aura-labs.ai

AURA Data Dictionary

Version: 1.6 Date: April 14, 2026 Protocol: v2.2

Version: 1.0 Date: April 2026 Authority: DEC-038, CLAUDE.md Law 13 Status: Living Document

Purpose

This document is the canonical reference for every data element in the AURA protocol. It defines the format, validation rules, generation method, and storage representation for each element. No data element may be introduced in code without a corresponding entry here.

Enforcement:

The pre-flight skill checks that new data elements reference this dictionary.
Input validation tests validate against the formats defined here.
Disputes reference this dictionary when verifying evidence integrity.

Conventions

Format is the wire representation (what appears in JSON payloads and HTTP headers).
Validation is a regex or predicate that code MUST enforce at the boundary.
Generation is the prescribed method to create the value. Deviations are bugs.
Storage is the PostgreSQL column type.
Sensitivity follows the classification: public (no restrictions), internal (not exposed to counterparties), sensitive (PII or financial), secret (never logged, never stored in plaintext).

Identifiers

UUID

Property	Value
Business meaning	Unique identifier for any protocol entity (principal, agent, session, offer, transaction, dispute, scope)
Type	string
Format	Lowercase UUID v4: `xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx` where y is [89ab]
Validation	`/^[0-9a-f]{8}-[0-9a-f]{4}-4[0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$/i`
Generation	`crypto.randomUUID()` (Node.js) or `gen_random_uuid()` (PostgreSQL)
Storage	`UUID` (PostgreSQL native type)
Sensitivity	public
Prefixed variants	Entity-specific prefixes are used in API responses for clarity but NOT stored: `prn_` (principal), `sct_` (scout), `bcn_` (beacon), `ses_` (session), `ofr_` (offer), `txn_` (transaction), `dsp_` (dispute), `dsc_` (delegation scope)

Ed25519 Public Key

Property	Value
Business meaning	Cryptographic identity anchor for agents and principals
Type	string
Format	Base64-encoded raw 32-byte Ed25519 public key (NOT PEM, NOT SPKI-wrapped)
Validation	Base64 string that decodes to exactly 32 bytes: `Buffer.from(value, 'base64').length === 32`
Generation	`crypto.generateKeyPairSync('ed25519')` → extract raw 32 bytes from SPKI DER (last 32 bytes) → base64 encode
Storage	`TEXT` (base64 string, with `UNIQUE` constraint)
Sensitivity	public (public keys are not secret)

Key Fingerprint

Property	Value
Business meaning	Human-readable stable identifier for a public key
Type	string
Format	Lowercase hex-encoded SHA-256 of the raw 32-byte public key (64 hex chars)
Validation	`/^[0-9a-f]{64}$/`
Generation	`crypto.createHash('sha256').update(Buffer.from(publicKeyBase64, 'base64')).digest('hex')`
Storage	`VARCHAR(64)`
Sensitivity	public

Timestamps

Request Timestamp (X-Agent-Timestamp header)

Property	Value
Business meaning	When the agent signed the request. Used for replay attack prevention
Type	string
Format	Unix timestamp in milliseconds as a decimal string (e.g., `"1711972800000"`)
Validation	`/^\d{13,14}$/` AND `Math.abs(Date.now() - parseInt(value)) < 300000` (within 5 minutes)
Generation	`Date.now().toString()`
Storage	Not stored (transient header, validated at request time)
Sensitivity	public
WARNING	Do NOT use `new Date().toISOString()`. The server parses with `parseInt()` and compares to `Date.now()`. ISO strings produce `NaN` or incorrect values

Database Timestamp

Property	Value
Business meaning	When a record was created or modified in the database
Type	string (in JSON responses)
Format	ISO 8601 with timezone: `YYYY-MM-DDTHH:mm:ss.sssZ`
Validation	Valid ISO 8601 parseable by `new Date(value)`
Generation	PostgreSQL `NOW()` or `DEFAULT NOW()` — NOT application code
Storage	`TIMESTAMPTZ` (PostgreSQL timestamp with time zone)
Sensitivity	public

Delegation Scope Valid From / Valid Until

Property	Value
Business meaning	Time window during which a delegation scope is active
Type	string
Format	ISO 8601 with timezone: `YYYY-MM-DDTHH:mm:ss.sssZ`
Validation	Valid ISO 8601; `valid_from < valid_until`
Generation	Caller provides; Core validates
Storage	Within `constraints` JSONB (string value)
Sensitivity	internal

