Normalize temporal semantics with RFC 0051

CHANGELOG.md

@@ -17,3 +17,12 @@ The project follows semantic versioning for schema and registry compatibility:
 - Semantic schema diff checker severity reporting.
 - Starter synthetic dataset and converter baseline.
 - Mock harness, test suite, benchmark slice, governance templates, and demo runbooks.
+- RFC 0051 Temporal Semantics & Validity Extension plus generated schema (`rfc-0051-temporal-semantics.json`).
+- Temporal migration guide for downstream integrators (`docs/temporal-migration-rfc0051.md`).
+
+### Changed
+
+- Breaking temporal normalization across governance RFCs: canonical fields (`observed_at`, `decided_at`, `effective_at`, `expires_at`, `started_at`, `completed_at`, `superseded_at`) replace legacy aliases.
+- Governance spine schemas updated (policy, permissions, delegation, audit, receipts, lifecycle, telemetry, memory, multi-agent protocol) and registry regenerated.
+- Reference harness runtime/types aligned to canonical temporal fields, logical ordering metadata, and updated governance artifacts.
+- Example fixtures now use registry shortname folders for delegation, permissions, and execution/audit receipts.

README.md

@@ -35,7 +35,7 @@ If reasoning, tool intent, provenance, budgets, state transitions, and delegatio
 
 | Area | Role |
 |------|------|
-| [`rfcs/`](./rfcs/) | **49 RFCs** — normative definitions for reasoning traces, tool invocation, the governed FSM, sandboxing, budgets, permissions, policy, delegation, provenance, identity, org governance, receipts, audit, and capability manifests |
+| [`rfcs/`](./rfcs/) | **51 RFCs** — normative definitions for reasoning traces, tool invocation, the governed FSM, sandboxing, budgets, permissions, policy, delegation, provenance, identity, org governance, receipts, audit, and capability manifests |
 | [`schemas/`](./schemas/) | Versioned JSON Schemas per RFC (`registry.json`, `rfc-*-*.json`) |
 | [`harness/`](./harness/) | **Reference harness** (TypeScript) — governed FSM, validation, tools, budgets, trace emission |
 | [`examples/`](./examples/) | Validated instance fixtures keyed by registry shortname |
@@ -50,7 +50,7 @@ If reasoning, tool intent, provenance, budgets, state transitions, and delegatio
 
 For a concise layout of control plane vs data plane, see [`docs/architecture.md`](./docs/architecture.md).
 
-**If you are evaluating quickly:** (1) read [`docs/eli5_guide.md`](./docs/eli5_guide.md), (2) run the harness tests above, (3) run `python tools/validate.py`, (4) skim RFC 0007 plus RFCs 0041, 0042, 0047, and 0048 for the governance spine.
+**If you are evaluating quickly:** (1) read [`docs/eli5_guide.md`](./docs/eli5_guide.md), (2) run the harness tests above, (3) run `python tools/validate.py`, (4) skim RFC 0007 plus RFCs 0041, 0042, 0047, 0048, and 0051 for the governance and temporal spine.
 
 ## The governed execution model
 
@@ -126,10 +126,11 @@ Reasoning **patterns** (plan–verify, debate, and similar) remain documented fo
 
 ## Current status
 
-- **49 RFCs** and a versioned JSON Schema registry with CI validation.
+- **51 RFCs** and a versioned JSON Schema registry with CI validation.
 - Reference harness implements the governed FSM, delegation and receipt types, budgets, sandboxed tools, and trace validation (see table above).
 - Cross-language checks: TypeScript-emitted traces validate under Python tooling.
 - Tiered examples, synthetic seed data, and experiment runbooks under [`experiments/`](./experiments/).
+- Breaking temporal normalization landed in RFC 0051 (`observed_at` / `decided_at` / `effective_at` / `completed_at`); migration guide: [`docs/temporal-migration-rfc0051.md`](./docs/temporal-migration-rfc0051.md).
 
 ## Experiment cards
 

docs/architecture.md

@@ -24,6 +24,8 @@ Picture data moving left to right on the **happy path**:
 
 Side channels include **budget** enforcement (RFC 0038) and **sandbox** allow/deny lists (RFC 0017), which can pre-empt a transition or force `fail_safe` without giving unsafe payloads back to the model.
 
