chain-of-custody documentation. Asynchronous: returns a job ID for status polling. Completed exports available for 72 hours.
TML Pillars
MoralTraceLogsPublicBlockchainsAlwaysMemory
Monograph Reference
Section 8
Request Body
BulkEvidenceExport (regulatorIdentity, legalBasis, exportScope{fromDate, toDate, stateFilter, pillarFilter})
Returns
exportJobId, estimatedCompletionAt, statusUrl
Responses
202Export job accepted. Poll exportJobId for status.
400Schema validation failure.
403Insufficient authorization.
x-tml-security: "CA-VettedJWT + IPAllowlist"
⚠ Idempotency-Key header required (UUID v4)
GET
/regulator/custodian-quorum
SHIPPING
Returns the current quorum status of the 6-Custodian HybridShield across all registered jurisdictions. Endpoint is SHIPPING; cross-jurisdiction sub-500ms quorum is FUTURE per Section 10 (network physics constraint).
TML Pillar
HybridShield
Monograph Reference
Section 2.3.3
Returns
quorumAchieved, activeCustodianCount (0-6), requiredQuorumThreshold, custodians[], crossJurisdictionLatencyMs
Future Constraint
x-tml-blocking-constraint: "Section 10: Cross-jurisdiction sub-500ms quorum remains FUTURE"
Responses
200Custodian quorum status returned.
401Authentication required.
x-tml-security: "CA-VettedJWT + IPAllowlist"
GET
/regulator/timestamp-verification/{logId}
SHIPPING
Returns the qualified timestamp verification record for a specific Moral Trace Log entry. Timestamp is qualified per RFC 3161 (Internet X.509 PKI Time-Stamp Protocol) and anchored in the Merkle batch record.
TML Pillars
MoralTraceLogsPublicBlockchains
Monograph Reference
Section 8
Returns
qualifiedTimestamp, timestampAuthority (RFC 3161 TSA), merkleRoot, verificationStatus
Verification Status
VERIFIED | PENDING | FAILED
Responses
200Timestamp verification record returned.
404Log not found.
x-tml-security: "CA-VettedJWT + IPAllowlist"
Gateway
TML Gateway routing logic. Lane assignment. Fail-closed status. Fail-open is not an acceptable degradation mode.
GET
/gateway/status
SHIPPING
Returns the current operational status of the TML Gateway. FAIL-CLOSED: if the Gateway cannot route to the Anchoring Lane, it defaults to State 0 (SacredZero) and triggers the Sacred Pause. It does NOT default to State +1. Fail-open is constitutionally prohibited.
TML Pillars
SacredZeroAlwaysMemory
Monograph Reference
Section 2.3
Returns
GatewayRoutingStatus (operationalStatus, failClosedActive, inferenceLaneStatus, anchoringLaneStatus, lanternStatus)
Operational States
NORMAL_OPERATION | DEGRADED | FAIL_CLOSED_ACTIVE | EMERGENCY_OVERRIDE_ACTIVE
Responses
200GatewayRoutingStatus returned.
503Gateway unavailable.
x-tml-security: "mTLS + ServiceAccountJWT"
POST
/gateway/lane-assignment
SHIPPING
Requests lane assignment from the TML Gateway for an incoming decision vector. Gateway assigns to INFERENCE_LANE or escalates directly to ANCHORING_LANE. sacredZeroOverride flag indicates fail-closed activation.
TML Pillars
SacredZeroAlwaysMemoryMoralTraceLogs
Monograph Reference
Section 2.3
Returns
assignedLane (INFERENCE_LANE|ANCHORING_LANE), routingRationale, sacredZeroOverride (bool)
Fail-Closed
sacredZeroOverride: true when Gateway defaults to SacredZero due to Anchoring Lane unavailability.
Responses
200Lane assignment returned.
408SacredZeroHold — fail-closed active.
400Schema validation failure.
x-tml-security: "mTLS + ServiceAccountJWT"
⚠ Idempotency-Key header required (UUID v4)
Goukassian Promise
Provenance. Non-repudiation. License validation. Three canonical artifacts: lantern, signature, license.
GET
/goukassian/signature
SHIPPING
Returns the current Goukassian Promise Signature Block: the provenance and non-repudiation artifact for the TML system. One of the three canonical Goukassian Promise artifacts alongside the Lantern and the License. Canonical artifact name: "signature" (lowercase).
TML Pillar
GoukassianPromise
Monograph Reference
Section 2.4
Returns
SignatureBlock (artifactName: "signature", signerKeyId, signatureValue, signatureAlgorithm, signedAt)
Algorithms (SHIPPING)
ES256, ES384, ES512, RS256, RS384, RS512. PQC: FUTURE (Section 10).
Responses
200Current SignatureBlock returned.
503Service unavailable.
x-tml-security: "mTLS + ServiceAccountJWT"
POST
/goukassian/license/validate
SHIPPING
Validates a Goukassian Promise License artifact. Returns validation status, expiry, and any detected violations. A failed validation triggers State -1 (Refuse) on the associated decision vector. Canonical artifact name: "license" (lowercase).
TML Pillar
GoukassianPromise
Monograph Reference
Section 2.4
Request Body
LicenseValidationRequest (artifactName: "license", licenseToken, requestingEntityId)
Returns
valid (bool), validatedAt, expiresAt, violations[] (empty if valid)
Responses
200License validation result returned.
400Schema validation failure.
401Authentication required.
x-tml-security: "HSM-SignedJWT + MutualTLS"
⚠ Idempotency-Key header required (UUID v4)
Webhooks
Async notifications for Sacred Pause escalation and Lantern status broadcasts.
HOOK
sacredPauseEscalation
SHIPPING
🔔 Async webhook — delivered to registered escalation endpoints when State 0 (SacredZero) activates the Sacred Pause operational workflow.
Async notification when Sacred Zero triggers human review. The TML Gateway broadcasts to all registered escalation endpoints. Sacred Pause is the operational workflow; Sacred Zero (State 0) is the state.
TML Pillar
SacredZero
Monograph Reference
Section 2.2
Payload
escalationId, decisionId, triggeredAt, stateEnvelope, lanternStatus, humanReviewQueueUrl
Retry Semantics
Exponential backoff, min 3 attempts over 15 minutes. On failure: HybridShield failover queue. Deduplicate on escalationId.
⚠ x-tml-idempotency: receivers MUST deduplicate on escalationId
HOOK
lanternStatusBroadcast
SHIPPING
🔔 Async webhook — public Goukassian Promise Lantern compliance beacon update broadcast to all registered observers.
Public beacon signal update from the Goukassian Promise (Pillar III). Broadcasts the current constitutional compliance state of the TML system. Best-effort delivery, 3 attempts with 5-second intervals. Duplicate delivery acceptable (idempotent by design).
TML Pillar
GoukassianPromise
Monograph Reference
Section 2.4
Payload
lanternSignalId, broadcastAt, lanternStatus (LanternStatus), signatureBlock (SignatureBlock)
Retry Semantics
Best-effort, 3 attempts, 5-second intervals. Deduplicate on lanternSignalId.
⚠ x-tml-idempotency: receivers MUST deduplicate on lanternSignalId