Ed25519 Signatures

Registration Signature (X-Agent-Signature on register)

Property	Value
Business meaning	Proof-of-possession — proves the registrant holds the private key corresponding to the declared public key
Type	string
Format	Base64-encoded Ed25519 signature (64 bytes raw → 88 chars base64)
Validation	Base64 string that decodes to exactly 64 bytes; verifies against the declared public key over `JSON.stringify(requestBody)`
Generation	`crypto.sign(null, Buffer.from(JSON.stringify(body)), privateKey).toString('base64')`
Storage	Not stored (verified at registration time)
Sensitivity	public (signature, not a secret)

Request Signature (X-Agent-Signature on authenticated requests)

Property	Value
Business meaning	Proves the request was sent by the registered agent
Type	string
Format	Base64-encoded Ed25519 signature (64 bytes raw)
Validation	Verifies against agent’s registered public key over canonical signing string
Generation	Sign `"${METHOD}\n${PATH}\n${TIMESTAMP}\n${BODY_DIGEST}"` where BODY_DIGEST is `base64(SHA-256(rawBody))` or empty string if no body. NOTE: Fastify does not capture `request.rawBody`, so Core always uses empty body digest. Signing clients MUST also use empty body digest for authenticated requests.
Canonical signing string	`crypto.sign(null, Buffer.from(\`${method}\n${path}\n${timestamp}\n`), privateKey).toString(‘base64’)`
Storage	Not stored
Sensitivity	public

Offer Signature (beacon_signature on offers)

Property	Value
Business meaning	Beacon’s cryptographic commitment to offer terms
Type	string
Format	Base64-encoded Ed25519 signature
Validation	Verifies against Beacon’s registered public key over canonical offer payload
Generation	Sign newline-delimited: `"${sessionId}\n${beaconId}\n${productJson}\n${unitPrice}\n${quantity}\n${totalPrice}\n${currency}"`
Storage	`TEXT` (on offers table)
Sensitivity	public

Attestation Signature (interpretation attestation, Core counter-signature)

Property	Value
Business meaning	Core’s cryptographic binding of interpretation or offer verification
Type	string
Format	Base64-encoded Ed25519 signature
Validation	Verifies against Core’s public key at `GET /.well-known/core-signing-key`
Generation	Sign `JSON.stringify(attestationBody, Object.keys(attestationBody).sort())` — sorted-key canonical JSON, excluding the signature field itself
Storage	Within JSONB (attestation object)
Sensitivity	public

Principal Fields

Principal Type

Property	Value
Business meaning	Whether the principal is a legal entity or a natural person
Type	string (enum)
Format	One of: `organization`, `individual`
Validation	`['organization', 'individual'].includes(value)`
Generation	Caller provides
Storage	`VARCHAR(20)` with CHECK constraint
Sensitivity	public

Jurisdiction

Property	Value
Business meaning	Country (and optional subdivision) where the principal is registered
Type	string
Format	ISO 3166: `XX` (country) or `XX-YY` (country-subdivision), uppercase
Validation	`/^[A-Z]{2}(-[A-Z0-9]{1,3})?$/`
Generation	Caller provides
Storage	`VARCHAR(10)`
Sensitivity	public

Legal Entity Identifier (LEI)

Property	Value
Business meaning	Global unique identifier for legal entities (ISO 17442)
Type	string
Format	20 alphanumeric characters, uppercase
Validation	`/^[A-Z0-9]{20}$/`
Generation	Issued by Local Operating Units (LOUs) — not generated by AURA
Storage	Within `identifiers` JSONB
Sensitivity	public

Legal Name

Property	Value
Business meaning	Registered legal name of the principal entity
Type	string
Format	UTF-8 text, max 500 characters
Validation	`typeof value === 'string' && value.length > 0 && value.length <= 500`
Generation	Caller provides
Storage	`VARCHAR(500)`
Sensitivity	internal

Trust Level (DEC-049)

Property	Value
Business meaning	How thoroughly the principal’s identity has been established by external credentials
Type	string (enum)
Format	One of: `self_declared`, `domain_verified`, `entity_verified`, `kyc_verified`
Validation	`['self_declared', 'domain_verified', 'entity_verified', 'kyc_verified'].includes(value)`
Generation	Derived from accepted external credentials via Trust Framework. Defaults to `self_declared` (no credential). Cannot be set directly.
Storage	`VARCHAR(30)` with CHECK constraint
Sensitivity	public
Note	Replaces `verification_level` (deprecated v2.2). Same enum values, different provenance — trust level is credential-derived, not AURA-verified.

