@@ -350,7 +350,7 @@ Registry pinning details are defined in
350350- Literals and Terms
351351 - Literals are builtin predicates: Builtin(` op ` , [ args...] ). ` op ` is a string
352352 identifier of a registered builtin (see Appendix B for the catalog; pinning
353- in Section 4.4).
353+ in [ Section 4.4, \_ Semantic Pinning ] ( #44-semantic-pinning ) ).
354354 - Terms are ground: Str | Int | Bool | Bytes. No variables. No user-defined
355355 atoms.
356356 - Int is arbitrary-precision. Floats are not permitted.
@@ -367,16 +367,20 @@ Registry pinning details are defined in
367367- Builtins and external registries
368368 - The builtin operator set (identifiers, signatures, semantics, tightening
369369 rules) is defined in the Builtins registry and pinned by ` builtinsId `
370- (Section 4.4; PSP-4).
370+ ([ Section 4.4, \_ Semantic Pinning ] ( #44-semantic-pinning ) ; PSP-4).
371371 - Channel-related literals (e.g., ` channelGeq ` ) interpret identifiers using
372- the pinned channel lattice (` channelLatticeId ` ) (Section 4.4).
372+ the pinned channel lattice (` channelLatticeId ` )
373+ ([ Section 4.4, \_ Semantic Pinning] ( #44-semantic-pinning ) ).
373374 - Declaration-aware literals (` inPairSet ` , ` inActionSet ` , ` inResourceSet ` )
374- rely on scheme comparators selected by resource scheme name (Section 4.4).
375+ rely on scheme comparators selected by resource scheme name
376+ ([ Section 4.4, \_ Semantic Pinning] ( #44-semantic-pinning ) ).
375377- Evaluation discipline
376378 - Evaluation MUST be performed under CEP-enforced limits (CPU/steps/memory);
377379 exceeding limits MUST result in deny.
378380 - A single logical ` now: Int ` (Unix seconds) is captured per enforcement and
379- used consistently (see Section 4.7 for the time model).
381+ used consistently (see
382+ [ Section 4.7, _ Time Model and Boundaries_ ] ( #47-time-model-and-boundaries )
383+ for the time model).
380384
381385### 4.2 Evaluation Environment
382386
@@ -1121,24 +1125,15 @@ Grants and transient proof-of-use.
11211125 channelBinding profile. The CEP MUST verify that the binding matches the
11221126 live session and deny on mismatch.
11231127- Lifetime and timing
1124-
11251128 - The CEP MUST reject if the Presentation is expired (now >= exp) or used too
11261129 early (now < iat), subject to TAP clock discipline.
11271130 - If the Program contains ttlOk or withinTime literals, the CEP MUST enforce
11281131 them using iat/now/exp as appropriate.
11291132 - Effective lifetime: Enforce the intersection of all applicable time windows
11301133 at the captured ` now ` . See
11311134 [ Section 4.7, _ Time Model and Boundaries_ ] ( #47-time-model-and-boundaries ) .
1132-
1133- - Effective lifetime: The CEP MUST enforce the intersection of all applicable
1134- time windows at the captured ` now ` . Specifically, the Presentation window
1135- ` [iat, exp) ` , any Grant envelope validity window (` not_before ` /` not_after `
1136- per PSP-3), and any Program time literals such as ` ttlOk ` or ` withinTime `
1137- MUST all succeed. If any one of these constraints fails at ` now ` ,
1138- enforcement MUST deny.
11391135 - If the Program does not constrain Presentation lifetime via ttlOk, TAP MAY
11401136 impose a default maximum Presentation TTL.
1141-
11421137- Context
11431138 - ctx MUST be a superset of the required ctxEq(k, v) literals in the Program.
11441139 Missing keys or unequal values MUST cause deny.
0 commit comments