Appendix A — Glossary

Where a term is also defined in the Meridian-Canon spec, the spec governs.

Abduction. Inference type; positing the best explanation for an observation.

Acquisition. A single ingest event recording the legal basis for receiving bytes from an upstream source. Tracked in the acquisitions table. Admissibility Auditor. Read-only module producing an audit-kind attestation that summarizes a target attestation's posture under FRE 901, Daubert, and proposed FRE 707. Attestation. A four-block (Witness/Findings/Refutation/Seal) Canon-conformant signed artifact. Authentication. FRE 901 / Wis. § 909.01: the question whether an item is what its proponent claims it is. Best evidence rule. FRE 1002 / Wis. § 910.02: requirement to produce the original of a writing, recording, or photograph, or a duplicate not unfairly questioned. BriefAttestation. Composite Canon attestation synthesizing multiple SearchAttestations and EnrichmentAttestations. C2PA. Content Authenticity Initiative standard (C2PA v2.x) for embedding media provenance manifests directly into JPEG, MP4, WAV, and other container formats via a JUMBF box or mdat box. The manifest travels with the file even when separated from a database record. Heavier than hash-only attestation; c2pa-python adds a compile dependency. SHA-256 fallback is always available. Canon. Shorthand for the Canon specification. v0.2.0 at the time of this writing; licensed under the NORA Canon Evaluation & Commentary License v1.0 (source-available). v0.1.1 and earlier remain CC0. Chain hash. In v0.1.x: SHA-256 over the RFC 8785 canonical form of an attestation excluding the seal block. In v0.2.0 DSSE mode: SHA-256 of JCS(attestation) bytes stored in the DSSEEnvelope as a convenience field for field-level integrity checking without implementing PAE. Computed by the issuer; recomputed by the verifier in both modes. Challenge. One of five adversarial tests applied to a Findings block: replay, adversarial_prompt, consistency_check, coverage_audit, counter_evidence. Claim. A typed statement in a Findings block, with supports, inference_type, gaps. Compound. Inference type; a claim combining multiple inference types. Content hash. SHA-256 over the raw bytes of an observation, formatted sha256:<64-hex>. Coverage block. Sub-block of Refutation listing applied and declined challenge types; declined entries have machine-readable reasons. Custody chain. Sequence of custodian transitions for a witness entry. Dagster. Software-defined asset pipeline framework. Assets declare their data lineage explicitly; Dagster tracks staleness and orchestrates recomputation. Used at the pipeline layer for complex multi-asset deployments. Requires pip install meridian-canon[pipeline]. Daubert. Daubert v. Merrell Dow Pharmaceuticals, Inc., 509 U.S. 579 (1993). Reliability gatekeeping for expert testimony. Declined challenge. Challenge type not applied to an attestation; must include a machine-readable reason (R6). DSSEEnvelope. Canon v0.2.0 sealed output format. Contains payload_type (URI identifying the content type), payload (base64url-encoded JCS bytes of the attestation), signatures (array of Ed25519 signatures over the PAE), and chain_hash (SHA-256 of JCS bytes, stored as a convenience field). Replaces the v0.1.x seal block for new attestations. DSSE (Dead Simple Signing Envelope). IETF/CNCF signing standard adopted by in-toto, SLSA, and TUF. Encodes payload type and content in a Pre-Authentication Encoding (PAE) before signing, providing domain separation that prevents cross-protocol signature confusion attacks. Canon v0.2.0 uses DSSE as its sealing format. Deduction. Inference type; logically valid inference. Ed25519. Edwards-curve digital signature algorithm (RFC 8032). The signature primitive Canon uses. EnrichmentAttestation. Canon attestation emitted at L7 after L4 enrichment and L5 refutation complete. Epistemic Neutrality Masking. L4 process replacing entities with $S_n$ tokens before model inference; reduces sycophancy and self-preference biases. FRE. Federal Rules of Evidence. inspect-ai. UK AISI's evaluation framework for adversarial validation of AI systems. Provides structured task runners, solvers, and scorers for red-teaming language model components. Gaps. Acknowledged assumptions, missing supports, or scope limits on a Claim. R5: must be non-empty for non-observational claims. Inference type. One of five: observation, deduction, induction, abduction, compound. Induction. Inference type; generalization from examples. Local-First Chunking. Ingestion sub-stage hashing chunks on the custodian's machine before any optional cloud offload. Matter. A single litigation, investigation, or scope of work; identifiers, parties, productions, holds all bind to a matter_id. Meridian-Canon. Reference implementation of the Canon specification over a personal-data corpus. The repository is spelled Meridian-Cannon (two n's) for historical reasons; the spec retains one n. Observation. Inference type; assertion of a fact directly present in the source content. ObservationAttestation. Canon attestation emitted at L1 the moment an item enters the system. Refutation. The third Canon block; contains at least one Challenge and a Coverage object accounting for all challenge types. RFC 8785. JSON Canonicalization Scheme (JCS). The serialization the chain hash is computed over. Seal. Cryptographic binding block of a v0.1.x attestation; contains chain_hash, signature, public_key_url, and related fields. Superseded by DSSEEnvelope in