Credential Format

Property	Value
Business meaning	The format of an externally-issued identity credential presented to AURA
Type	string (enum)
Format	One of: `vc+jwt`, `vc+sd-jwt`, `vlei`, `x509+domain`, `tap`, `ob+jwt`, `self_declared`
Validation	Must be a supported format in the active Trust Framework
Generation	Declared by caller in credential presentation
Storage	`VARCHAR(30)`
Sensitivity	public

Agent Fields

Agent Type

Property	Value
Business meaning	Whether the agent represents a buyer or seller
Type	string (enum)
Format	One of: `scout`, `beacon`
Validation	`['scout', 'beacon'].includes(value)`
Generation	Caller provides at registration
Storage	`VARCHAR(20)` with CHECK constraint
Sensitivity	public

Capacity

Property	Value
Business meaning	The relationship between the agent and its principal
Type	string (enum)
Format	One of: `agent_for_principal`, `principal_direct`, `platform_delegated`
Validation	`['agent_for_principal', 'principal_direct', 'platform_delegated'].includes(value)`
Generation	Caller provides at registration; defaults to `agent_for_principal`
Storage	`VARCHAR(30)`
Sensitivity	public

Agent Status

Property	Value
Business meaning	Lifecycle state of the agent identity
Type	string (enum)
Format	One of: `active`, `suspended`, `revoked`
Validation	`['active', 'suspended', 'revoked'].includes(value)`
Generation	Set by Core. `active` at registration, transitions via API.
Storage	`VARCHAR(20)` with CHECK constraint
Sensitivity	public

Property	Value
Business meaning	The level of human authorization under which a transaction was committed
Type	string (enum)
Format	One of: `explicit`, `policy`, `delegated`
Validation	`['explicit', 'policy', 'delegated'].includes(value)`
Generation	Set by the committing agent in the authority attestation
Storage	`VARCHAR(20)` with CHECK constraint (on delegation_scopes); within JSONB (on transaction authority_attestation)
Sensitivity	public

Property	Value
Business meaning	Beacon’s declaration of minimum consent tier required to commit to this offer
Type	object (JSONB)
Format	`{ "minimum_tier": "<tier>", "reason": "<string>", "above_amount": <number> }`
Validation	If present: `minimum_tier` required, must be valid consent tier; `reason` optional string max 500 chars; `above_amount` optional positive number
Generation	Beacon provides at offer submission
Storage	`JSONB` on offers table
Sensitivity	public

Property	Value
Business meaning	The minimum consent tier a Scout must provide in L5 to commit to this offer
Type	string (enum)
Format	One of: `explicit`, `policy`, `delegated`
Validation	`['explicit', 'policy', 'delegated'].includes(value)`
Generation	Beacon provides; Core validates at commit time against L5 consent_tier
Storage	Within `consent_requirements` JSONB on offers table
Sensitivity	public

Property	Value
Business meaning	Human-readable explanation of why elevated consent is required
Type	string
Format	UTF-8 text, max 500 characters
Validation	`typeof value === 'string' && value.length <= 500`
Generation	Beacon provides (optional)
Storage	Within `consent_requirements` JSONB on offers table
Sensitivity	public

Property	Value
Business meaning	Transaction amount threshold above which the minimum_tier requirement applies
Type	number
Format	Decimal with up to 2 decimal places
Validation	`typeof value === 'number' && value > 0 && Number.isFinite(value)`
Generation	Beacon provides (optional). When absent, minimum_tier applies unconditionally
Storage	Within `consent_requirements` JSONB on offers table
Sensitivity	public

Transaction Amount

Property	Value
Business meaning	Monetary value of a transaction or delegation scope limit
Type	number
Format	Decimal with up to 2 decimal places. NEVER floating point.
Validation	`typeof value === 'number' && value > 0 && Number.isFinite(value)`
Generation	Computed from `unitPrice * quantity` or provided by caller
Storage	`DECIMAL(15,2)` — NOT `FLOAT` or `DOUBLE PRECISION`
Sensitivity	sensitive (financial)

Currency

Property	Value
Business meaning	ISO 4217 currency code for monetary amounts
Type	string
Format	3-letter uppercase ISO 4217 code (e.g., `USD`, `EUR`, `GBP`)
Validation	`/^[A-Z]{3}$/`
Generation	Caller provides; defaults to `USD` when not specified
Storage	`VARCHAR(10)`
Sensitivity	public

