The three sovereign states of the Ternary Moral Logic framework. Signed integers, not enumerations of convenience. State 0 is SACRED_ZERO: an active first-class governance state, never null, never false, never an error code, never a timeout.

Human-readable UPPER_SNAKE_CASE label corresponding to the numeric triadic state value. Must be consistent with the companion TriadicStateValue integer.

Canonical machine-readable PascalCase identifier for each of the Eight Pillars of Ternary Moral Logic. Exact and immutable. No substitution, abbreviation, or aliasing permitted.

Identifies the dual-lane architectural origin of a request or token. Maps directly to the Dual-Lane Latency Architecture.

A SHA-256 hash represented as a 64-character lowercase hexadecimal string. Primary tamper-evidence primitive used throughout all log, token, and proof schemas.

An RFC 3339 / ISO 8601 UTC timestamp with timezone designator. Timestamp integrity primitive for all time-bearing log and token fields.

A universally unique identifier in canonical UUID v4 format. Standard identifier primitive for all entity IDs across the schema bundle.

The schema-level enforcement artifact for the No Log = No Action iron law. A Permission Token is the SOLE authorization for the actuation layer to execute a proposed State +1 action. Its absence renders any State +1 State Envelope invalid by schema constraint. Cryptographically signed by the Anchoring Lane and verifiable against the Merkle root. Never issued for State 0 or State -1.

The outer decision container for all TML state determinations. Carries the triadic state, state label, the operational process active within that state, the proposed action, and conditionally requires a valid Permission Token when currentState is +1. Schema-level enforcement of No Log = No Action via if/then constraint.

The envelope that travels between the Inference Lane and the Anchoring Lane, carrying the reasoning, uncertainty quantification, and ethical verification inputs that underpin the triadic state determination. The JustificationObject informs the Anchoring Lane's independent ternary evaluation; it does not authorize anything.

Structured uncertainty quantification record for a State 0 (SacredZero) determination. Captures the Epistemic Hold conditions that triggered mandatory hesitation. Epistemic Hold is a canonical TML term for the system's recognition that it has reached the boundary of its reliable knowledge.

Structured matrix of considerations presented to the human reviewer during the Sacred Pause operational workflow. Captures competing values, risk vectors, and resolution options. Resolution options are constrained to +1 or -1 only; State 0 is not a valid resolution.

Formal request for human authority resolution of a Sacred Zero escalation. Generated by the Sacred Pause operational workflow and queued for human-in-the-loop review.

Ternary State Log Format record for State 0 (SacredZero) determinations. Captures the Sacred Pause operational workflow activation, uncertainty quantification, deliberation matrix, and resolution request. The currentState discriminator value is exactly 0. Immutable forensic record committed before any human review (AlwaysMemory, Pillar II).

Records a violation of the Goukassian Promise License artifact. License violations are a mandatory trigger for State -1 (Refuse) determinations. The violatedArtifact field uses canonical lowercase artifact names.

Structured analysis of the threat vectors that produced a State -1 (Refuse) determination. Each vector carries a category, severity, implicated pillar, and optional UDHR/Paris Agreement provision trackers.

Forensic chain-of-custody record for a Moral Trace Log entry, documenting every handler and transformation from creation through anchoring. Each entry carries inputHash and outputHash to provide tamper-evidence across handler transitions.

Ternary State Log Format record for State -1 (Refuse) determinations. Captures the hard refusal, threat vector analysis, Goukassian Promise license violation (if applicable), and chain of custody. No Permission Token is issued. The currentState discriminator value is exactly -1.

Structured ethical verification record produced by the Anchoring Lane for State +1 (PROCEED) determinations. Certifies that all Eight Pillars were assessed and passed. All Eight Pillars must be present and PASSED; any FAILED pillar blocks PROCEED.

Verification result for a single TML Pillar within an EthicalVerification. A FAILED verdict for any pillar blocks the PROCEED determination. Used as the value type in EthicalVerification.pillarVerifications and ComplianceAttestation.pillarCompliance.

Cryptographic audit proof for a State +1 (PROCEED) log, demonstrating Merkle inclusion and binding the Permission Token to the anchored log. The inclusionPath array provides the sibling-hash path from leaf to root. Any auditor can traverse: Permission Token -> logHash -> merkleRoot -> inclusionPath -> public blockchain.

Ternary State Log Format record for State +1 (PROCEED) determinations. Captures the ethical verification, the Goukassian Promise Signature, the issued Permission Token, and the cryptographic audit proof. permissionToken is a required field: this log cannot be valid without it, and the token cannot be valid without this log. Committed and anchored before the Permission Token is released to the actuation layer. pillarsCertified requires exactly 8 entries.

The Goukassian Promise Lantern: the public compliance beacon signal of the TML system. Broadcasts the system's current constitutional governance posture. The Lantern is always lit; its signal content reflects the current governance state. Canonical artifact name: "lantern" (lowercase const).

The Goukassian Promise Signature: provenance and non-repudiation artifact for the TML system. Binds a TML artifact (log, token, broadcast) to the constitutional provenance chain via HSM-backed cryptographic signing. Canonical artifact name: "signature" (lowercase const). The signatureAlgorithm enum reserves PQC identifiers for forward-compatible migration.

A request to validate a Goukassian Promise License artifact. The License governs authorized use of the TML system; violations are mandatory refusal triggers. Canonical artifact name: "license" (lowercase const).

Cryptographic proof that a specific Moral Trace Log entry is included in an anchored Merkle batch on the public blockchain. Primary forensic artifact for log authenticity verification. Auditors traverse: logHash (leaf) -> inclusionPath -> merkleRoot -> blockchainTxId.

Health and liveness signal from one of the 6-Custodian HybridShield distributed anchoring nodes. A missing or stale heartbeat triggers HybridShield failover protocols. Cross-jurisdiction sub-500ms quorum is FUTURE (Section 10); latencyMs documents the current observed value.

Signed attestation certifying the TML system's adherence to the Eight Pillars as of the attestation timestamp. Signed by the Goukassian Promise Signature Block and anchored to the public Merkle chain. All Eight Pillars required in pillarCompliance.

A subject-initiated formal challenge against a TML state determination. Initiates a Moral Trace Log re-evaluation workflow under the Human Rights Mandate (Pillar V). challengeGrounds carries per-pillar grounds with optional UDHR Article citations.

A formal human rights grievance against a TML decision. Aligned with the Human Rights Mandate (Pillar V, UDHR/Geneva Convention vector enforcement). Grievances are logged, assigned to compliance review, and anchored to the public Merkle chain. grievanceNarrative minimum 100 characters.

Parameters for a regulatory bulk evidence export of Moral Trace Logs and Permission Token records. Accepts jurisdiction, legal basis, date range, state filter, and pillar filter. Exports are signed, Merkle-verified archives. Asynchronous operation.

Operational status of the TML Gateway. FAIL-CLOSED: if the Gateway cannot route to the Anchoring Lane, failClosedActive becomes true and all decisions default to State 0 (SacredZero). Fail-open is constitutionally prohibited. Exposes lanternStatus so operators get the Lantern signal without a separate call.

Request payload for Emergency Override invocation under Section 13.3 supreme authority. Supports BREAK_GLASS_SHUTDOWN, KILL_SWITCH, and FORCED_STATE_TRANSITION. ALL invocations are pre-logged before execution (No Log = No Action applies without exception). Forced transition to PROCEED (+1) is schema-blocked; forcedState enum is [-1, 0] only.