+Temporal validity and ordering semantics (RFC 0051) are now part of the control-plane contract: governance artifacts use canonical fields (`observed_at`, `decided_at`, `effective_at`, `expires_at`, `started_at`, `completed_at`, `superseded_at`) and SHOULD carry non-wall-clock ordering metadata for replay stability.
+
 For streamed decoding, deployments should treat budget control as an active circuit-breaker (preflight budget gate + mid-stream cancellation), not a post-hoc accounting report. The reference harness now supports this runtime pattern; see [Model adaptation for budget control](./model-adaptation-budget-control.md).
 
 ## Major components
@@ -103,6 +105,7 @@ Implementers usually traverse these in order after RFC 0001 (reasoning / trace):
 - **RFC 0047** — Delegation requests and decisions that precede narrowed authority.
 - **RFC 0048** — Execution receipts plus integrity linkage into audit envelopes.
 - **RFC 0043** — Auditing and compliance log shapes that consume the above identifiers.
+- **RFC 0051** — Cross-cutting temporal semantics, validity windows, freshness, replay handling, and supersession behavior.
 
 Additional RFCs cover identity (**RFC 0026**), provenance (**RFC 0035**), org governance (**RFC 0044**), federation, and economics; they extend the same spine rather than replacing it.
 

docs/rfc-discussion-index.json

@@ -1,7 +1,7 @@
 {
   "repository": "supernovae/open-cot",
   "category_slug": "ideas",
-  "count": 46,
+  "count": 51,
   "rfcs": {
     "0001": {
       "rfc_title": "Initial Structured Reasoning Schema",
@@ -278,6 +278,36 @@
       "rfc_path": "rfcs/0046-conformance-interoperability-protocol.md",
       "discussion_title": "RFC 0046 \u2014 Conformance & Interoperability Protocol",
       "discussion_url": "https://github.com/supernovae/open-cot/discussions/46"
+    },
+    "0047": {
+      "rfc_title": "Delegation Extension",
+      "rfc_path": "rfcs/0047-delegation-extension.md",
+      "discussion_title": "RFC 0047 \u2014 Delegation Extension",
+      "discussion_url": "https://github.com/supernovae/open-cot/discussions/47"
+    },
+    "0048": {
+      "rfc_title": "Execution Receipts & Audit Envelopes",
+      "rfc_path": "rfcs/0048-execution-receipts-audit-envelopes.md",
+      "discussion_title": "RFC 0048 \u2014 Execution Receipts & Audit Envelopes",
+      "discussion_url": "https://github.com/supernovae/open-cot/discussions/48"
+    },
+    "0049": {
+      "rfc_title": "Capability Manifest",
+      "rfc_path": "rfcs/0049-capability-manifest.md",
+      "discussion_title": "RFC 0049 \u2014 Capability Manifest",
+      "discussion_url": "https://github.com/supernovae/open-cot/discussions/49"
+    },
+    "0050": {
+      "rfc_title": "TOON Adapter: Token-Oriented Object Notation",
+      "rfc_path": "rfcs/0050-toon-adapter.md",
+      "discussion_title": "RFC 0050 \u2014 TOON Adapter: Token-Oriented Object Notation",
+      "discussion_url": "https://github.com/supernovae/open-cot/discussions/50"
+    },
+    "0051": {
+      "rfc_title": "Temporal Semantics & Validity Extension",
+      "rfc_path": "rfcs/0051-temporal-semantics-validity-extension.md",
+      "discussion_title": "RFC 0051 \u2014 Temporal Semantics & Validity Extension",
+      "discussion_url": "https://github.com/supernovae/open-cot/discussions/51"
     }
   }
 }

docs/rfc-discussions.md

@@ -3,7 +3,7 @@
 Canonical discussion threads for all Open CoT RFCs. Use these threads for normative feedback and design discussion.
 
