Public terminology taxonomy

Customer-facing copy uses capability names below. Internal task IDs belong in machine linkage fields only — not in summaries, blogs, or llms governance bullets.

Blogs are narrative_context only. Proof remains in evidence manifests and hash-chain receipts. Hash-chain integrity is tamper-evidence only — does not provide authentication, identity proof, encryption, or replay prevention.

Internal ref → public capability

• ST-003 → Runtime workload identity (SVID) rotation (runtime-workload-svid-rotation)
• N086 → DeliveryPolicy TLS/trust-chain controls (deliverypolicy-tls-trust-chain)
• FLOW-01 → Sandbox delivery validation — direct public-target path (sandbox-delivery-direct-public-target)
• FLOW-02 → Sandbox delivery validation — egress direct mTLS path (sandbox-delivery-egress-mtls)
• FLOW-03 → Sandbox delivery validation — relay path (sandbox-delivery-relay-path)
• FLOW123 → Canonical runtime sandbox delivery validation bundle (runtime-sandbox-delivery-validation)
• L1 /planes T1 → Planes management UI (T1) (planes-management-ui-t1)
• HELPER### → Internal governance task (not for public copy) (governance-doc-only)
• H### → Internal engineering task (not for public copy) (engineering-task)

Machine-readable source

public-terminology-taxonomy.json — validated by public_terminology_taxonomy_check.py on every public AI check.

Proof boundaries

• Narrative: Blogs and narrative-context.json entries are editorial — not accepted_evidence or proof_status
• Proof: manifest.json, non-claims.json, Merkle/hash-chain receipts in zen-platform evidence artifacts
• Merkle: Integrity and tamper-evidence comparison only — not authentication, identity proof, encryption, or replay prevention