Session Fields

Session Status

Property	Value
Business meaning	Current state in the session lifecycle
Type	string (enum)
Format	One of: `collecting_offers`, `offers_available`, `committed`, `fulfilled`, `completed`, `cancelled`, `expired`, `disputed`, `resolved`, `failed`
Validation	Against the enum. State transitions validated against the state transition table (Protocol Section 4.5.2)
Generation	Set by Core based on state machine rules
Storage	`VARCHAR(50)`
Sensitivity	public

Raw Intent

Property	Value
Business meaning	The buyer’s original natural language input, unmodified
Type	string
Format	UTF-8 text, no length limit enforced (but typically < 5000 chars)
Validation	`typeof value === 'string' && value.trim().length > 0`
Generation	Provided by Scout SDK from user input
Storage	`TEXT` (on sessions table, within interpretation attestation)
Sensitivity	internal (never forwarded to Beacons)

Domain (hostname)

Property	Value
Business meaning	Internet domain owned by a principal or Beacon
Type	string
Format	Valid hostname without protocol (e.g., `acme.example.com`)
Validation	`/^[a-z0-9]([a-z0-9-][a-z0-9])?(\.[a-z0-9]([a-z0-9-][a-z0-9])?)+$/i`
Generation	Caller provides
Storage	Within JSONB (identifiers) or `VARCHAR(500)`
Sensitivity	public

Webhook and HTTP

Endpoint URL

Property	Value
Business meaning	Beacon’s callback URL for webhook delivery
Type	string
Format	HTTPS URL with a public hostname
Validation	Must be valid URL; must use `https:` protocol; must resolve to a public IP (not 127.0.0.1, 10.x, 172.16-31.x, 192.168.x, ::1, fc00::); must not be a raw IP address
Generation	Caller provides at registration
Storage	`VARCHAR(500)`
Sensitivity	internal
SECURITY	OWASP API7 (SSRF) — validated at registration and at dispatch time

Idempotency Key

Property	Value
Business meaning	Client-generated key ensuring a commit is processed exactly once
Type	string
Format	UUID v4 (same format as UUID above)
Validation	Valid UUID v4; UNIQUE constraint in database
Generation	`crypto.randomUUID()` by the committing Scout
Storage	`VARCHAR(255)` with `UNIQUE` constraint
Sensitivity	public

Dispute Fields

Dispute Status

Property	Value
Business meaning	Current state of a dispute in its lifecycle
Type	string (enum)
Format	One of: `open`, `resolved`, `withdrawn`
Validation	`['open', 'resolved', 'withdrawn'].includes(value)`
Generation	Set by Core. `open` at filing; transitions via resolve endpoint
Storage	`VARCHAR(20)` with CHECK constraint
Sensitivity	public

Dispute Reason Code

Property	Value
Business meaning	Structured code identifying why the dispute was filed
Type	string (enum)
Format	One of: `product_not_as_described`, `product_not_received`, `product_damaged`, `wrong_quantity`, `unauthorized_transaction`, `exceeded_delegation_scope`, `payment_not_received`, `payment_amount_incorrect`, `duplicate_charge`, `offer_terms_changed`, `other`
Validation	Against the enum above. Case-sensitive, lowercase_snake_case
Generation	Caller provides at dispute filing
Storage	`VARCHAR(50)`
Sensitivity	public

Dispute Category

Property	Value
Business meaning	Broad classification of the dispute for routing and analytics
Type	string (enum)
Format	One of: `fulfillment`, `payment`, `product_quality`, `authorization`, `other`
Validation	`['fulfillment', 'payment', 'product_quality', 'authorization', 'other'].includes(value)`
Generation	Caller provides at dispute filing
Storage	`VARCHAR(30)`
Sensitivity	public

Dispute Description

Property	Value
Business meaning	Free-text explanation of the dispute reason
Type	string
Format	UTF-8 text, max 2000 characters
Validation	`typeof value === 'string' && value.trim().length > 0 && value.length <= 2000`
Generation	Caller provides at dispute filing
Storage	`TEXT`
Sensitivity	internal

Evidence Type

Property	Value
Business meaning	Classification of evidence submitted to support a dispute
Type	string (enum)
Format	One of: `text`, `document_reference`, `external_record`, `protocol_record`, `protocol_auto`
Validation	`['text', 'document_reference', 'external_record', 'protocol_record', 'protocol_auto'].includes(value)`
Generation	Caller provides (`protocol_auto` is set by Core for auto-compiled evidence)
Storage	`VARCHAR(30)`
Sensitivity	public