 - Discussion policy: RFC feedback uses GitHub Discussions first; issues are for actionable tasks/bugs.
-- Source mapping: `docs/rfc-discussion-index.json` (46 RFCs)
+- Source mapping: `docs/rfc-discussion-index.json` (51 RFCs)
 
 | RFC | Topic | Discussion |
 |-----|-------|------------|
@@ -53,4 +53,9 @@ Canonical discussion threads for all Open CoT RFCs. Use these threads for normat
 | [`RFC 0044`](../rfcs/0044-governance-organizational-controls.md) | Governance & Organizational Controls | [Open thread](https://github.com/supernovae/open-cot/discussions/44) |
 | [`RFC 0045`](../rfcs/0045-ethical-risk-contraints-reasoning-agents.md) | Ethical & Risk Constraints for Reasoning Agents | [Open thread](https://github.com/supernovae/open-cot/discussions/45) |
 | [`RFC 0046`](../rfcs/0046-conformance-interoperability-protocol.md) | Conformance & Interoperability Protocol | [Open thread](https://github.com/supernovae/open-cot/discussions/46) |
+| [`RFC 0047`](../rfcs/0047-delegation-extension.md) | Delegation Extension | [Open thread](https://github.com/supernovae/open-cot/discussions/47) |
+| [`RFC 0048`](../rfcs/0048-execution-receipts-audit-envelopes.md) | Execution Receipts & Audit Envelopes | [Open thread](https://github.com/supernovae/open-cot/discussions/48) |
+| [`RFC 0049`](../rfcs/0049-capability-manifest.md) | Capability Manifest | [Open thread](https://github.com/supernovae/open-cot/discussions/49) |
+| [`RFC 0050`](../rfcs/0050-toon-adapter.md) | TOON Adapter: Token-Oriented Object Notation | [Open thread](https://github.com/supernovae/open-cot/discussions/50) |
+| [`RFC 0051`](../rfcs/0051-temporal-semantics-validity-extension.md) | Temporal Semantics & Validity Extension | [Open thread](https://github.com/supernovae/open-cot/discussions/51) |
 

docs/temporal-migration-rfc0051.md

@@ -0,0 +1,40 @@
+# RFC 0051 Temporal Migration Guide
+
+RFC 0051 introduces a breaking temporal normalization across the governance spine. This guide summarizes the required field migrations for downstream consumers.
+
+## Core field migrations
+
+| Legacy | Canonical (RFC 0051) | Notes |
+|---|---|---|
+| `timestamp` | `observed_at` or `decided_at` | Use `observed_at` for observations/events; `decided_at` for policy/delegation decisions. |
+| `effective_from` | `effective_at` | Inclusive lower bound of validity window. |
+| `effective_until` | `expires_at` | Exclusive upper bound of validity window. |
+| `granted_at` | `effective_at` | Permission/receipt validity start. |
+| `sealed_at` | `completed_at` | Run envelope completion instant. |
+| `previous_event_id` | `parent_event_id` | Causal predecessor pointer for audit chains. |
+| `time_window.start/end` | `validity_window.effective_at/expires_at` | Rule-level validity constraints in policy conditions. |
+
+## Ordering model updates
+
+Time alone is no longer sufficient for deterministic ordering in governance artifacts.
+
+- Audit events now carry `ordering.event_seq`.
+- Causal links use `parent_event_id` and optional `causal_predecessors`.
+- Consumers should order by `event_seq` first, then causal linkage, then wall-clock as tie-breaker.
+
+## Harness/runtime alignment
+
+Reference harness producers now emit the canonical temporal model:
+
+- Delegation request/decision/receipt use `observed_at`, `decided_at`, and `effective_at`.
+- Permission lifecycle events use `observed_at`.
+- Audit envelope uses `completed_at` and schema versioned temporal semantics.
+- Telemetry records use `observed_at` plus logical ordering metadata.
+
+## Consumer upgrade checklist
+
+1. Update deserializers and storage columns for renamed fields.
+2. Rebuild indexes/queries that used `timestamp` or `sealed_at`.
+3. Enforce half-open validity windows: `effective_at <= now < expires_at`.
+4. Adopt replay/freshness handling where available (`freshness.*`, `replay_window_ms`).
+5. Reject mixed old/new temporal aliases in newly written records.

