# 05 — Glossary of Core Concepts *FPMP v0.1.0 — Draft. Normative where definitions are cited by other docs.* **Operation (op).** The atomic unit of the protocol: a signed, content-addressed, immutable record in the user's log. All state is a deterministic replay of ops. **Operation log.** The append-only Merkle DAG of all ops in one user's graph. The log *is* the database; every other structure is a materialized view. **Evidence.** A raw artifact ingested from a source (calendar event, note, photo metadata, message, contact, app activity), recorded as an `EVIDENCE` op with full source provenance and a sensitivity label. Evidence is immutable; it can only be forward-redacted. **Adapter.** A sandboxed component that converts an external source into evidence ops. Identified by id + version in every op it emits, so its entire output can be invalidated at once. **Claim.** A structured, confidence-scored statement about the user (subject–predicate–object with validity interval) produced by a deriver. Every claim carries `derived_from` links to its support set. **Deriver.** A rule, statistical procedure, or model that produces claims from evidence and/or other claims. Model-based derivers act only through logged inference calls. **Inference call.** An op recording a model invocation: model identity/hash, input hashes, output hash. The auditable boundary around opaque computation; refuting it cascades to everything it produced. **Derivation graph.** The DAG formed by `derived_from` edges from claims down to evidence leaves. Walking it answers "why do you believe this?"; refutations propagate along it. **Provenance.** The complete answer to "where did this come from": for evidence, the source/adapter/device/time; for claims, the derivation path plus deriver identity. **Confidence.** A [0,1] score with a method tag (`rule` | `statistical` | `model`). Propagates as a floor through derivation: a claim is at most as confident as its weakest required input. **Refutation.** A user (or device-policy) op marking evidence, a claim, a source, an adapter version, or an inference call as invalid. Deterministically cascades: dependent claims become stale and are withdrawn or re-derived. **Redaction.** Forward deletion of an evidence blob (content + keys destroyed) while the log retains the hash and the redaction op. Reconciles append-only history with the right to delete content. **Capability.** Unforgeable, signed authority to read a projection of the claim graph, held by a delegate. Defined by a selector; mandatorily expiring; non-delegable in v0. **Selector.** The filter defining a capability's scope: predicate namespaces, sensitivity ceiling, confidence floor, time bounds. **Projection.** The materialized slice of ops matching a selector, re-encrypted to a delegate's key. Delegates receive projections, not query access. **Delegate.** A party (partner, clinic, coach, assistant service, researcher) holding one or more capabilities. May submit *suggestions* but cannot write user-authority ops. **Grant / Revocation.** The ops creating and mechanically terminating a capability. Revocation stops future flow and rotates keys; it does not (and does not claim to) delete data already received. **Node.** Any process speaking the wire protocol. Roles: **primary/replica** (full graph, user keys), **relay** (ciphertext only, availability), **delegate node** (projection only). **Root key / device key.** The user's ultimate authority keypair, and per-device signing keys chained to it via `DEVICE_ADD` ops. **Equivocation.** A compromised node presenting conflicting histories. Detectable via the Merkle DAG when a user runs ≥2 nodes; surfaced, not silently merged. **Staleness.** The state of a claim whose support set has been refuted or redacted; stale claims are withdrawn from views pending re-derivation. **Sensitivity label.** A classification on evidence (and inherited by claims) that sets a ceiling no selector may exceed.