Evidence Description

Property	Value
Business meaning	Free-text content of a text evidence item
Type	string
Format	UTF-8 text, max 5000 characters
Validation	`typeof value === 'string' && value.length <= 5000`
Generation	Caller provides
Storage	`TEXT`
Sensitivity	internal

Evidence Deadline

Property	Value
Business meaning	Deadline by which both parties must submit evidence
Type	string (in JSON responses)
Format	ISO 8601 with timezone: `YYYY-MM-DDTHH:mm:ss.sssZ`
Validation	Valid ISO 8601; must be in the future at filing time
Generation	`NOW() + INTERVAL '7 days'` (PostgreSQL) at filing time
Storage	`TIMESTAMPTZ`
Sensitivity	public

Resolution Deadline

Property	Value
Business meaning	Deadline by which adjudication must complete
Type	string (in JSON responses)
Format	ISO 8601 with timezone: `YYYY-MM-DDTHH:mm:ss.sssZ`
Validation	Valid ISO 8601; must be after evidence_deadline
Generation	`evidence_deadline + INTERVAL '14 days'` (PostgreSQL) at filing time
Storage	`TIMESTAMPTZ`
Sensitivity	public

Resolution Outcome

Property	Value
Business meaning	The adjudicated result of a dispute
Type	string (enum)
Format	One of: `upheld`, `rejected`, `partial`, `withdrawn`
Validation	`['upheld', 'rejected', 'partial', 'withdrawn'].includes(value)`
Generation	Set at resolution time
Storage	Within `resolution` JSONB on disputes table
Sensitivity	public

Resolution Action

Property	Value
Business meaning	The remedial action prescribed by the resolution
Type	string (enum)
Format	One of: `refund`, `partial_refund`, `replacement`, `fulfillment_completion`, `no_action`, `mutual_release`
Validation	`['refund', 'partial_refund', 'replacement', 'fulfillment_completion', 'no_action', 'mutual_release'].includes(value)`
Generation	Set at resolution time
Storage	Within `resolution` JSONB on disputes table
Sensitivity	public

Session Status Before Dispute

Property	Value
Business meaning	The session’s status immediately before transitioning to `disputed`. Preserved for withdrawal rollback (T17)
Type	string
Format	One of: `committed`, `fulfilled`, `completed` (the states from which a dispute can be filed)
Validation	`['committed', 'fulfilled', 'completed'].includes(value)`
Generation	Captured by Core at dispute filing time
Storage	`VARCHAR(50)` on disputes table
Sensitivity	internal

Protocol Evidence (Auto-compiled)

Property	Value
Business meaning	Automatically compiled protocol evidence chain for a disputed transaction
Type	object (JSONB)
Format	JSON object with keys: `interpretation_attestation`, `committed_offer`, `authority_attestation`, `fulfillment_history`, `payment_history`, `principal_identities`
Validation	Generated by Core — not caller-provided
Generation	Compiled from session, offer, transaction, and principal records at dispute filing time
Storage	`JSONB` on disputes table
Sensitivity	internal (contains aggregated evidence from multiple sources)

Dispute Window

Property	Value
Business meaning	Duration after transaction completion during which a dispute can be filed
Type	integer
Format	Number of days
Validation	Positive integer
Generation	Deployment configuration; default 30 days
Storage	Configuration constant (not stored per-entity)
Sensitivity	public

Intent Chain Fields

Chain Link Identifier

Property	Value
Business meaning	Which step in the intent-to-commitment chain this link represents
Type	string (enum)
Format	One of: `L1`, `L2`, `L3`, `L4`, `L5`, `L6`, `L7`
Validation	`['L1', 'L2', 'L3', 'L4', 'L5', 'L6', 'L7'].includes(value)`
Generation	Set by the link creator (Scout SDK for L1/L3/L4/L5, Core for L2/L6/L7)
Storage	`VARCHAR(5)` with CHECK constraint
Sensitivity	public

Chain Link Name

Property	Value
Business meaning	Human-readable name for the chain link step
Type	string (enum)
Format	One of: `principal_signal`, `interpretation`, `principal_review`, `offer_selection`, `principal_consent`, `commitment`, `outcome`
Validation	Derived from link identifier (L1→principal_signal, etc.)
Generation	Automatic from link identifier
Storage	`VARCHAR(30)`
Sensitivity	public

