Splendor
Reference

Identity

Canonical identity fields and why Splendor keeps them separate.

Identity

Splendor identity fields are runtime contract data. One ID must not stand in for a different concept, because identity separation prevents permission laundering, trace confusion, unsafe replay, and accidental state ownership changes.

Canonical IDs

FieldScope
fleet_idGoverned fleet boundary.
node_idPhysical, virtual, or logical host node.
instance_idConcrete Splendor runtime process.
tenant_idTenant authority boundary.
agent_idAutonomous runtime identity.
runtime_context_idIsolated local execution context.
run_idOne execution instance and trace stream.
tick_idTick counter scoped by run.
action_idOne proposed action.
state_node_idState graph node identity.
trace_event_idAppend-only trace event identity.
message_idTyped inter-agent message identity.
work_order_idSigned run-authority object.
approval_idScoped approval or denial evidence.
artifact_idProduced or referenced artifact.

Trace identity context

Trace events carry the run identity plus optional tenant, agent, tick, action, state, message, work-order, approval, fleet, node, and instance context where applicable. This lets replay and audit reconstruct why a decision happened.

Failure behavior

Malformed, nil, mismatched, or wrong-scope identity fails closed before execution, delivery, state import, or replay continuation.

On this page