Glossary
Core WitnessOps terms for governed execution, approval gates, and receipts.
Canonical definitions for the /docs surface. These terms describe current live/public WitnessOps behavior; retained-reference or corpus terms are out of scope unless explicitly linked.
Quick reference links
- Reference
- Commands
- Proof Artifact Classes
- Glossary (current page)
- man witnessops(7)
Canonical term families
Governance and execution control
Governed Execution · Policy Gates · Runbooks · Scope Check
Identity and authorization
Authorization Model · Manager / Approver
Evidence and receipt continuity
Receipts · Receipt Spec · Execution Chains · Evidence Bundles
Verification and trust boundaries
How to Verify a Receipt · Threat Model · Proof Artifact Classes
Definitions
Approval Gate
A policy gate that pauses a step until an approver records an explicit decision.
Scope note: This is narrower than a policy gate. In the Tier 1 chain, the approval decision is represented as P1.
Campaign
A related set of governed runs and evidence chains for one operational objective.
Canonical Mailbox
The shared Microsoft 365 mailbox security@witnessops.com, used as the canonical Tier 1 mailbox identity.
Scope note: security+witnessops@witnessops.com can be an optional receive-only alias when plus addressing is enabled, but it does not replace the canonical mailbox.
Deterministic Replay
Recomputing chain integrity from serialized artifacts without relying on live mailbox, network, or UI state. Scope note: Replay verifies artifact integrity and continuity; it does not re-run tools against live targets.
Evidence Manifest
The signed/hashed inventory (for example MANIFEST.json) that lists bundle artifacts and expected digests.
Execution Chain
The published Tier 1 continuity sequence M0 -> E0 -> P1 -> E2 -> R0 -> V0.
Scope note: This sequence is a continuity contract, not a claim that every operational fact is represented.
Governed Execution
Runtime enforcement that applies scope and policy gates before a step can run, then emits evidence and receipt-bearing artifacts.
M0
Tier 1 mailbox-readiness proof for the canonical shared mailbox.
E0
Tier 1 pre-approval execution-evidence checkpoint.
P1
Tier 1 checkpoint that records the approval-gate decision.
E2
Tier 1 post-approval execution-evidence checkpoint.
MX0
Internal-only mailbox transport/export evidence that may feed E0.
Scope note: MX0 is not a published proof artifact.
Operator
The principal that initiates and runs a governed workflow step. Scope note: Operator identity is recorded for auditability, but identity truthfulness is an external trust assumption.
Policy Gate
A required pre-execution control check (for example scope, approval, tool allowlist, or environment constraints). A step runs only when its required gates pass.
Principal
A policy-bound identity class (operator, approver, or system) used in authorization and gate evaluation.
Proof Bundle
A portable package that carries receipt material, digest inventories, and trust artifacts for offline verification. Scope note: A proof bundle transports proof artifacts; it is not itself a guarantee that all external trust assumptions hold.
R0
The published Tier 1 receipt wrapper. R0 binds the frozen receipt projection (artifactHash) and the typed execution payload digest (tier1.executionHash), then carries the PV receipt projection that must bind to that execution digest.
Receipt
The atomic proof statement for a governed event.
Scope note: In the Tier 1 naming lane, R0 is the published receipt wrapper inside the chain; receipt validity still does not prove tool correctness or business-impact conclusions.
Receipt Chain
Another name for the execution chain continuity path. See Execution Chain.
Runbook
A versioned workflow contract that declares ordered steps, required gates, scope boundary, and expected evidence outputs.
Scope
The authorized target boundary for a governed operation.
Scope Enforcement
Per-step runtime checks that block actions outside declared scope before execution occurs.
Target Domain
A domain, address range, or asset identifier authorized by scope policy for an operation.
V0
The local verification result for the published Tier 1 chain.
Scope note: V0 is local/offline replay output, not a live dependency on mailbox, Graph, Defender, or UI session state.
Verification Result
The contract verdict returned by verification surfaces (valid, invalid, indeterminate) for declared checks.
Scope note: indeterminate means required external trust context could not be established locally; it is not the same as cryptographic failure.
Witness
An independent verification-side observer that can attest to declared proof-policy conditions. Scope note: Witness semantics belong to verification/trust layers, not to core execution-runtime control.
Next-page handoff
For operator-facing command semantics and route-level runtime/receipt behavior, continue to man witnessops(7).