Signer Type

Property	Value
Business meaning	The category of entity that signed this chain link
Type	string (enum)
Format	One of: `scout_agent`, `core`
Validation	`['scout_agent', 'core'].includes(value)`
Generation	Determined by link type (L1/L3/L4/L5 → scout_agent, L2/L6/L7 → core)
Storage	`VARCHAR(20)`
Sensitivity	public

Previous Link Hash

Property	Value
Business meaning	SHA-256 hash of the preceding link’s canonical JSON, forming the cryptographic chain
Type	string
Format	`sha256:` prefix followed by 64 lowercase hex characters (e.g., `sha256:abc123...`)
Validation	`/^sha256:[0-9a-f]{64}$/` for L2–L7. `null` for L1 (first link)
Generation	`'sha256:' + crypto.createHash('sha256').update(JSON.stringify(previousLink)).digest('hex')`
Storage	`VARCHAR(80)`
Sensitivity	public

Chain Hash

Property	Value
Business meaning	SHA-256 hash of the complete chain, signed by Core to attest chain integrity
Type	string
Format	`sha256:` prefix followed by 64 lowercase hex characters
Validation	`/^sha256:[0-9a-f]{64}$/`
Generation	SHA-256 of the canonical JSON of the full links array
Storage	`VARCHAR(80)` on transactions table (set at chain completion)
Sensitivity	public

Chain Signature

Property	Value
Business meaning	Core’s Ed25519 signature over the chain_hash, attesting to chain integrity
Type	string
Format	Base64-encoded Ed25519 signature
Validation	Verifiable against Core’s public key at `GET /.well-known/core-signing-key`
Generation	`crypto.sign(null, Buffer.from(chainHash), corePrivateKey).toString('base64')`
Storage	`TEXT` on transactions table (set at chain completion)
Sensitivity	public

Chain Status

Property	Value
Business meaning	How complete the intent chain is
Type	string (enum)
Format	One of: `building`, `committed`, `complete`
Validation	`['building', 'committed', 'complete'].includes(value)`
Generation	Computed: `building` (L1–L5 only), `committed` (has L6), `complete` (has L7)
Storage	Not stored — derived from link presence at query time
Sensitivity	public

Principal Response (L3)

Property	Value
Business meaning	Whether the human principal reviewed Core’s interpretation of their intent
Type	string (enum)
Format	One of: `acknowledged`, `modified`, `not_consulted`
Validation	`['acknowledged', 'modified', 'not_consulted'].includes(value)`
Generation	Scout SDK sets based on principal interaction
Storage	Within L3 payload JSONB
Sensitivity	internal

Selection Method (L4)

Property	Value
Business meaning	How the offer was selected — by the human or autonomously by the agent
Type	string (enum)
Format	One of: `principal_choice`, `agent_autonomous`
Validation	`['principal_choice', 'agent_autonomous'].includes(value)`
Generation	Scout SDK sets based on selection flow
Storage	Within L4 payload JSONB
Sensitivity	internal

Clearinghouse Fields

Clearing Status

Property	Value
Business meaning	Current state of a transaction in the clearinghouse lifecycle
Type	string (enum)
Format	One of: `pending`, `risk_assessed`, `authorized`, `settling`, `settled`, `dispute_term_active`, `disputed`, `resolved`, `cleared`, `failed`
Validation	`['pending', 'risk_assessed', 'authorized', 'settling', 'settled', 'dispute_term_active', 'disputed', 'resolved', 'cleared', 'failed'].includes(value)`
Generation	Set by Clearing Lifecycle Manager on state transitions
Storage	`VARCHAR(30)` on `clearing_transactions` table; mirrored as `clearing_status` on `transactions` table
Sensitivity	internal

Risk Score (Composite)

Property	Value
Business meaning	Combined risk score for the transaction, aggregating buyer, seller, and transaction-level risk factors
Type	number
Format	Decimal 0.0000 to 1.0000 (4 decimal places)
Validation	`typeof value === 'number' && value >= 0 && value <= 1 && Number.isFinite(value)`
Generation	Computed by Risk Engine from bilateral inputs (see CLEARINGHOUSE.md Section 3.2)
Storage	`DECIMAL(5,4)` on `clearing_transactions`
Sensitivity	internal

Beacon Risk Score

Property	Value
Business meaning	Seller-side risk component — derived from fulfillment reliability, dispute history, time-in-network, category risk
Type	number
Format	Decimal 0.0000 to 1.0000
Validation	`typeof value === 'number' && value >= 0 && value <= 1 && Number.isFinite(value)`
Generation	Computed by Risk Engine from Beacon reputation vector and category risk profile
Storage	`DECIMAL(5,4)` on `clearing_transactions`
Sensitivity	internal