examples/delegation/example1.json → examples/delegation_extension/example1.json

@@ -1,43 +1,55 @@
 {
   "delegation_request": {
+    "schema_version": "0.2",
     "request_id": "req-a1b2c3d4",
     "requester": "agent-planner-01",
     "run_id": "run-e5f6g7h8",
     "intent": "Read email headers to find meeting invitations",
-    "justification": "The user asked me to check for upcoming meetings. I need to access email metadata to identify calendar invitations.",
+    "justification": "The user asked me to check for upcoming meetings.",
     "requested_scope": {
       "resource": "tool:email",
       "action": "read"
     },
     "preferred_ttl_seconds": 60,
     "preferred_audience": "tool:email",
     "task_context_ref": "s-3",
-    "timestamp": "2026-04-18T14:30:00Z",
+    "observed_at": "2026-04-18T14:30:00Z",
     "provenance": {
       "trace_step_id": "s-3",
       "plan_version": 1
     }
   },
   "delegation_decision": {
+    "schema_version": "0.2",
     "decision_id": "dec-i9j0k1l2",
     "request_id": "req-a1b2c3d4",
     "status": "narrowed",
     "decided_by": {
       "kind": "policy",
       "policy_id": "compliance-email-001"
     },
-    "policy_refs": ["compliance-email-001"],
+    "policy_refs": [
+      "compliance-email-001"
+    ],
     "narrowed_scope": {
       "resource": "tool:email",
       "action": "read",
       "constraints": {
-        "allowed_fields": ["subject", "from", "date"],
-        "excluded_fields": ["body", "attachments"]
+        "allowed_fields": [
+          "subject",
+          "from",
+          "date"
+        ],
+        "excluded_fields": [
+          "body",
+          "attachments"
+        ]
       }
     },
-    "timestamp": "2026-04-18T14:30:01Z"
+    "decided_at": "2026-04-18T14:30:01Z"
   },
   "authority_receipt": {
+    "schema_version": "0.2",
     "receipt_id": "rcpt-m3n4o5p6",
     "decision_id": "dec-i9j0k1l2",
     "request_id": "req-a1b2c3d4",
@@ -46,11 +58,18 @@
       "resource": "tool:email",
       "action": "read",
       "constraints": {
-        "allowed_fields": ["subject", "from", "date"],
-        "excluded_fields": ["body", "attachments"]
+        "allowed_fields": [
+          "subject",
+          "from",
+          "date"
+        ],
+        "excluded_fields": [
+          "body",
+          "attachments"
+        ]
       }
     },
-    "granted_at": "2026-04-18T14:30:01Z",
+    "effective_at": "2026-04-18T14:30:01Z",
     "expires_at": "2026-04-18T14:31:01Z",
     "one_shot": true,
     "forwardable": false,

examples/execution_receipts_audit_envelopes/example-envelope.json

@@ -0,0 +1,53 @@
+{
+  "schema_version": "0.2",
+  "envelope_id": "11111111-2222-4333-8444-555555555555",
+  "run_id": "run-e5f6g7h8",
+  "agent_id": "agent-planner-01",
+  "task_hash": "3c9e2a1f7b0d6e5c8a4f2b1d9e8c7a6f5b4d3e2c1a0f9e8d7c6b5a4f3e2d1c0b",
+  "started_at": "2026-04-18T14:30:00Z",
+  "completed_at": "2026-04-18T14:30:05Z",
+  "completion_status": "succeeded",
+  "trace_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
+  "delegation_requests": [
+    "req-a1b2c3d4"
+  ],
+  "delegation_decisions": [
+    "dec-i9j0k1l2"
+  ],
+  "authority_receipts": [
+    "rcpt-m3n4o5p6"
+  ],
+  "tool_execution_receipts": [
+    "aaaaaaaa-aaaa-4aaa-8aaa-aaaaaaaaaaaa"
+  ],
+  "delegation_summary": {
+    "total_requested": 1,
+    "total_granted": 1,
+    "total_denied": 0,
+    "total_narrowed": 1,
+    "total_escalated": 0
+  },
+  "permission_summary": {
+    "total_granted": 1,
+    "total_consumed": 1,
+    "total_expired": 0,
+    "total_revoked": 0
+  },
+  "budget_final": {
+    "tokens_used": 4250,
+    "tokens_remaining": 95750,
+    "cost_used": 0.085,
+    "cost_remaining": 9.915,
+    "steps_used": 8,
+    "steps_remaining": 42,
+    "tool_calls_used": 1,
+    "tool_calls_remaining": 19,
+    "retries_used": 0,
+    "retries_remaining": 5
+  },
+  "policy_violations": [],
+  "integrity": {
+    "hash_algorithm": "sha256",
+    "content_hash": "c3ab8ff13720e8ad9047dd39466b3c8974e592c2fa383d4a3960714caef0c4f2"
+  }
+}