v0.2.0 for new attestations. Legacy seal blocks continue to verify via the v0.1.x seven-step path. SearchAttestation. Canon attestation emitted at L6 in response to a query. SHA-256. FIPS 180-4 256-bit cryptographic hash function. Supports. Array on a Claim referencing observations or earlier claims that the claim derives from. R3: must resolve. Tri-Model Consensus (TMC). Refutation discipline: each provisional claim is challenged by three architecturally-distinct adversary models; majority rule; full-disagreement → contested. TARG. Time-Aware Relationship Graph; L3 identity-resolution mechanism with $t$-variant validity windows. Witness. The first Canon block; raw observations with content hashes and custody chains. Idempotency. Property of an ingest worker: running it twice on the same source produces the same database state. Enforced by checking source_hash before insert. See Chapter 15. JCS. JSON Canonicalization Scheme. See RFC 8785 and Chapter 7. keyrings.alt. File-based keyring backend for headless and CI environments where a platform keyring daemon is unavailable. Install with pip install keyrings.alt. Set PYTHON_KEYRING_BACKEND=keyrings.alt.file.PlaintextKeyring to activate. Stores keys in a plaintext file — appropriate for CI; not for production. Langfuse. Open-source LM observability platform. Provides session-linked traces for LM calls, indexed by langfuse_session_id. Used to link model prompt/response pairs to specific attestations via attestation_id. Requires pip install meridian-canon[langfuse]. Legal hold. A directive preserving evidence against alteration or destruction for litigation purposes. Tracked in the legal_holds table. See Chapter 16. Matter. A single litigation, investigation, or scope of work; all tables bind to a matter_id. See Chapter 14. Observation. Inference type; assertion of a fact directly present in the source content. Also shorthand for an ObservationAttestation record. Outlines. Constrained LM decoding library. Uses logits masking to guarantee that model output conforms to a JSON schema or regular expression. Guarantees schema-valid output without post-hoc validation. Requires pip install meridian-canon[outlines]. PAE (Pre-Authentication Encoding). The byte sequence signed in DSSE: "DSSEv1\n" + len_le8(payload_type) + "\n" + payload_type + "\n" + len_le8(payload) + "\n" + payload. Provides domain separation: two payloads of different types produce different PAE bytes even if their content is identical, preventing cross-protocol signature reuse. ParadeDB / pg_search. Tantivy-backed BM25 full-text search implemented as a PostgreSQL extension. Uses the @@@ operator for queries. Provides better relevance ranking than tsvector for large corpora; requires extension installation. Enable with MERIDIAN_USE_PARADEDB=1. pgvectorscale / StreamingDiskANN. Disk-backed approximate nearest-neighbor index for pgvector. Scales beyond RAM for large embedding collections. Provides better recall at high N than ivfflat. Requires separate extension install and the schema/B2_pgvectorscale.sql migration. Presidio. Microsoft's open-source NER-based PII detection and anonymization framework. Adds named-entity recognition (PERSON, LOCATION, DATE, etc.) beyond the regex masker's pattern coverage. Requires pip install meridian-canon[presidio]. Returns a callable via make_presidio_masker(). PII tier. Classification level for personally identifiable information: public, restricted, privileged, work_product. Controls row-level security and what is produced to opposing parties. See Chapters 14, 16. Privilege assertion. A formal claim of attorney-client privilege or work-product protection over a document or communication, recorded in the privilege_assertions table. See Chapter 16. RBAC. Role-Based Access Control. The actors table carries a role column and pii_ceiling column that together determine what a given user may read, annotate, or produce. See Chapter 14. Rekor. Sigstore's public transparency log. Append-only, Merkle-tree-structured, publicly auditable. Used as an optional transparency seal: a Rekor entry provides a publicly verifiable timestamp anchored outside the custodian's infrastructure. Enable with MERIDIAN_REKOR_ENABLED=1. Private Rekor instances are supported for sensitive attestations. Redaction. Removal or obscuring of privileged or irrelevant content before production. Tracked in the redactions table with the privilege assertion FK and author. See Chapter 16. RRF. Reciprocal Rank Fusion. Score fusion formula: $\sum_i 1/(k + \text_i(d))$ with $k = 60$. Combines BM25 and dense retrieval ranked lists. See Chapter 10. Seven-step protocol. The Canon falsification procedure (§8.3): schema validation, chain hash recomputation, signature verification, refutation block check, supports resolution, issuer URL resolution, timestamp plausibility. See Chapters 4 and 25. Source hash. SHA-256 of raw bytes computed before any processing. Stored in acquisitions.source_hash. Prerequisite for chain-of-custody claims. See Chapters 5 and 15. Unstructured.io. Section-aware document partitioning library. Handles PDF, email (MIME), DOCX, HTML, and other formats with awareness of structural elements (headings, tables, list items). Used at the ingestion layer to avoid naive fixed-size chunking that splits logical sections. Work product. Attorney-prepared materials protected from discovery under FRCP 26(b)(3) / FRE 502. Classified at pii_tier = 'work_product' in this system.

For terms in context, follow the chapter that introduces each.