Scout Risk Score

Property	Value
Business meaning	Buyer-side risk component — derived from verification level, consent tier, transaction history, payment method reliability
Type	number
Format	Decimal 0.0000 to 1.0000
Validation	`typeof value === 'number' && value >= 0 && value <= 1 && Number.isFinite(value)`
Generation	Computed by Risk Engine from Scout principal attributes and transaction history
Storage	`DECIMAL(5,4)` on `clearing_transactions`
Sensitivity	internal (exposed to Beacon without buyer identity)

Risk Margin Percentage

Property	Value
Business meaning	Percentage of transaction value held in reserve for the dispute term
Type	number
Format	Decimal 0.0000 to 1.0000 (e.g., 0.0250 = 2.5%)
Validation	`typeof value === 'number' && value >= 0 && value <= 1 && Number.isFinite(value)`
Generation	Computed by Margin Calculator from risk score + adjustment factors
Storage	`DECIMAL(5,4)` on `clearing_transactions`
Sensitivity	internal (visible to both parties pre-commit)

Risk Margin Amount

Property	Value
Business meaning	Absolute currency amount held in reserve, computed from margin percentage and transaction total
Type	number
Format	Decimal with 2 decimal places, in transaction currency
Validation	`typeof value === 'number' && value >= 0 && Number.isFinite(value)`
Generation	`risk_margin_pct * total_price`
Storage	`DECIMAL(15,2)` on `clearing_transactions`
Sensitivity	sensitive

Risk Inputs Snapshot

Property	Value
Business meaning	Complete snapshot of all inputs used at the time of the risk decision, enabling forensic reconstruction
Type	object (JSONB)
Format	`{ beacon_risk: {...}, scout_risk: {...}, transaction_risk: {...}, timestamp: ISO8601 }`
Validation	Must be a non-null object with `beacon_risk`, `scout_risk`, and `transaction_risk` keys
Generation	Captured by Risk Engine at assessment time; never updated after creation
Storage	`JSONB` on `clearing_transactions`
Sensitivity	internal

Payment Terms

Property	Value
Business meaning	Negotiated payment and dispute terms on an offer — accepted methods, timing, dispute window, return policy
Type	object (JSONB)
Format	`{ accepted_methods: string[], timing: string, net_days: number\|null, dispute_window_days: number, return_policy: string, currency: string, terms_negotiable: boolean }`
Validation	`dispute_window_days >= 7` (protocol minimum). `timing` one of: `on_commit`, `on_fulfillment`, `net_days`. `accepted_methods` non-empty array.
Generation	Beacon declares on offer; may be negotiated via counter-proposal; final agreed terms stored on transaction
Storage	`JSONB` on `offers` table and on `transactions` table (final agreed terms)
Sensitivity	public

Dispute Term Days

Property	Value
Business meaning	Negotiated period (in days) after fulfillment during which disputes/returns are accepted
Type	integer
Format	Positive integer, minimum 7 (protocol floor)
Validation	`Number.isInteger(value) && value >= 7`
Generation	Declared by Beacon in `payment_terms.dispute_window_days`; may be negotiated upward by Scout
Storage	`INTEGER` on `clearing_transactions`
Sensitivity	public

Settlement Rail

Property	Value
Business meaning	The payment rail used for settlement of this transaction
Type	string (enum)
Format	One of: `manual`, `stablecoin_usdc`, `card_stripe`, `bank_ach`, `bank_sepa`
Validation	`['manual', 'stablecoin_usdc', 'card_stripe', 'bank_ach', 'bank_sepa'].includes(value)`
Generation	Determined by Settlement Orchestrator based on offer payment_terms and Scout capabilities
Storage	`VARCHAR(30)` on `settlement_instructions`
Sensitivity	internal

Reserve Ledger Entry Type

Property	Value
Business meaning	Classification of a double-entry ledger movement in the reserve system
Type	string (enum)
Format	One of: `margin_hold`, `margin_release`, `dispute_payout`, `deposit`, `withdrawal`, `interest`, `fee`
Validation	`['margin_hold', 'margin_release', 'dispute_payout', 'deposit', 'withdrawal', 'interest', 'fee'].includes(value)`
Generation	Set by Reserve Manager on each fund movement
Storage	`VARCHAR(30)` on `reserve_ledger`
Sensitivity	sensitive

