Shared vocabulary for the PMG Digital Persona spec. Every term is defined in plain language, cross-linked to the pages that use it, and grounded in decisions from the ambiguity ledger. If two people read the spec and picture different things, the glossary is where we fix that.
The encrypted, versioned collection of everything the decedent chose to preserve. Think of it as a curated time capsule: every item in it was placed there deliberately, and every item carries its own consent record.
The author selects what goes in.
Items are sealed and versioned.
The trustee holds a key share.
A single item in the archive: a journal entry, a voice clip, a photo, a message thread. Each artifact is content-addressed (identified by its hash) and carries its own consent record with four independent dimensions.
Author creates content
Packaged as artifact
Reviewer verifies
A party permitted to inspect response bundles and logs under defined conditions. Auditors verify that the system is doing what it claims. Their access is time-bounded, scope-bounded, and always logged.
Auditor examines records
Checks against policy
Reports findings
A pre-retrieval filter that decides whether a question is something the persona should even attempt. Some questions are outside the system's jurisdiction regardless of what the archive contains. The category check catches those before the coverage gate ever runs.
Category verified
Category missing
The emergency suspension mechanism. Any single trustee can pull it at any time to immediately halt all persona activity. Lifting it again requires a quorum, so stopping the system is easy and restarting it is hard. That asymmetry is intentional.
System operating
Threshold breached
Circuit breaker trips
A machine-verifiable, stable link from something the persona said back to a specific passage in the archive. Every citation contains four required fields: artifact ID, archive version, a canonical span pointing to the exact source passage, and a relation label declaring how the claim uses the source.
A claim is made.
A citation tag links it to source.
The reviewer checks the link.
A discrete statement in a persona's output that can be individually supported or refused based on citations. The system segments every response into claims before the coverage gate evaluates them, so each piece stands or falls on its own evidence.
Author makes assertion
Claim is recorded
Claim awaits review
The boundary of what the decedent authorized for inclusion and surfacing. Consent is per-artifact with four independent dimensions: inclusion, surfacing, display, and existence disclosure. Each can be set independently, and defaults are restrictive. After death, consent can only get tighter, never looser.
Scope bounds what consent covers
The mechanism that evaluates each claim against its citation support and decides what to do when support falls short. It enforces a four-rung ladder: supported, narrowed, labeled, or refused. The system walks down the ladder and never skips a rung.
Citations check out. The response is delivered.
Not enough evidence. The persona declines.
The four rungs of the coverage gate, evaluated per-claim: supported (fully cited), narrowed (unsupported claims stripped), labeled (inference clearly marked), and refused (not enough evidence to say anything useful). Each rung has a name so logs and auditors can track exactly how the system performed.
Minimal coverage
Standard coverage
Full coverage
The person whose archive and persona exist. While alive, they configure consent, select trustees, and set governance conditions. After death, their decisions are immutable; no one can expand what they authorized.
Persona of a deceased person
The mandatory waiting period between verified death and persona release. Only clean time counts; disputes and suspensions pause the clock. The decedent sets the duration while alive, and the system enforces a minimum. Nobody outside the trustee circle knows the clock is running.
Request submitted
Delay window ticking
Window closes
A stable, self-owned identifier for a person, organization, or system component. DIDs do not depend on a central authority. In this system, decedents, trustees, and requestors are all represented by DIDs, making identity claims auditable by machines, not just lawyers.
Identity created
DID bound to keys
Resolved by reader
The filtered, simplified version of a citation that a requestor actually sees. It shows a relation label ("their words," "paraphrased," "interpreted from"), a short excerpt, and an opaque handle like "Source A" that only resolves within that one response. The real artifact ID stays hidden in the response bundle.
Citation shown
Reader sees source
Author credited
Permission for excerpts of an artifact to appear in citations shown to requestors. An artifact can be surfaced (used to support a claim internally) but have its content withheld from display. This is the third of four consent dimensions, and it defaults to off.
