Intent captures what was approved before execution happens.

Core Fields

  • summary: concise, human-readable authorization statement.
  • ref: content reference to the approved artifact/payload (digest, size, optional uri/mediaType).

Optional Enrichments

  • correlation: ticket, pipeline reference, incident, and external links.
  • policy: policy identity, approval records, and policy evaluation metadata.
  • constraints: permitted actions, resource patterns, and execution limits.
  • delegation: chain of delegated authority.
  • breakGlass: emergency override justification and review requirements.

Break-Glass Approval Semantics

  • breakGlass.approvalsRequired is the absolute approval count required while break-glass mode is active.
  • breakGlass.reducedApprovals is a deprecated alias with the same absolute meaning (not a delta from normal policy).
  • If both fields are present, producers SHOULD keep them identical.

Policy Evaluation Pending Semantics

  • policy.evaluation.result=pending means authorization is unresolved.
  • A receipt with pending policy evaluation MUST NOT be treated as execution authorization.
  • Pending policy evaluations are valid for pre-execution intent receipts.

Practical Guidance

  • Keep summary readable by humans and stable across retried executions.
  • Treat ref.digest as the canonical link to the approved input.
  • Use correlation.ticket for operator-facing traceability.
  • Use policy and delegation when trust decisions require provenance of authority.

Integrity Expectations

  • Intent semantics SHOULD be immutable once signed.
  • If intent changes materially, produce a new receipt ID and re-sign.

Schema: v1/schema/intent.json