Clearing Audit Event Type

Property	Value
Business meaning	Classification of a clearing lifecycle event in the immutable audit trail
Type	string (enum)
Format	One of: `risk_assessed`, `margin_computed`, `margin_held`, `settlement_instructed`, `settlement_confirmed`, `dispute_term_started`, `dispute_term_expired`, `dispute_payout`, `margin_released`, `cleared`, `declined_by_beacon`, `declined_by_risk`, `failed`
Validation	Value must be one of the enumerated types
Generation	Set by Clearing Lifecycle Manager on each state transition
Storage	`VARCHAR(50)` on `clearing_audit_log`
Sensitivity	internal

Business Rule Type

Property	Value
Business meaning	Classification of a Beacon-configured binary pass/fail policy
Type	string (enum)
Format	One of: `min_trust_level`, `min_consent_tier`, `min_transaction_count`, `blocked_jurisdictions`, `max_transaction_amount`, `required_payment_methods`, `required_credential_formats`, `custom`
Validation	Value must be one of the enumerated types
Generation	Beacon declares at registration or via settings endpoint
Storage	`VARCHAR(50)` on `beacon_business_rules`
Sensitivity	internal

Clearing Account Type

Property	Value
Business meaning	Classification of a clearinghouse account by purpose
Type	string (enum)
Format	One of: `risk_reserve`, `onboarding_deposit`, `operating`, `buyer_prefund`
Validation	`['risk_reserve', 'onboarding_deposit', 'operating', 'buyer_prefund'].includes(value)`
Generation	Set at account creation based on purpose
Storage	`VARCHAR(30)` on `clearing_accounts`
Sensitivity	internal

Custody Model

Property	Value
Business meaning	How funds are held — deployment-level configuration, not per-transaction
Type	string (enum)
Format	One of: `regulated_subsidiary`, `third_party_custodian`, `smart_contract`
Validation	`['regulated_subsidiary', 'third_party_custodian', 'smart_contract'].includes(value)`
Generation	Deployment configuration
Storage	`VARCHAR(30)` on `clearing_accounts`
Sensitivity	internal

Adding New Data Elements

When introducing a new data element anywhere in the protocol (new field, header, parameter, or response property):

Add an entry to this dictionary first. Define all properties: business meaning, type, format, validation, generation, storage, and sensitivity.
Implement validation in the route handler matching the dictionary’s validation rule exactly.
Write a test that verifies the input validation matches the dictionary definition, including:
- Valid values accepted
- Invalid values rejected with appropriate error
- Boundary cases (empty, null, too long, wrong type)
Reference the dictionary entry in the code comment at the validation point: // DATA_DICTIONARY: [Element Name]

Version History

Date	Change
2026-04-01	v1.0 Initial dictionary covering identifiers, timestamps, signatures, principal fields, agent fields, consent/authority, session fields, webhook/HTTP elements. Driven by DEC-038.
2026-04-01	v1.1 Added dispute fields: dispute status, reason code, category, description, evidence type/description, deadlines, resolution outcome/action, session status before dispute, protocol evidence, dispute window. Driven by Phase D (DEC-039).
2026-04-01	v1.2 Added intent chain fields: chain link identifier, link name, signer type, previous link hash, chain hash/signature, chain status, principal response, selection method. Driven by Phase E (DEC-042).
2026-04-01	v1.3 Added consent elevation fields: consent_requirements object, minimum_tier, reason, above_amount. Driven by DEC-040.
2026-04-09	v1.4 Added clearinghouse fields: clearing status, risk scores (composite, beacon, scout), risk margin (percentage, amount), risk inputs snapshot, payment terms, dispute term days, settlement rail, reserve ledger entry type, clearing audit event type, business rule type, clearing account type, custody model. Driven by Phase 7 (DEC-043).
2026-04-13	v1.5 Added market profile fields: profile_id (prf_ prefix), profile_version, market_context, disclosure_tier (full/range/presence/redacted/aggregate), commitment_state (indicative/qualified/firm/binding/settled), cost_type (zero/rate_limit/compute_credit/per_action_fee/quality_bond/staking_deposit/percentage_fee), cost_evaluation_point, schema_overlay_id, reputation_half_life_days, disclosure_progression. Driven by DEC-044 (Market Profiles).

Document History

Version	Date	Changes
1.6	2026-04-14	Added version header. Renamed verification_level to trust_level (DEC-049). Added credential_format field.
1.5	2026-04-13	Added market profile fields.
1.0	2026-03-08	Initial data dictionary.