USER

Axiom

USER governs identity. Every person onboarded. Every credential verified. Every contribution ledgered.

Constraints

MUST:     Govern every user under USERS/ with CANON.md
MUST:     Verify identity before granting write access (KYC)
MUST:     Evidence every professional claim in VITAE.md
MUST:     Onboard via governed pipeline (vault onboard)
MUST:     Each user has SERVICES/LEARNING/ and SERVICES/SHOP/
MUST:     Each user has CHAT/ governed by SERVICES/TALK
MUST:     Full legal name in VITAE.md, first name for directory
MUST:     Federation identity portable across ORGs
MUST:     Gate enterprise features via COIN
MUST NOT: Fabricate credentials
MUST NOT: Expose VAULT contents outside NDA scope
MUST NOT: Hardcode user names in law

Capabilities

COIN_MINT, LEARNING_COMPUTE, USER_FEDERATE, USER_KYC, USER_ONBOARD, VITAE_GOVERN

COVERAGE:

SPEC

Instances

USERS/ directory contains all governed users. Each user is a first-name directory with:

USERS/{NAME}/
  CANON.md       ← identity contract (privacy, github, readers, writers)
  VITAE.md       ← professional identity (full legal name, credentials)
  COVERAGE.md    ← governance coverage
  LEARNING.md    ← personal patterns
  VOCAB.md       ← personal vocabulary
  ROADMAP.md     ← active work
  README.md      ← how to run
  CHAT/          ← governed conversations (inherits SERVICES/TALK)
  SERVICES/
    LEARNING/    ← personal learning service
    SHOP/        ← personal shop service

Pipeline

Onboard: vault onboard creates user scaffold from CANON.md template
KYC: Identity verified via GitHub, LinkedIn, or institutional affiliation
Federation: Cross-org identity via vault federation digest signing
Graduate: User promotes to own ORG (e.g., ROBERT → runner-canonic)

INTEL

Evidence Chain

USER governs identity lifecycle: onboard → verify → federate → contribute → graduate
Every user has CANON.md (identity contract), VITAE.md (professional claims), CHAT/ (governed conversations)
Directory naming: first name only (avoids name-change churn), full legal name in VITAE.md
Onboarding pipeline: vault onboard scaffolds user from template, creates CANON.md + VITAE.md + governance files
KYC: GitHub handle verified, institutional affiliation checked, LinkedIn cross-referenced
Federation: cross-org identity via digest signing with vault federation
Graduation: user can promote to own ORG with own canonic repo (ROBERT → runner-canonic)

Operational Knowledge

11 active users in USERS/ (AFSANA, AVINASH, CRAIG, FATIMA, GEOFF, ILYA, ISABELLA, JP, ROBERT, SARAH, YANA)
FATIMA is Governor #1 (Executive Director, CANONIC Foundation)
GEOFF is Advisory Board Member #1 (CEO Celeritas AI)
ROBERT graduated to own ORG on 2026-03-10
Each user has SERVICES/LEARNING/ and SERVICES/SHOP/ for personal service scopes
CHAT/ subdirectories per user contain governed conversation sessions

LEARNING

ROADMAP

Now

VOCAB

Term	Definition
USER	Governed identity in hadleylab-canonic scope. Directory under USERS/.
VITAE	Professional identity document. Every claim evidenced. Full legal name.
KYC	Know Your Customer. Identity verification before write access.
FEDERATION	Cross-org user identity. Portable via vault digest signing.
ONBOARD	Pipeline to create governed user: scaffold → verify → activate.
GRADUATE	User promotes from hadleylab-canonic to own ORG with own canonic repo.
PRINCIPAL	Historical term for top-level user directory. Now: all users under USERS/.

INHERITANCE CHAIN

SERVICES

SERVICES compose primitives — INTEL + CHAT + COIN. Every service governed. Every scope discovered.

MUST:     Maintain TRIAD integrity (CANON.md + VOCAB.md + README.md)
MUST:     Treat SPEC as scope identity (`{SCOPE}` directory), not as a file
MUST:     Every SERVICE scope include ROADMAP.md, COVERAGE.md, LEARNING.md, and `{SCOPE}.md` as governed content surfaces
MUST:     Discover SERVICE scopes from filesystem only (no manual catalog)
MUST:     Keep http:// and magic:// on the same namespace (transport differs, scope path matches)
MUST:     CANON.md = axiom + universal constraints (no service names, no paths, no implementation)
MUST:     README.md = how to run the CANON (nothing else)
MUST:     {SCOPE}.md = SPEC — the interface (purpose, routes, projections, ecosystem)
MUST:     SHOP.md = public projection file (per scope, filesystem-discoverable)
MUST:     VAULT.md = private projection file (per scope, filesystem-discoverable)
MUST:     Runtime implementation remains under ~/.canonic; this workspace is governance-first
MUST NOT: Hardcode service names in CANON constraints (law speaks universals)
MUST NOT: Define ungoverned terms outside VOCAB.md
MUST NOT: Treat `{SCOPE}.md` as SPEC identity
MUST NOT: Move architecture/lifecycle into README
MUST NOT: Leak private projections to public surfaces
MUST NOT: Maintain duplicate mapping tables outside generated manifest outputs
MUST NOT: Add runtime jargon to governance contracts
MUST:     Ledger-consuming services declare source ledgers, scope filters, and closure gates
MUST:     Learning governance remains live — closure claims require fresh DISCOVER → GENERATE → RELINK evidence

hadleylab-canonic

HADLEYLAB ships software. Every app, book, paper, deal, and patent is PROOF that MAGIC works. COIN = WORK. LEARNING = COMPUTE.

MUST:     Every app, book, paper, deal, or patent is evidence of MAGIC
MUST:     All scopes inherit canonic-canonic/CANONIC.md governance
MUST:     All users governed under USERS/ via SERVICES/USER
MUST:     Cross-index INTEL across users (INTEL.md)
MUST:     Shared events propagate to ALL affected user dashboards
MUST:     Maintain governance workspace purity (.md files only)
MUST:     Ledger all COIN (validated work) through MAGIC 255
MUST:     Compile all INTEL from governed sources
MUST:     Keep frontend/runtime implementation under ~/.canonic (hidden runtime)
MUST:     Surface governed TALK, Library, and SERVICES scopes (no orphan content)
MUST:     Derive nav labels from governed scope names (no hardcoded strings)
MUST NOT: Publish without governance (CANON.md required)
MUST NOT: Duplicate primitives — compose from INTEL, CHAT, COIN
MUST NOT: Silo intelligence inside a single user when multiple are affected
MUST NOT: Expose VAULT contents outside NDA scope
MUST NOT: Store runtime artifacts in governance workspace

canonic-canonic

SPEC is governance. `canonic-canonic/` is the spec root.

MUST:     Keep this repo governance-only (.md/.pdf)
MUST:     Publish workspace mapping in CANONIC.git (no hardcoded repo lists)
MUST:     Preserve three primary lanes: FOUNDATION, INDUSTRIES, MAGIC
MUST NOT: Commit runtime artifacts here (runtime belongs in ~/.canonic/)
MUST:     Sell MAGIC tiers — the product, not the proof (proof is hadleylab-canonic)
MUST NOT: Embed beta-test app URLs in platform page content