Consent given
Consent withheld
Any prerequisite that must be satisfied before an action is permitted. Governance conditions are the "if" in every "if-then" the system enforces: verified death, elapsed delay, trustee quorum, requestor identity check. They are machine-readable, versioned, and logged.
Condition defined
Trustee enforces
State evaluated
Permission for an artifact to exist in the archive at all. This is the gate at ingestion; it is binary. The artifact is either in or out, and inclusion happens only through an explicit add action by the decedent or an explicit, revocable capture rule they enabled while alive. Passive import is not consent.
Author consents
Author declines
The decedent's ability to revoke the entire archive while alive: triggering deletion of all artifacts, destruction of all key material, and notification to trustees that their shares are void. The consent log and structural metadata survive for audit, but the content is gone. This is real deletion, not soft-delete.
Immediate termination trigger
The governed system that generates responses grounded in the archive. It is not the decedent. It does not claim to be. It speaks as a steward of the archive, citing sources and declining when evidence is thin. Think of it as a careful librarian with a voice, not a chatbot pretending to be someone.
Person creates persona
Bound to identity
Audience views persona
A versioned, machine-readable rule governing system behavior. Policies cover everything from release timing to citation thresholds to requestor access tiers. They are signed, hash-addressed, and logged to the transparency log. Changes require governance approval and leave a trail.
Trustee drafts rules
Policy documented
Validator checks
The minimum number of trustees who must agree before a governed action can proceed. Different actions require different thresholds: a single trustee can suspend the system, but key assembly requires a supermajority. The principle is simple; the more irreversible the action, the higher the bar.
Single trustee
Trustees gather
Quorum reached
The moment the persona becomes available for interaction. Release is not automatic; it requires that the delay window has elapsed, the trustee quorum has assembled key shares, and all governance conditions are met. Delay completion alone does not activate anything.
Release prepared
Approval granted
Content released
Someone seeking to interact with a persona. Requestors are identified, verified, and assigned an access tier set by the decedent's policy. Different tiers see different levels of citation detail. The persona treats every requestor the same way structurally; only the tier changes what they can see.
Requestor asks
Request submitted
Trustee reviews
The signed package containing the persona's output, every citation, coverage metadata, the active policy version, model identifiers, and a transparency log proof. It is the system of record for what was generated and why. Bundles are immutable once issued.
The persona writes a response.
The bundle is sealed and signed.
The requestor receives a verified package.
The principle that decryption and inference happen inside an attested boundary (a trusted execution environment, hardware security module, or similar) so that plaintext archive content is never exposed to the operator. The reconstructed key lives only in enclave memory and is zeroed after use. Suspension destroys all active key material.
Computation without data exposure
Permission for an artifact to be used by the persona when generating responses. An artifact can exist in the archive for preservation but be marked as unavailable to the persona engine. Surfacing consent can be further scoped by requestor tier. It defaults to off.
Surfacing approved
Surfacing blocked
The set of rules governing content that identifies or substantially concerns someone other than the decedent. Third-party content falls into three tiers: cleared (the person consented), anonymized (identifying details replaced with stable pseudonyms), or sealed (cannot be meaningfully anonymized). The default is sealed.
Third party identified
Protections applied
Guardian ensures safety
An append-only event log with cryptographic inclusion and consistency proofs. Every important event is recorded here: archive changes, policy updates, response bundles, credential verifications, release decisions. Independent monitors can watch for anomalies. The log is not publicly visible; it is available to auditors and trustees under governance conditions.
Action occurs
Entry logged
Auditor reviews log
An independent entity holding a cryptographic share of the archive key. Trustees are governors with constrained authority, not owners. They can always suspend the system and participate in quorum actions. They can never unilaterally activate the persona, expand consent, or view the archive directly.
A trustee holds one share. They can stop the system alone, but they cannot start it alone.
A digitally signed, machine-checkable claim about a person or organization. In this system, death attestations, relationship proofs, and trustee agreements are all expressed as verifiable credentials. They follow the W3C standard, so any conforming verifier can check them.
Issuer creates credential
Cryptographically signed
Verifier confirms